You can also download a copy of The Union’s Privacy and Cookies Policy.
- Who we are
- What personal data do we collect?
- How do we use your personal data?
- What is our legal basis for processing your personal data?
- Who do we share your personal data with?
- What are your data protection rights?
- How do we ensure your personal data is safe?
- How long is your personal data retained?
1. Who we are
The International Union Against Tuberculosis and Lung Disease (The Union) is an international non-governmental organisation, registered as a charity in France as an “Association Loi 1901”, meaning that our work is not-for-profit and carried out for the public good. The Union’s registered office is 68, Boulevard Saint Michel, 75006, Paris, France. Our legal representative is Mr José Luis Castro, Executive Director of The Union.
The Union has offices around the world, located in the European Union (EU) and countries outside of the EU. A full list of Union offices can be found on www.theunion.org, or provided by The Union upon request.
By accepting this policy, you expressly consent to The Union processing your personal data. You can change your mind at any time by contacting us at email@example.com.
2. What personal data do we collect?
We collect personal data from you in a variety of ways, detailed here.
2.1. Data you choose to share with us
- Personal details
Name, mailing address, email address, telephone number, date of birth, and gender.
- Professional information
Organisation/employer/educational institution, curriculum vitae (resumé), qualifications, references.
- Your preferences, interests and location
We may keep a record of what you have told us about how you like to be contacted (e.g. by emails only) and what you would like to receive (e.g. information about our conferences, courses or publications). Sometimes we collect information about topics that interest you (e.g. tuberculosis or tobacco control), and your location, so we can contact you about topics that are relevant to you.
- Your affiliations
We may also collect and record (process) any other relevant information you share with us about yourself, including your affiliations with related organisations or your employer. Particularly for employment and membership services, we record any relevant affiliations you may have.
- Payment information
We may collect your bank account details and other payment information when you make a donation or pay for a service. We may also collect details about your taxpayer status when claiming Gift Aid/ charitable tax exemption.
2.2. Data we collect automatically
2.3. Data we collect from third parties and partners
When we receive personal data from another company or partner, we will ensure that your personal data was collected legally.
2.4. If you are under 16
If you are aged under 16, you must get your parent/guardian’s permission before you provide any personal data to us.
3. How do we use your personal data?
The Union uses the personal data we collect for a number of purposes, including but not limited to:
- deliver and give information on the products and services you have requested to receive;
- administer your donation or support your fundraising, including processing Gift Aid/ charitable tax exemption;
- make and manage payments;
- manage our relationship and communicate with you;
- respond to requests, complaints or queries;
- verify your membership;
- manage our courses, events and conferences;
- conduct surveys, analysis and market research;
- send you correspondence and communicate with you;
- communicate with regulators, legislators and partners;
- administer our websites and to troubleshoot and run data analysis;
- generate reports on our work, services and events;
- monitor website use for visitor location, website traffic and personal data;
- process your application for a job;
- ensure we fulfil your employment contract;
- meet our legal obligations, for instance to perform contracts between you and us, or our obligations to regulators, government and/or law enforcement bodies;
- establish, defend or enforce legal claims.
3.1. How we will contact you:
We may use your personal data to send you information about the work of The Union, and about our products and services, such as our conferences, journals, membership and courses. This might be by email, telephone, or post, but only with your express consent.
To enable us to personalise our communications in line with your interests, we may use some profiling in order to make a service more suitable, effective, and beneficial to you. This profiling is in line with the data we say that we collect from you, as laid out in section 2 of this policy (What personal data do we collect?).
4. What is our legal basis for processing your personal data?
The Union processes your personal data for the following reasons:
- To provide you with a service that you have requested. For example, you have asked to receive our email newsletter.
- To fulfil the obligations of a contract with you. For example, you have signed up as a member of The Union and we send you information about your membership.
- To send you all relevant information in view of you being a "Member";
- To comply with a legal obligation. For example, we will email members about The Union’s Annual General Meeting to ensure we meet our legal obligations for that meeting.
- Where there is a legitimate reason to contact you, whilst ensuring this is not likely to be too intrusive.
5. Whom do we share your personal data with?
The Union may share (transfer) your personal data internally between our offices and departments and with organisations, subcontractors and partners located both in and outside the EU.
We work to ensure that these recipients follow this policy and provide protection, confidentiality and security for your personal data.
The Union will not sell or share your personal data with any third party, and you will not receive marketing from any other companies or organisations as a result of giving us your details, unless you expressly give permission. In addition, we will not sell any information about your web browsing activity.
5.1. Union offices and departments
The Union may share your personal data internally between its offices, which are based both in the EU and in countries outside of the EU. Where we share data outside the EU, we follow the processes described in section 5.4 ‘Sharing your data outside the EU’).
Your personal data may also be shared between internal departments of The Union in order to provide you with a service or comply with legal requirements related to contracts of employment. These internal departments include, the Office of Executive Director, human resources, accounting and finance, IT, membership, training and education department and communications.
5.2. Partners and other Third Parties
We may share your personal data with third parties who provide services to The Union or who act on our behalf. This includes subcontractors and partners for the events, conferences, training courses, IT and other suppliers, research agencies, payment processors, social security services, financial institutions, shipping companies and donation services.
We do not authorise these companies to use or disclose your personal data except for the purpose of providing the service we request of them, unless such disclosure is imposed by law or to fulfil our contractual commitments.
5.3. Other circumstances where we will disclose your personal data
We will disclose your personal data to local and foreign regulators, governments, law enforcement authorities, advisors, courts, tribunals and arbitrators when we have a legal obligation to do so or when we believe our compliance with the request to be fair, reasonable and lawful. For example, to detect, prevent or investigate security breaches, fraud or other crimes.
We will also disclose your personal data to establish, exercise or defend legal claims, for example: (i) to enforce our Terms and Conditions; (ii) to ensure the safety and security of our users, consumers and third parties; and (iii) to protect our rights and property and the rights and property of our website visitors and third parties.
5.4. Sharing your data outside the EU
When The Union shares your personal data with a subcontractor, partner or third party that is based outside of the EU, we ensure they process your data in a secure way, following the same practices as organisations based within the EU. We do this in three ways:
i. Where the non-EU country has been recognised by the European Commission as providing an adequate level of protection for personal data, The Union can be confident that the data protection laws in place will provide adequate protection.
ii. Where the organisation is subject to the EU-US Privacy Shield, which provides a framework for the exchange of personal data between a member of the European Union and a company based in the United States. Find out more.
iii. If the recipients of your personal data are located in non-EU countries that have not been the subject of an adequacy decision or do not adhere to the Privacy Shield, The Union will ensure that your personal data is given a level of protection, confidentiality and security that is on par with that permitted by the General Data Protection Regulations.
More information can be found on the official website of the European Commission.
6. What are your data protection rights?
Some services The Union provides are dependent upon our ability to process your data. You are under no obligation to provide us with your personal data. However, if you wish to benefit from a service, sign a contract with The Union, or use our websites, there is some information that you will need to provide. If you do not submit such information or let us access it, this may prevent us from being able to provide you with products and services, or otherwise interact with you. We will tell where such information is required before we collect it.
You have the following rights in relation to your personal data:
- Access: The right to request access to and have a copy of your personal data and to find out how your data is being used and how we obtained your personal data;
- Modification: You can ask us to update or change the data we have about you;
- Rectification: You can have any inaccuracies in your personal data corrected. This includes the completion, updating or deletion of personal data that is inaccurate or which is out of date;
- Erasure (“right to be forgotten”): You can ask us to delete all your personal data in certain circumstances (e.g. if the data is no longer necessary for the purposes for which it was collected);
- Objection: You can object to us processing your personal data in certain circumstances;
- Objection to marketing: Please see section 3 (How do we use your personal data?) for information about how to opt-out of direct marketing communications;
- Portability: You can ask us to transfer your personal data electronically to you or another organisation in certain circumstances;
- Restriction: You can ask us, subject to some verifications, to restrict the processing of your personal data if you think, inter alia, your personal data is not accurate or no longer needs to be processed by us for some specific purposes;
- Withdrawal of consent: Where we rely on your consent to process your personal data, you can withdraw consent at any time;
- Specify the use of your personal data upon your death: When The Union becomes aware of the death of a person, their personal data will be deleted.
You have the right to complain to the relevant supervisory authority or court. For example, the Commission Nationale Informatique et Libertés (CNIL) in France, or the Information Commissioner’s Office (“ICO”) in United Kingdom.
Legal redress for breach of the use of your personal data may be brought before the appropriate courts in countries where The Union has an office, or in your country of residence.
7. How do we ensure your personal data is safe?
The Union works hard to ensure our physical and technical systems are secure. We take careful precautions to protect all personal data on our database, including using encryption and monitoring access to our secure networks and systems.
We also take care to ensure we have secure systems for processing your payment information, such as your credit card or debit card details.
Despite our best efforts to protect your personal data electronically, we cannot guarantee the security of information sent over the internet. The Union cannot accept liability for information that is illegally intercepted or changed after it has been sent.
8. How long is your personal data retained?
Whenever we collect or process your personal data, we will only keep information about you for as long as we need to fulfil the purposes for which we are processing your personal data.
Your personal data is retained for the duration of your relationship with The Union. Beyond that, we will only keep your data if permitted by the data protection laws of the country where your personal data is processed.
At the end of that retention period, your data will either be deleted or anonymised.
9.1. What is a cookie?
Cookies are small text files which are downloaded to and stored on your device when you visit a website. They are widely used by website owners and let websites recognise your device, so that the sites can work more effectively. They also gather information about how you use the site. On its own, a cookie cannot be used to identify you.
9.2. What cookies do we use and why?
The Union uses the following types of cookies:
- Session cookies: these cookies attach to your browser when you visit a website, but they are deleted when you leave the site. A session cookie does not collect any information from your computer.
- Permanent cookies: these remain on your computer even when you have closed the browser. They remember your login details and password so you do not have to type them in every time you use one of our websites.
- Analytical cookies: these cookies allow us to measure and track the visitors to our websites, to see how people use our websites. This helps us to improve our websites and make sure people can finding the information they are looking for. We also track which websites people arrive from, so that we can understand how people find The Union’s websites.
- Third party cookies: We use some third party services or software on our website. If you go to a page on our website that contains this embedded content you may be sent cookies from these websites, for example YouTube videos, Google, Addthis.com, Facebook and Twitter. We do not control the setting of these cookies. You should check the third party website for more information about their cookies and how to manage them.
Most internet browsers automatically accept cookies unless you change your browser settings. If you wish to restrict, block or delete the cookies which are set by any websites, you can generally do this through your browser settings. These settings are usually found in the 'options' or 'preferences' menu of your internet browser. You can find help for specific browsers here: Internet Explorer; Safari; Chrome; Firefox; Opera.
Unless you have adjusted your internet browser settings to block cookies, our site will set cookies.
Please note however that if you set your internet browser preferences to block all cookies, some features on Union websites may not work properly.
If you accept cookies on The Union’s websites, The Union will retain them while you are using the website, or for the legally allowed time and provided that retaining these cookies is strictly necessary.
In any case, The Union does not save sensitive personal data in the cookies it uses, or information that allows you to be directly identified such as your address, your password, your credit or debit card data, etc.
For general enquiries on your personal data rights, you can contact us by email firstname.lastname@example.org or by post:
The International Union Against Tuberculosis and Lung Disease, (The Union), I.T. Department, 68 boulevard Saint-Michel 75006, Paris, France