MAJOR CITIES OF EUROPE PRIVACY POLICIES
Major Cities of Europe – IT Users Group (hereinafter also referred to as MCE) is aware of the importance of safeguarding privacy and people’s rights and of the Internet potential capabilities for the circulation of personal data. MCE is committed in respecting rules of conduct – in line with European Regulation 679/2016 of the European Parliament and of the European Council, of 27 April 2016, – hereinafter mentioned as GDPR – concerning the protection of persons – hereinafter mentioned also as ‘data subject’ according to GDPR – about the processing of personal data, the secure, controlled and confidential navigation on the web as well as the controlled circulation of such personal data.
Our policy to protect the confidentiality of information may change over time, depending on the additions and modifications of laws or regulations in this regard and on MCE decisions.
We invite data subjects to read this policy carefully to understand how we collect, use and store personal data and how we provide a satisfactory service to the users of our website and to periodically consult this section for any updates.
WHO ARE WE:
Major Cities of Europe – IT Users Group is a non-profit, membership organisation whose objective is to maximise the value realised from the use of information and communication technologies in the administration of European local governments.
Our objectives are achieved by:
– Sharing of experiences and practices amongst members through an annual conference, workshops and knowledge information bases;
– Dissemination amongst members of innovative practices from around the world;
– Facilitating discussion and engagement amongst members;
– Supporting the involvement of members in European projects;
– Engaging with the private sector to learn about its experiences and projects for the local governments
Membership is open to local government organisations, academic institutions and not-for-profit organisations that share, support or wish to contribute to the above objectives.
– MCE processes personal data collected as part of its activities exclusively for its own institutional objectives, according to the criteria illustrated in the next chapters;
– According to the above-mentioned personal data management criteria MCE uses personal data that have been spontaneously released by the data subjects as well as personal data collected in other ways during the performance of its activities;
– In cases where such personal data are compulsorily provided by the data subject, in the context of registrations or service requests to MCE that make it necessary the processing of these personal data, these will be processed by MCE as long as the relationship established by the request from the data subject will be in place. At the end of the relationship, such personal data will be treated on the same basis as those provided spontaneously or otherwise collected by MCE;
– Considering the institutional objective of MCE to enable sharing of experiences and practices the names, surnames, job role and organisation of each participant to conferences is made available to the other participants including sponsors, unless individually specifically inhibited. This allows the connection of the participants and sponsors among them for sharing common interests. Other personal data including telephone number, address, email are not made available to the participants including sponsors;
– Without prejudice to the restrictions referred to in the previous paragraphs, for all the personal data processed, MCE guarantees the data subjects the rights, where applicable, stated in articles from 15 to 22 of GDPR;
– MCE uses technical cookies on its website (see note below1) to facilitate navigation on the site and analytical cookies for statistical purposes. MCE doesn’t use profiling cookies; the MCE Cookies Policy is published in the MCE website at http://www.majorcities.eu/cookie-policy/.
– MCE transmits the personal data to other parties carefully selected exclusively in relation to its institutional objectives:
– MCE includes in the service agreements with the above subjects, appropriate clauses designed to ensure that such parties do not carry out any other treatment beyond those expressly requested by MCE (Article 28 GDPR);
– MCE does not communicate data to third parties unless it this is required by law, regulation or European Union legislation;
– MCE ensures the correct and lawful processing of personal data, safeguarding the privacy by applying appropriate security measures to protect the confidentiality, integrity and availability of the personal data.
DELIMITATATION OF PERSONAL DATA USAGE AND CONSERVATION
In relation with the article 13 of GDPR these are the different categories of personal data collected by MCE;
– Personal and organisation data needed for the registration of the MCE members
– MCE Address personal data base: this personal data base contains a wide array of personal data of Managers, Professionals, Officials of Public Administrations, Private or Public Companies, Academia, Associations and Non-for-profit organisations dealing with the institutional objectives of MCE.
– As mentioned above MCE collects these personal data as personal data spontaneously released by the single data subject as well as personal data collected in other ways during the performance of MCE activities, including public personal data published in Social Networks like LinkedIn, Twitter and Facebook, public personal data published generally in Internet or personal data provided by MCE members.
– Personal data of people that register to MCE events: conferences, workshops, study tours, webinars etc.
These personal data are stored, used and treated electronically for communications and information, including:
– Newsletters to communicate information about the MCE events, news about ICT innovation, leading solutions and applications, innovation policies, EU funded projects etc…
– News about the MCE association
– Marketing of the MCE events
– Communication and events information to the people registered to the MCE events
These personal data are retained as long as each registered person agrees and is cancelled at any time upon request.
MCE may process personal data in its possession either directly or through the contribution of external service providers selected based on their experience, technical skills, professionalism and reliability. They carry out personal data processing operations on behalf of MCE. This of course respecting the security and confidentiality of information of MCE. They are closely monitored by MCE.
Each internal or external personnel in charge of the treatment of personal data is bound to MCE by formal agreement. Within this agreement are defined the tasks and related measures to be followed, as well as the prohibition to use personal data differently from the entrusted task. If specifically requested and authorised by MCE external organisations may extend the access to personal data to other personnel provided that they commit to the same agreement. If violations occur, they fall under the responsibility of the organisation incurring the violation.
The personal data are protected and stored securely, in particular by the following external organisations:
– the MCE owned secure website http://www.majorcities.eu/ in the MCE Address Base managed by PIN SCRL
– the MCE Cloud provider Google Cloud that hosts the MCE website and the MCE personal data
– Antherica the Web Mail application used to send newsletters and other communications
– Converia, the online service provider used for online registration to the MCE events
– Confero, the events service organisation that manages the MCE events, communication and marketing activities
– Double Dutch, the solution provider of the conference event APP for attendee engagement and connection.
– Municipalities that collaborate with MCE in organising events. Each event is managed by MCE in collaboration with a different Municipality or other public organisation
The above external service providers are those used now and are subject to change, they are bound to respect the MCE policies.
The persons authorized to the treatment of personal data are those in the MCE management and administrative organisation and in external service providers:
– that manage the relations with MCE members;
– that organize the events and activities of MCE;
– that manage the marketing and communication initiatives of MCE
The forms used to register personal data to be completed on-line or to be downloaded, include:
personal data that are requested to apply to a specific service, whose non-delivery does make it impossible to satisfy it,
and optional personal data.
We may contact the people whose personal data are registered for marketing purposes by email or text message if they have agreed to be contacted in this manner. We may also send them communications about activities via email or text.
If they have provided us with their postal address or telephone number, we may send them information about our work or other communications of the kinds described above by direct mail or contact them by telephone unless they have told us that they would prefer not to hear from us in this way. MCE provides information about how they can change preferences below.
MCE process personal data using mainly electronic methods and also statistical analysis tools;
The personal data are retained by MCE until the conclusion of all the related phases of the various relationships established and within the terms and limits of the applicable rules, in particular administrative, civil and fiscal.
MCE reserves the possibility of anonymisation for statistical purposes, after the cancellation of personal data,
The personal data are also processed by external organisation responsible for services connected to the above.
Personal data may be communicated to other third parties, independent personal data controllers, for purposes related to the provision of services of interest or in accordance with the law and regulations that have the communication, as well as to control bodies. For example, they will be made available to credit institutions or credit card issuers to allow the necessary transactions.
The personal data that will be transmitted or communicated to other subjects within the limits indicated above, may involve subjects both located in Europe and outside of it, always in compliance with art. 27 of the GDPR.
HOW TO EXECISE THE RIGHTS ABOUT PERSONAL DATA
Post: Major Cities of Europe – IT Users Group
Post Box 31 01 24
D – 27537 Bremerhaven
LIMITATION OF PERSONAL DATA RETENTION
The personal data are kept in our archives according to different criteria depending on the category of the personal data, the nature of the processing and the purposes of the processing itself.
The following criteria establish the personal data retention MCE guidelines:
– all personal data related to the MCE members are kept and processed at least up to the entire period in which the member continues to be part of MCE;
– any personal data managed by MCE is in any case retained for the periods of time that may be envisaged by applicable laws and regulations;
– all personal data used for the MCE institutional objectives including marketing or communication about the MCE activities are retained as long as the implicit or explicit consent of the personal data subject applies.
– once the above periods have elapsed, MCE reserves the right to cancel the personal data and / or anonymise it exclusively for statistical use.
PLATFORM FOR PRIVACY PREFERENCES (P3P)
Every effort will be made to make the functionality of the MCE website as interoperable as possible with the automatic privacy control mechanisms available in some products used by users.