Privacy Statement for FSC Connect Portal
Thank you for joining FSC Connect Portal. We at FSC Group (“FSC”, “we”, “us”) respect your privacy and want you to understand how we collect, use, and share personal data about you in compliance with applicable data protection laws in relation to the use of the FSC Connect Portal.
This Privacy Statement covers our data collection practices and describes your rights to access, correct, or restrict our use of your personal data. Except where we provide you a link to a different privacy statement or reference to other privacy documentation, this Privacy Statement applies when you visit or use the FSC Connect Portal.
Table of Contents:
- Service Description
- What Personal Data We Collect
- How We Collect Your Personal Data
- How We Use Your Personal Data
- Who We Share Your Personal Data With
- How Long We Keep Your Personal Data
- Your Rights
- Cookies & Similar Technologies
- How To Contact Us
- Changes in our Privacy Statement
The FSC Connect Portal is a computer-based interface which primarily functions are enabling registering and login into these applications provided by FSC:
1. FSC Certification Portal
The FSC Connect Portal serves as one-stop-login platform to make the user experience more comfortable (“Services”). The interface is available on the connect.fsc.org.
The duties of hosting, maintenance and data processing are conducted by FSC International IT Services of FSC Global Development GmbH and the code is hosted by Pantheon.
FSC is the ´controller´ of the personal data you provide to the FSC Connect Portal and Microsoft Dynamics 365 acts in a function of a ‘processor’ in providing the technical infrastructure of the platform.
What Personal Data We Collect
In order to provide the Services, we may need to collect or store some personal data. The personal data we process can include the following:
- Full name (title, first name, middle name, last name)
- Functional role (e.g. member, observer, journalist, sponsor)
- Job title
- Contact ID
- Global system ID
- Organization`s name you work for
- Organization’s VAT
- Organization`s website
- Working address
- Contact information (e.g. email address, phone number)
- Certification Code
- License Code
- Encrypted password
- State of activities
- Sub chamber
- Log in times to the platform
- IP address
- Preferences and requirements for attending FSC global events and engagements (e.g. meal-type preference, dietary restrictions, allergies, special needs)
- Details on your sessions and your attendance availability on FSC global events and engagements
- Transaction reference numbers of payments made by the user
- Uploaded materials required for or related to participation in an event or engagement (e.g., a signed Member Proxy Form for an FSC General Assembly)
- Details of financial transactions (e.g. transaction reference numbers of payments)
- Personal notes if provided by you
We will not collect any personal data from you that we do not need to provide and oversee this Service to you.
How We Collect Your Personal Data
We process personal data provided to us directly by you or through import from the Salesforce or FSC Certification Portals. You as user of the FSC Connect Portal are responsible to provide accurate, complete and up-to-date information during or after the registration to the FSC Connect Portal.
If the personal data you provided needs to be corrected, please, indicate the changes through your account in FSC Connect Portal.
During the use of the FSC Connect Portal we will log personal data concerning your activities and log-in times to the FSC Connect Portal, for purposes of supporting the Service (log files of the webserver).
We collect anonymized analytics via Microsoft Dynamics 365, which honors “Do not track me”, if you configure your browser accordingly. For details on our use of Microsoft Dynamics 365 cookies, please see the respective section below.
How We Use Your Personal Data
We are not using your personal data for anything else beyond the providing the Services or the processing described in this Privacy Statement. We can share data with the respective FSC national partner on need-to-basis. Our technical staff will use the log files for purposes of trouble shooting, and for providing help to end users. The collected analytics, anonymized and aggregated information, is used to improve the platform.
In detail, we use your personal data to provide our Services, improve and update our Services, communicate with you, secure against fraud and abuse, troubleshoot issues and as necessary for safety and integrity based on our legitimate interest (Art. 6 para. 1 lit. f GDPR). In addition, we use your personal data as is required by law (Art. 6 para. 1 lit. c) GDPR).
Who We Share Your Personal Data With
All personal data we process in this portal is processed by FSC, for the purposes of IT hosting and maintenance. Our service provider Microsoft Dynamics 365 as the processor maintain the information on servers located in West Europe (Netherlands) and Northern Europe (Ireland).
If the personal data that we collect from you needs to be transferred to, and processed by a processor based outside of the European Economic Area (EEA), we will take steps, such as including contractual clauses into our contracts with such processors or controllers, that would ensure that your personal data is safe and treated securely and in accordance with this Privacy Statement. Other than that, we do not share the personal data with other third parties, unless described in this Privacy Statement or is required to do so by law.
How Long We Keep Your Personal Data
We will keep your personal data for maximum of 7 years following the termination of your user account on our FSC Connect Portal. Upon your request, we provide you with information about the personal data we hold about you. Furthermore, upon request we rectify or delete your personal data, as far as no statutory storage requirements apply. For details on your rights, please see the respective section below.
We are committed to ensuring the privacy of your personal data. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal data we collect online.
We would like to make sure you are fully aware of all your data protection rights. You are entitled to the following:
- The right to access enables you to receive information on whether we process your personal data as well as a copy of the personal data we process about you.
- The right to rectification enables you to have any incomplete or inaccurate personal data we hold about you corrected, though we may need to verify the accuracy of the new personal data you provide to us.
- The right to erasure enables you to ask us to delete or remove personal data where there is not a good reason or legitimate interest for us to continue to process it.
- The right to restrict processing enables you to ask us to suspend the processing of your personal data under specific circumstances.
- The right to data portability enables you to request that we provide you or a third party of your choosing with the personal data which you have provided to us (in a structured, commonly used, machine-readable format).
- The right to object enables you to object to our processing of your personal data where we rely on our legitimate interest as legal basis. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data which override your rights and freedoms.
- The right to make a complaint to the competent data protection authority. We would, however, appreciate the chance to deal with your concerns so if you have any questions or concerns regarding our processing of your personal data please contact us at firstname.lastname@example.org.
If you would like to exercise one of your data protection rights, please do not hesitate to contact us at email@example.com or our Data Protection Officer at the contact details set out below.
Cookies and Similar Technologies
What are cookies?
Like many other websites, we also use "cookies". Cookies are text files placed on your computer, to help the website analyse how users use the site. This automatically gives us certain personal data, such as IP address, browser used, operating system from your computer and your connection to the Internet.
We only use the necessary cookies which are needed to make the FSC Connect Portal function in a proper way. We do not analyse the collected information for trends and statistics.
Only the people from within the FSC Group which may include affiliates of FSC who need the data to approach you or to respond to your communication will use your personal data.
List of cookies
How to Contact Us
If you have questions about this Privacy Statement, the personal data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us:
Email us at: firstname.lastname@example.org
Postal Address and further company details:
IT Development and Maintenance:
FSC Global Development GmbH
FSC International IT Services
Adenauerallee 134 • 53113 Bonn • Germany
Phone: +49 (0) 228 367 66-0,
Fax: +49 (0) 228 367 66-30
Managing Director: Kim Bering Becker Carstensen
Commercial register: Bonn HRB 15990
If you have a complaint about our use of your personal data, please contact our Data Protection Officer to address your complaint:
Scheja & Partner Rechtsanwälte
Mr. Boris Reibach
Adenauerallee 136, 53113 Bonn
Tel.: +49 (0) 228-227 226-0
Fax: +49 (0) 228-227 226-26
Contact form: http://www.scheja-partner.de/kontakt/kontakt.html
Changes to our Privacy Statement
We reserve the right to unilaterally change this Privacy Statement from time to time to ensure that it complies with current legal requirements or to implement changes to our Services in the Privacy Statement, for example, when introducing new services.
In this case FSC will inform you when the Privacy Statement has been updated upon your login.
This Privacy Statement was last updated on 16 November 2020.