- ESCA’s members, volunteers, subscribers, and donors;
- ESCA’s website visitors and any third parties following our association such as individuals registered to receive our newsletter, events or other information.
We collect information directly from you through various means including when you register as a member or volunteer, subscribe to one of our services, enquire about our fundraising activities, make a donation, sign up for our newsletter, or register for an event.
We also collect information from you while monitoring our technology tools and services, including our website and email communications sent to and from us. Information we may collect includes contact details (name, address, email address, phone, etc.) and the reason for contacting ESCA.
In addition, when you have expressly given us your explicit consent, we may also collect health and treatment information. You will be expressly informed of the intended collection and processing of such sensitive personal information and the purposes.
ESCA may also collect Personal Information from other sources (including personal references and family members) with the consent of the individual or where permitted or required by law or is publicly available.
COOKIES & ANALYTICS
We also gather general information about the use of our website, in particular which pages users visit most often. We may also track popular links and use this information to personalise the way our website is used to improve the service we provide to users.
HOW WE USE INFORMATION COLLECTED
Your Personal Information will only be used to process your requests, to provide you with our services, and to provide you with information relating to our services and other related services which we think you may be interested in.
You will be asked to give your consent for any collection and processing of your Personal Information by ESCA for a specific purpose expressly indicated in the consent form. In particular, with regard to volunteers or potential employees we may use Personal Information determining an individual’s suitability to be in a position of trust, including the handling of cash or working with vulnerable persons. We also use information for internal administrative purposes such as accounting and anonymised statistics to help us to understand how we can improve our services and meet the needs of people that require our help.
Where the Personal Information includes sensitive information (i.e. health and treatment information), you will be asked to give your explicit consent for the collection and processing of such information for a specific purpose expressly indicated. Should you choose or are required as part of our support programmes to provide us with your health information, ESCA does not collect or use this information to provide you with opinions or endorse any particular treatment option or course of action, nor do we use this information to make decisions on your behalf or provide you with medical referrals or advice.
Please note that we will take appropriate technical and organisational measures to help protect your Personal Information from unauthorised access, use, disclosure, alteration or destruction consistent with applicable data protection laws.
HOW LONG DO WE RETAIN YOUR PERSONAL INFORMATION
We will not keep your Personal Information for any longer than is necessary in light of the purpose(s) for which it was first collected. Your Personal Information will therefore be deleted when it is no longer reasonably required for the permitted purposes, in particular when you do not re-subscribe to our services or you withdraw your consent, and we are not legally required or otherwise permitted to continue processing or storing such information.
WHERE WE STORE AND PROCESS PERSONAL INFORMATION
Your Personal Information is held in ESCA’s office located in Geneva (Switzerland) and hosted on servers located within the EU. We use highly regarded software for our business operations compliant with the applicable laws and regulations, in particular the GDPR and the Federal Data Protection Act.
Your Personal Information is not made available to any third parties located outside the EU. We may use the software MailChimp located in the US to communicate with you. MailChimp has self-certified to both the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield regimes – which have been recognized as providing adequate protection of personal data – and therefore guarantees an adequate level of protection of your Personal Information.
DISCLOSURE OF PERSONAL INFORMATION
Information held by ESCA relating to you will be kept confidential. We only disclose your personal information with contractors where absolutely necessary for the provision of services or business operations and where appropriate contractual and security arrangements are in place.
All ESCA staff, volunteers and contractors are bound by confidentiality agreements and only authorised members of staff have access to our records to ensure confidentiality and security of your Personal Information.
Please note that we may also give access to your Personal Information to any national and/or international regulatory, enforcement or exchange body or court where we are required to do so by applicable law or regulation or at their request.
YOUR RIGHTS REGARDING YOUR PERSONAL DATA
We want to ensure you have control over how your Personal Information is used. As a result, you have the right to:
- be informed about what Personal Information is being collected and for what purpose;
- be provided with a copy of your Personal Information we process;
- to have your Personal Information rectified if any information held by us is inaccurate or incomplete;
- to “be forgotten” – that is the right to have your Personal Information deleted;
- to restrict (i.e. prevent) the processing of your Personal Information (e.g. if you contest the accuracy of the information);
- to receive the Personal Information you provided to us, in a structured, commonly used a machine-readable format and/or transmit the information to a third party;
- to object to us using your Personal Information for a particular purpose or purposes;
- where the processing is based on consent, withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing of yourPersonal Information based on consent before your withdrawal.
Please note that the above rights can be limited – for example, where we need your Personal Information to comply with law or assert or defend legal claims or have other compelling legitimate grounds for the processing that override your interests, rights and freedoms. If you object or restrict to the processing of your Personal Information, or withdraw your consent previously given, we will therefore respect that choice to the extent required or otherwise permitted by law.
REQUESTS TO EXERCISE YOUR RIGHTS RELATED TO YOUR PERSONAL DATA
Any requests relating to the exercise of your rights, including requests for access and correction of any information or if you would like information deleted from our records, such requests should be sent to firstname.lastname@example.org.
For more information please contact our Data Protection Officer:
Mail: ESCA CancerSupport, 150 route de Ferney, CP2100 Geneva 2
Tel: 022 791 6305. Email: email@example.com
You may also contact our Representative located within the EU, in France:
As previously indicated, in addition to this general consent, you will be asked to freely give your consent for any collection and processing of your Personal Information by ESCA for a specific purpose expressly indicated in the relevant consent form.