Ei-iE

GDPR and the European Union. Image by Tomkie sFastyne via Flickr.
GDPR and the European Union. Image by Tomkie sFastyne via Flickr.

Data Protection Policy

published 23 May 2018 updated 18 June 2021

This data protection policy is intended to inform individuals and organisations about the information we collect about visitors to our website, subscribers to our newsletters, our event attendees, our affiliates, and our partner organisations or subsidiaries.

This data protection policy is intended to inform individuals and organisations about the information we collect about visitors to our website, subscribers to our newsletters, our event attendees, our affiliates, and our partner organisations or subsidiaries. By collecting this information, we are acting as a data controller and, by law, we are required to provide individuals with the information Education International (EI) has about them, how EI uses individuals’ data, and the rights individuals have to the data in our possession. To read more about the specific rules of data protection, collection, control, and processing with regard to the European Union’s (EU) General Data Protection Regulation (GDPR), please visit the EU GDPR Portal: Click here to visit the EU GDPR Portal.

Our data protection policy applies to any website, software, or service owned, operated, or utilised by EI, as well as to any subsidiary. This statement specifically regards any personal information collected, distributed, or shared by EI, through its web platforms. We may update this data protection policy to reflect changes to our information practices. We encourage you to periodically review this page for the latest information on our privacy practices.

About EI

Education International is committed to protecting the privacy of the individuals who visit our websites and participate in the software and services we provide. These individuals may visit our websites to browse content (these individuals are hereafter referred to as ‘visitors’), register to receive our newsletters (these individuals are hereafter referred to as ‘subscribers’), or register to attend our events (these individuals are hereafter referred to as ‘attendees’). All digital visitors and subscribers, or event attendees who visit our websites may be grouped together under the inclusive term ‘end user’.  Additionally, any mention of ‘events’ may refer to any conference, seminar, meeting, etc. which would require the physical presence of an event attendee, or to any webinar, live stream, or other interactive digital platform-based events.

Our websites

Education International's websites contain some links (URLs) to external websites, hosted, controlled and operated by external organisations or companies; this includes any social media platform, such as Facebook, Twitter, YouTube, LinkedIn, etc. Links (URLs) to the websites of our partner organisations or affiliates are also found on our website. These other platforms and websites are responsible for providing their own GDPR-compliant data protection policies for the ways in which they govern, process, or control any information collected on their platforms or websites. EI encourages all end users to review the external data protection policies of any other websites they visit, so as to ensure that EI’s end users understand the information practices of any external organisation or platform linked (via URL) on any of EI’s websites or platforms.

What personal data does EI collect?

Education International uses the data it collects on its websites to ensure the best browsing experience, and to provide the best quality for any services our organisation provides for our members, partner organisations, affiliates, or subsidiaries. Below, EI will explain the following questions:

  • What information does EI collect about visitors browsing its websites?
  • How does EI use the information that it collects about its website visitors?
  • When would EI disclose visitors’ information to third-party services, or any other international partner organisation, affiliate, or subsidiary?
  • How does EI use website cookies and other similar analytical or tracking technologies on its websites; and how can visitors choose to either prevent or participate in the use of these technologies?
  • What choices do website visitors, newsletter subscribers, and event attendees have prior to, and immediately after providing their consent for EI to store and utilise their data?
  • How does EI respect individuals’ rights toprivacy?
  • How can website visitors, newsletter subscribers, event attendees, affiliates, and partner organisations contact EI’s Data Protection Officer?

What information does EI collect about visitors browsing its websites?

EI retains CVs (or resumés) and other personal letters of interest, addressed to the organisation, for a maximum duration of 5 years. EI uses this information to assess any applications received for advertised job postings, and to communicate with individuals about these posts. EI stores  information on unsuccessful applicants for a maximum duration of 5 years.  These records are consulted when other relevant vacancies open within the organisation. Should you wish to have your CVs, resumés, and other personal letters of interest removed from our information systems at any time, please contact EI’s Data Protection Officer at [email protected]. Information on successful applicants will be used in our human resources systems and subsequent staff procedural processes.

Some of EI’s websites or platforms collect personal contact information when visitors go through the specific process of setting up, or verifying their information on record with EI’s Customer Relationship Management tool (CRM); the CRM is our central database of contact information. On these types of websites, visitors are specifically providing EI with their personal data, such as: individuals’ names, organisations’ names, email addresses, mailing addresses, telephone numbers, passport information, financial information, and newsletter subscription preferences. Any data submitted on any of EI’s websites or platforms by end users will be stored in EI’s CRM. EI will automatically notify these individuals after they have provided EI with new or  updated personal information; these individuals will receive this notification by email, so as to ensure that these end users understand that they have provided consent for EI to store their data. Should any end user wish to nullify their consent, and remove this data, they should contact EI’s Data Protection Officer at [email protected].

Anonymous Data Collected

‘Anonymous Data’ is collected from visitors to EI’s websites, but we cannot use this type of data to identify specific individuals in any way. EI’s websites use an anonymous data collection tool called Google Analytics, through which EI enables Google to capture ‘Request Headers’ information from its websites. Google captures data from EI’s websites in an encrypted, anonymised way, and these data are in no way permanently stored by EI itself on any platform. Google Analytics provides EI with the ability to audit basic website performance and popularity analytics. It also allows EI to understand how visitors move through our websites, which websites are more useful for visitors, and what types of content are the most popular among visitors. The use Google Analytics is linked to EI’s legitimate interests in monitoring and improving its websites. Google Analytics captures ‘Request Headers and/or Bodies’ information, which may include:

  • The type of web browsers used to access any of EI’s websites;
  • The preferred language of visitors’ web browsers (to provide relevant translations for multilingual, international website visitors);
  • The Internet Protocol (IP) addresses of website visitors;
  • The operating systems of website visitors;
  • A date/time stamp of visitors accessing EI’s various websites;
  • And clickstream data, i.e. the actions visitors take EI’s websites, such as: the specific pages viewed, and any specific links clicked on its web pages.

To opt-out of sharing this information, and participating in analytical tools and tracking on EI’s websites, simply click on the ‘opt-out’ options you prefer to control. You can opt-out on the small, triangular ‘dog-ear’ button for ‘Cookie Control’ available on all of our websites that utilise cookies, analytical tools, and additional tracking technologies.

To view Google’s privacy policy for its Google Analytics feature, please visit their GDPR-compliant privacy notice page: Click here to view their GDPR-compliant Privacy Notice.

Should you have any additional concerns about these tools, please don’t hesitate to contact our Data Protection Officer at [email protected].

How does EI use the information that it collects about its website visitors?

In addition to storing personal data in its CRM, EI also provides the opportunity for its affiliate organisations to store their financial information in our CRM. This financial information is beneficial for EI’s members to pay their membership dues payments quickly and efficiently. Information about membership and dues payments may be retained indefinitely, because historical data regarding membership are always relevant to the aims and functions of the organisation. The types of financial information that EI stores in its CRM for its affiliates may include:

  • Bank account names and addresses;
  • Credit card details (for easier payment processing);
  • Total membership statistics (for the necessary EI membership fee calculation).

EI uses affiliates’ financial information from its CRM with its payment processing providers (currently Cvent and Isabel), as well as its account management software providers (currently BOB). Sharing this information with processing and account management providers is necessary for EI’s legitimate interests in collecting its membership payments from affiliates. Affiliates’ financial information is stored in EI’s CRM throughout the duration of their membership, as well as the additional time period legally necessary for financial auditing purposes. Affiliates may contact EI for any clarification about the storage of their financial information, and to potentially request the removal of this information by contacting EI’s Data Protection Officer at [email protected].

When would EI disclose visitors’ information to third-party services, or any other international partner organisation, affiliate, or subsidiary?

Third-party services

EI uses third-party services, including (but not limited to): Google Analytics, Facebook, Twitter, Microsoft, ActiveCampaign, AddThis, Cvent, Picturepark, and ClickDimensions to provide additional functionality on our websites and platforms. These services may use cookies and web beacons to collect data about visitors’ web activity, but this information cannot be used to personally identify individuals. EI may share personal data about visitors, subscribers, or event attendees with the organisation's contracted service providers. EI shares this information to ensure that these providers can facilitate services on our behalf, such as, for example, administering email services. EI may also share data with the service providers to ensure the quality of the services provided. These companies are authorised to use your personal data only insofar as it is necessary to provide these services. EI encourages end users to learn more about these third-party services by visiting their GDPR-complaint notices below. EI does not share any personal data with third-parties in any other way than described in this privacy policy. EI does not sell any personal data to any third-party providers.

Compelled Disclosure

EI reserves the right to use or disclose information provided by website visitors, newsletter subscribers, event attendees, partner organisations, affiliates, or subsidiaries if it is required by law, or if the organisation reasonably believes that the use or disclosure of this information is necessary:

  • To protect the organisation's rights;
  • Protect the safety of any individuals concerned;
  • Investigate fraud and/or to comply with a judicial proceeding, court order, legal process or other governmental authority.

Unless it is prohibited by law, EI will employ reasonable efforts to notify any individuals and organisations concerned, so as to enable these entities to take any appropriate actions.

How does EI use website cookies and other similar analytical technologies on its websites; and how can visitors choose to either prevent or participate in the use of these technologies?

Cookies and other analytical technologies

EI uses cookies and other tracking technologies such as beacons, tags, and scripts to make visitors’ interactions with any of EI’s websites easy and meaningful. Most web browsers automatically accept cookies, but if you prefer, you can change your browser settings to prevent that. There are various website resources available on the internet that aim to inform internet end users on how to control web browser security settings. Should visitors choose to opt-out of the use of any of our website cookies, or other similar technologies, visitors may be prevented from taking full advantage of the capabilities of the information and tools available on our websites. EI does not utilise any types of cookies, or other web technologies that would be able to personally identify visitors in any way; these cookies merely recognise your web browser, and help users to re-establish their browsing sessions through the use of both cookies and web browser cache settings.

EI uses session-based website cookies that are persistent. Session cookies exist to establish a visitor’s ‘session’ with the website’s server; these cookies are relevant for the server to allow website visitors to authenticate with their user credentials (some end users can authenticate, and some cannot). These cookies are set in visitors’ web browsers regardless of whether or not they will need to authenticate on our websites. This is because our servers need to retain information about which visitors are authenticated, and which visitors are merely browsing. Persistent session cookies are harmless to website visitors who will not need to authenticate on any of EI’s websites, as they do not collect or retain any personally identifying information for non-authenticated visitors. Visitors may delete or control session cookies settings through their direct control of their own personal web browser settings. Visitors who choose to opt-out of storing any persistent cookies in their web browsers may experience some difficulties accessing different information on any of EI’s websites. We employ persistent cookies as explained below.

  • Strictly necessary cookies (such as session cookies): These are cookies that are required for the operation of our websites and under our terms with you. They include, for example, cookies that enable you to log into secure areas of our websites.
  • Analytical/performance cookies (such as Google Analytics cookies): These allow us to recognise and count the number of visitors, and to see how visitors move around EI’s websites. The legitimate purposes behind these cookies include improving the way EI’s websites function.
  • Functionality cookies (such as the visitor consent cookie): These are used to recognize visitors when they return to our websites. They also enable us, subject to your choices and preferences, to personalise our content for you and remember your preferences (such as your regional settings).

Should you require any clarification concerning this description, don’t hesitate to contact EI’s Data Protection Officer at [email protected].

Social Media Platforms

Our website includes social media features, such as the Facebook 'Like' button and widgets, such as the 'Share this' button, or other interactive mini-programmes that run on our website. These features may collect IP addresses, information about popular pages on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third-party (such as Facebook or Twitter), or hosted directly on our website. Your interactions with these features are governed by the data protection policies of the third-party services providing these features.

What choices do website visitors, newsletter subscribers, and event attendees have prior to, and immediately after providing their consent for Education International to store and utilise their data?

Communications Preferences

EI’s newsletter subscribers may manage their marketing preferences by either subscribing to an additional newsletter on the EI website ( https://ei-ie.org), clicking on the 'unsubscribe' link located at the bottom of any of received EI newsletters, or by contacting EI’s Data Protection Officer at [email protected]. EI member organisations cannot opt out of receiving transactional emails related to the maintenance of their membership; these rights are managed directly in the membership contract between EI and the affiliated organisation.

Outreach Opt-Out

If at any time after consenting to the storage of personal data in EI’s CRM, you, the visitor, subscriber, or event attendee, change your mind about EI’s permission to retain your data, please contact EI’s Data Protection Officer at [email protected]. EI will respond to your request within at a maximum duration of one months’ time from the date of our receipt of your request. For additional information about correcting or updating your personal data stored on record with EI, please contact EI’s Data Protection Officer at [email protected]. EI will respond to your request within at a maximum of one months’ time from the date of our receipt of your request.

The Right of Erasure

Individuals retain the specific right to request that EI delete any personal information stored in its CRM, newsletter platform, or other EI-managed websites or platforms; this right is otherwise known as the ‘right of erasure’, or the ‘right to be forgotten’. Please note that this option, if requested, is permanent, and re-establishing contact or a relationship with EI, or its subsidiary organisations, will require the necessity to follow all of the proper protocols for re-establishing information retention consent to store personal information in our CRM. If at any time you, the visitor, subscriber, or event attendee, wish to employ your right to be erased, or forgotten, please contact our Data Protection Officer at [email protected]. EI will respond to your request within at a maximum of one months’ time from the date of our receipt of your request.

How does EI respect individuals’ rights to privacy?

Security

The security of our visitors, subscribers, event attendees, affiliates, and partner organisations personal data is exceedingly important to EI. EI uses a robust deployment of various security measures to protect individuals’ and organisations’ data from any unauthorised access, to maintain data accuracy, and to ensure the appropriate use of any personal data stored in our CRM. When EI web properties are accessed over the internet (from a web browser) Transport Layer Security (TLS) technology protects visitors’ data using both server-side encryption for data-in-transit, and data encryption of any user data stored at rest in EI’s servers. These technologies are intended to ensure that visitors’ data are safely and securely transmitted and stored, and that these data remain available only to the visitors themselves, or to authorised EI officials involved with the processing of centralised data storage. EI secures its infrastructure in a ‘secure-server’ environment that utilises various internet security technologies and protocols, including (but not limited to) the use of firewalls, intrusion detection systems, and anti-virus security tools. These technologies are designed to work harmoniously in coordination with our network, so as to prevent any interference or access from external entities. Nevertheless, it is critical that individuals understand that there is no method of data transmission over the internet, or electronic storage that is permanently and impenetrably secure. This applies not only to EI and its websites, software, and services, but also to all individuals who choose to employ any method of transferring or storing data through the use of the internet. While EI’s infrastructure is extremely secure, we cannot guarantee the absolute security of any data transferred to, or stored within our organisation’s network. Should you require any clarification of this security information, or have any questions related to the security features that EI employs, please contact our Data Protection Officer at [email protected]. Visitors, subscribers, event attendees, affiliates, and partner organisations (all otherwise known as ‘end users’) are solely responsible for maintaining the security and confidentiality of their own usernames and passwords used to authenticate to any of EI’s websites, platforms, software, or services.

In the Event of a Data Breach

Education International will inform all individuals concerned of any data breach within 72 hours if there is a high risk that their data was exposed unnecessarily to any external and/or third-party sources. While the notification of any individuals concerned is not required if the data is encrypted, or if measures have been taken to ensure that the data subject cannot be identified, the Belgian Data Protection Authority can always order the data controller (Education International) to inform the individual of the data breach. Pursuant to Articles 114(2)-(3) of the Act of June 13 2005 on Electronic Communication (the ‘Electronic Communication Act’), data owners (i.e., companies offering electronic communication services) must notify the Belgian Data Protection Authority and the Belgian telecoms regulator in case of a data breach. Additionally, Pursuant to Article 33 of the GDPR, data owners must notify the Belgian Data Protection Authority in case of a data breach, unless the breach is unlikely to result in a risk to the rights and freedom of individuals (e.g., identify theft). This notification should be given within 72 hours. If you suspect a data breach has occurred, and that Education International may be responsible, please contact our Data Protection Officer immediately at [email protected].

Processing Data Outside of the European Economic Area (EEA)

Given that EI is an international organisation, any use of EI’s software and services involves the transmission of data on an international basis (including to and from the United States, among other countries outside the EEA). EI may store, process and/or transfer personal data to countries outside of the EEA (including countries where the European Commission has not made a decision on an adequate level of protection of personal data); this especially includes EI’s website host provider, which is located in the United States. This is explicitly necessary for promoting the legitimate interest of the organisation to function though the use of modern technologies. The transfer of such data will be in compliance with any national and international legislation for cross-border transfer of data. If you, the visitor, subscriber, or event attendee, do not agree with this process, then you should not utilise EI’s websites, software or services. By utilising EI’s websites, software and services, you, the visitor, subscriber, or event attendee, consent to the EI's procedural transferring of data to countries located outside the EEA. EI’s affiliates and subsidiaries cannot refuse to participate in this process, as it is directly related to the maintenance of their membership; these rights are managed directly in the membership contract between EI and the affiliated organisation.

Privacy and Minors

EI websites do not offer information intended to attract minors, or children. EI does not knowingly solicit personal data from minors, or children, under the age of 13.

How can website visitors, newsletter subscribers, event attendees, affiliates, and partner organisations contact EI’s Data Protection Officer?

Adding, Updating, or Deleting Personal Information

To update a user profile, please click the link to this electronic form. This information will be immediately stored in our CRM. If you wish to have your user account deleted and/or to have any personal data removed from our systems, please contact our Data Protection Officer through the information provided below.

Education International (EI)

Attn: GDPR Team

15, Boulevard BischoffsheimB-1000 BrusselsBelgium

Telephone: +32-2 224 06 11

Fax: +32-2 224 06 06

Email: [email protected]

Questions regarding this privacy policy or the information practices of the organisation should be directed to EI’s Data Protection Officer. Please direct all other written communications to:

Education International (EI)

Attn: David Edwards,

EI General Secretary

15, Boulevard BischoffsheimB-1000 BrusselsBelgium

Telephone: +32-2 224 06 11

Fax: +32-2 224 06 06

Email: [email protected]