Privacy and Cookies

What is personal data? 

Article 4(1) of the GDPR identifies personal information as ‘any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier...’An identifier could be a name, email address, telephone number, social media handle, photograph, address, payment details, organisational affiliation etc. 

What personal data do we collect? 

We collect data you knowingly and voluntarily give to us, including information you provide when you: become an EAZA Member, manage a population management programme, become a member of a Committee or Working Group, register for the EAZA Member Area, sign up for our newsletters, enrol on an EAZA Academy course, complete an EAZA survey, provide details for invoicing and payments, attend one of our events, subscribe to Zooquaria magazine, or interact with us on social media. This data may include: 

• Personal details (name, email address, telephone contacts and postal address) 
• Organisational affiliation and job title
• Financial information, such as bank account details
• Passports, birth dates and other identification details exclusively to allow for travel booking
• Details of your dietary requirements
• Username and comments you make on our social media sites  

EAZA commits to the principles of the GDPR in that we: 

• Collect the absolute minimum of personal data in relation to the purpose for which they are processed
• Take every reasonable step to ensure that personal data are always kept up-to-date
• Erase or rectify inaccurate personal data without delay
• Take security measures which ensure protection against unauthorized or unlawful processing 
• Will anonymize aggregate data from surveys or other data analysis.

Why do we collect personal data? 

To achieve our Vision to a dynamic, innovative and effective zoo and aquarium membership organisation, we need to keep our Members, and the partners we work with, up-to-date with our work. We need to offer opportunities for effective and easy communication with those who are essential to our work.  

Our legal basis for the collection and processing of personal data is based on and consent. We view providing information about EAZA Members and EAZA activities as an essential part of being an effective membership organisation.  

Who has access to your data? 

Our employees have access to it only to the extent necessary to achieve the aims and objectives linked to the EAZA Vision, Mission and other clearly publicly stated goals. Each of them is subject to a strict obligation of confidentiality.  

EAZA may also share contact details with Members and third-parties in the enactment of activities that fulfill the EAZA Vision and Mission. The least amount of information will be shared in order to fulfill these goals.  

Information provided consensually by Member institutions and other users for use on the Member Area of the website can be accessed by EAZA Members of all categories and approved third parties who have agreed by use of the Member Area to a Non-Disclosure Agreement (NDA). The approval of these third-party users and the responsibility for ensuring that they have signed an NDA rests with the EAZA Executive Office; EAZA is not responsible for the accidental or deliberate breaching of the terms of the Member Area protected website by users. However, any such breach will result in an investigation and sanctions against the culprit, including the possible referral of the case to local police or other appropriate authority. 

EAZA does not sell your information to third parties for commercial purposes.

Our Newsletters 

EAZA uses a third-party application called Campaign Monitor, which is an email marketing tool, to send out informational newsletters and occasional communications. This tool allows us to monitor very basic information such as the links subscribers to our newsletter visit, how many times they open the newsletter and when a user unsubscribes. This helps us to understand which stories are of most interest to our supporter base and to adjust the content we include accordingly. Your presence on our mailing list is by your consent only, either in the form of direct consent, or as a result of your subscription to one or more service(s) provided via this platform. 

Other websites 

Our websites contain links to external websites. EAZA is not responsible for the privacy practices and content of those sites and cannot guarantee that content linked to will always be available. 

Additionally, EAZA is not responsible for the privacy and data protection practices of websites that provide services to EAZA, such as travel booking sites, registration sites, event management apps, etc. 

Sharing data with third parties to fulfil legal or contractual obligations 

We may need to pass on information if required by law or by a regulatory body. For example, information to registered auditors, or to fulfil an information request by a law enforcement agency.  

Credit, Debit and bank account information 

We do not retain credit and debit card details following the purchase of tickets at events, booking of travel and accommodation, charity auction items or event merchandise, once the transaction and legal accounting procedures are complete. We keep bank account information for grantees and suppliers so that we can fulfil contractual payments. We also keep bank account details for screeners to allow for reimbursement of screening related costs. We also keep bank account details for donors so that we can collect direct debits in accordance with direct debit mandate rules. Once any such arrangement is terminated, EAZA will delete bank details for donors.

The legal basis for processing this information is ‘Contract Performance’. 

Use of Cookies 

Cookies are small text files that are collected by your browser from websites you visit which are then stored on your device. Cookies are widely used to enable website functionality – they make sites work more efficiently. The cookies used are generally for the purpose of analytics. Google Analytics uses cookies to help us understand where the site is being accessed from, the type of browser and operating system being used, the IP address of the user, and the pages being accessed, but it does not identify individuals. Use of Google Analytics enables us to better understand the needs of our online audience and to develop and adapt what we provide on our website accordingly. Read more about the way Google Analytics uses cookies. 

Data Security 

Once we have received your information, it will be stored electronically and is managed in accordance with our Data Protection Policy following control and security procedures to prevent any unauthorised access. We will keep your data for as long as we consider it necessary to carry out our activities, taking into consideration legal, taxation and accounting requirements.

All data is held in the cloud and in line with the cloud service providers’ privacy and security polices. Data is also shared with service providers who have their own service and security policies

Member Area Agreement 

By registering to use the EAZA Member Area, I agree not to share, directly or indirectly, any information gathered as a result of my usage of the EAZA Member Area to third parties, unless explicitly permitted by EAZA as the website owner. I acknowledge that external use or communication of any data gathered via access to the Member Area must first be authorised by EAZA Executive Director. If this agreement is broken, EAZA reserves the right to take legal action in their local country against individuals and/or institutions. By logging into the EAZA Member Area, I accept its terms in full and waive my right to contest any legal action brought against me by EAZA as a result of such infraction.

Does EAZA transfer your data outside the EU? 

Personal data for public access website users (if any) should be retained in the EAZA Executive Office and not transferred. User data for the protected Member Area website may be transferred to non-EU users only if they have signed the NDA. In certain specific cases, EAZA will share Member Area information with GDPR compliant organisations outside the EU, such as with Species360, to allow for the continued functioning of EAZA administered population management and other programmes. Member Area users participating in such programmes are assumed, through their participation in these programmes, to have provided their assent to such sharing of their information.

Applying for a job at the EAZA Executive Office 

If you apply for a job with us, and you provide personal data such as the information on your CV or Application Form, we will process and store the personal data we collect to: 

• Support the recruitment and selection process 
• Answer any questions you may have
• Use third parties to provide services such as references, qualifications, verification of information you have provided, health screening and psychometric evaluation or skills tests
• Undertake checks on criminal convictions
• Provide anonymised data to monitor compliance with equal opportunities policy

If you work for the EAZA Executive Office via an organisation that EAZA has a contract with, we commit to ensure that the organisation is also compliant with GDPR regulations.

If you submit your personal information to a job board, online recruitment tool, social media platform, headhunting agency etc. your details could then be passed to EAZA. We recommend that you ensure you have given your consent to that organisation who may share your data. If we receive your details via a third party and are unclear about consent, we may either check with you before using your data further or fully delete the information. 

If you do not join us as an employee for any reason, your data will be stored for up to seven years. The legal basis we use for processing your data if you apply for a job is ‘Consent’.