THE U.S. CHAMBER OF COMMERCE
Privacy Notice for EU Members
The U.S. Chamber of Commerce ("US Chamber" or "We", "us", "our"), is committed to complying with EU Privacy Law. This privacy notice (the "Notice") describes how We process the Personal Data We collect from our members and the members' representatives ("You", "EU Member") located in the European Union ("EU").
We are a data controller. This means that We are responsible for deciding how We collect and use (process) Personal Data about You. We are required under GDPR to notify You of the information contained in this Notice.
1. What Personal Data do We collect about You?
The Personal Data We collect about You are:
(a) First Name and Last Name;
(b) Email address;
(c) Name of the organization you belong to;
(d) Function within the organization;
(e) Your professional phone number;
(f) Mailing address;
(g) Which of our events you have attended;
(h) Areas of interest in our work;
(i) Record of our communications with You; and
(j) Copy of security documents if needed to arrange visit to secure buildings.
All of the above the "Personal Data"
We typically collect Personal Data directly from You or from the organization You belong (in such case under the assumption that specific measures have been put in place by such organizations to lawfully provide us with the Your Personal Data).
We collect your Personal Data when you fill in the online membership form, when you create an account on our website, when you send us an email, provide us with your business card, provide them to attend an event, or when another representative of your company provides us with your contact information.
2. Why do We collect and process (use) your Personal Data? And on which legal basis?
We process your Personal Data in order to run the operations of the business organization and provide You with the associated benefits of your membership. In particular, We process your Personal Data to:
(a) Maintain membership records;
(b) Administer your organization's membership;
(c) Establish and maintain communications with You;
(d) Provide content or services You request from us;
(e) Invite You to attend our events and organizing our events; and
(f) Send You our newsletters, reports and other materials.
We do so based on our legitimate interest. As a business organization, We have the interest in carrying out the activities necessary to perform our objectives. In doing so, We considered your rights and expectations as a Data Subject and have assessed that your interest, fundamental rights and freedoms are not put at risks.
3. Change of purpose
We will only use your Personal Data for the purposes for which We collected it, unless We reasonably consider that We need to use it for another reason and that reason is compatible with the original purpose. If We need to use your Personal Data for an unrelated purpose, We will notify You and We will explain the legal basis which allows us to do so (as well as your rights in relation to such further Processing).
4. Which third-parties process your Personal Data? Do We Share, Disclose or Transfer Personal Data?
In order to conduct our activities, We may have to share or disclose your Personal Data with third parties, including third-party service providers.
We share your Personal Data with:
(a) Our affiliates;
(b) IT service providers;
(c) Events management platforms;
(d) Accounting service providers;
(e) Website software providers;
(f) Organizations that co-organize with us; and
(g) Payment processors.
If your Personal Data are shared to a country that does not ensure an adequate level of protection, We put in place appropriate safeguards as required under EU Privacy Law. If You would like to know more about how we transfer your Personal Data, You can contact us at firstname.lastname@example.org.
5. Data security
Your Personal Data are treated as confidential.
In order to safeguard your Personal Data from unauthorized access, collection use, disclosure copying, modification, disposal or similar risks, We have put in place appropriate administrative, physical and technical measures. We update and test our security technology on an ongoing basis. We restrict access to Your Personal Data to those employees and staff who need to know that information to provide benefits or services to You. In addition, We train our staff about the importance of confidentiality and maintaining the privacy and security of Your information. We commit to taking appropriate disciplinary measures to enforce our staff' privacy responsibilities.
If you create an account on our website, you are responsible for maintaining the strict confidentiality of your account password, and you shall be responsible for any activity that occurs using your account credentials, whether or not you authorized such activity. Please notify us of any unauthorized use of your password or account or any other breach of security.
6. How long will You retain my Personal Data?
As a general principle, We keep your Personal Data only as long as it is necessary.
We undertake, absent of any Processing activities within a period of 24 months, to delete the Personal Data We hold on You. However, We may retain your Personal Data under EU or national laws. We may retain electronic copies of files containing Personal Data created pursuant to automatic archiving or back-up procedures which cannot reasonably be deleted. In these cases, We shall ensure that the Personal Data are not further actively processed.
7. Your rights in connection with Personal Data
Under certain circumstances, under EU Privacy Law, You have the right to:
(a) Request access to your Personal Data. This enables You to receive a copy of the Personal Data We hold about You and to check that We are lawfully Processing it.
(b) Request correction of the Personal Data that We hold about You. This enables You to have any incomplete or inaccurate information We hold about You corrected.
(c) Request erasure of your Personal Data. This enables You to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where You have exercised your right to object to Processing (see below).
(d) Request the restriction of Processing of your Personal Data. This enables You to ask us to suspend the Processing of Personal Data about You, for example if You want us to establish its accuracy or the reason for Processing it.
(e) Withdraw your consent: if and when we rely on consent for the processing of your Personal Data, you have the right to withdraw your consent at any time by sending us your name, address, e-mail and phone number to: Customer Service, U.S. Chamber of Commerce, 1615 H Street NW, Washington, DC 20062, 800-638-6582, email@example.com.
(f) Request the transfer of your Personal Data to another party (right to data portability).
To exercise your rights as Data Subject, make queries or complaints, please contact firstname.lastname@example.org.
If You are dissatisfied with any aspect of our handling of your Personal Data, You have the right to make a complaint at any time to the relevant Supervisory Authority.
8. "Cookies" and Internet tags
9. Changes to Notice
We may revise this Notice from time to time and any revisions will be made available to You via email.
10. Our contact details
If you have any questions or comments regarding our privacy practices, you may contact us at:
U.S. Chamber of Commerce
1615 H Street, NW
Washington, DC 20062 U.S.A.
We can also be reached by phone at 1-800-638-6582 and by e-mail at email@example.com.
In this Notice:
"Data Subject" means an identified or identifiable individual.
"EU Privacy Law" means the General Data Protection Regulation 2016/679 ("GDPR") and any applicable domestic privacy laws, as amended from time to time.
"Processing" means any operation performed on Personal Data, manually or by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Supervisory Authority" means the relevant data protection authority of the data subjects' habitual residence or place of work.
Last update : February 2019