Last amended and effective as at: 31st July 2020
When We access the discrete minimum of personal data requested/required to apply to and become a member or associate member of the IWP, IWP acts as both a processor and controller under laws relating to the processing of personal data, privacy and security, including, without limitation and to theextent applicable from time-to-time (i) national laws implementing the EU Data Protection Directive (95/46/EC) and the EU Privacy and Electronic Communications Directive (2002/58/EC) (ii)the General Data Protection Regulation (EU) 2016/679 (GDPR), and (iii) allother applicable international, regional, and/or national data protection laws and regulations, including those adopted by the people of Portugal (collectively “Data Protection Laws”).
IWP, its Executive Board, members and volunteers use only the minimum of personal data required to operate the services it offers to its members and associate members. The nature of the personal data We may request and collect from time-to-time can include name, address, postal and email addresses, and the like. We use this information to communicate with you, administer our services, process membership fees, and generally carry out our mission. Your personal data will not be disclosed without your authorisation, except:
- Third-party service providers or consultants;We may share your Personal Data with third-party service providers and/or consultants who need access to such data to perform their work onOur behalf (e.g., sharing data withOur storage provider for the purposes of storing your data onOur behalf, etc.). These third-party service providers are limited to only accessing or using this data to provide services toUs, such as: (i) IT systems and services; (ii) communication services;(iii) Customer Relations Management; (iv) support tools; (v) accounting and financing services. Third-party service providers include but are not limited to:
- Only by operation of law will IWP unilaterally share personal data if strictly required to do so by a governmental authority, or with its legal advisors in connection with a suspected data protection and privacy breach, amendment, information, or deletion request.
Please note this website is not directed toward nor designed for use by persons under the age of 18, and IWP will not approve memberships for any individual under the age of 18. If you are a parent or guardian of a child under the age of 18 and believe We may have collected personal data about or from your child, please contact IWP’s Data Protection Officer at: [email protected].
Also do be advised that in the unlikely event a member is a California and/or New York resident, the CCPA and/or SHIELD laws may be applicable Data Protection Law as defined herein. IWP does not transfer any personal data outside of the European Economic Area.
Security and Retention of Personal Data
IWP takes a range of precautions to safeguard your personal data from unauthorised disclosure, amendment, use, or access. We have security measures in place to protect IWP members and their personal information and may update these from time-to-time to ensure best practice is an on-going theme in Our commitment to data protection and privacy. Unfortunately, there is no completely secure, guaranteed, or error-free method of data transmission over the Internet, and IWP cannot absolutely guarantee the security of your personal data. Also, please note that IWP cannot assume responsibility nor any liability for photographs or videos taken at events or on outings and asks that members and associate members are respectful of one-another’s privacy on these occasions. IWP retains personal data only as long as needed to provide services to members and associate members, and de-registering as a member or associate member results in the deletion of your personal data that you shared with Us within 12 months maximum.
Your Rights with Respect to Your Personal Data
You have rights to your personal data that are defined in applicable laws and legislation, please note some of these may not be guaranteed – for example, you may always ask for a copy of your personal data, but if you ask Us to delete data that we have a legal obligation to hold, We may not be able to comply. IWP will always aim to fulfil any data subject rights request, requests for rectification, erasure, restricted processing, portability, and general data amendments to: [email protected]
You may always contact IWP by email for questions, or to opt out of receiving emails and the newsletter, by contacting [email protected].
Please note requests related to personal data may require that We verify your identity, and if you request deletion of personal information, We may retain an archived copy if required by law or legitimate legal or business purposes.
IWP’s Legitimate Interest Assessment (LIA)
On 25 May 2018, theGeneral Data ProtectionRegulation (Regulation (EU) 2016/679)(‘GDPR’)referenced above entered into force in the EU and, consequently, became applicable in Portugal. Portuguese Law No. 58/2019 assures the execution in the Portuguese legal system of the GDPR and was published on 8 August 2019. Although thePortuguese data protection authority(‘CNPD’) has not as yet issued general guidelines on the protection of personal data, as part of IWP’s best practice commitment We decided to develop Our Legitimate Interest Assessment (LIA) as a critical step in IWP’s dedication to compliance with Data Protection Laws. Thus, in order to process personal data fairly and lawfully and minimally, IWP recognises it should have lawful bases for processing activities.
IWP’s legitimate interests are a necessary and lawful basis for processing and controlling applicant and member personal data, as they enable IWP to assist in the development of the social purposes of the association. IWP considers access to the minimum of the personal data it collects to be in the public interest as well as of value to end-user members of the IWP, so that membership can be expanded and nourished, and germane decisions with respect to the volunteer and collegiate endeavours of the IWP can be made in an educated way. Our legitimate interests also include to help IWP members to be enriched by connecting and vitally getting together with the Portuguese community.
We firmly believe that Our processing activities are necessary, targeted, and proportionate means of achieving the purposes of the legitimate interests outlined above, and these interests are not overridden by moral or ethical issues, and balance against any impact on individual rights. IWP uses the least intrusive means at its disposal to achieve its legitimate interests, predominantly within Portugal only.
IWP sends newsletters, invitations to events, and performs other services to benefit its membership and to facilitate communications by and between members. The risks of any data breach are clear and We endeavour to work very closely with our applicants, members, associate members, and indeed even former members, to ensure the greatest level of personal data protection and privacy to be reasonably expected at all times.
Our objective for processing is to provide convivial and supportive activities to IWP members, to warmly support one another and our beloved community of Portugal, and to bring social, educational activities, and bonding opportunities to our IWP membership.
We aspire always to bring fulfilment of a positive outcome for all involved with our association, and the public of Portugal ultimately, as outlined herein. The IWP regularly reviews its legitimate interests, this LIA, and the underlaying operationalisation of controlling and processing any and all personal data, to bring Data Protection Laws compliance and best practice to the forefront of Our endeavours.
Please address your general queries to the Executive President: [email protected]