As an Informal Association registered with the Dutch Chamber of Commerce, Union Syndicale Eurojust (hereinafter “USEJ”) is subject to the provisions of the General Data Protection Regulation[1] (hereinafter “GDPR”).
- What is the GDPR?
GDPR[2] is the EU Regulation by which the European Parliament, the European Commission and the European Council intend to strengthen and unify data protection rules within the EU. It regulates the handling by an individual, a company or an organization of personal data relating to individuals in the EU.
- Controller
Union Syndicale Eurojust – USEJ (Johan de Wittlaan 9 2517JR The Hague, The Netherlands)
- Processor[3]
The processor of the personal data on behalf of the controller is the company Binero AB (Gustavslundsvägen 141A, 167 51 Bromma, Sweden).
In order to provide the website and email services, USEJ uses Binero AB as a web-host and email service provider. On behalf of USEJ, Binero AB collects and processes the IP address and use of the USEJ website (i.e. the URL’s visited). Binero AB uses this information in order to provide the abovementioned services and to ensure the security of their services. Binero AB has a certification ISO 27001 to ensure the security of the services they provide and the personal data they handle.
- How USEJ handles your data?
Under GDPR data that relate to a membership of a Trade Union are defined as “special category of personal data” (Article 9 (1)). Any personal data you provide to us is controlled by USEJ and is subject to a high level of protection. We do not share your personal data with any third parties.
- Legal Basis
Your personal data are processed on the basis of Article 6(a) of GDPR. In other words, you have provided us with your freely given, explicit, specific and informed consent.
You have the right to withdraw your consent at any time. If you decide to withdraw your consent, this might prevent us for providing you with some or the full range of our services. However, the withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal.
In addition, USEJ processes your personal data in accordance with Articles 6(b), 6(c) and 6(f). This allows us to comply with our legal obligations, to protect the legitimate interests of USEJ and to provide you with our services as members to the USEJ.
- How we collect and use your data?
As part of its services, USEJ collected the following data:
- Membership Application Form
- Name and surname
- Function group grade
- Signature
- Membership fee
- Function group grade
- Basic salary
- Expense claim
- Name and surname
- Bank account details
- Address
- Email exchanges
- Emails sent to the USEJ functional mailbox are stored on the server(s) of the processor
- Website
- Name and surname of the members of the Executive Committee
- Email of the members of the Executive Committee
- IP address
- URL’s visits
- Communication with individual members or specific group of members
- Name and surname
- Phone number
- Email address
- Office number
- Case work
- Name and surname
- Name and surname of other parties involved, if any
- Phone number
- Office address
- Employment history and details
- Specific data relating to the case
- Electronic newsletter
The personal data we collect and process enables us to supply to you the information about and/or services of USEJ. By joining USEJ, you will be added to the USEJ members email group in order to be kept updated on developments, USEJ campaigns, upcoming events such as seminars and courses or for sending you information about the work of the Executive Committee and the participation of the USEJ in the regular meetings of the USF.
We may also use your information in order to contact you to explore your views on particular matters relating to work conditions and environment within Eurojust or to notify you about important changes and developments.
- What are USEJ obligations under the GDPR?
Under GDPR we are obliged to ensure that:
- Your data are processed fairly, lawfully and in a transparent manner;
- Your data are processed only for specified, explicit and legitimate purposes;
- Your data are kept for no longer than is necessary;
- Your data are:
- Accurate;
- Up-to-date;
- Adequate;
- Relevant;
- Not excessive
- Kept safe
USEJ is fully committed to meet these obligations.
- Storing your information and security
We take all necessary steps to ensure your data are treated securely, confidentially and in accordance with the provisions of GDPR. We employ security measures to guarantee a level of security appropriate to the risks represented by the processing and the nature of the personal data processed. Such measures have been taken in particular to protect your information from unauthorized access or disclosure, accidental or unlawful destruction or accidental loss, or alteration and to prevent any other unlawful form of processing.
Submitted hardcopy membership forms are kept in safe to which only the USEJ Treasurer has access.
Your bank account details are disclosed only to the USEJ Treasurer.
Only the Executive Committee members have access to the USEJ functional mailbox.
- Time limit for keeping your data
Your personal data will be deleted immediately after you have terminated your membership with USEJ. However, if there are ongoing or foreseeable litigation or proceedings at administrative or judicial level, USEJ will continue to process your data until the final closure of those in order to protect its legitimate rights.
Anonymized and pseudonymized data could be kept longer for statistical purposes by the processor Binero AB.
- What are my rights under the GDPR?
Under the GDPR you have the right to:
- Obtain details about how data are processed by USEJ;
- Obtain copies of personal data that USEJ holds on you;
- Have incorrect or incomplete data corrected;
- Have data erased by USEJ, where, for example, we do not have the legitimate reason for retaining the data;
- Obtain data from USEJ and ask for their transfer/transmission to another data controller (data portability);
- Object to the processing of data by USEJ in some circumstances;
- Not to be subject (with some exceptions) to automated decision making, including profiling.
Further details could be found on the official website of the Dutch Data Protection Authority[4].
- Are your personal data transferred outside the EU?
No, no data held by USEJ is held or transferred outside the EU.
- Who should you contact about your personal data held by USEJ?
If your personal data changes or you find that any of the personal data we hold about you is inaccurate, please inform us about the relevant changes as soon as possible by contacting us at info@usej.eu.
Requests for access, rectification, blocking, erasure and objection are handled within 15 working days after the request has been deemed legitimate.
If the contact with USEJ does not resolve your query or concern, please contact the Dutch Data Protection Authority. Contact details are available here.
Please check this
statement regularly and read it carefully for updates.
[1] OJ L 119/1 – 4.5.2016
[2] Regulation (EU)2016/679
[3] A processor is a legally separate entity that process personal data on behalf of the controller, meaning under the instructions and supervision of the latter.
[4] The website is available in both English and Dutch. However, you could find more detailed information about data protection on the Dutch version of the website.