ICEF provides business to business services to student recruitment agents and to schools and institutions worldwide. These include our ICEF Networking Events, Market Intelligence and Consulting and Training. As such ICEF has a legitimate interest, as defined in the GDPR legislation1 in retaining the personal data of individuals associated with its customers and prospects so as to propose relevant services and deliver contracted services.
ICEF treats all your personal information as private and confidential, except where we are required by law, to disclose it and except when it is with a 3rd party software provider that we have engaged to deliver or propose our services to you (see Data Processors below). We never provide your information to 3rd parties for their own use unless they are also participants at ICEF events.
You may request to see copies of the records we hold for you, or to be removed from our database or mailing lists, at any time you choose.
We seek to fully comply with the General Data Protection Regulation (GDPR).
For further information please contact ICEF at firstname.lastname@example.org
You can get in touch with us:
The company responsible for your personal data (“ICEF” or “us”) is:
Am Hofgarten 9
You can send an email to: email@example.com
Alternatively, you can click the unsubscribe link in any marketing e-mail we send to you. Where your company has contracted ICEF services then we do not provide an unsubscribe link to emails related to delivering the service as any unsubscribe would stop ICEF from being able to deliver the service.
Legal basis for processing your data
Under the GDPR there are six bases upon which to justify collecting and using personal data.
ICEF relies primarily on the following three justifications for processing your data:
Article 6(1)(f) of the GDPR says that we can process your data where it “is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data.”
You have the right to object to us processing your personal data on this basis.
To ensure that we provide you with the best service possible, we store your personal data and/or the personal data of individual contacts at your organisation as well as keeping records of our conversations, meetings, registered jobs and placements. We may also ask you to undertake a post mandate feedback survey to gain valuable insight into our key performance indicators as a business.
We think this is reasonable use of your data for our legitimate interests as an organisation providing various recruitment services to you.
NOTE – We will never share your details with any 3rd parties, without your permission.
We use and store the personal data of individuals within your organisation in order to facilitate the receipt of services from you as one of our Suppliers. We also hold your financial details, so that we can pay you for your services. We deem all such activities to be necessary within the range of our legitimate interests as a recipient of your services.
In certain circumstances, we are required to obtain your consent to the processing of your personal data in relation to certain activities. Depending on exactly what we are doing with your information, this consent will be opt-in consent.
Article 4(11) of the GDPR states that (opt-in) consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” This means that:
We will keep records of the consents that you have given in this way. We will be able to rely on soft opt-in consent to market products or services to you which are related to the recruitment services we provide as long as you do not actively opt-out from these communications. You have the right to withdraw your consent to these activities. You can do so at any time, by sending an email with your details to firstname.lastname@example.org.
Sometimes it may be necessary for us to process personal data and, where appropriate and in accordance with local laws and requirements, sensitive personal data in connection with exercising or defending legal claims. Article 9(2)(f) of the GDPR allows this where the processing “is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity”.
This may arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.
In order to propose and provide the best possible service to our customers and prospects, ICEF asks for details about the people that represent these companies and also for data about the companies themselves. We only ask for personal data that will genuinely help us to help you.
There are three main ways in which we collect your personal data:
We may collect some or all of the information listed below to enable us to provide you, in the context of the services that we provide to your company or institution, with the best possible service:
This data is used so that we can communicate with you, either to propose our services or to deliver those services that your company has already contracted.
The main reason for using your personal data is to help us communicate with you as a prospective or current customer of ICEF either to propose relevant services or to deliver services that your company or institution has contracted.
In the context of ICEF Events, business to business networking events, we share your information with other participants of that event and other ICEF events. You give us your specific consent for this when you sign in to our scheduling platform.
All participants of our events attend for the specific purpose of building business relationships and as such, all our participants have a legitimate interest justification for continuing to contact each other after the events.
Otherwise, we do not share your personal data without your specific consent, except with third parties service providers that ICEF has contractually engaged to assist us in providing our service or; where we are legally obliged to do so. The full list of 3rd parties (Data Processors) is listed below.
ICEF does not store any personal data relating to people under 16.
SUPPLIER DATA (including prospect Suppliers):
We collect your personal data during the course of our work with you. We need a small amount of information from our Suppliers to ensure that things run smoothly. We need contact details of relevant individuals at your organisation so that we can communicate with you. We also need other information such as your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us).
We don’t collect much data about Suppliers – we simply need to make sure that our relationship runs smoothly. We’ll collect the details for our contacts within your organisation, such as names, telephone numbers and email addresses. We’ll also collect bank details, so that we can pay you. We may also hold extra information that someone in your organisation has chosen to tell us.
The main reasons for using your personal data are to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly, and to comply with legal requirements.
We realise that you’re probably busy, and don’t want us to be contacting you about all sorts of things. To find the right balance, we will only use your information:
We may use your personal data for these purposes if we deem this to be necessary for our legitimate interests.
We share your information with associated third parties such as our service providers such as Salesforce and FinancialForce in order that we can manage our supply chain and pay our invoices on time.
ICEF STAFF DATA
ICEF also holds personal data on its employees, past and present. Any member of staff, current or past, may at any time request details of all the personal data that ICEF holds. This data is retained whilst the person is working for ICEF and for a reasonable amount of time thereafter, namely 5 years.
YOUR RIGHTS UNDER GDPR
We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures. These include measures to deal with any suspected data breach.
If you suspect any misuse or loss of or unauthorised access to your personal information please let us know immediately by sending an email to email@example.com.
We will delete your personal data from our systems if we have not had any meaningful contact with you for some time as it is likely your data will no longer be relevant for the purposes for which it was collected.
When we refer to “meaningful contact”, we mean, for example, communication between us (either verbal or written), or where you are actively engaging with our online services. We will also consider it meaningful contact if you communicate with us, either by verbal or written communication or click through from any of our marketing communications. Your receipt, opening or reading of an email or other digital message from us will count as meaningful contact.
One of the GDPR’s main objectives is to protect and clarify the rights of EU citizens and individuals in the EU with regards to data privacy. This means that you retain various rights in respect to your data, even once you have given it to us.
To get in touch about these rights, please contact us at firstname.lastname@example.org. We will seek to process with your request without undue delay, and in any event within 30 days (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.
This right enables you to object to us processing your personal data where we do so for one of the following four reasons:
The “legitimate interests” and “direct marketing” categories above are the ones most likely to apply to our website users, customers and suppliers. If your objection relates to us processing your personal data because we deem it necessary for our legitimate interests, we must act on your objection by ceasing the activity in question unless we can show that we have compelling legitimate grounds for processing which overrides your interests; or we are processing your data for the establishment, exercise or defence of a legal claim.
If your objection relates to direct marketing, we must act on your objection by ceasing this activity.
Where we have obtained your consent to process your personal data for certain activities (for example, for our marketing), you may withdraw this consent at any time and we will cease to carry out the particular activity that you previously consented to unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose in which case we will inform you of this condition.
You may ask us to confirm what information we hold about you at any time, and request us to modify, update or delete such information. We may ask you to verify your identity and for more information about your request. If we provide you with access to the information we hold about you, we will not charge you for this unless your request is “manifestly unfounded or excessive”. If you request further copies of this information from us, we may charge you a reasonable administrative cost where legally permissible. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
You have the right to request that we erase your personal data in certain circumstances. Normally, the information must meet one of the following criteria:
We would only be entitled to refuse to comply with your request for one of the following reasons:
When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.
You have the right to request that we restrict our processing of your personal data in certain circumstances. This means that we can only continue to store your data and will not be able to carry out any further processing activities with it until either:
One of the circumstances listed below is resolved;
The circumstances in which you are entitled to request that we restrict the processing of your personal data are:
If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
You also have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. Where appropriate, we will also tell you which third parties we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
You also have the right to lodge a complaint with your local supervisory authority. If you would like to exercise any of these rights, or withdraw your consent to the processing of your personal data (where consent is our legal basis for processing your personal data), please contact us by email at email@example.com.
You may withdraw your consent to receive marketing communications only or all consent to receiving any communication from ICEF. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the period for which we hold your data.
ICEF’S DATA PROCESSORS
In most cases, ICEF is the “data controller” in that we are the entity that has collected your personal data. In some specific instances, we use third-party software providers to store and manage your data. They do this on our behalf and do not share this information under any circumstances unless required to by Law.
ICEF is committed to ensuring all our suppliers are fully GDPR compliant. Please refer to their individual Data Protection Policies:
© ICEF GmbH