Personal data provided by you.
We collect your personal data when you voluntarily provide it to us. For example, you may give us: your email address, country of residence, and areas of interest if you choose to receive newsletters, updates, or other information from us; your contact information, and any other personal data you choose to include, if you email or instant message us, or contact us through our sites; and any personal data contained in, or included with, any proposal documents, feedback, comments, photos, videos, or other information you submit via online portals. Please do not disclose more personal data than is requested or necessary.
Personal data provided of others.
Do not provide personal data about others unless you are authorized or required to do so by contract or applicable law. You may provide personal data on behalf of another person if you have provided them with a copy of this notice and any applicable supplemental privacy notice, or if the personal data is provided other legal grounds. We may ask you to provide evidence of the legal grounds for sharing personal data about others.
How we use collected information
We may use the information we receive or collect from you in accordance with applicable data protection legislation and this privacy notice for the following purposes and based on the following legal basis:
- A contractual relationship between you and CEPI where the processing of personal data is generally necessary to the execution or the performance of the contract.
- Legal obligations applicable to the operation of CEPI.
- Prior consent, where the data subject has clearly expressed approval of CEPI processing of personal data.
- Legitimate interest of CEPI in the sense of applicable data protection law. CEPI will in such a case consider the data subjects fundamental rights and interests in determining whether the processing is legitimate and lawful.
CEPI may, on a case-by-case basis, rely on other legal grounds, such as the protection of individuals vital interests, in accordance with applicable data protection law, as set forth in an applicable privacy notice.
Sharing of data
We may share your personal data with our employees and affiliates (CEPI entities) who have a business need to know, our services providers (including consultants, contractors, vendors, and out-sourced service providers) to process it for us based on our instructions, and with partners that are collaborating with us to fund projects. We do not share your personal data with third-parties (including our service providers) for marketing purposes. Our affiliated companies will process your personal data to respond to your request and when doing so they will act as data controller for the processing conducted by them.
Third-party service providers are only authorised to use your personal data as necessary to provide its services to us. CEPI entities and third-party service providers may be located within or outside the EU/EEA.
We may also share personal data with government agencies or authorities, or other third-parties if and to the extent required by applicable law.
If you believe personal data you provided to us is being misused by a third party, please contact us right away.
Transfer of your personal data outside the EU/EEA
The personal data that we collect from you may be transferred to and processed by a third-party service provider established in a country outside the EU/EEA (i.e. a so-called third country), including countries which the EU Commission does not consider having an adequate level of protection for personal data. In such case we will take all necessary steps required under applicable law in order for such transfer of your personal data across borders to be compliant with applicable law. We will only transfer your personal data to a country outside the EU/EEA where; (i) the EU Commission has decided that the third country ensures an adequate level of protection, or (ii) where the transfer is being safeguarded by the use of EU model clauses in the General Data Protection Regulation (“GDPR”) or where the recipient is certified under the US-EU Privacy Shield Framework.
Protection of data
CEPI maintains appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. CEPI also takes appropriate legal, technical and organisational measures to ensure that your personal data is treated securely and with an adequate level of protection when transferred to or shared with the above referred to third parties.
Whilst we take technical and organisational measures to safeguard the personal data that you provide to us, no transmission over the Internet can ever be guaranteed secure. Consequently, please note that we cannot guarantee the security of any personal data that you transfer over the Internet to us.
We will keep your personal data as long as necessary for us to respond to your request or forward your request to the relevant individual, or until it is no longer needed to fulfil the purpose(s) for which it was collected or as otherwise required or permitted by law. After such time, we will either delete or anonymize your personal data or, if this is not possible, we will securely store your personal data and isolate it from any further use until deletion is possible. We may dispose of any data in our discretion without notice, subject to applicable law, or in accordance with a specific data processing agreement governing our processing of the personal data. Please contact us if you would like more details regarding our retention periods for different categories of personal data.