Privacy & Data Protection
1. General notice
This policy applies to the following websites that are operated or controlled by IAB Europe:
IAB Europe processes personal data in accordance with applicable data protection legislation, in particular the General Data Protection Regulation (EU) 2016/679 (the “GDPR”).
2. Data controller
3. Data collected
3.1 Collection of personal data
IAB Europe collects or obtains personal data from its Members and Users from the following sources:
- IAB Europe obtains personal data when those data are provided by Users or Members (e.g., where a User or Member contacts IAB Europe via email or telephone, or by any other means);
- IAB Europe collects or obtains personal data in the ordinary course of its relationship with its Members and Users (e.g., when IAB Europe provides a service to Members or Users);
- IAB Europe collects or obtains personal data that its Members and Users manifestly choose to make public, including via social media (e.g., IAB Europe may collect information from its Members’ and Users’ social media profile(s));
- IAB Europe collects or obtains personal data when its Members and Users visit the Websites or use any features or resources available on or through the Websites;
- IAB Europe collects or obtains personal data when its Members and Users use, or register to use, the Websites or any Services;
- IAB Europe also creates personal data about its Members and Users in certain circumstances, such as records of IAB Europe’s Members’ and Users’ interactions with it.
3.2 Personal data processed by IAB Europe
IAB Europe processes, for the purposes listed in Section 4, the following types of personal data:
- Identification data, e.g. user name, password, real name and first name, email address and professional contact details;
- Employer details, e.g. where a User or Member interacts with IAB Europe in their capacity as an employee of a third party, the name, address, telephone number and email address of the employer, to the extent relevant;
- Views and opinions, e.g. any views and opinions that a User or Member chooses to send to IAB Europe, or publicly post about IAB Europe on social media platforms;
- Information provided by applicants, such as their CV; and
- Any other information voluntarily transmitted to IAB Europe by the Member for a specific purpose.
3.2.1 « Cookies »
3.2.2 Data recorded on our servers
When the User or the Member accesses the Websites, the relevant servers automatically record the following data which are not made visibleon the Websites: the type of domain from which the User or the Member connects to the Internet, the IP address allocated to them (at the moment of the connection), the date and time of access to the Site, the pages viewed and the activities undertaken, the type of browser used, the platform and/or the operating system used, the search engine and the keywords used to find the Websites.
4. Purposes of the data processing and legal bases for the processing
4.1 General purposes
The purposes for which IAB Europe may process the personal data of its Users and Members, subject to applicable law, include:
- Provision of the Websites and Services: providing the Websites to Users and Members; providing Users and Members with promotional items at their request; and communicating with Users and Members in relation to those services;
- Improving the Websites and services: identifying issues with the Websites or services; planning improvements to the Websites or services; and creating new websites, or services;
- Marketing communications: communicating with Users and Members via any means (including via email, telephone, text message, social media, post or in person) news items and other information in which they may be interested, subject to ensuring that such communications are provided to Users and Members in compliance with applicable law;
- Communications and IT operations: management of IAB Europe’s communications systems; operation of IT security; and IT security audits;
- Legal compliance: compliance with IAB Europe’s legal and regulatory obligations under applicable law;
- Recruitment and job applications: recruitment activities; advertising of positions; interview activities; analysis of suitability for the relevant position; records of hiring decisions; offer details; and acceptance details.
4.2 Sensitive personal data
IAB Europe does not seek to collect or otherwise process Sensitive Personal Data in the ordinary course of its business. Where it becomes necessary to process Sensitive Personal Data of our Users or Members for any reason, IAB Europe will only do so in compliance with the law.
4.3 Legal bases for processing
- The processing is necessary for the performance of a contract to which the User and or Member is a party;
- The processing is necessary for IAB Europe’s legitimate interests, as set out herein;
- IAB Europe is required to comply with a legal or statutory obligation in the EU or a Member State.
5. Transfer to third parties
We may provide your personal data to companies that provide services to help us with our business activities (‘data processors’). These companies are authorized to use your personal data only as necessary to provide these services to us.
IAB Europe transmits the personal data of its Users or Members to third-party services to the extent to which these data are required for the performance of the relevant Services. Any such partner will not communicate these personal data to third parties, except in the following situations: (i) if and to the extent that this communication is necessary for the contract’s performance, and (ii) if the partner is obliged to communicate certain information or documents to a public authority, as required by law, such as to comply with a subpoena, or similar legal process and (iii) if IAB Europe is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/ or prominent notice on our Websites of any change in ownership or uses of your personal data, as well as choices you may have regarding your personal data. The communication of information to the persons set out in point (ii) shall, in any case, be limited to that which is strictly necessary or required by applicable law.
If IAB Europe engages a third-party processor to process personal data of its Users or Members, the processor will be subject to binding contractual obligations to: (i) only process the personal data in accordance with IAB Europe’s prior written instructions; and (ii) use measures to protect the confidentiality and security of the personal data; together with any additional requirements under applicable law.
6. International transfer of personal data
Some of our data processors are located outside the EU (‘third countries”). Certain third countries have been officially recognized by the European Commission as providing an adequate level of protection. You can find the list of these countries here. Transfers to our data processors located in other third countries take place using an acceptable data transfer mechanism, such as the Privacy Shield for transfers to self-certified US organizations, the EU Standard Contractual Clauses, Binding Corporate Rules, approved Codes of Conduct and Certifications or, in exceptional circumstances, on the basis of permissible statutory derogations.
IAB Europe uses physical, technical and administrative measures to protect the Users’ information against loss, theft and unauthorized use, disclosure or modification. While IAB Europe strives to protect the information it maintains, it cannot guarantee or warrant the security of any information that the Users transmit to us since no method of data transmission or storage is 100% secure.
7. Storage periods
IAB Europe will only retain the Users’ and Members’ personal data for as long as necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.
The determination of the appropriate retention period for the Users’ personal data is based on the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your it and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances IAB Europe may anonymise the User’s personal data so that it can no longer be associated with the User, in which case it is no longer considered personal data.
Upon expiration of the applicable retention period IAB Europe will securely destroy the personal data in accordance with applicable laws and regulations.
8. Data subjects’ rights
Any Member may, at any time, have access to their personal data and correct them through the thumbnail “Edit Profile”, within the “Members – Account” menu on the Websites (or at the following address: https://iabeurope.eu/profile/edit by using their username and password).
The User or the Member may also request access, ask for rectification and for deletion of their personal data, except those which IAB Europe are legally obliged to retain, from IAB Europe’s database by addressing a written request, accompanied with, to the data controller at the following address: IAB Europe, 1040 Brussels (Belgium), Rond-Point Schuman, 11. Any User or Member may request to have their personal data transferred to another controller, in a structured, commonly used and machine-readable format.
Any User or Member may request restriction of processing of their personal data.
Where IAB Europe processes a User or Member’s personal data on the basis of consent, the User or Member has the right to withdraw that consent (although this withdrawal does not affect the lawfulness of any processing performed prior to the date on which IAB Europe receives notice of such withdrawal, and does not prevent any processing of personal data on any other available legal bases).
IAB Europe will then take all necessary steps to satisfy such request with expediency.
Any User or Member has the right to lodge complaints regarding the processing of their personal data with a data protection authority (which can be any of the data protection authority of the EU Member State in which they live, or in which they work, or in which the alleged infringement occurred).
Subject to applicable law, each User or Member may also have the following additional rights regarding the processing of their personal data:
- the right to object, on grounds relating to their particular situation, to the processing of their personal data by IAB Europe or on its behalf; and
- the right to object to the processing of their personal data by IAB Europe or on its behalf for direct marketing purposes.
9. Persons under the age of 16
Persons under 16 years old and persons who do not have full legal capacity are not allowed to use the Websites, and must not provide their personal data to us. IAB Europe does not knowingly collect or store personal data about children under the age of 16, unless permitted by law. If IAB Europe learns that it has collected personal data from a child under age 16, it will delete that information from its database.
10. Additional Information
We display personal testimonials of satisfied members on our Websites in addition to other endorsements. With your consent we may post your testimonial along with your name, but we will always check that you are happy for us to do so first. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org.
10.2 Links to 3rd Party Sites
11. Contact Us
Rond-Point Robert Schuman 11
+32 2 256 75 10
Last Updated: 25 April 2019