Privacy Policy
1.1 Introduction
POLIS respects the privacy of visitors to its website and seeks to ensure that any personal data that we collect is processed in a secure, responsible manner. POLIS only collects data that is needed to provide a better user experience of our website or membership services.
This policy explains how we process personal data generated by your use of this website. For a specific note on Google Analytics and data collected through it, please head to Risk Assessment Note: Google Analytics Compliance with EU-US Data Privacy Framework Date: [June 2024].
This policy was last updated: 06 June 2024.
1.2 Overview
When you visit this website, a small amount of information concerning your use of it is generated (see our Cookie Policy). If you only browse the website, POLIS does not collect any personal data (i.e. we cannot identify you).
Personal data is collected via the website if you subscribe to one of our services.
1.3 What personal data do we collect and why
POLIS maintains a network of stakeholders active in the field of sustainable urban and regional mobility and innovation in transport. Our website plays a pivotal role in maintaining and expanding our network.
The POLIS website is the gateway to becoming:
- A full or associate member of the network;
- A subscriber to the POLIS news alerts;
- A participant in one of our events or calls who is required to fill in a form to register (e.g. project events using a POLIS form and Call for abstracts for POLIS Conference).
To register or apply for any of these services, you may be asked to provide some personal information (which varies according to the service).
Full and associate members: Application forms for full or associate membership of the POLIS network can be downloaded from our website. You are asked to provide your name, email address, position, VAT number, phone number, and fax number. We need these details to process the membership contract and, subsequently, create your membership profile on our contact management platform and members area. As a member, you will automatically receive our Public newsletter and Members newsletter (InfoPolis) – you can opt out from both by editing your member profile.
POLIS news alerts subscribers: The mandatory fields for subscription include first name, last name, email address, type of organisation, city, and country. This information helps us understand your interests and improve the publications that we send. If you receive a news alert about an event to which you wish to register, details about data protection will be included on the registration form.
Event or call participant who filled out a POLIS form: The fields for registration and submission may vary from event to event and from call to call – whether they are related to a project that POLIS is a partner of or exclusively to POLIS, they usually include first name, last name, email address, type of organisation and position, and city and country of residence. If the registration or submission relates to a project that POLIS is a partner of, you may be redirected to the privacy policy details of the project itself for further information on how (and if) your personal data is also collected by the project. If the registration or submission requires POLIS to include third parties in processing personal data, this would be done under strict joint contractual controllership, ensuring compliance with the legal provisions of the GDPR, exclusively collecting and processing personal data that are strictly necessary for the legitimate conduct of the process, and taking all necessary technical and organisational measures to ensure that the rights of data subjects are guaranteed at all times within the contract between POLIS and third parties.
1.4 How long do we keep your personal data?
Members and associates: Duration is linked to membership. If you cancel or do not renew your membership your account will be deleted, and the personal data will be stored in a secure folder and not further processed, except to comply with legal requirements such as audits. Upon expiration of the membership, or request to withdraw, we will ask you if you still wish to receive emails from us.
POLIS news alerts subscribers: Duration is linked to your subscription. If you unsubscribe, your personal data will be deleted permanently. Details of how to unsubscribe are provided in each news alert.
Event or call participant who filled out a POLIS form: Duration is linked to the event or call timeline. In both cases, your data will be used to contact you with any relevant updates until the event or call comes to completion (post-event communications, such as sharing presentations and event reports, and post-call communications, such as updates on submission results). After the relevant event or call communications are complete, your personal data will be stored in our contact management system but will not be further processed, except to comply with legal requirements. If you wish for your data to be removed from our system after an event or call, you can reach out to the point of contact highlighted in the form to initiate the process or Alexia Collignon (acollignon@polisnetwork.eu) – for project events and calls, please make sure to check the requirements for cancellations related to the project with the project contact highlighted in the form.
1.5 How we protect your data
At POLIS we implement technical and organisational measures to secure your personal data. We have technical security measures to protect against hacking, malware, ransomware, malicious websites, etc.
1.6 Your rights concerning your personal data
To ensure fairness, transparency, and accountability, you are invited to exercise the following rights, free of charge, whenever you think it is appropriate.
Right to review, update, and correct your personal data
You have the right to review and update, correct or remove any of your personal data by sending a request to Alexia Collignon (acollignon@polisnetwork.eu).
By requesting access to your personal data, you will obtain:
- A list of personal data about you held by POLIS and information about where we got it (if it was not obtained directly from you);
- An explanation of the purpose for which your personal data is being processed and an indication of how long we will continue to use your data;
- Details of anyone to whom your personal data have been disclosed (note: we would normally only disclose your personal information if required to by law).
Right to withdraw your consent to the processing
We process your personal data on the basis of your freely given consent. You have the right to revoke this consent at any time for any reason. To do so, please contact Alexia Collignon (acollignon@polisnetwork.eu). After your request has been received, your personal data will be removed from the mailing lists and/or deleted entirely from our database within one month (your data may be stored, but not further processed, in order to comply with possible audits or checks from funding bodies, e.g. the European Commission).
Right to lodge a complaint
In case of any complaint please contact POLIS immediately to resolve the problem. However, please note that you have (at all times) the right to lodge a complaint with the Belgian Data Protection Authority (commission@privacycommission.be).
1.7 Changes to this policy
This privacy policy is reviewed and updated periodically. Any changes to this policy will be communicated to you either via email or a notice on our website.
________________________________
Risk Assessment Note: Google Analytics Compliance with EU-US Data Privacy Framework Date: [June 2024]
Objective: The purpose of this risk assessment is to evaluate potential risks associated with the use of Google Analytics by POLIS, in light of the COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 on the adequate level of protection of personal data under the EU-US Data Privacy Framework.
Background: The EU-US Data Privacy Framework aims to ensure an adequate level of protection for personal data transferred from the European Union to the United States. The Commission Implementing Decision of 10.7.2023 sets out the requirements and standards for such data transfers.
Google Analytics is a powerful tool for understanding website performance, user behaviour, and traffic patterns. However, its compliance with the General Data Protection Regulation (GDPR) has been a subject of concern and controversy, particularly in the European Union. The data protection authorities of several EU countries have weighed in on privacy compliance issues with Google Analytics, with similar complaints that focus on its insufficient protections and data transfer practices.
Use of Google Analytics: POLIS uses Google Analytics, a web analytics service provided by Google, Inc., to analyse website traffic and user behaviour for EU-funded projects and the organisation.
Analytics related to EU-funded projects constitute a fundamental requirement, as often stipulated in documents such as Grant Agreements or Descriptions of Work/Action. In these documents, specific Key Performance Indicators (KPIs) are emphasised, and compliance with these KPIs is mandatory throughout the project’s lifespan. The data collected to fulfil these KPIs is neither sensitive nor published, and it is not used for commercial purposes.
Analytics pertaining to the organisation’s website https://www.polisnetwork.eu/ are employed to enhance the user experience on our website and create content tailored to our users. The data collected to achieve these objectives is non-sensitive, not published, and not used for commercial purposes.
Risk Assessment:
- Data Transfer:
- Risk: The transfer of data to Google Analytics servers in the United States may pose a risk of non-compliance with the EU-US Data Privacy Framework.
- Mitigation: Ensure that POLIS’ use of Google Analytics complies with the requirements outlined in the Commission Implementing Decision of 10.7.2023.
- Data Security:
- Risk: Potential vulnerabilities in data security may expose personal data to unauthorised access during data transfers.
- Mitigation: POLIS respects the privacy of visitors to its website and seeks to ensure that any personal data that we collect is processed in a secure, responsible manner. POLIS only collects personal data that is needed to provide a better user experience of our website or membership services.
- User Consent:
- Risk: Lack of transparency or proper consent mechanisms for users regarding data collection and processing under the EU-US Data Privacy Framework.
- Mitigation: POLIS consistently reviews and updates its privacy policy and cookie banner to align them with the requirements of the Commission Implementing Decision of 10.7.2023.
Conclusion: POLIS is carefully assessing and mitigating risks associated with the use of Google Analytics in accordance with the EU-US Data Privacy Framework. Regular monitoring, updates to agreements, and adherence to data protection best practices are essential to ensure compliance and mitigate potential liabilities.
This risk assessment is a living document and should be reviewed periodically to account for changes in regulations and the evolving use of Google Analytics.