Data Security Statement
The European Council of Autistic People z.s. (EUCAP)
Storing and processing data
The objectives of EUCAP require the storage and processing of personal details.
This policy document describes
- what data is stored and processed
- how data is stored and processed
- the procedures a person can follow to access, change or delete their own data, and to deal with any problems that might arise.
1) The purposes of storing and processing personal data
EUCAP needs to be able to keep in touch with its Executive Board members, representatives of its member organisations, individual members, volunteers participating in EUCAP projects and campaigns, and contact persons for organisations that collaborate with EUCAP.
For these purposes, we store personal data that such individuals provide upon request.
EUCAP occasionally sells products and services. We store and process the names and other contact information needed for the handling of orders and purchases, entered through online forms or sent to us by email.
EUCAP occasionally conducts surveys. Data submitted on survey forms is collected and analysed anonymously, unless otherwise stated in the information provided with the survey.
2) The types of personal data processed by EUCAP
The following types of data are typically collected by EUCAP. Other similar types of data not mentioned in this list may also be collected and processed.
Executive Board members and official representatives of member organisations: Name, date of birth, contact details (mail, address, telephone).
Volunteers, including secretary team members, speakers, campaign team members and equivalent: Name, contact details (mail, address, telephone), data related to the tasks the person performs.
Other: contact details of the representatives of any organisation that collaborates with EUCAP can be stored.
Survey respondents: A variety of data provided anonymously by participants in response to survey questions. The types of data vary, and some surveys may involve sensitive data on issues such as income, social status, political views, health, disabilities, disability related services, adjustments and benefits.
EUCAP does not collect, store or process IP addresses, browser history, or comparable types of data from anyone involved with the organisation.
3) Sharing personal data
EUCAP will not publish, make available or share personal data with individuals or organisations outside EUCAP, with the following two exceptions:
- With Executive Board members’ consent, certain personal data is shared with Czech government authorities for the purposes of record-keeping and monitoring the organisation, as required by Czech law.
- Data provided to EUCAP for the purpose of public sharing, such as details a person provides about themselves as a public speaker, an interviewee for a public article, or any comparable role.
Even if a person has given permission to share or publish their personal data, they can request EUCAP to stop sharing such data at any time.
4) Sensitive personal data
EUCAP considers the following and other comparable categories of data to be sensitive:
- medical data including all types of diagnoses
- data concerning undiagnosed impairments and health issues
- data concerning disability services and benefits
- data about disability-related adjustments
- data concerning employment or incom
- data concerning gender and sexual orientation
- data concerning political or religious views
- participant category / type of fee paid for any EUCAP event
- all communication about these.
5) Devices, accounts and retention period
Data may be stored on personal computers and external memory devices that are password protected and have adequate anti-virus and anti-malware protection.
Data may be processed and temporarily stored on accounts provided by GDPR compliant service providers.
Data is kept for as long as is necessary for the processing of each task, or as long as legally required by for the purposes of accounting, taxation, auditing and monitoring.
Data about former Executive Board members, member organisation representatives and people in comparable long-term roles will be deleted within a year of relinquishing their roles.
Data about event participants, short-term volunteers and people in comparable roles will be deleted within two months of the end of participation or active volunteer role.
Data about individuals who make purchases from EUCAP, sell goods or services to EUCAP, or engage in a comparable role, will be deleted within two months of the interaction from records other than those kept for accounting purposes.
Data about participants in surveys, polls and comparable activities and projects will be deleted as described in the paricipant information for each activity or project.
6) Service providers
EUCAP works with third parties that provide services. These service providers also manage or process personal data. EUCAP cannot accept any liability for any incorrect processing of personal data by these service providers. EUCAP only uses service providers that are GDPR compliant. EUCAP is committed to monitoring, updating and maintaining its accounts with these providers in such a way that no security risks arise due to our action or inaction.
7) EUCAP volunteers and data handling
EUCAP works with volunteers. Some of these volunteers work with personal data.
All EUCAP volunteers are informed about our data security policy and instructed in careful handling of personal data. The volunteers only get access to personal data of the EUCAP activity in which they are directly involved.
All volunteers are required to sign an agreement to indicate they understand this policy and will adhere to GDPR requirements.
8) Viewing, changing and deleting personal data
People can request access to their personal data, have their data changed or have it removed. Please send an email to email@example.com
Any concerns about this policy and the processing of personal data by EUCAPcan be addressed by contacting our data security officer. Please send an email to firstname.lastname@example.org