Skip to content

ELN Privacy Policy for Database Contacts

ELN Privacy Policy for Database Contacts

5 August 2019

The European Leadership Network (ELN) is committed to protecting the privacy of the contacts on our database. This policy details the information we collect from you, how it is processed and stored, how it is protected, and how it is used. It also provides information on accessing your data, and options to modify or delete it.

What we collect

We hold a record of your name, contact details and your occupation. We may also keep additional information regarding your areas of expertise; your nationality where relevant (for example, in the case of members of our senior network); your membership of one of our networks and initiatives, where applicable; and notes, e.g. pertaining to your professional background or your relationship with the ELN.

Personal information of our contacts has been collected in the following ways: your contact details are publicly available online; you have a past or existing working relationship with the ELN; or you have exchanged business cards with an ELN staff member, senior associate fellow, board member or senior network member.

Why we collect your information

We collect the data of our business contacts and keep their personal information on our database for two purposes.

First, we process information of our business contacts – loosely defined as contacts who we want to communicate with in a professional context – to keep them informed (predominantly via email) of our research and events to further our mission. An important part of our mission is to disseminate research and analysis and provide a platform for dialogue and debate. Therefore marketing about our publications and events constitutes a legitimate interest.

Second, we may add your contact details because you are directly affiliated with the ELN through one of our networks or initiatives. The ELN runs several networks, such as the European Leadership Network (a network bringing together political, military, diplomatic, civil society and business leaders from across wider Europe) and the Iran Virtual Hub as well as several other initiatives (see our Networks website page for further information). The European Leadership Network also participates in or is a member of several initiatives, such as the Euro-Atlantic Security Leadership Group led by the Nuclear Threat Initiative. We have a legitimate purpose for storing and using the data of the individuals belonging to any of the networks mentioned above or listed on our website. We need to inform these individuals of our activities and to contact them to continue existing collaboration, follow-up on past work or communicate on future endeavours.

Your information will be processed for either or both of these two purposes.

We are relying on these two legitimate interests to process your information on our business contacts database. We have determined that this processing is a reasonable and proportionate way of achieving the purposes identified above.

We have assessed the privacy impact and established that this will be minimal. We only process our contacts’ personal information as far as is relevant to their professional role. Moreover, the processing is unlikely to be unexpected by the individual in question, as it is done in a professional context. Should you wish to learn more about the lawful basis on which we process your information, please contact [email protected].

Please note that for contacts added before 16th October we rely on consent as our lawful basis for processing.

How we process and store your data

We use external service providers to process and store your personal information. Our database is hosted by Microsoft Dynamics CRM and we rely on Preact Limited, an official Microsoft partner, for maintenance, support and implementation of the software. This database software enables us to keep your data secure. Our service providers will have access to your information as is reasonably necessary to perform tasks on our behalf and are obligated not to disclose or use it for other purposes. You will never be contacted directly by Microsoft or Preact Limited.

Our database, Microsoft Dynamics CRM, is synchronised and integrated with our email software, Outlook, via the Dynamics App for Outlook. This allows us, to, amongst other things, ‘track’ emails where relevant (see ‘How it is used’ below), associate or create new activities such as tasks and appointments with your record, create CRM records directly from Outlook, and email directly from Microsoft Dynamics CRM.

Information on Microsoft’s own privacy policy can be accessed here.

How it is used

Our database is used to store contact details which we can refer to when we want to send you tailored communications regarding our latest publications, ELN events along with selected information about the activities of trusted partners, and press releases and embargoed content. We make use of your personal information (e.g. information regarding your area of expertise or your field of work) to target our communications.

When we contact you by email we will most of the time use Microsoft Outlook. However, we may also email you directly from Microsoft Dynamics CRM. In this case, our email to you and your response will be stored in Microsoft Dynamics CRM. We will use this option sparingly. Only members of our staff authorised to use the database will have access to this information.

While not the default, email communications via Microsoft Outlook may occasionally be tracked or linked to records in our database when deemed relevant. ‘Tracking’, as defined by Microsoft, is to ‘create a copy of the email or appointment’ on your record in Microsoft Dynamics CRM; your email can also be linked to (‘set regarding’) records other than your own.  Only authorised users of the database can access this information. We ensure that there are measures in place to protect your personal details as well as the confidentiality of your correspondence.

Also embedded in the Dynamics App for Outlook are AI capabilities, which can be used, amongst other things, to monitor our contacts’ engagement with our messages (‘follow’) and to show other relevant insights (‘relationship assistant’). All embedded intelligence features have been disabled organisation-wide, preventing the collection of recipient interaction data and retrieval of insights based on your data. See Microsoft’s ‘Embedded intelligence privacy notices’ for more information.

It should be noted that you may also receive emails from us via Mailchimp. Mailchimp acts as the processor of our Newsletter mailing list. Our Newsletter mailing list on Mailchimp and our business contact database are two different entities with different purposes for which we have identified a lawful basis (or lawful bases) separately. In other words, being on our Newsletter mailing list will not automatically mean that you are on our database and vice versa.

Microsoft Dynamics CRM and Mailchimp record certain metrics, such as the percentage of mailings opened. Dynamics CRM also allows users to run reports; this feature will only be used sparingly if at all. Your personal data is not linked to such statistics.

Access to and control over your data

You have the right to be informed about the collection and use of your personal data, meaning that we must provide you with information including: our purposes for processing your personal data, our retention periods for that personal data and who it will be shared with. That is the purpose of this privacy policy.

You have the right to request a copy of the data we hold about you. More information about the right of subject access can be found here.

If you wish to request this information, please contact [email protected] and we will provide a copy of your data as soon as possible.

Finally, you have the right to lodge a complaint with the UK’s data protection authority, the Information Commissioner’s Office (ICO). For more information, please visit the ICO’s website: https://ico.org.uk/global/contact-us.

Right to object

You have the right to object to the processing. This right applies because we are relying on legitimate interests to process your data. Where we are relying on legitimate interests for direct marketing purposes, the right to object is absolute and we must stop processing when you object.

Where we are relying on legitimate interests for another purpose, the right to object applies as well. You must give specific reasons why you object, based on the particular context. The right to object is not absolute if: we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms; or if the processing is for the establishment, exercise or defence of legal claims.

We need to inform you of your right to object. We should do so explicitly and clearly. We aim to make you aware of your right to object at the latest at the time of our first communication with you.

You can read more about the right to object here.

Data retention

When you object to the processing, we will stop processing your data. We will not completely delete your data, however. Instead, we will keep the bare minimum of data about you that we need to ensure that we act in accordance with your preference not to receive any communications from us in the future. This method is called ‘data suppression’.

We also aim to review the data we hold on you regularly and to update it where necessary. Moreover, when you inform us of changes as regards your personal information, such as new contact information or a new role, we aim to update your information.

Disclosure of your information to third parties

We do not share our data with third parties unless compelled to do so or in a strictly controlled way to certain service providers working on our behalf as set out above. We will inform you of any disclosure of your information to third parties, where possible.

It is possible that we will need to disclose information about you when required by law, warrant, or other legal process or if we have a good faith belief that disclosure is reasonably necessary to (1) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (2) enforce our agreements with you, (3) investigate and defend ourselves against any third-party claims or allegations, (4) protect the security or integrity of our Service (such as by sharing with companies facing similar threats); or (5) exercise or protect the rights and safety of the ELN.

Modify or delete your data

You can modify your personal information by submitting a request to [email protected]. You may also update your communication preferences.

If you wish to object to the processing of your data, please inform us via [email protected]. We have one month to respond.

For information on our cookies policy, please click here.

Changes to our Privacy Policy

The ELN is a dynamic organisation and as we continue to grow, develop, and expand, we may update our Privacy Policy. When we do so, the date of the most recent update will be included on this page. If you do not agree to these changes and wish to object to the processing, please contact us directly at [email protected].

In case of substantial revisions of our Database Privacy Policy or substantial changes to how we use your data, we will notify you.