Last updated: [September 2023]
This is the privacy notice of European Evaluation Society (“EES”, “we”, “us”, “our”), a non-for profit association under Dutch law, registered at the address Posthoornstraat 17, 3011WD Rotterdam, Netherlands.
This notice describes how we collect, transfer, store and otherwise use your personal data, and how we make sure that your personal data is used lawfully. Your personal data will be used by us when you visit our website, become a member, attend an event organized by us, or are a supplier of EES. We use your personal data in accordance with applicable data protection legislation.
- Which categories of personal data do we collect and use?
We collect the following types of personal data about you:
- Information you provide to us. We collect personal data that you provide to us when becoming a member or when registering for an event. Such personal data may include (but are not limited to): your first name and surname, (professional) e-mail address, (professional) phone number, (professional) postal address, date of birth, gender, affiliation / organization, position within an organization, username, password, years of experience, how you learned about us, your interests in joining EES, your expectations about EES, whether you are a member of another Evaluation Society, any personal data you provide to us when corresponding with us, information regarding events you visit (including your evaluations thereof), payment data, your interests and any Personal data you provide to us when reaching out to us.
- Supplier data: when you are a supplier from us, we may collect the following personal data from you: your or your company’s full registered name, your address, your VAT number, your bank account’s number and other as relevant to process your requests for payments.
- How and under which lawful basis do we process your personal data?
We use your personal data in the following purposes:
- To provide our services to you. When you become a member of EES, when you visit one of our events (online or face-to-face), or when you otherwise contact us, we will use your personal data to fulfill our (potential) contract with you. For example, we will need your payment and contact details to process your membership.
- For compliance with our legal obligations. Any information referred to above in the section “Which categories of personal data do we collect and use” may be used to comply with lawful requests by public authorities and to comply with applicable laws and regulations or as otherwise required by law.
- For our legitimate business interests. Where we have a legitimate interest in the effective delivery of information or services to you and to use the personal data referred to above in the section ‘Which categories of personal data do we collect and use”, we may use the relevant personal data for the following purposes:
- Promotion of our initiatives: to send you information about our events and webinars; to send you newsletters or general marketing materials as well as surveys about our events and webinars you have attended or may be interested in; We may, subject to and in accordance with applicable law, do so via postal mail, email, SMS, other electronic means or otherwise. You may at any time opt out of receiving such marketing materials by following the instructions in the communication you received from us.
- Improving our services: to improve our services as well as to better understand our members both on an aggregated and on an individual basis. This means that we analyze your use of our services and we use this information to improve these;
- Analytics and statistics: to generate aggregated statistics and analytics about visitors of our website and the events we organize;
- Surveys and feedback: to obtain feedback on events we organize and services we provide and develop and improve the quality of our events and services (e.g., by conducting satisfaction surveys or research);
- Other purposes: for other legitimate business purposes permitted by applicable law.
To the extent that we rely on our legitimate interests as a legal basis for our use of your personal data, you have the right to object to such use, and we must stop such processing, unless we can either demonstrate compelling legitimate grounds for the use that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defense of legal claims (see ‘Your Rights’).
- Upon your consent. Where you have provided and we rely on your consent, we may use the personal data referred to above in the subsection ‘‘Which categories of personal data do we collect and use” for marketing purposes based on your profiles via email, SMS, app, push notification, other electronic means or otherwise. You can withdraw your consent at any time as described in the section ‘Your Rights’ below.
- When and how we share your information with others
We may share your personal with third party vendors, agents and service providers that we engage to provide services to us on our behalf, such as support for the internal operations of our website, services we provide (e.g., administration), research, digital marketing as well as related offline product support services, data storage and other services. For example, we may use a third party for secretarial services, audit services, etc.
In providing their services, these third parties may access, receive, maintain or otherwise process personal data on our behalf. Our contracts with these service providers do not permit use of your information for their own commercial purposes. Consistent with applicable legal requirements, we take reasonable steps to require third parties to adequately safeguard your personal data and only process it in accordance with our instructions.
In addition, we may disclose your personal data with third parties to comply with court orders or other legal obligations (such as with other organizations for fraud prevention and detection).
We do not sell personal information to anyone.
- Transfers outside the European Economic Area
We may transfer personal data to the United Kingdom, which is a country outside the European Economic Area (the “EEA”). Non-EEA countries may not offer the same level of personal data protection as EEA countries.
When your personal data is transferred outside the EEA, we put suitable safeguards in place to ensure that such transfers are carried out in compliance with the applicable data protection rules. These include, for instance, relying on adequacy decisions or standard contractual clauses issued by the European Commission together with binding and enforceable commitments by the recipient. Specifically, we have implemented the European Commissions’ standard contractual clauses.
You may request additional information in this respect and obtain a copy of the relevant safeguard by exercising your rights as set out below.
- Your rights
Subject to applicable laws, you are entitled to a number of rights over the processing of your personal data. You may exercise these rights at any point by contacting us at email@example.com. We will consider all such requests and, in accordance with the applicable laws, will provide our response within a reasonable period, or within the period prescribed by law. We may request you to provide us with information necessary to confirm your identity before responding to any request you make.
You have the following rights:
- The right to access: you have the right to request access to the personal data we hold about you, subject to exceptions as foreseen by the GDPR and applicable local law;
- The right to rectification: if the personal data we hold is inaccurate you are entitled to have it updated or rectified;
- The right to deletion: you can ask us to delete your personal data, subject to exceptions as foreseen by the GDPR and applicable local law;
- The right to object: you have the right to ask us to stop processing your personal data, subject to exceptions as foreseen by the GDPR and applicable local law. For example, you may object to processing of your e-mail address for sending out surveys and where we are relying on ours or a third party’s legitimate interests to process the personal data (unless we can demonstrate compelling legitimate grounds to continue processing your personal data);
- The right to withdraw consent: where we rely on your consent to process personal data, you have the right to withdraw consent at any time;
- The right to restriction of processing: under certain circumstances you have the right to restrict the processing of your personal data such as if you believe (i) the personal data we have about you is not accurate; (ii) the personal data is not being processed lawfully, but instead of deleting the personal data, you would prefer us to restrict processing instead; or (iii) we no longer need your personal data for the purposes we collected it, but you require the data in order to establish, exercise or defend legal claims;
- The right to data portability: you have the right to obtain personal data you’ve provided us with (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice, subject to exceptions as foreseen by the GDPR and applicable local law; and
- The right to lodge a complaint with a supervisory authority: you also have the right to file a complaint to the data protection authority in the country where you usually live or where the alleged infringement of applicable data protection laws has taken place.
We will honor any of the abovementioned rights under the applicable data protection rules. There may be exemptions that may not allow us to comply with your request. In response to a request, we may ask you to verify your identity by, for instance, providing additional information. Whenever reasonably possible and required under applicable laws, we will strive to respond to your requests within one month. If we do not comply with your request within such time frame, we will explain why.
- How do we protect personal data?
We have implemented adequate technical and organizational measures to protect your personal data against unauthorized, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access and against all other unlawful forms of processing. Nevertheless, if you suspect unauthorized use or access of your data, you must inform us immediately by e-mail at firstname.lastname@example.org.
- How long do we keep and store your personal data?
We will not retain your personal data longer than necessary in relation to the purposes for which the data are processed. In principle, we will retain your data for as long as is necessary and in accordance with statutory retention periods. We may retain your personal data for longer when we are required by statutory obligations. We may retain your personal data for a longer period in the event of complaints or disputes to the extent that this is necessary to protect our interests and/or the interests.
- Changes to this Privacy Notice
We may change this Notice from time to time by posting the updated version on our website. We will give you reasonable notice on our website of any material change. The “effective date” at the top of this notice indicates when such changes will take effect. We encourage you to visit frequently to stay informed about how we use your personal data.
- Questions, concerns or complaints
To ask questions or comment about our Notice and our privacy practices, you can contact us at email@example.com.
- Cookie Notice
 Please refer to this website for an introduction to the last version of the standard contractual clauses as published by the European Commission on 4 June 2021. Please refer to this website to find the template of the last version of the standard contractual clauses of 4 June 2021.