Privacy notice for trustees

This privacy notice serves to provide you with information on the processing of your personal data by the European Council on Foreign Relations (ECFR) as part of your appointment to the ECFR Board of Trustees. For all general processing of your personal data by the ECFR please refer to our general privacy notice.

Who is responsible for the processing of your personal data?

This information applies to the entire pan-European ECFR organization. ECFR Trustees processes are dealt primarily by ECFR central teams located in our offices in Berlin and London. Additionally, where applicable, ECFR legal entities in France, Spain and Italy of which you might be a Trustee of, will be responsible for the processing of your personal data.

In some cases, such as the Annual Council Meeting, the contact section of our website or e-mailngs, ECFR entities might be jointly responsible for processing your personal data. For these cases, the ECFR legal entities, as joint controllers according to Art. 26 GDPR and UK GDPR have amongst themselves agreed that ECFR Deutschland GmbH will take primary responsibility for complying with GDPR and UK GDPR obligations, in particular transparency obligations and individuals’ rights.

ECFR Deutschland GmbH

To find further information about our organization, the details of authorized representatives and other contact details, please refer to the imprint on our website.

ECFR data protection officer

ECFR Deutschland GmbH has appointed a data protection officer (DPO). In case of any queries you may contact the DPO by using the contact details above and adding “attn of the DPO” or via e-mail: [email protected]

What personal data will we process and for which purposes? Do we share any personal data for these purposes?

Annual Council Meetings

We will require the following data from you to organize virtual, hybrid and in-person events and meetings, as well as to invite you to our Annual Council Meeting (ACM).

  • name
  • surname
  • job title
  • organization
  • email
  • RSVP status

Please note that we record the ACM sessions for documentation purposes and to showcase the work of the Council.

General activities and meetings

As part of your involvement with ECFR and your Council membership, we may store details, minutes or recordings of meetings you take part in.

Contact section of our website

We will share your name, current and past positions and your home country on our website so that we can promote awareness about the diverse composition of our Council.

Newsletters, advocacy mailings and event invitations

As our valued Council members, we will send you e-mails about ECFR publications, activities and invitations to events according to your interests in order to support the mission of ECFR. You may of course let us know at any time if your areas of interest change or if there are any e-mails you would like to no longer receive from us.

Be aware that, if you click the opt-out link provided in every ECFR mail, you will stop receiving all ECFR emails sent out through our global database (CRM).

Who else will receive your personal data?

Trustee appointment

To be appointed as ECFR Trustee, we will collect the following personal data on our trustee appointment form:

  • title
  • name, surname
  • previous surname
  • residential address
  • private email
  • private phone number
  • business address
  • business email
  • business phone number
  • date of birth
  • nationality
  • date of appointment

We will process this personal data only so that we can correctly identify and contact you during your appointment, as well as to fulfil our legal membership obligations. Your data may be shared with public authorities should there be a legal obligation to communicate about the appointment of new Trustees.

Trustee verification of ECFR London trustees

So that you may be listed as a Trustee for our bank account in the UK, and therefore be granted access to this account, we are legally obliged as a UK charity by UK money laundering law to verify your identity with our bank. Upon appointment to our UK Board of Trustees, we will ask you for the following personal data:

  • birth date and place
  • home address
  • previous address
  • date of move
  • phone
  • personal e-mail
  • existing Barclay’s account details if any
  • National Insurance number if any
  • mother’s maiden name
  • nationality

This will be taken care of by our central Finance & Operations department. We will be required to share this data with our bank as part of the KYC check.

General activities of Trustees

As part of your involvement with ECFR and your work on our Board of Trustees, we may store details, minutes or recordings of Board meetings and of any other meetings you take part in.

Board and Annual Council meetings

We will require the following data from you to organize and hold meetings of our Board of Trustees and our Annual Council Meeting, during which we will keep you informed about ECFR activities and involve you in discussions on ECFR strategy and governance topics.

  • name
  • surname
  • job title
  • organization
  • email
  • RSVP status

Contact section of our website

We will ask you for detailed information to share about you on our website so that we can promote awareness about the diverse composition of our Board – such as your name, position, photo, affiliation, past affiliations, areas of expertise, degrees, social media contact, publications. Our website is maintained centrally by the Communications team whose members are currently based in our Berlin and Madrid offices.

Newsletters, advocacy mailings and event invitations

As our Trustee, you will receive regular information via e-mail about ECFR publications, activities and invitations to meetings and events in order to support the mission of ECFR. You may of course let us know at any time if you would like to receive less (or none) information or invitations to ECFR events. Be aware that, if you click the opt-out link provided in every ECFR mail, you will stop receiving all ECFR emails sent out through our global database (CRM).  

Who else will receive your personal data?

Donors

Your participation as a speaker, moderator or participant in ECFR events, meetings and study trips may be shared with donors to inform them about our activities.

Service providers

Data may be accessed by service providers with whom we have agreed data processing agreements for purposes of administrating our IT systems, e-mail, hosting, cloud services, video conferencing or software support.

ECFR access to data

Within the organization, your personal data will be accessed only insofar as this is required for the task at hand. Frequently this will include the Senior Management Team, the Board and Council liaison team, the central finance and development teams

Public authorities

We are legally required to share details about our Trustees with the public authorities where ECFR is registered in the relevant member country. UK trustees’ data will also be shared with the UK Charity Commission in as much as this is legally required.

We will process your personal data as far as it is required within the context of your appointment to the Board of Trustees according to our Articles of Association and therefore based upon article 6 (1) b of the GDPR or UK GDPR respectively. The processing of your personal data for the purpose of sending you newsletters, advocacy mailings and event invitations may also be based upon our legitimate interest to involve you in ongoing ECFR activities and further your support of and involvement with ECFR and therefore article 6 (1) f of the GDPR or UK GDPR respectively.

How long will we store your personal data?

We will keep your personal data for as long as it is required to fulfil the above purposes. Usually, this will be the period of your appointment as a Trustee. For the general processing of your personal data by the ECFR please refer to our general privacy notice.

Insofar as statutory storage obligations exist, we must take these into account and will store your data, with access restricted, for an adequate time period.

Where will your personal data be processed?

We process your personal data on dedicated IT systems and within our premises both in the European Union and the UK. We also currently use software and service providers who host and process personal data for us both in the European Union and the UK.

While the UK is not part of the European Union anymore, the European Commission has reached an adequacy decision according to article 45 of the GDPR for the UK, meaning that the level of data protection in the UK is considered to be of an adequate level.

Insofar as donors or prospects are based outside of the European Union, your personal data detailed above may be transmitted to these countries. Where no adequacy decision by the European Commission exists, as is the case for countries like the US, the level of data protection may not be on a par with that provided by the GDPR. In particular, foreign authorities may be able to access your personal data, and you may not be able to ensure legal recourse. In these cases, the transfer of your personal data, while being kept to a strict minimum, will nonetheless be required in the context of your appointment to the Board of Trustees and thus occur based on the legal derogation of Art. 49 (1) lit. b GDPR.

Are you obligated to provide your personal data?

You are obliged to provide any personal data we are required by law to collect, such as personal data needed to verify you with our bank or agreed in our contract with you, for example to identify you as a Trustee. In other instances, there may be no obligation for you to provide the data required, however most of this will be necessary to adequately have you as a trustee.

Your rights

You have the right to information about the personal data processed by us about your person.

In the case of a request for information which is not made in writing we may ask you to provide us with further proof of identity.

Furthermore, you have the right to correction, deletion, or restriction of the processing of your personal data to the extent to which you are legally entitled to such rights.

You also have the right to object to the processing of your personal data within the scope of the statutory provisions, see above.

You have a right to data portability, again with the scope of the statutory provisions.

 To exercise your rights, we kindly ask you to address any queries to ECFR Deutschland GmbH, using the contact details provided above.

Right to complain

Lastly, you have the right to complain to the data protection supervisory authorities both in the EU and in the UK about our processing of your personal data.