Privacy statement on the protection of personal data
for the management of CEB mailing lists
1. Description of the processing operation
The Council of Europe Development Bank (CEB) has put into place a system to manage its mailing lists. These lists are used to communicate CEB related information such as its press releases, quarterly magazines and annual reports, as well as to send invitations to events organised by the CEB.
2. Why do we collect, store and process your data?
We collect and process your personal information to inform you about new publications of the CEB.
3. Who is responsible for the processing of your data? (Controller)
Your data is processed under the responsibility of the Council of Europe Development Bank.
4. What personal information do we collect, for what purpose, and through which technical means?
To send you notifications about CEB publications and news, the CEB collects your name, email address, country you live in, language preferences, civility title, job title and name of your company/organisation through voluntary website subscriptions, direct client relations and existing internal personal contact lists.
5. Who has access to your information and to whom is it disclosed?
This information is only accessible to members of CEB Communication Unit. It is not disclosed to third parties.
6. How do we protect and safeguard your information?
In order to protect your personal data, the CEB uses the commercial services of Mailjet, who acts as Data Processor. Mailjet is a Paris-based, all-in-one Email Service Provider. Mailjet is GDPR-compliant and its privacy notification can be accessed on this link: https://www.mailjet.com/security-privacy/. All accesses from CEB Communication Unit to Mailjet are secured by encrypted communication tunnels. A copy of the database is kept on CEB servers for safekeeping with access restricted to CEB Communication Unit and selected IT System Administrators.
CEB’s IT infrastructure is protected by physical and logical security measures: physical access to the servers is restricted. Network firewalls protect the logic perimeter of the CEB IT infrastructure; and the server holding the data is security hardened. Administrative measures include the obligation for CEB staff and service providers maintaining the equipment and systems to have signed non-disclosure and confidentiality agreements.
7. How long do we keep your data?
Your personal data will be retained as long as you wish to remain a subscriber.
8. How can you verify, modify or delete your information?
You have the right to access the personal data we hold regarding you and to correct or update them. Upon request and within one month from its receipt, you may obtain a copy of your personal data undergoing processing. Every communication from the CEB contains a direct link for you to unsubscribe form the mailing list. Additional requests for rectification, blocking and/or erasing your personal data should be directed to CEB’s Communication Unit (info[at]coebank.org).
9. Right of recourse
You have the right to have recourse to CEB’s Commission for the Protection of Personal Data (dataprotection[at]coebank.org) if you consider that your rights have been infringed as a result of the processing of your personal data.