Oneworld.Expert sometimes may receive your personal information. We do not collect it actively, but it may come to our knowledge during our nomal course of work.
We protect your personal information and let you know which information we hold about you.
We use the information that we receive about you in accordance with:
- The Privacy and Electronic Communications (EC Directive) Regulations 2003
- The EU General Data Protection Regulation (Regulation EU 2016/679), (‘GDPR’) which is effective from 25 May 2018
- The Portuguese Act 67/98 of 26 October 1998 on the Protection of Personal Data (transposing into the Portuguese legal system Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data).
In this document we explain how we protect your privacy.
We may provide additional information about privacy on specific occasions when we are processing personal information about you.
This policy explains:
- Information we may receive about you
- How we may receive your information
- How we may use your information
- Disclosure of your information to third parties
- Security of your personal information
- How long we keep your information
- Your legal rights
- Contact details and further information
If you have any questions, please contact us using the details at the end of this document.
1. Information we may receive about you
Personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed, i.e. anonymous data.
We may receive, use, store and transfer different kinds of personal information about you which we have grouped together as follows:
a) Identity Information includes first name, last name and title, name of the organization you belong to, and country
b) Contact Information includes address, email address and telephone numbers.
c) Transaction Information includes details about payments from and to you
d) Accessibility Information includes details about your support needs, accessibility requirements or dietary needs which we might need to organize events you attend.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be based on your personal information but is not considered personal data because it does not directly or indirectly reveal your identity. For example, we may put together Usage Data of you and other visitors to our website to calculate the percentage of users accessing a specific website feature. Aggregated data includes:
e) Technical Data, for example type and version of your Internet browser, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
f) Usage Data, for example information about how you use our website
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health (with the exception of dietary requirements, see Accessibility Information above) and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
2. How we may receive your information
We may receive different information about you in a number of ways:
Information where you can be identified:
Trough your e-mails, newsletters and participants lists of events we may have access to your personal information such as your name, email address, title, country and organization you are part of.
We may use third party platforms to receive your information.
Aggregated data where you cannot be identified:
We may receive aggregated information from third parties as set out below:
- Website analytics providers such as Google
- Social networks such as Facebook, Twitter and Youtube
- Social media management platforms such as Buffer
- Search information providers such as Google AdWords
- Marketing platforms such as Mailchimp
3. How we may use your information
We only use your personal information when the law allows us to do it.
Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
- Where we have your explicit consent before using your personal information in that specific situation. However, generally we do not rely on consent as a legal basis for processing your personal information and you have the right to withdraw consent to marketing at any time by contacting us. You will find the relevant contact details at the end of this policy.
Purposes for which we will use your personal information
We have set out below, in a table format, a description of all the ways we plan to use your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Please note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your information. Please contact us if you need further details.
|Purpose/Activity||Type of information||Lawful basis for processing including basis of legitimate interest|
|To send you our news||(a) Identity
|(b) Necessary for our legitimate interests (to keep you updated about our news)|
|(b) Necessary to comply with a legal obligation|
|To administer and protect our organization and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(e) Technical||(a) Necessary for our legitimate interests (for running our organization, provision of administration and IT services, network security, to prevent fraud and in the context of a reorganisation or restructuring exercise)
(b) Necessary to comply with a legal obligation
|To use data analytics to improve our website, products/services, marketing and communications with you, customer relationships and experiences||(e) Technical
|Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|To make suggestions and recommendations to you about events or surveys that may be of interest to you||(a) Identity
|Necessary for our legitimate interests (to develop our offer)|
We aim to communicate with you about the work that we do in ways that you find relevant, timely, respectful, and never excessive. To do this, we use data that we have stored about you.
We use our legitimate interest as the legal basis for communications by email. You can always opt out of receiving e-mails (by clicking the “unsubscribe” button at the end of each e-mail).
4. Disclosure of your information to third parties
There are certain circumstances under which we may give your personal information to third parties. Third party is an organisation or person other than Oneworld.Expert or you.
The circumstance are as follows:
- To our service providers who process data on our behalf and on our instructions. We require all third parties to respect the privacy of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions. Please note that Mailchimp and Microsoft Office 365 specifically have certified to the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework, which is important as both companies are based outside the EU.
- Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies).
- We may share personal information with our members for specific purposes, such as the organization of an event.
We do not sell personal details to third parties for any purpose.
5. Security of your personal information
We have put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible.
We will not transfer, process or store your data anywhere that is outside of the European Economic Area, unless we have a contractual agreement in place that is of an equivalent standard to GDPR (for example Dropbox, mailchimp, MS O365)
6. How long we keep your information
We will only retain your personal data for as long as necessary to fulfil the purposes we received it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
For example we might be required by a contract with a funding authority for a certain period of time (typicaly when we receive funding to organise an event).
7. Your legal rights
You have rights under data protection laws in relation to your personal information, as follows:
a) Request access to your personal information
You have a right to request a copy of the personal information that we hold about you. Please use the contact details at the end of this policy if you would like to exercise this right, or any of the rights listed below.
If you are a European citizen and consider our use of your personal information to be unlawful, you have the right to lodge a complaint European Data Protection Supervisor, the independent supervisory authority, or your national Data Protection Authority.
b) Request correction of your personal information
You have the right to request that we correct the personal information we hold about you. We may need to verify the accuracy of the new information you provide to us.
c) Request your personal information to be deleted
You have the right to request that we delete or remove personal information where there is no good reason for us continuing to process it.
Please note that we may not always be able to comply with your request if there are specific legal reasons – which will be notified to you at the time of your request.
d) Refusing the processing of your personal information
You have the right to refuse the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
e) Request restriction of processing your personal information
You have the right to request that we suspend the processing of your personal data in the following scenarios:
- if you want us to establish the data’s accuracy;
- where our use of the data is unlawful but you do not want us to erase it;
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
f) Request transfer of your personal information
You have the right to request that the personal information we hold about you is transferred to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
g) Right of appeal to the competent supervisory authority
In the case of violations of data protection law, the person concerned has the right of appeal to the competent supervisory authority. The competent supervisory authority on data protection issues is the National Commission for Data Protection (Comissão Nacional de Protecção de Dados) in Portugal. You will find all information in Portuguese and English at www.cnpd.pt and a complaint form at https://www.cnpd.pt/bin/Duvidas/Queixas_frm.aspx
h) Right to withdraw consent
In circumstances where we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Please also note the following:
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to confirm your identity and your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who should not receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. It it will take us longer, we will notify you and keep you updated.
9. Contact details and further information
Please get in touch with us:
- if you would like to object to us processing your personal information;
- if you have any questions about the information we hold about you;
- If you wish to change your contact preferences:
Phone: 00351-932 760 910
Rua do Casal 12