Information You Provide to Us
Any information and data that you voluntarily provide to us, including identity data and contact data, will be used for the sole purpose for which the information was provided to us. We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. From time to time, we may also use your information to contact you for research purposes. We may contact you by email, phone, or mail. In addition, communication exchanges on this website are public (not private) communications. Therefore, any message that you post on this website will be considered and treated as available for public use and distribution.
Information We Share
Specific Purpose of Processing
The purpose of data collection on this website is to conduct the Business Reorganisation Assessment and the NPL Survey and to provide information to the Legal Transition Team aimed at identifying potential areas for future technical assistance in the EBRD regions. We may also collect and process the personal data of visitors to this website.
Types of Processing
How We Protect the Information
We have put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your personal data. These include reasonable measures to deal with any suspected data breach.
We are committed to the appropriate ongoing security and confidentiality of personal data by taking all reasonable and appropriate steps to protect the personal data that we hold from accidental or unauthorised destruction, loss, alteration, disclosure or access by unauthorised persons. We do this by having in place a range of appropriate technical and organisational measures.
There is always risk involved in sending information through any channel over the internet. You send information over the internet entirely at your own risk. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the internet and we do not warrant the security of any information, including personal data, which you transmit to us over the internet.
If you suspect any misuse or loss of or unauthorised access to your personal data please let us know immediately. If you think that EBRD did not process your personal data in accordance with the PDPR, you can submit a complaint to the Personal Data Review Panel in accordance with the EBRD Personal Data Complaint Review Procedure.
For further information about EBRD's obligations in respect of the security and confidentiality of personal data, please see Section IV, paragraph 4 of the EBRD Personal Data Protection Directive, the Information Security Policy and its implementing acts.
How Long We Keep the Information
Your personal data will be kept only as long as necessary for the purposes set out in this policy.
In determining the appropriate retention period for different types of personal data, we always consider the amount, nature, and sensitivity of the personal data in question, the potential risk of harm from unauthorised use or disclosure of that personal data, the purposes for which we need to process it and whether we can achieve those purposes by other means (in addition of course to ensuring that we comply with our obligations under our policies, directives and procedures, as described above).
Once we have determined that we no longer need to hold your personal data, we will delete it from our Systems.
Please note that you have various rights to your personal data, which we have set out below.
Right to access personal data
You may ask to obtain confirmation from the EBRD as to whether or not your personal data is being processed, and, where it is processed, to access certain relevant information about the data and the processing. Your rights will be subject to the restrictions on the right to access under applicable EBRD's policies and procedures.
For more information about this right of access, and if you wish to submit a request to exercise your right of access, please refer to Section IV, paragraphs 9 and 10 of the EBRD Personal Data Protection Directive and the EBRD Data Subject Requests Procedure.
Right to rectification
In the event that you identify inaccuracies or incompleteness in the personal data that EBRD holds about you, you have the right (i) to request that the EBRD rectifies such inaccuracies; or (ii) to supplement the personal data, as appropriate, for completeness.
For more information about this right to rectification, and if you wish to submit a request to exercise your right to rectification, please refer to Section IV, paragraphs 9 and 10 of the EBRD Personal Data Protection Directive and the EBRD Data Subject Requests Procedure.
Right to lodge a complaint
In the event that you have a complaint about the processing of your personal data by the EBRD, you have the right to lodge such a complaint to the EBRD's Personal Data Review Panel within 90 days of becoming aware of the EBRD's failure to process personal data in accordance with the PDPR.
For more information about this right to lodge a complaint, please refer to the EBRD Personal Data Complaint Review Procedure.
Please note that we may keep a record of your communications to help us resolve any issues which you raise.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during the period for which we hold your data.
How do we store and transfer your data internationally?
In connection with the purposes described in this External Privacy Notice, your personal data may be transferred to the following recipients located outside of your jurisdiction:
Â· To other EBRD offices (including the London Headquarters and Resident Offices);
Â· To third parties (such as advisers to EBRD and suppliers to our business or providers of benefits); and
Â· To a cloud-based storage provider.
Please note that some of these third parties may, in turn, transfer your data internationally.
We want to make sure that your personal data is stored and transferred in a way which is secure. We will therefore only transfer data internationally to third parties where they comply with a standard of protection of personal data equivalent to at least the level of protection established by the PDPR.
Please contact the Business Reorganisation Assessment Team on firstname.lastname@example.org if you have any questions or concerns.