GCD Personal Privacy Policy

1.            General

1.1.        Introduction:

GCD is committed to the privacy of its members (financial institutions), of their representatives (Users) and of third-party associates who use GCD’s services and to complying with relevant Personal Privacy Protection Laws (“PPPL”) or equivalent worldwide, including and not limited to the European Union’s General Data Protection Regulation (“GDPR”), the Australian Privacy Principles (“APP”), the Canadian Privacy Act (“CPA”) and Personal Information Protection and Electronic Documents Act (“PIPEDA”), etc.  This Privacy Policy describes the ways in which GCD collects and uses personal data.
This policy does not cover the confidentiality requirements of the members’ credit data, which are set out in the Articles of Association, the Data Pool Regulations and the GCD Information Protection Policy.

1.2.        Overall Policy:

GCD collects and holds personal data of member delegates and other persons who are interested in GCD’s services.  GCD will keep this personal data secure, use it for reasonable business purposes, allow persons to find out what data we have regarding them and remove or correct or modify personal data when reasonably requested by that person.

1.3.        Definitions:

For the purposes of this document the following definitions shall apply:

GCD means The Global Credit Data Consortium

Users refers to any person whose personal data GCD holds

Members means the members of GCD (financial institutions)

1.4.        Data Controller:

For the purposes of GDPR, the data controller is:

The Global Credit Data Consortium

P.O. Box 49

2810 AA, Reeuwijk

The Netherlands

Users may request information regarding personal data by contacting secretary@globalcreditdata.org

1.5.        Users Consent:

GCD will make Users aware of this policy.  By continuing to use the GCD services, Users acknowledge having read this information and authorise GCD to collect, process and hold their personal data in accordance with this policy.

2.            Information Collection and Use

2.1.        Purpose

GCD collects limited personal data of our Users in order to provide and improve our services.  Among other things, we collect limited personal data so that we can provide you with copies of our educational research, invite you to events, manage registration and payments for events and services, respond to requests or inquiries, and gather statistical information to make our services more relevant to you.
GCD recognizes that in certain instances, the personal data collected can be considered anonymous or pseudonymous: e.g. IP addresses collected via cookies that identify a computer and not necessarily a private person.

2.2.        Personal Information Collected

Personal data collected by GCD may include:

•          Name, email address, name of employer, job title, photograph, telephone numbers and mailing address
•          Invoicing information
•          History of information downloaded from GCD websites
•          History of membership of GCD committees and working groups
•          Communications, such as emails or other correspondence, between the user and GCD

In addition, when you visit our website, we will record “log data,” which is information your browser automatically sends such as the computer's Internet Protocol address, browser type, browser version, the pages of our website that you visit, the time and date of your visit, and the time spent on those pages.
To facilitate efficient use of our website, we also use “cookies.”  Cookies are files with a small amount of data, which may include an anonymous unique identifier.  Cookies are sent to your browser from a website and transferred to your device.  We use cookies to collect information in order to improve our services for you.  You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.  The Help feature on most browsers provides information on how to accept cookies, disable cookies, or notify you when receiving a new cookie.  If you do not accept cookies, please note you may not be able to use some features of our website.
We also use Google Analytics, which is a web analytics service, to gather data about the research products accessed by visitors to our website.  We use this information to make our research products more relevant to readers.  The IP address of the data subject is abridged by Google and anonymised when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.  Users may block Google Analytics by preventing the setting of cookies through our website, as discussed above, or by downloading and installing a browser add-on under the link https://tools.google.com/dlpage/gaoptout .

3.            Storage and Security

3.1.        Location

GCD is legally based in The Netherlands and the data we hold will be stored on servers at our data hosts or subcontractors in either The Netherlands or Belgium or France.  We may also hold limited amounts of personal data through lists created on secure cloud servers.  We may also outsource some User contact activities to certain trusted sub-contractors who will be expected to comply with GDPR and applicable personal privacy protection laws.

3.2.        Data holding and deletion

Data will be held as long as necessary to meet GCD’s legitimate business interests and/or legal obligations or until we receive a request from the individual to delete his/her data.  Data that is necessary to support a chain of contractual or statutory events, such as a register of voters at a General Meeting of Members may not be removed until a certain amount of time has passed.

3.3.        Data Security

The security of your Personal Information is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information we store, in order to protect it from unauthorised access, destruction, use, modification, or disclosure.  However, please be aware that no method of transmission over the internet, or method of electronic storage is 100% secure and we are unable to guarantee the absolute security of the Personal Information we have collected from you.

3.4.        Disclosure to Third Parties

We will disclose your Personal Data when required to do so by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement.  Users may be able to see limited amounts of information about other Users from time to time in order to facilitate contact between them.  We may disclose lists of Users to our subcontractors from time to time in order to allow them to contact our Users about GCD related activities.  These subcontractors will also be expected to comply with GDPR and applicable personal privacy protection laws.

4.            Communications and Marketing

4.1.        Contact

We use your contact information to send you educational research, event invitations, statutory information, or other information about our services which we think are relevant for you.

4.2.        Opting Out

You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in the emails we send, by replying to any GCD executive with a request to remove yourself from the mailing list, or by email to secretary@globalcreditdata.org

5.            GDPR Rights of Users

Users in the European Union, in Contracting States of the EEA, and as a general principle in GCD, have the right to request access to and rectification of erasure of their personal data, to restrict processing of their personal data or to object to processing.  Such Users also have the right to data portability, which is the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine- readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.  Such Users also have the right to lodge a complaint with a supervisory authority.

6.            Other

6.1.        Children’s privacy

Only persons age 16 or older have permission to access our services.  We do not knowingly collect personally identifiable information from children under 16.  If you are a parent or guardian and you learn that your children have provided us with Personal Data, please contact us.  If we become aware that we have collected Personal Data from a child under age 16 without verification of parental consent, we will take steps to remove that information from our servers.

6.2.        Changes to this Personal Privacy Policy

This Privacy Policy is effective as of 13 June, 2018 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on our member website.

We reserve the right to update or change our Personal Privacy Policy at any time and you should check this Personal Privacy Policy periodically.  Your continued use of the Service after we post any modifications to the Personal Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Personal Privacy Policy.

If we make any material changes to this Personal Privacy Policy, we will notify you either through the email address you have provided us or by placing a prominent notice on our website.
If you have any questions about this Personal Privacy Policy, please contact us at 
secretary@globalcreditdata.org