Cross-Border Data Forum Bannner

PRIVACY STATEMENT

Effective Date: 1 January 2024

This Privacy Statement describes the practices of the Cross-Border Data Forum (“CBDF”, “we” or “us”) with respect to personal information we collect and use in connection with our websites and mobile applications that display or link to this Statement (the “Sites”). This Privacy Statement tells you what personal information we collect and how we use it. It also provides you with other important information about our processing of your personal information. Please take the time to read and understand it.

Key Terms

“Cross-Border Data Forum”, “CBDF”, “we”, or “us” refers to the Cross-Border Data Forum, a 501(c)(4) non profit think tank.

“Personal information” or “personally identifiable information” means information about individuals (including you), and from which such individuals could be identified.

“You” means individuals whose personal information we process, in particular those that use our Sites, who contact us, to whom we send communications, and others interacting with us, such as event participants.

Collection of Personal Information

Personal Information collected when you interact with us or our partners

We collect personal information about you when you:

  • Sign up to receive newsletters, advisories, articles, announcements or other communications;
  • Register for an event; or
  • Submit a comment, question or otherwise communicate with us through the Sites.


The personal information we collect may include your first and last name, contact information including physical or email address, telephone number, communication preferences, nationality, preferred language, job title, company/organization, photograph, and other information you submit through the Sites. We encourage you not to provide superfluous personal information to us (e.g., when filling out our contact forms).

If you communicate about, or in connection with the CBDF with our member organizations, or with our counsel (Alston & Bird LLP) then where appropriate, they may pass your personal information on to us.

If you provide information to us about someone else (such as one of your directors or employees, or someone with whom you carry out certain activities) you must ensure that you are entitled to disclose that information to us and that, without our taking any further steps, we may process that information in accordance with this Privacy Statement.

Your decision to provide personal information to us is typically voluntary, except where personal information is, for example:

  • collected to meet a legal requirement; or
  • necessary in connection with a contract we have with you.


If you do not provide certain personal information, we may not be able to achieve some of the purposes outlined in this Privacy Statement.

Personal Information collected when you interact with the Sites

We also collect certain information automatically when you visit our Sites:

  • Technical Information”, which includes information such as the IP address of your device; the type of browser, device and operating system you use; other (online) identifiers associated with you, the app, or the device you use to access our Sites; items you download from our Sites or videos you watch on our Sites; the pages you visit and the features you use, including dates and times; and if you navigated from or navigate to another website, the address of that website; and
  • Information regarding the total number of visitors to our Sites, the number of visitors to each page of our Sites, whether visitors share our Sites with others, and the domain names of our visitors’ Internet service providers.


We collect such information through the use of cookies, clear gifs, web beacons, local shared objects, Flash cookies or other tags, identifiers, or technologies as they may become available or change over time (collectively “Cookies”).

We permit third parties to collect information on the Sites through Cookies and through embedded objects (such as a video player). Third parties may use the information that they collect for their own purposes subject to their own privacy notices. This information may include personally identifiable information about your activities over time and across different websites when you visit or use our Sites.

Through a service such as Google Analytics, tracking this information enables us to perform analytics to understand our Sites’ audience better. You can opt out of Google Analytics by visiting https://tools.google.com/dlpage/gaoptout.

In connection with Google Analytics, we have taken steps designed to mask IP addresses. This measure truncates your IP address as soon as technically feasible. The IP address is never written to disk. We may also collect information regarding the effectiveness of our email or other communications, such as whether you open an email we send to you.

To learn more about the Cookies used on our Sites, and the specific services which may set Cookies, please see our Privacy Preference Center (accessible at any time using the icon in the bottom left-hand of your screen).

How We Use Personal Information Collected through the Sites

We use the personal information we collect for a number of reasons, the primary purpose being to provide you access to our Sites. We may also use your personal information in the following ways:

  • To contact you and otherwise manage our relationship with you;
  • To provide you with information that you have requested (such as via the “Contact Us” section of our Site);
  • To provide you interaction or communication features on our Sites (for example, we may provide the ability to share public comments on our Sites);
  • To provide additional information about and/or describe our activities and our members’ activities where we believe they may be of interest to you (such as newsletters);
  • To perform an activity you have requested (such as to register you to an event);
  • To run events;
  • To enhance or improve the Sites (by measuring the performance of our Sites);
  • For security purposes;
  • For the prevention and detection of crime;
  • To prevent harm;
  • To establish, exercise or defend legal claims, or otherwise protect our rights and properties and those of others;
  • To comply with a legal obligation that we are subject to;
  • To comply with a request from law enforcement authorities, government officials, regulators, courts or other competent authorities; or
  • In connection with the sale or transfer of all or a portion of our organization or assets to a third party.

 

Our Justifications for Using Personal Information Collected through the Sites

We process your personal information where we have a justification for doing so. In particular, this may be the case where:

  • It is necessary for the purposes of a legitimate interest which we or a third party pursue. In particular, we have legitimate interests in: (i) pursuing our activities as a non-profit group that addresses international data transfer policy issues; (ii) promoting and achieving our goals through the publication of scholarship and promotion of discussion around the creation, implementation, and reform of data transfer mechanisms; and (iii) providing a forum for well-researched and well-written discussion of cross-border data issues;
  • Processing is necessary for the performance of a contract to which you are party, or in order to take steps at your request prior to entering into a contract;
  • We must process your personal information in order to comply with our legal obligations; or
  • You have given consent to the processing of your personal information for one or more specific purposes.


We do not generally need to process special categories of personal information. However, where we do process such personal information (for example, to collect your dietary requirements, or to make appropriate adjustments in connection with an event), we will do so in accordance with the law. For example, we may process such special category personal information where:

  • You have given your explicit consent to the processing;

  • The processing is necessary for the purpose of exercising or defending legal claims;

  • The processing is necessary to protect the vital interests of you or another person, where you or that person is incapable of giving consent; or

  • You have manifestly made the information public.

If you would like further information about our justifications for processing personal information, including our legitimate interests, please contact us at privacy@crossborderdataforum.org.

Sharing and Disclosure of Personal Information

We may share personal information with third parties to pursue the purposes set out above. In particular, we may share personal information:

  • With third-party service providers retained to perform services on our behalf or in connection with our activities. Such recipients include: experts, consultants, outsourced IT providers and other suppliers. In particular, we share personal information with Alston & Bird LLP, which acts as our counsel and provides us with certain services and infrastructure;
  • With our officers, directors, fellows, and members (about whom further information is available on our Sites);

  • With counterparties, interested parties, opposing parties and other third parties (such as law enforcement authorities, government officials, regulators, courts or other competent authorities) where necessary in connection with purposes outlined above.

If you would like further information about the service providers we share personal information with, please contact us at privacy@crossborderdataforum.org.

Your Choices, Rights, and How To Exercise Them

Depending on the laws applicable to your circumstances, you may have certain rights in connection with your personal information, subject to applicable exclusions, limitations, and conditions. These rights may include the following:

The right to object

When we process your personal information for purposes of pursuing our legitimate interests, you may have the right to object to such processing. If you exercise this right, we will stop the processing unless we have strong and legitimate reasons to continue using your personal information. You may also have an absolute right to object to our processing of your personal information for direct marketing purposes.

The right to access

You may have the right to obtain confirmation as to whether or not your personal information is being processed and, where this is the case, access to the personal information. This may include the right to ask us for certain categories of information about our processing of your personal information.

The right to rectification

You may have the right to ask us to rectify or complete personal information about you that you think is inaccurate or incomplete.

The right to erasure

This is also known as the ‘right to be forgotten’ and, in simple terms is the right to request the deletion or removal of your personal information in certain situations, such as where the personal information is no longer needed for the purposes for which it was collected or otherwise processed.

The right to restriction of processing

You may have the right to ask us to restrict the processing of your personal information in certain circumstances.

The right to data portability

You may have the right to ask that we transfer the personal information you gave us to another organization or to you in a commonly used and machine-readable format.

The right to lodge a complaint

You may have the right to lodge a complaint with a supervisory authority, in particular in the country of your habitual residence, place of work or place of the alleged infringement of the relevant data protection rules.

The right to withdraw consent which you have given

If you have given (explicit) consent to us to process your personal information, you may withdraw it at any time.

To exercise your rights as listed above, and to otherwise change your preferences:

  • You can email us at privacy@crossborderdataforum.org;
  • You may unsubscribe from newsletters, advisories, articles, announcements, and other promotional communications received from us by following the unsubscribe link included at the bottom of each email or by contacting us at unsubscribe@crossborderdataforum.org. Please note that you may continue to receive non-promotional communications to the extent permitted by law; and

  • You can change your Cookie preferences by accessing the Privacy Preference Center (accessible at any time using the icon in the bottom left-hand of your screen). Your browser and your device may also enable you to limit the use of Cookies. You should consult documentation for your browser or device for more information about exercising these options. Please note that you may not be able to use all the features of our Sites if you limit the Technical Information you share with us. In addition, our Sites are not specifically designed to respond to “do not track” requests from browsers or other mechanisms that provide individuals with the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party websites or online services.

We will handle any requests to exercise rights in accordance with applicable law. Please note that we may take reasonable steps to verify your identity before implementing your request.

If you have questions or concerns about the information provided in this Statement or about the way in which we process your personal information, we encourage you to contact us in the first instance. You may also have the right to complain directly to the relevant supervisory authority in the country of your habitual residence, your place of work, or alleged infringement of data protection laws.

Security of Personal Information

We maintain administrative, technical and physical safeguards for the Sites designed to protect against accidental loss, misuse or unauthorized access, alteration or destruction of the personal information we collect through our Sites.

The use of the Internet creates inherent information security risks, and we are not able to guarantee the security of our Sites.

Data Retention

It is our policy to retain your personal information for the length of time required for the specific purposes for which we process it. Further information about our retention periods is available on request, by contacting us at privacy@crossborderdataforum.org.

However, we may be obliged to keep your personal information for a longer period, for example, where required by our legal and regulatory obligations or to ensure we have effective back-up systems. In such cases, we will ensure that your personal information will continue to be processed in accordance with this Privacy Statement, and ensure that all personal information is held securely and confidentially, as appropriate.

Transfers of Personal Information

We may transfer the personal information we collect to countries with laws that may offer a different level of protection compared to the laws in the country in which you reside. Please note that our primary data processing facilities are located in the United States of America. Your personal information may also be in some cases transferred to countries within the European Union.

Where we transfer personal information, we put appropriate measures in place to protect it. You can request further information by contacting us at privacy@crossborderdataforum.org.

Linked Sites

The Sites may include links to sites operated by external third parties. The inclusion of a link to a third-party site does not imply our endorsement of the site or the products and services offered at such site. Please note that this Privacy Statement does not apply to any third-party sites. You should consult the privacy policies of each site you visit.

Changes and Contact Details

We may revise this Privacy Statement from time-to-time. Please check this page periodically for changes.

If you have questions about this Privacy Statement or our practices with respect to personal information, please send your request to privacy@crossborderdataforum.org.