General Privacy Policy

This General Privacy Policy covers all FPF operations involving the collection, use, disclosure, and other processing of personal information: organizing events, managing relationships with our stakeholders and the public, and the use of our Portal and websites.

Who we are

We are the Future of Privacy Forum and you can find our contact information here. For general questions about how we use your personal information or any requests relating to your information, send an e-mail to [email protected].

At the FPF, we are committed to the use of personal information in a reasonable and responsible manner, and will not collect, retain, use, or disclose personal information for any purpose other than those described in this Policy. We will not collect more information than is needed to accomplish the purposes described in this Policy, and will not retain any information collected longer than is necessary to fulfill those purposes.

What personal information we collect and use

Processing personal information is incidental to our operations. The categories of personal information we process on a regular basis are names (first, last, and nickname), professional affiliation, contact details (including job title, mailing address, and professional email address), brief biographies, and communications you send us.

We also collect personal information from users that access our websites, including users that join our Portal. In addition to the categories described above, we collect information about what content users of our Portal have interacted with and submitted, and users of the Portal may also choose to voluntarily provide us with any the following information in association with a user account: 

1. Social media accounts linked to user account
2. Profile photograph
3. Opt-ins/opt-outs for marketing & working group selections 
4. Working group membership selections
5. A free-text user account bio
6. User-user interactions — posts visible to the community, private “direct messages”, “connection/friends” selections
7. Technical information (browser, IP address, information retrieved through cookies) 
8. Registration for FPF/associated events

We occasionally process travel schedules for our guests and payment information for reimbursements, as well as images of the participants to our events.

As a rule, we obtain personal information directly from you. In limited situations, we also use information we observe about you. This happens when you visit our website, if you accept cookies (see our cookie policy for more details), when we receive information on whether you opened or not the emails with our Newsletters (unless you block this tracking). If you use our Portal, we process information about the content that you have posted and/or interacted with through the use of the Portal. Additionally, FPF collects some personal information about new users of the Portal from FPF stakeholders, where new users are added to the Portal as part of their relationship with FPF.

If you are someone we would appreciate engaging with as part of our core activity, such as a privacy professional, member of the media, or public official, we obtain your contact details and affiliation from third parties or from publicly available sources.

Why and how we use your personal information

We use this personal information to send you communications related to our work, invitations for events or to facilitate your participation to our working groups, for conferences and other events, and to enable your use of the Portal as is described in the Future of Privacy Forum Portal Terms and Conditions.

Our email delivery vendor will use a web beacon which tracks whether recipients have opened the emails we send in order to provide us open rate information about our email communications. Please choose plain text email in order to decline this tracking. We collect information from users of the Portal regarding the submission and sharing of content in order to provide the Portal service. 

Who has access to your data

Sometimes we share your information with our partners. This happens when we co-organize events, panels, or engage in initiatives jointly with other entities. The information we share is limited to name, affiliation and contact information, and exceptionally it may include biographic information.

We also share your information to third parties that are our vendors and process personal information on our behalf and for no other purposes. We use:

• an email delivery service,
• an email and virtual common workplace service provider,
• a provider of cloud services,
• an online conference system provider,
• a Customer Relationship Management service provider,
• an online registration service provider (for participation to events we organize),
• a hosting service for our Portal
• a website analytics provider

All of these service providers are based in the US and are bound by written agreement to use personal information obtained from FPF for FPF purposes only and in accordance with our instructions.
We will share your information with authorities only if the law requires us to.

Analytics

We use Google Analytics to help us understand how people use our website and Portal. We have entered into a data processing agreement with Google, and configured our use of Google Analytics to protect users’ privacy by masking the last octet of visitor IP addresses and disabling data sharing with Google. We use the OneTrust Cookie Management tool to obtain user consent for cookie placement and monitor users’ cookie preferences. Additional information about how Google uses data received from its partners is available here: www.google.com/policies/privacy/partners/.

Retention

We only keep your data for as long as you want to hear from us and stay connected to our work. This period of time varies, so we can’t give you a precise number. As a rule, if you are a newsletter subscriber, we will continue sending you our newsletter until you opt out or our email bounces. In these cases, we will proceed to erasing your email address from our database. If you work for one of our affiliated organizations, we keep your contact information for the duration of the relationship. If you are a registrant for one of our events, we are storing your name and contact details to send you notice of future events, unless you instruct us at registration not to do so. If you are a user of our Portal, we will keep your user account information as long as you maintain an account on the Portal.

You’re in charge

If you want to check with us whether we have your personal information and what personal information we have about you, if you want to correct or update your information or if you want us to erase your contact details, send us an e-mail at [email protected].

Questions regarding use of the Portal should be directed to the Membership Support Team at [email protected].

Are you based in the EU/EEA?

If you are based in the EU or EEA and interact with us, the processing of your personal data (or personal information) may fall under the General Data Protection Regulation. This depends on whether your personal data is processed in the context of us providing you services or monitoring your behavior. All the information above is applicable to you as well. In addition:

Legal bases and purposes

Know that we are the controller of the processing of personal data in relation to conducting our activity. We process your personal data:

• on the basis of your consent when you subscribe to our newsletters, when you request to be included among our contacts for future events or to follow our activity, when we take photos during the events we organize in the EU and when our website places non-essential cookies on your device.
• on the basis of necessity to enter a contract or for the performance of a contract when you provide us information to register for participation to the conferences and other events we organize, or when we create a Portal user account for you, either on behalf of one of our Members and upon your acceptance or upon your request.
• on the basis of our legitimate interests to:
• engage with relevant stakeholders to promote principled data practices in support of emerging technologies, when we obtain your professional contact details, we maintain them and contact you as one of our stakeholders; we’ve balanced your rights and our legitimate interest and we believe that the small amount of personal data we process, the type of data (your professional contact information and your affiliation), your probable expectation to be contacted in relation with your professional expertise, as well as the possibility you have to opt-out of this processing at any time, allow us to rely on our legitimate interests for this processing.
• communicate with the relevant representatives of our Members for the purpose of providing our services; we can rely on this ground, since there is a clear expectation of the relevant representatives of our Members that they will be engaged in our activities and that we will communicate with them.

Your rights

You have the right to obtain access, rectification, erasure, restriction of personal data, portability of personal data and to object to the processing, under the conditions and restrictions laid out in Chapter III of the GDPR. You can also withdraw your consent at any time, when processing is based on consent, as described above. Just send us an e-mail at [email protected] with any request you may have regarding these rights or, if your request relates to processing carried out in the context of the FPF Portal, reach out to us at [email protected]. 

International transfers

We transfer your personal data to the United States whenever you interact with us. The US has not sought, nor obtained adequacy status from the European Union. 

We transfer your personal data on the basis of the derogations in Article 49 GDPR, particularly:

• consent, for newsletter subscribers and certain processing in relation to organizing events – such as collecting and storing images;
• necessity to enter and for the performance of a contract for registration information to participate in our events;
• our compelling legitimate interests to engage with stakeholders to advance our mission and bridge the understanding of the American and European privacy cultures, for obtaining the professional contact details and communicating with stakeholders for sending occasional invitations to events or exchanging information. For this last derogation, we took into account that we only process personal data occasionally, mostly from publicly available sources, concerning a very limited number of data subjects, in a non-intrusive way and posing very limited risks to rights of individuals.

In order to safeguard your personal data, we directly apply the GDPR provisions to your personal data.

As a matter of principle, we do not engage in any onward transfers regarding your data, beyond the access that our processors have to your data. We share personal data with our partners when we organize events jointly. We select carefully our processors and our partners, having regard to their stance related to privacy, and their implementation of mechanisms that ensure lawful transfers of personal data from the EU.  

Concerns

If you have concerns, questions or requests about how we process personal data, write to us at [email protected]. If we will not be able to ease your concerns, you can address them to the data protection Supervisory Authority in your country, pursuant to Article 77 GDPR.

Changes to this Privacy Policy

If we make any material changes to our privacy policy, we will notify you by posting the revised policy with the date of revision on this page and provide notice of this change on our website home page and on the FPF Portal, as applicable. We will duly inform you of any changes via our platform and we will give you the opportunity to express your consent for processing your data for different and new purposes, or we will in any case inform you about the legal basis of such processing other than consent.

Last Updated on September 8, 2021