The European Lung Foundation (ELF) is committed to protecting your online privacy. This policy governs the European Patient Ambassador Programme (EPAP) which is hosted on the EPAP website by ELF.
The EPAP service is provided by Nimble Elearning Ltd (Nimble). Nimble processes data for and on behalf of ELF. As a Data Processor, both ELF and Nimble are committed to protecting and respecting the security and integrity of your personal data in line with GDPR (General Data Protection Regulation) and ISO 27001. The information we collect is used solely for the purposes of running your account on the EPAP programme.
1. Information we may collect from you
We may collect and process the following data about you:
- Information that you provide by filling in forms the website. This includes information provided at the time of registering to EPAP, subscribing to EPAP services, signing up to receive the EPAP newsletter, posting material or requesting further services. We may also ask you for information when you report a problem with the Site.
- If you contact us, we will keep a record of that correspondence.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of your visits to the Site and the resources that you access, including your IP address and internet browsing preferences.
2. IP Addresses and Cookies
COOKIES (FULL COOKIES POLICY)
If you do not wish to receive cookies, you can easily modify your browser to reject all cookies or to notify you whenever one is about to be placed on your computer. However, if cookies are not accepted you may not be able to experience all the interactive features of the ELF websites. You are therefore encouraged to allow cookies in order to fully enjoy the ELF websites features.
Most web servers, including ELF ones, use log files, which record information such as service provider IP addresses, browser brand and version, referring websites, search terms used, average number of requested pages, average visit duration, total visitor traffic and information gathered for aggregate use.
3. Where we store your personal data
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with the GDPR.
Your personal data is stored within the EU and, unless explicitly agreed with ELF, will not be transferred outside the EU. Your data is kept securely on a password-protected database and will not be used for any purpose other than the delivery of online learning through your Nimble account.
Where you have been given (or where you have chosen) a password which enables you to access certain parts of the Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
4. Uses made from the information
We will use personal information only to provide you with services relating to the Site. Personal information will not be passed to third parties.
We use information held about you in the following ways:
- To ensure that content from the Site is presented in the most effective manner for you and for your computer.
- To provide you with information you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- To notify you about changes to our service.
5. Retention of your information
The personal data that we collect shall be kept for no longer than is necessary for the purposes for which it is being processed. Should your Nimble account remain unused for a period of two years, or you request removal of your personal data without Nimble having legal grounds to object, then your personal information will be scheduled for deletion.
Data scheduled for deletion will be moved to a secure, encrypted ‘vault’ for no more than three years, before being permanently removed from all Nimble servers and backups.
6. Disclosure of your information
7. Your rights
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at firstname.lastname@example.org. You have a right to withdraw consent for Nimble and ELF to use your personal data by contacting us. Should you feel that the personal information we hold about you is incorrect or inaccurate, you have the right to request that we rectify this. In both cases, please contact email@example.com.
You have a right to lodge a complaint with Nimble or ELF,
The Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
8. Access to information
The GDPR gives you the right to access information held about you, to know why we have it, and how it will be used. Your right of access can be exercised in accordance with the GDPR and will be free of charge. However, we may charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.
Children aged 16 or under wishing to provide personal details to us should get their parent/guardian's permission to do so.
11. Contact us