The International Crocodilian Farmers Association (ICFA, also referred to below as “we”, “our”, “us”) is committed to ensuring privacy of your personal information. To this end, we process your personal information in accordance with the applicable laws, i.e.:
- (i) the EU General Data Protection Regulation (“GDPR”) and the EU ePrivacy Directive; and
- (ii) the French data protection Act 1978, as amended, and any other French law or decree relating to data protection.
Effective date / last modified: 29 March 2021
1 WHO IS THE DATA CONTROLLER?
The data controller of your personal information is ICFA, i.e., a non-for-profit association with its seat at 6, place de la Madeleine, 75008 Paris, France.
2 WHAT PERSONAL INFORMATION DO WE COLLECT AND WHAT ARE THEIR SOURCES
(1) Personal information collected directly from you.
We generally collect personal information directly from you by way of, for instance, messages you address to us, your communications with us and other activities. This information includes the following:
a) your name and address;
b) your contact details;
c) your profession, occupation or job title;
d) information that you provide when inquiring about, applying for, or in the course of, ICFA membership and/or certification; or when you apply for, or provide services in respect of the administration of the ICFA certification scheme; and
e) information about your fees for the ICFA certification.
(2) Personal information automatically collected from your device
When you visit our website, we may collect certain personal information directly from your device. Such information may include the following:
a) Device and browser information, such as information about your device, including device type, IP address, device identifier and operating system;
Please see our Cookie Notice for further information.
(3) Personal information we may receive from third parties.
In some cases, we may receive certain personal information from third parties, such as our ICFA members or their auditors, about the names of the farms, tanneries and/or traders from which their product has been sourced during the previous calendar year.
3 HOW DO WE USE YOUR PERSONAL INFORMATION?
3.1 We set out below the purposes for which ICFA collects, holds, uses and discloses your personal information:
A) to process your application for, or to manage and administer your ICFA membership and/or certification, or to conduct your ICFA certification;
B) to provide you with further information about certification and related products or services ICFA can offer;
C) to send communications about or supply certification and related products and services when requested by you;
D) to send marketing communications about ICFA’s activities, products and services;
E) to answer enquiries and provide information or advice about existing and new products and services;
F) to process your application for, or when you provide your services in respect of the administration of the ICFA certification scheme;
G) to govern the ICFA certification scheme and conduct ICFA functions and activities;
H) to assess the performance of the ICFA website(s) and to improve the operation of the website;
I) to provide statistics to our members, such as the statistics about the use of ICFA-certified or not ICFA-certified farms;
J) to conduct research;
K) to update ICFA membership records and keep your contact details up to date;
L) to establish, exercise or defend our legal claims;
M) to process and respond to any data subject rights request, such as access request, or complaint made by you; and
N) to comply with applicable law, for instance, in response to a request from a court or a regulatory body, if such request has been made in accordance with the law.
The legal bases for the processing of your personal information for the purposes described above will include:
- Fulfilling a contract we have with you, or will have with you at your request: for the purposes in A-C and E-F above;
- Your consent: for the purpose in D above, unless you are an existing ICFA member or you already have ICFA certification, in which case we may rely on our legitimate interests;
- Our legitimate interests, as outlined in these paragraphs: for the purposes in letters G-L above; and
- Compliance with a legal obligation: or the purposes in letters M-N above.
In the event that we will use your personal information for purposes not specified above, we will inform you about such purposes for processing your personal information and, when required, of our legal basis for such processing.
3.2 With regard to Australia, ICFA has noted the requirements of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 effective 12 March 2014, and of the Spam Act 2003.
3.3 If you receive marketing communications from ICFA that you do not wish to receive, you may unsubscribe by contacting ICFA using the contact information below.
4 DISCLOSURE OF YOUR PERSONAL INFORMATION
4.1 We may share your personal information when we are permitted by law, or have your consent, or when we are compelled by law to disclose your personal information to third parties. Such disclosure will only take place in accordance with the relevant applicable laws and for the purposes listed above. These scenarios may include disclosure to:
a) ICFA-related bodies corporate, ICFA professional advisers, ICFA consultants;
b) ICFA members;
c) ICFA contractors and service providers, such as certifiers, hosting service providers, IT providers, server security providers, support services;
d) ICFA auditors or other third parties; and
e) Regulators, public authorities and courts.
4.2 ICFA will not sell any personal information collected or held by ICFA.
4.3 ICFA will keep your hard copy or electronic records on our premises and systems or off site using trusted third parties.
5 INTERNATIONAL TRANSFER OF PERSONAL INFORMATION
5.1 ICFA may transfer your personal information outside the EU to Australia, where the ICFA’s secretariat is based.
5.2 In addition, from time to time, ICFA may send your personal information to contractors, service providers and other third parties who operate or hold data outside the EU or Australia, including to those overseas countries in which ICFA certification activities are conducted including those countries identified on the ICFA website(s) or in ICFA reports as being countries where ICFA operates or where certification activities are conducted.
5.3 To ensure appropriate protection of data transfers outside the EU, we rely on one of the measures listed in paragraph 6.4 below for the purposes of such transfers. If you want to know more, please contact us.
5.4 In circumstances where your personal information is transferred to the ICFA secretariat or to our outsourced service providers located outside the EU, we will, where required by applicable law, ensure that your data protection rights are adequately protected. Among the measures to protect your personal information, we may rely on European Commission adequacy decisions about certain countries, as applicable (see here). Please note that the EU Commission has not issued an adequacy decision with regard to Australia. We may also rely on standard contractual clauses by approved by the European Commission (see here) in our contracts with third parties that receive information outside the EU or using other acceptable data transfer mechanisms, such as Binding Corporate Rules, approved Codes of Conduct and Certifications, or, in exceptional circumstances, on the basis of permissible statutory derogations.
5.5 Please note that Australian privacy law or equivalent foreign laws may not apply to some of those entities and ICFA may not necessarily take such steps to ensure that such entities do not breach the Australian Privacy Principles in relation to your information and by continuing to use ICFA products and services, including certification, you consent to the disclosure of your personal information to such overseas recipients.
6 HOW LONG IS THE INFORMATION KEPT?
Your personal information will be kept as long as it is reasonably necessary for the purposes indicated above or as required by applicable law. The retention periods may vary based on the type of information and the purpose for which it is used. We keep personal information in line with the criteria that include legally mandated retention periods, e.g., for tax audit purposes, pending or potential litigation, contract requirements or operational directives or needs. Please contact us for further details of applicable retention periods.
7 SECURITY OF YOUR PERSONAL INFORMATION
Your personal information may be stored in hardcopy or electronically. ICFA has security procedures in place to protect your personal information.
8 GAINING ACCESS TO, AND SEEKING CORRECTION OF, INFORMATION WE HOLD ABOUT YOU (DATA SUBJECT RIGHTS)
8.1 You have the right of access, i.e., you may request details about the personal information that we process and obtain a copy of the personal information ICFA are still holding about you at any time by contacting ICFA (see the details below).
8.2 Where ICFA holds information that you are entitled to access, ICFA will try to provide you with a suitable means of accessing it (for example, by mailing or emailing it to you).
8.3 You may exercise your data subject rights free of charge. However, in the event that your request is manifestly unfounded or excessive, in particular because of their repetitive character, ICFA may charge you a reasonable fee to cover ICFA administrative costs in providing the information to you.
8.4 The information cannot be provided to the extent that it adversely affects the rights and freedoms of others. ICFA may not provide information regarding third parties. If that happens, ICFA will give you written reasons for any limitation.
8.5 In addition, under the GDPR, you may:
a) request to correct or update your personal information (right to rectification);
b) request that we transmit personal information that you have provided to us, in a machine-readable format, to another party (right to data portability). This right only exists if the processing is based on your consent or a contract and the processing is carried out by automated means;
c) request that ICFA erase the information that it holds about you if it is no longer necessary for the purposes for which ICFA has collected it; if you have withdrawn your consent and no other legal ground for the processing exists; if the processing is unlawful; or if erasure is required to comply with a legal obligation (right to erasure);
d) request that ICFA restrict processing of your personal information (right to restriction) if:
- you contest the accuracy of it – for a period we need to verify your request;
- the processing is unlawful and you oppose the erasure of it and request restriction of it instead;
- we no longer need it, but you tell us you need it to establish, exercise or defend a legal claim; or
- you object to processing based on legitimate interest –for a period we need to verify your request.
e) object to the processing of your personal information on grounds relating to your particular situation (right to object). This right exists when we process your personal information based on our or a third party’s legitimate interests, except in cases where legal provisions expressly provide for that processing. We may however continue the processing if we demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims;
f) object at any time to the processing of your personal information for direct marketing purposes (please note that even if you object to the use of your personal information for direct marketing purposes, we will still send you responses to your questions);
g) refuse or withdraw your consent – in case we ask for your consent to certain processing, you are free to refuse to give consent and you can withdraw your consent at any time without any adverse consequences. The lawfulness of any processing of your personal information that occurred prior to the consent withdrawal will not be affected.
As you see, these rights are not absolute and are subject to various conditions under applicable data protection laws.
9 MAKING A COMPLAINT
9.1 If you believe that ICFA has interfered with your privacy, please make contact using the contact information below and provide details of the incident so that ICFA can investigate it.
9.2 ICFA will treat your complaint confidentially, investigate your complaint and aim to ensure that ICFA contacts you within a reasonable time (and in any event within the time required by the Act, if applicable).
9.3 ICFA will endeavour to resolve your complaint as quickly as possible. Once ICFA has received the complaint, the ICFA Privacy Officer will endeavour to provide you with an answer within 30 days.
9.4 If you are not satisfied with the proposed resolution of your complaint, you may lodge a formal complaint with an EU data protection authority, and notably the French authority – Commission Nationale de l’Informatique et des Libertés (CNIL)
Commission Nationale de l’Informatique et des Libertés
3 Place de Fontenoy
75334 PARIS CEDEX 07
Tel: +33 (0)22.214.171.124.22
Fax: +33 (0)126.96.36.199.00
If you are in Australia, you may also lodge a complaint with the Office of the Australian Information Commissioner:
By mail: GPO Box 5218 Sydney NSW 2001
By fax: +61 2 9284 9666
By email: email@example.com
10 CONTACTING US
For questions or enquiries about privacy at ICFA, please contact the Privacy Officer as follows:
Attention: ICFA Privacy Officer
Tel: +61 409 691 283
For the avoidance of doubt, this Privacy Officer is not a “Data Protection Officer” in the sense of the EU GDPR.
11 UPDATES TO THIS POLICY
12 DOCUMENT CONTROL
|Most recent version||Operative
|Summary of changes from last version||Approved by|
|Final 1||29/03/2021||Final Version||ICFA Executive on behalf of ICFA Board|
Effective Date: 29 March 2021
WHAT ARE COOKIES?
A cookie is a small text file sent to your browser and stored on the hard drive of your device when you visit a website. Session cookies are temporary cookie files that are erased from your device when you close your browser. Persistent cookies are cookie files that stay in one of your browser’s subfolders after you close your browser.
We use the following types of cookies for the indicated purposes:
- Google Analytics cookies, in order to monitor and analyze traffic to the website, and improve our website visitors’ experience, if you agree to their use.
YOUR CHOICES ABOUT COOKIES
You have the choice to decide which cookies used by our website you would like to accept or reject. Certain cookies are strictly necessary for the performance of our website. If you reject certain cookies, however, you may not be able to use some of the features of this website. Your browser may be configured to allow you to refuse or delete cookies or to be notified when a cookie is stored on your device. If you wish to change your cookie settings in the future, you can do so by checking your browser settings.
LINKS TO OTHER SITES
Our Privacy Policies and Notices only cover our website. Our website, email updates and other digital communications may contain links to and from other third-party websites. When you click on these links, you are exiting our website. The personal data that you provide through third-party websites is not subject to our Privacy Policies and Notices. If you follow any link to a third-party website, please note that that website will have its own privacy notice. We recommend that you check such privacy notices of each website you visit.