This policy does not cover the confidentiality requirements of the members’ credit data, which are set out in the Articles of Association, the Data Pool Regulations and the GCD Information Protection Policy.
1.2. Overall Policy:
GCD collects and holds personal data of member delegates and other persons who are interested in GCD’s services. GCD will keep this personal data secure, use it for reasonable business purposes, allow persons to find out what data we have regarding them and remove or correct or modify personal data when reasonably requested by that person.
For the purposes of this document the following definitions shall apply:
GCD means The Global Credit Data Consortium
Users refers to any person whose personal data GCD holds
Members means the members of GCD (financial institutions)
1.4. Data Controller:
For the purposes of GDPR, the data controller is:
The Global Credit Data Consortium
P.O. Box 49
2810 AA, Reeuwijk
Users may request information regarding personal data by contacting firstname.lastname@example.org
1.5. Users Consent:
GCD will make Users aware of this policy. By continuing to use the GCD services, Users acknowledge having read this information and authorise GCD to collect, process and hold their personal data in accordance with this policy.
2. Information Collection and Use
GCD collects limited personal data of our Users in order to provide and improve our services. Among other things, we collect limited personal data so that we can provide you with copies of our educational research, invite you to events, manage registration and payments for events and services, respond to requests or inquiries, and gather statistical information to make our services more relevant to you.
GCD recognizes that in certain instances, the personal data collected can be considered anonymous or pseudonymous: e.g. IP addresses collected via cookies that identify a computer and not necessarily a private person.
2.2. Personal Information Collected
Personal data collected by GCD may include:
• Name, email address, name of employer, job title, photograph, telephone numbers and mailing address
• Invoicing information
• History of information downloaded from GCD websites
• History of membership of GCD committees and working groups
• Communications, such as emails or other correspondence, between the user and GCD
In addition, when you visit our website, we will record “log data,” which is information your browser automatically sends such as the computer's Internet Protocol address, browser type, browser version, the pages of our website that you visit, the time and date of your visit, and the time spent on those pages.
We also use Google Analytics, which is a web analytics service, to gather data about the research products accessed by visitors to our website. We use this information to make our research products more relevant to readers. The IP address of the data subject is abridged by Google and anonymised when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area. Users may block Google Analytics by preventing the setting of cookies through our website, as discussed above, or by downloading and installing a browser add-on under the link https://tools.google.com/dlpage/gaoptout .
3. Storage and Security
GCD is legally based in The Netherlands and the data we hold will be stored on servers at our data hosts or subcontractors in either The Netherlands or Belgium or France. We may also hold limited amounts of personal data through lists created on secure cloud servers. We may also outsource some User contact activities to certain trusted sub-contractors who will be expected to comply with GDPR and applicable personal privacy protection laws.
3.2. Data holding and deletion
Data will be held as long as necessary to meet GCD’s legitimate business interests and/or legal obligations or until we receive a request from the individual to delete his/her data. Data that is necessary to support a chain of contractual or statutory events, such as a register of voters at a General Meeting of Members may not be removed until a certain amount of time has passed.
3.3. Data Security
The security of your Personal Information is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information we store, in order to protect it from unauthorised access, destruction, use, modification, or disclosure. However, please be aware that no method of transmission over the internet, or method of electronic storage is 100% secure and we are unable to guarantee the absolute security of the Personal Information we have collected from you.
3.4. Disclosure to Third Parties
We will disclose your Personal Data when required to do so by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement. Users may be able to see limited amounts of information about other Users from time to time in order to facilitate contact between them. We may disclose lists of Users to our subcontractors from time to time in order to allow them to contact our Users about GCD related activities. These subcontractors will also be expected to comply with GDPR and applicable personal privacy protection laws.
4. Communications and Marketing
We use your contact information to send you educational research, event invitations, statutory information, or other information about our services which we think are relevant for you.
4.2. Opting Out
You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in the emails we send, by replying to any GCD executive with a request to remove yourself from the mailing list, or by email to email@example.com
5. GDPR Rights of Users
Users in the European Union, in Contracting States of the EEA, and as a general principle in GCD, have the right to request access to and rectification of erasure of their personal data, to restrict processing of their personal data or to object to processing. Such Users also have the right to data portability, which is the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine- readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. Such Users also have the right to lodge a complaint with a supervisory authority.
6.1. Children’s privacy
Only persons age 16 or older have permission to access our services. We do not knowingly collect personally identifiable information from children under 16. If you are a parent or guardian and you learn that your children have provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from a child under age 16 without verification of parental consent, we will take steps to remove that information from our servers.