The European Palm Oil Alliance (EPOA) processes data from its members, interested parties, suppliers, partners, job applicants and employees. Personal data can be part of this. EPOA attaches great importance to the protection of personal data. Personal data are data about an identified or identifiable natural person, for example a name or e-mail address. These personal details are treated by EPOA with the utmost care and appropriate technical and organizational measures, taking into account the requirements arising from the General Data Protection Regulation.
Examples of measures are:
In this privacy statement, we explain when and why we collect personal information, how we use it, the conditions under which we share this information with third parties and how we secure this information. This statement applies to all our services and also to people who apply for a job with us.
When we collect personal information
We only collect the information if this serves a legitimate interest and if this interest should not give way to your personal interests. Before we collect data, we make an analysis to assess whether there is a mutual interest for both parties. We process personal data in accordance with the purpose for which it was provided and only those data that are minimally required for this purpose.
Purposes of processing
The processing of (personal) data takes place within the framework of the usual activities of an association. Examples include conducting member administration, collecting membership fees, sending industry-related information to members and / or interested parties, disclosing information about those involved and activities of the association on their own website, exercising auditing, other internal management activities, handling complaints, keeping the data up-to-date, and any other activities. In addition, some personal details can be processed by EPOA on the basis of a legal obligation. Personal data are not passed on to third parties, unless permission is obtained, transfer is necessary in the context of the execution of an agreement, or is necessary on the basis of a legal obligation. For example, EPOA uses a third party for: providing the internet environment, the IT infrastructure, distributing newsletters, news items, e-mail messages and invitations. EPOA never passes on personal data to third parties with whom no processor agreement has been concluded. In such processor agreements, EPOA makes agreements about the security of your personal data. If you receive e-mails from us, we register your interactions, with the aim to connect the content of our communication with what we think is relevant to you.
EPOA processes the following personal data (if known) for the above purposes: gender, surname, first name, initial(s), telephone number (s), e-mail, passport photo, job title and organization. We can also collect feedback, comments and questions we have received through service related communication and activities such as meetings, (telephone) conversations, documents, e-mails.
The photos/recordings made during meetings, conferences etc. may be used in both printed and digital form, in various channels where EPOA disseminates information about its activities.
Storage of data
EPOA stores personal data for as long as necessary to achieve the purpose of the processing. If the membership, the cooperation or the subscription is terminated, the personal data will be deleted no later than five years after termination.
Rights of data subjects
EPOA regularly sends a (digital) newsletter to the persons whose data they process. There is always a possibility to opt out. In addition, a request for deregistration can also be directed to the Office Management of EPOA (firstname.lastname@example.org).
Those involved can request an overview of the personal data that EPOA processes about them. If after inspection it appears that the information in question is incorrect or incomplete, or is not processed lawfully, data subjects may request changes, blocking or deletion of these data. Requests can be addressed to EPOA via our contact form. Incoming requests are processed and answered as quickly as possible, within four weeks at the latest. Subjects have the right to submit a complaint to the supervisory authority, the Dutch Data Protection Authority.
This privacy statement can be changed. The most recent version of this privacy statement can always be found on www.palmoilalliance.eu. Last modified on 12 June 2019.