Who are we and what is this document?

This document explains everything you need to know about your privacy and security while visiting our website https://iuaf.org/. In particular, we (International Union for Agroforestry, z.s., association registration number: 09188797, registered in the Register of Associations of the Czech Republic, maintained by the Municipal Court in Prague, section L, entry no. 73471, with its registered seat at Kamýcká 1281, Suchdol, 165 00 Praha, the Czech Republic, hereinafter the IUAF) want to inform you how we process your personal data and what rights you have in this respect. We also want to assure you that we take personal data protection very seriously and we do our best to comply with all applicable legislation, such as the GDPR.^[1] If you do not agree with the data practices described in this Privacy Policy, you should contact us or not use our website.

We may occasionally update this Privacy Policy. We encourage you to periodically review it in order to be informed accurately.

^[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), full text available here.

What information do we collect and how?

Information you directly give us

We collect personal information that you provide us by emailing us, completing membership forms, registering for events or purchasing our products or services.

Information we collect from your use of our website

When you visit our website, we automatically collect and store information about your computer hardware and software (the log data). This information may include your IP address, browser type, domain names, access times and referring website addresses. This information is used by the IUAF for the operation of the service, to maintain the quality of the service, and for website traffic analysis. It is stored and used in aggregate only and it is not used to contact you personally.

For processing the log data we use Google Analytics (including Google Analytics Demographics and Interest Reporting), which is a web analysis service provided by Google. Google utilizes the log data collected to track and examine the use of our website, prepare reports on users’ activities and share them with other Google services. Google may use the log data collected to contextualize and personalize the ads of its own advertising network. If you are interested in Google’s approach to personal data protection, you may find their privacy policy here.

Information collected from cookies

Our service providers use cookies or similar technologies to collect information relating to you and your use of our website. Cookies are small files that enable storing and collecting specific information related to you and your use of our website. Cookies assist us in improving our website and tailoring it to your needs.

If you would prefer not to receive cookies, you can alter the configuration of your browser so as not to accept them. If you choose to set your browser to refuse cookies, it is possible that some elements of our website will not function properly.

You may find more information on the use of cookies by Google Analytics here.

Why and how do we use the collected information?

1. Answering your questions and addressing your needs. We use the information you directly give us by filling in the contact form on our website to communicate with you and reply to your requests for information or any other kind of request as indicated by the form’s content. We use the log data and cookies to better tailor the website to our users’ needs.
2. Providing our members and participants with all necessary information. We use your information in order to provide you with the details that you need for participation in the events that you registered for or that you need to know as a member of the IUAF.
3. Legal compliance and addressing claims. We need to process (store) your information in order to comply with the law, to be able to address your claims (e.g. that we did not meet our commitments), or to prove that we addressed illegal activities of our users.
4. Safe, secure, and well-functioning website. We use the log data to monitor and analyze the use of our website, for its technical administration, to develop and improve its functionality, and to protect it.

What is the legal basis for the processing of your personal data?

As can be seen from the previous section, there are numerous reasons for processing your personal data. These reasons result in the following legal grounds justifying the data processing that we do:

• for the performance of the contract or taking steps prior to entering into a contract  (e.g. to answer your questions, to enable your participation in the event for which you registered or to inform our members in accordance with the IUAF’s bylaws),
• you have given us your consent (e.g. to use cookies), or
• it is necessary for pursuing our legitimate interests (e.g. for being able to address your claims or claims of third parties).

Whom do we share your personal information with?

Generally, we do not share any personal information with third parties unless you give us prior consent.

We may share your personal information with contractors who assist us in running our website (e.g. providers of infrastructure or IT services such as Google). If we do so, we share only the information that our contractors need for performing their tasks. All of our contractors are bound by strict confidentiality and are committed to complying with the personal data protection legislation.

We may share your personal information with public authorities when the law requires us to do so. In such cases, we share only the information that we have to and we communicate with the concerned users as soon as allowed.

We may also disclose personal information in order to identify, contact, or bring legal action against a person or entity who may be causing us harm or endangering our interests.

If we are involved in a corporate reorganization (e.g. acquisition or merger), personal information may be transferred to the acquiring entity and become subject to a different privacy policy. Before the data transfer, we will give you a notice and option to opt out of the transfer.

How do we protect your data and our website?

On our website, we use the Secure Sockets Layer (SSL) protocol to protect your sensitive information – such as passwords, usernames, and transactions – from being obtained by malicious third parties. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot warrant the security of any information you transmit to us.

For how long do we retain your data?

We store your personal data for as long as required by the purpose they have been collected for. More specifically:

• If the processing is based on your consent, we delete the data when you withdraw the consent, unless there are reasons to delete them earlier.
• If the processing is necessary for enforcing legal claims or complying with legal regulations, we retain the data for the periods required by the law, for the duration of the prescription periods, or for the duration of the legal proceedings.
• All cookies have their expiration times that you may find for Google Analytics here.

What rights do you have in relation to your personal data?

You may be entitled to exercise some or all of the following rights free of charge (such rights may vary depending on various factors, e.g. on the way how we collected your personal information):

1. require information about whether your personal information is retained and access to and/or duplicates of your personal information retained, including the purposes of the processing, the categories of personal information concerned, and the recipients or categories of recipients to whom the personal information is disclosed and where possible, the envisaged period for which the personal information will be stored, or, if not possible, the criteria used to determine that period;
2. request proper rectification, removal, or restriction of your personal information, e.g. because (i) of the incomplete or inaccurate nature, (ii) it is no longer needed for the purposes for which it was collected, (iii) the consent on which the processing was based has been withdrawn, or (iv) you have taken advantage of an existing right to object to the data processing; in case your personal information is processed by third parties, we will also forward your request for rectification, removal, or restriction to such third parties unless this proves impossible or involves a disproportionate effort;
3. receive the personal information concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and to transmit those data to another controller without hindrance from our side; where technically feasible you shall have the right to have the personal information transmitted directly from us to another controller;
4. refuse to provide and – without impact to data processing activities that have taken place before such withdrawal – withdraw your consent to the processing of your personal information at any time;
5. not to be subject to any automated decision-making that would have legal effects on you or that could similarly significantly affect you.

You may exercise the rights referred to above or ask any questions or make any complaints regarding the data processing by contacting us. You also have the right to bring a claim before their competent data protection authority (e.g. the Office for Personal Data Protection of the Czech Republic).

Contact information

If you have any additional questions or concerns about our Privacy Policy, please email us at [secretary@iuaf.org] or send a letter to International Union for Agroforestry, z.s., Kamýcká 1281, Suchdol, 165 00 Praha 6, the Czech Republic.