The purpose of this policy
To fulfil our aims and objectives we need to communicate with a range of people in a variety of ways: face to face, via post, telephone or electronic mail, on social media and through our public website and Member Area. To be effective, we need to collect and store data provided to us by the people we interact with and who interact with EAZA. This data will always and only be used to further the EAZA Vision: To be the most dynamic, innovative and effective zoo and aquarium membership organisation in Europe and the Middle East.
What is personal data?
Article 4(1) of the GDPR identifies personal information as ‘any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier…’An identifier could be a name, email address, telephone number, social media handle, photograph, address, payment details, organisational affiliation etc.
What personal data do we collect?
We collect data you knowingly and voluntarily give to us, including information you provide when you: become an EAZA Member, manage a population management programme, become a member of a Committee or Working Group, register for the EAZA Member Area, sign up for our newsletters, enrol on an EAZA Academy course, complete an EAZA survey, provide details for invoicing and payments, attend one of our events, subscribe to Zooquaria magazine, or interact with us on social media.
This data may include:
- Personal details (name, email address, telephone contacts and postal address)
- Organisational affiliation and job title
- Financial information, such as bank account details
- Details of your dietary requirements
- Username and comments you make on our social media sites
EAZA commits to the principles of the GDPR in that we
- collect the absolute minimum of personal data in relation to the purpose for which they are processed;
- take every reasonable step to ensure that personal data are always kept up-to-date;
- erase or rectify inaccurate personal data without delay;
- take security measures which ensure protection against unauthorized or unlawful processing.
Why do we collect personal data?
To achieve our Vision to a dynamic, innovative and effective zoo and aquarium membership organisation we need to keep our members, and the partners we work with, up-to-date with our work. We need to offer opportunities for effective and easy communication with those who are essential to our work.
Our legal basis for the collection and processing of personal data is based on and consent. We view providing information about EAZA Members and EAZA activities as an essential part of being an effective membership organisation.
Credit, Debit and bank account information
We do not retain credit and debit card details following the purchase of tickets at events, charity auction items or event merchandise, once the transaction and legal accounting procedures are complete. We keep bank account information for grantees and suppliers so that we can fulfil contractual payments. We also keep bank account details for donors so that we can collect direct debits in accordance with direct debit mandate rules. Once any such arrangement is terminated, EAZA will delete bank details for donors. The legal basis for processing this information is ‘Contract Performance’.
How long does EAZA store your data for?
We keep your data for the time necessary to accomplish the aims and objectives linked to achievement of the EAZA Vision. Once this goal is achieved, we either delete or anonymize them.
You always have the possibility to control your personal data and can contact us at any time to ask what information we hold on you and to update it or ask us to delete it. Any recipient can unsubscribe from our newsletters by using the ‘Unsubscribe’ option in the email or by contacting us on email@example.com stating which service they wish to unsubscribe from. If you would no longer like your data to be stored then please send an email to firstname.lastname@example.org giving your full name, address and email stating your ‘right to be forgotten’.
This website does not use or install cookies or related files.
Once we have received your information it will be stored electronically and is managed in accordance with our Data Protection Policy following strict control and security procedures to prevent any unauthorised access. We will keep your data for as long as we consider it necessary to carry out our activities, taking into consideration legal, taxation and accounting requirements.
All data is held on servers where every effort is made to make it secure.
Who has access to your data?
Our employees have access to it only to the extent necessary to achieve the aims and objectives linked to the EAZA Vision, Mission and other clearly publicly stated goals. Each of them is subject to a strict obligation of confidentiality. Information provided consensually by Member institutions and other users for use on the Member Area of the website can be accessed by EAZA Members of all categories and approved third parties who have signed a non-disclosure agreement (NDA) only. The approval of these third-party users and the responsibility for ensuring that they have signed an NDA rests with the EAZA Executive Office; EAZA is not responsible for the accidental or deliberate breaching of the terms of the Member Area protected website by users, however, any such breach will result in an investigation and sanctions against the culprit, including the possible referral of the case to local police or other appropriate authority.
Sharing data with third parties to fulfil legal or contractual obligations
We may need to pass on information if required by law or by a regulatory body. For example, information to registered auditors, or to fulfil an information request by a law enforcement agency.
Does EAZA transfer your data outside the EU?
Personal data for public access website users (if any) should be retained in the EAZA Executive Office and not transferred. User data for the protected Member Area website may be transferred to non-EU users only if they have signed the NDA. In certain specific cases, EAZA will share Member Area information with GDPR compliant organisations outside the EU, such as with Species360, to allow for the continued functioning of EAZA administered population management and other programmes. Member Area users participating in such programmes are assumed, through their participation in these programmes, to have provided their assent to such sharing of their information.
What is the policy concerning minors?
Our websites are not specifically targeted to minors. While we do not collect personal information from the public area website, if you learn that your child has provided us with their personal data without your consent, contact us at the following address: email@example.com
Applying for a job at the EAZA Executive Office
If you apply for a job with us, and you provide personal data such as the information on your CV or Application Form, we will process and store the personal data we collect to:
- Support the recruitment and selection process
- Answer any questions you may have
- Use third parties to provide services such as references, qualifications, verification of information you have provided, health screening and psychometric evaluation or skills tests
- Undertake checks on criminal convictions
- Provide anonymised data to monitor compliance with equal opportunities policy.
If you work for the EAZA Executive Office via an organisation that EAZA has a contract with, we commit to ensure that the organisation is also compliant with GDPR regulations.
If you submit your personal information to a job board, online recruitment tool, social media platform, headhunting agency etc. your details could then be passed to EAZA. We recommend that you ensure you have given your consent to that organisation who may share your data. If we receive your details via a third party and are unclear about consent, we may either check with you before using your data further or fully delete the information.
If you do not join us as an employee for any reason, your data will be stored for up to seven years. The legal basis we use for processing your data if you apply for a job is ‘Consent’.
EAZA uses a third-party application called Campaign Monitor, which is an email marketing tool, to send out newsletters and occasional communications. This tool allows us to monitor very basic information such as the links subscribers to our newsletter visit, how many times they open the newsletter and when a user unsubscribes. This helps us to understand which stories are of most interest to our supporter base and to adjust the content we include accordingly. Your presence on our mailing list is by your consent only, either in the form of direct consent, or as a result of your subscription to one or more service(s) provided via this platform.
Our websites contain links to external websites. EAZA is not responsible for the privacy practices and content of those sites and cannot guarantee that content linked to will always be available.
Questions and feedback
Changes to this policy