Privacy - your data, your rights

The International Fragrance Association collects and processes certain information about individuals.

We want to inform you about how and why we collect and process this data, and what your rights are regarding this data.

Our 'data subjects' are individuals that include members, suppliers, business contacts, participants at events, employees and other people the association has a relationship with or may need to contact.

We are committed to handling personal data in compliance with the law. As an organization with an operational centre in the European Union, legal requirements include notably the EU's General Data Protection Regulation (GDPR), which entered into force on 25 May 2018.

IFRA commits to collect and process personal data only when this data is:

  • processed fairly, in a transparent way and based on valid legal grounds
  • obtained for specific lawful purposes
  • adequate, relevant and not excessive
  • accurate and kept up to date
  • not held for longer than necessary
  • protected in appropriate ways and not transferred outside of the European Economic Area unless adequate protective measures are in place.

We are also committed to establishing and maintaining procedural and technical measures to prevent data breaches.

On this page

Types of data

What personal data do we collect?

Personal data means any information relating to an identified or identifiable natural person. This means someone who can be identified, directly or indirectly, by reference to information such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identify of that natural person.

IFRA may collect the following categories of personal data to the extent necessary to achieve the purposes outlined in this policy:

  • Identification data, such as first name, name, pictures, IP address, cookies, photographs
  • Contact data, such as email address, telephone number, postal address
  • Personal information, such as age, date of birth, gender, marital status, citizenship
  • Financial data, such as bank account details
  • Education and profession and employment data

In some circumstances, we also collect and process special categories of data, such as health data, memberships or political affiliation.

In most instances, we collect personal data directly from the data subjects, but we may sometimes obtain personal data from third parties (such as the data subject’s employer or from a public authority).

Data collection - who and why

From whom do we collect personal data, and why?

IFRA collects personal data of staff for the purposes of managing and administering, monitoring and supervising its personnel, based on legal obligations or contracts with employees and consultants.

IFRA also processes personal data of candidates who apply for employment at IFRA, based either on the candidates’ consent or on the necessity to conclude a contract with candidates that have been selected.

IFRA also has a legitimate interest in the processing of personal data to the extent strictly necessary for the purposes of ensuring network and information security.

For general membership administration, IFRA has legitimate interests in the processing of personal data of the contact persons at our members for the purpose of administering the membership and collecting membership fees.

For contract management, IFRA has legitimate interests in the processing of personal data of representatives and contact persons of entities and associations with which we conclude contracts.

For public relations, IFRA processes contact details of Members of Parliament, government officials, academics and other stakeholders for the purposes of carrying out advocacy activities.

For organizing events and conferences, IFRA processes identification details of individuals who register to participate in our events and conferences. This is done for the purpose of managing the registration to and participation in such events and to meet our obligations as an event organizer. When working with event organizers, we may share data with them for these same purposes, based on a clearly defined and time-limited mission, and with a requirement not to store data for longer than necessary and not to share data with third parties.

For website administration, IFRA processes identification data from individuals who visit the IFRA website and express consent to using cookies or provide personal information on the site.

Data retention and transfer

How long do we keep personal data?

IFRA keeps personal data for the time that is strictly necessary to achieve the purpose(s) for which they were collected, such as for the duration of a contractual relationship or of a project, and for a period of time thereafter if so required by applicable law or if in the primary interests of the data subjects.

 

Do we transfer personal data?

IFRA does not transfer personal data outside of the European Economic Area (EEA) unless adequate protective measures are in place.

Exercising your rights

What are your rights as data subjects and how to exercise them?

As a data subject, you have the following rights with respect to personal data we hold about you, subject to applicable legal restrictions:

  • Right to access your personal data
  • Right to rectify incorrect or incomplete personal data
  • Right to erase your personal data
  • Right to restrict processing of your personal data
  • Right to data portability (to receive personal data concerning you in a structured, commonly used and machine-readable format and to transmit those data to another controller)
  • Right to object to all or part of the processing, when legally allowed
  • Right not to be subject to automated individual decision-making, including profiling within the limits set out by the law
  • Right to withdraw consent at any time when we process your personal data based on your consent
  • Right to lodge a complaint with a supervisory authority in the EU

If you wish to exercise any of these rights or if you are not satisfied about how we protect your privacy, you should address your request by email together with a copy of your ID (which we will only use to verify your identity), to IFRA, as data controller, via info@ifraorg.org, with the subject line 'Data protection request'.

Individuals will not be charged for subject access requests, except if the requests are manifestly unfounded or excessive/repetitive. In such cases, IFRA may charge a reasonable fee or refuse to act on the request.

IFRA aims to respond to data subject requests without undue delay, and in any event within one month of receipt of the request.