Personal Data Protection Policy
This Personal Data Protection Policy Statement sets out how the ECO uses and protects any personal information that you have provided.
We would like you to read this Policy Statement carefully as it contains important information about how and why we collect, use and disclose your personal data. You have our assurance that it will only be used in accordance with this statement.
Your Personal Data
Your record includes the information you provided as a visitor to our website, a member of ECO or a regular worshipper at our services. Any information provided by you may be used to update your record. When providing your data to us, we rely on you to ensure that it is complete and accurate in order for us to maintain data accuracy.
Your personal data collected is limited to administrative purposes and what is necessary to facilitate the carrying out of activities by us. It will be kept confidential and will be used strictly for our own purposes only. We do NOT share your personal data with external parties.
Please note that the French Authorities with responsibility for the oversight of the Associations Cultuelles in France have the right to inspect our membership and financial records
Worship Broadcast On Zoom and YouTube
If you join us at a Zoom Service, because these are recorded and placed on YouTube, your image as played through your webcam and your identification details provided to Zoom will be visible to the public for an indefinite period. Participants in our services have the option to participate via a YouTube stream in which you remain totally anonymous. Joining in a Zoom videoconference will be taken as your consent to have your image and identity streamed and recorded. These details are treated as being in the Public Domain and cannot be erased later.
ECO has put in place a number of security measures and physical, technical and administrative procedures to minimize the risk of unauthorized access or disclosure and unlawful destruction, loss or alteration, and also to ensure the appropriate use of information.
Subject Access Requests
At present, ECO is not holding any personal data about you other than the contact details that you provide directly. When and if we do hold any personal data in the future, if you wish to view your personal data being held by ECO, you should contact our Data Protection Officer (please see below). We reserve the right to ask you to verify your identity before supplying you with the information you have requested. We will make a disclosure of your data within one month or confirm that no data is held. We reserve the right to refuse your request or levy a charge for processing your request if the request is manifestly unfounded or excessive and particularly if it is repetitive. You must send your request to the ECO Data Protection Officer (known in France as the Correspondant Informatique et Libertés (CIL)). Please send an e-mail to email@example.com
Our Regular Notices
We reserve the right to decline to add any individual to our notices mailing list and/or to remove any individual from our notices mailing list at any time. We may require you to confirm your consent to receive our notices before adding you to a mailing list.
If you have subscribed to our mailing lists, we may use your email address to forward information about events and activities organised by ECO as well as details of our worship. We may also circulate details of worship or events organised by other organisations which we believe will be of interest to you. We will under no circumstances provide your contact details to any other organisation without your prior consent. Persons sending out notices have no access to information about membership of the mailing lists unless this is specifically authorised by our Conseil d’Administration.
If you believe that your personal information in our database is incorrect or incomplete, you may write to our Correspondant Informatique et Libertes (Data Protection Officer), firstname.lastname@example.org stating your full name, contact information and the details of your requested correction/update.
We will update any information found to be incorrect within 30 days. We reserve the right to verify your identity before making any amendments.
To opt out of receiving further communications from ECO, please email your request us at email@example.com.
Please note that if you chose to opt out, we might not be able to stay in touch with you. In your request, please state your full name, including your contact information. Your request will be processed as quickly as possible and always within 1 month. We reserve the right to verify your identity before processing your request.
Your Right To Be Forgotten
In some circumstances, where we do not have a legal obligation to retain information about you (e.g. financial records of donations which may be subject to inspection by tax authorities), you have the right to have all information concerning you deleted from our records.
To exercise this right, as opposed to simply opting-out of receiving further information, please contact firstname.lastname@example.org
Please note that there are various categories of data which must be retained in compliance with French Civil Law, as well as for other legal purposes, for different periods of time. Your right to be forgotten does not over-ride our obligations in respect of these. Exercise of your right to be forgotten always includes removal from the list of Members and therefore the loss of all rights to vote at Annual Meetings and to hold any office within ECO. Please therefore reflect carefully before exercising this right and feel free to contact the Data Protection Officer before doing so.
As with Opting Out of receiving further communication, in your request, please state your full name, including your contact information. Your request will be processed as quickly as possible and always within 1 month. We reserve the right to verify your identity before removing any personal data.
Data Protection Officer (DPO) known in France as the Correspondant Informatique et Libertés (CIL)
ECO has appointed a suitably qualified Data Protection Officer (DPO) to ensure that we comply with the EU GDPR. If you have any concerns or queries on our policies relating to the GDPR, please contact him by email at email@example.com
For general queries, you will get a reply as soon as possible and normally within one calendar month.
ECO will regularly review and update our Personal Data Protection Policy. The latest version will be available on the website for you to check and to keep up-to-date with the Policy.
Website Management Cookies
We use Google Analytics and internal tracking on our site, these details are not shared with third parties and are purely to monitor statistics about page views and to investigate any suspicious visitor activity. There is no facility to 'log in' to our site so all visitors are anonymous. We have increased user privacy by storing only a part of the IP address of visitors for statistical purposes. It is not possible to backtrack individual users.
ECO is supported by Facebook pages which are managed by teams of volunteers. The pages are run in accordance with Facebook’s Acceptable Usage policies and contain only personal data originally disclosed to Facebook by subscribers. Facebook provides facilities for reporting issues and also for editing or removing all information about a subscriber. You can also use Facebook's built-in tools to ask not to be shown our pages and/or to opt out of paid advertising campaigns in which Facebook may select you to receive one of our advertisements based on the profile which you have given to them. Our ads on Facebook are never targeted at individuals nominated by us - we rely on Facebook's proprietary algorithms.
The Information Commissioner for France is the Commission Nationale de l’Informatique et de Libertés – CNIL: www.cnil.fr
International transfers (w.e.f 1 January 2021)
ECO is based in France, but has ministers and members who may at times be located in other countries within the EU as well as elsewhere in the world. We may share personal data with such ministers and our publications may be visible beyond the EU. This will involve a transfer of personal data outside the European Economic Area (EEA). We may also transfer data to other countries outside of the EEA if our service providers from time to time are located in those countries.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We may transfer your data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
If we transfer data to a country which has not received an adequacy decision at the date of transfer, we may use specific contracts approved by the European Commission which give personal data the same protection as it has in the European Union
Please note: With effect from 28 June 2021, the European Commission has adopted an adequacy decision for the United Kingdom under the General Data Protection Regulation (GDPR). Personal data can now flow freely from the European Union to the United Kingdom where it benefits from an essentially equivalent level of protection to that guaranteed under EU law..