Privacy Policy

This privacy policy describes the collection, use and processing of personal data by the Confederation of European Paper Industries aisbl/ivzw (Cepi), acting as the data controller of this information as defined by the General Data Protection Regulation 1 of the European Union (the EU GDPR).
[Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data .]

1. About Cepi and your data privacy rights

1.1 Cepi represents the European forest fibre and paper industry towards EU institutions and Brussels-based stakeholders. Through research, publications and advocacy, CEPI aims at improving industry’s competitiveness, sustainability and image towards EU policymakers and stakeholders.

Cepi is established as a non-profit making international association under Belgian law (aisbl/ivzw). Cepi’s address is: Confederation of European Paper Industries aisbl, Avenue Louise 250 Box 80, B-1050 Brussels.

1.2 Your data privacy rights – Cepi is committed to the highest data privacy standards and to protecting the personal data it collects and processes. Cepi has to that end deployed this data privacy policy and organisational and IT technical measures to prevent data breaches and unlawful use.

As a data controller, our responsibility notably implies that we provide you with the right to consult, correct or remove any of your personal data.

→ Should you wish to consult, complete, rectify or remove any of the information that we hold about you or your organisation, please contact us at: .
→ To know more about your data protection and privacy rights please consult the Belgian supervisory authority – the Commission for protection of privacy – at (site available in English, French and Dutch).

2. About the personal data we collect and the way we use them

2.1 Personal data – As a member of Cepi or an external stakeholder, you may provide us with personal data information when using our website, interacting with us on social media, registering for information or events.

The data we collect can include your organisation’s name, title (or gender), job title, first name, family name, function, telephone number, mailing address, e-mail, social media account (s) and web address or photo, as well as where applicable, Cepi working groups memberships, subscriptions to Cepi information and attendance at Cepi meetings.

Some of this data is considered as personal data under the EU GDPR. In most instances, we collect personal data directly from the data subjects, but we may sometimes obtain personal data from third parties such as directories or EU institutions websites

2.2 Purpose of use and processing – the information that you provide us with will be used for the purpose of contacting you, fulfilling your online requests or facilitating your access to members-only content and/or providing you with relevant and updated information about our organisation, its activities and positions. More specifically, as part of its general mission, Cepi processes personal data for the following purposes:

For membership management and general administration: Cepi has legitimate interests in the processing of personal data of the contact persons across its membership for the purpose of administering or informing its membership or for the governance of the association (such as the organisation of general assemblies and board meetings). Cepi also processes the personal data of representatives and contact persons of entities with which Cepi contracts, such as consortiums, services providers or consultancies.

For research, publication and advocacy purposes: Cepi processes contact details of journalists, Members of European Parliament, officials from the European Commission and from EU Member States, academics, consultants and industry experts and European affairs stakeholders for the purposes of carrying out its research and advocacy activities.

For events organisation: Cepi processes identification details of individuals who register to participate to events and conferences it organises for the purpose of managing the registration, invoicing and participation to such events under the general terms and conditions that are expressly accepted by the individuals and/or based on consent for certain personal data.

For websites security and content access: Cepi processes identification data from individuals who register themselves on websites managed by Cepi and give their express consent to receive newsletters or information from Cepi. Cepi also processes identification data from members or content subscribers to facilitate their personal access to the meeting documents of their working groups or subscribed content.

2.3 Explicit consent, retention and right of consultation + modification – Your prior informed, explicit, consent for the use and processing of your personal data will be requested for registering to Cepi mass communication such as newsletters or event participation. Your consent will also be specifically asked for photos or multimedia content that may enable the recognition of participants at events.

Your personal data will be kept as long as you are a designated person of your organisation in relation with Cepi or its members and, otherwise provided by law, for the time that is strictly necessary to achieve the purpose(s) for which they were collected.

Should you wish to withdraw your prior informed consent, consult, complete, rectify or remove any of the information that we hold about you or your organisation, please contact us at: .

2.4 Data sharing – As a non-profit organisation Cepi does not share or sell any personal data to third parties for any commercial purposes.

Your personal data will not be shared with any other third parties unless we would be required to do so by law or to comply with a court order served upon us in connection with our website(s), social media, the implementation of the EU GDPR or to protect and defend our legal rights and interests and those of our members.

Personal data may be shared with Cepi members for the same legitimate interest and purpose Cepi uses them.

Your personal data may be processed outside the European Union. In such case, the transfer of data is governed by a data processing agreement to provide adequate safeguards as defined by the EU GDPR.

2.5. Risk assessment – The processing of your personal data was self-assessed as presenting
limited risks for your fundamental rights considering that only professional information is used and that adequate measures are in place to prevent data breaches.

3. About our website, social media and our cookies policies

3.1 Cookies – Our website or social media channels may use tracking techniques such as cookies for collecting technical information about your use for the purpose of improving and tailoring their content and making it more user-friendly.

Cookies are stored on your computer and enable us to track your computer’s use of the website and, for registered users, to manage their access to specific content.

We use performance cookies to provide anonymous statistics on how our website is used (web analytics by Google Analytics).
[For more information, see Google’s analytics help pages and Google privacy policy]

It is possible for you to disable or delete cookies within your specific browser options, although this may impair your use of the website or will require you to resubmit your credentials to access member’s or subscriber’s content.

3.2 Social media privacy policies – When interacting with our social media channels (Twitter, Facebook, LinkedIn, Instagram, Youtube) your consent and personal data use are covered by the terms and conditions and privacy policies of each of these social media platforms.

3.3. Third parties websites and social media – Our website (s), social media channels and electronic communication tools may also contain links to websites or social media channels of third parties. These links are provided for your information and convenience only. Cepi does not endorse, approve or take any responsibility for the websites or social media channels which we provide links to. We also does not endorse, approve or take any responsibility for their availability, performance, content or for the use of such websites or social media channels or any information contained therein.
Cepi’s data privacy policy applies only to Cepi’s databases, website(s), and electronic communication media and not to any other websites or media that you would access by hyperlink from our website (s) or our social media. When you leave our website by linking to another site or through social media, you should read the privacy policy, if any, provided by such website or media.

4. Policy update and notifications

Cepi may update this policy at any time by posting changes online. Any such changes will be notified to registered contacts and to website visitors in order to be read and accepted.

Brussels, 26 March 2018