- our prospective members of personnel;
- our website’s visitors and any third parties following our organisation, such as analysts and individuals having registered for our newsletter, events or other information mailings;
- our prospective, current and former partners, who are natural persons (such as self-employed persons) or the representatives or contact persons of such partners who are legal entities, including our members, suppliers, agents, partners, consultants and the competent authorities.
1. What type of personal data do we collect?
We collect basic identification information about all individuals with whom we interact, such as your name, title, position, company name, address (incl. city, country, zip code), phone number, email address, signature, digital signature.
In addition to the above and the information below, we may also collect special categories of personal data. From time to time, to the extent authorised or required by law, in connection with our contractual relationship or with the registration for and provision of access to an event, we may collect personal data about your membership of a professional or trade association or union, health personal data, details of dietary preferences and details of any criminal record you may have. Any use of such information is based on your consent.
The information may either be directly provided by you, communicated to us by the legal entity for whom you work (e.g. if you are the contact person designated by your employer to interact with us), supplied to us by one of our service providers (e.g. financial institutions) or obtained from publicly available sources (e.g. social media profiles).
1.1 Prospective members of personnel
For our prospective employees (whether internal or external staff as defined in the IRU Background Check Policy), we may in addition also collect the following information:
- additional identification information (e.g. date and place of birth, nationality, ID card or passport numbers and copy of ID card);
- sickness certificates, accidents and family information (e.g. marital status, number of children, date of birth and household composition, working status of the spouse);
- education and experience (e.g. employment and education history, other details included in the CVs, professional qualifications and experience);
- previous employment records (e.g. nature of the position held, title of the position and type of contractual relationship, supervisor and subordinates, employment dates such as dates of hiring/promotion/position change, work schedule, performance evaluations), which may allow us, with your prior consent, to contact the former employer and the persons mentioned as references;
- other information relating to your recruitment (e.g. information you provided during your interview, conversations, correspondence, notes and comments made during the recruitment process);
- your social security information (such as tax/social security status, insurance details, disabilities);
- your picture for internal/security purposes;
- any information you may need to provide depending on our screening control and pursuant to our IRU Background Check Policy (such as extract of criminal record and/or of the debt enforcement register); and
- any other information relating to you which you may provide to us.
1.2 (Representatives of) our partners
For (the representatives of) our partners, including our members, suppliers, agents, partners, consultants and international organisations and competent authorities (e.g. UNECE, customs authorities), we may in addition also collect the following information:
- for partners who are natural persons (such as self-employed persons) or the representatives or contact persons of such suppliers who are legal entities, additional identification information (e.g. copy of ID card), financial information (e.g. bank account details, bills and invoices) and information relating to the contract (e.g. type of agreement, parties and duration);
- notes about our meetings (if any);
- drivers’ license, extracts of bank accounts, gender, civil status, nationality, language spoken, position, field of work, route and time of circulation, vehicle details, travelling itinerary, geographical information, GPS coordinates, information related to infringements committed or accidents; and
- If legally required for compliance purposes, or in the course of our services provided to you, information about relevant and significant litigation or other legal proceedings against you or a third party related to you and interaction with you which may be relevant for antitrust purposes.
1.3 Website’s visitors and any third parties following our organisation such as analysts and individuals having signed up for our newsletters
For website’s visitors and any third parties following our organisation such as analysts and individuals having signed up for our newsletter, events or other information mailings, we may in addition also collect the following information:
- electronic identification data (http header fields, IP address, browser identification information, information on hardware and software location data if available);
- information regarding your browser and device (e.g. internet service provider’s domain, browser’s type and version, operating system and platform, screen resolution, device manufacturer and model);
- information provided by you during registration to receive one or more newsletters (e.g. address, type of profile and interest in one or several newsletters);
- data collected through cookies, code on the website and our newsletter delivery provider’s web beacons (e.g. language preferences and analytics of the use of the website, such as the pages visited, in which order these pages were visited and the duration of the visit); and
- for analysts following our organisation, their estimates and any related opinions, forecasts, or projections.
2. How do we collect your personal data?
- We collect your personal information as part of our contractual or membership relationship, or when you provide it to us, or interact with us directly, for instance engaging with our staff, using our on-line services (such as TIR-EPD, Asktirweb and TIR-Custom-Portal) or registering on one of our digital platforms or applications;
- We collect your personal information while monitoring our technology tools and services, including our websites and email communications sent to and from IRU; and
- We may collect or receive information about you from other sources, such as keeping the contact details we already hold for you accurate and up to date using publically available sources.
3. Personal data about other people which you provide to us
4. How we protect your personal information?
We will take appropriate technical and organisational measures to help protect your personal information from unauthorised access, use, disclosure, alteration or destruction consistent with applicable data protection laws.
5. Who do we share your personal data with?
5.1 Transfers to third parties
We may transfer or give access to personal data to third parties outside IRU to complete the purposes listed below, to the extent they need it to carry out the instructions we have given to them. Such third parties may include:
- third parties who process personal data, such as our payroll provider, our (IT) systems providers, website designers and hosting provider, payment services providers, banks, insurances companies, social security bodies, event organisers (e.g. for shareholders’ meetings), email delivery service providers, database and cloud providers and consultants;
- any third party to whom we assign or novate any of our rights or obligations under a relevant agreement;
- our advisors and external lawyers in the context of the sale or transfer of any part of our business or its assets; and
- any national and/or international regulatory, enforcement or exchange body or court where we are required to do so by applicable law or regulation or at their request.
The above third parties are contractually obliged to protect the confidentiality and security of your personal data, in compliance with applicable law.
5.2 Transfers outside the European Economic Area
The personal data transferred by IRU may also be processed in a country outside the European Economic Area ("EEA"), which covers the EU Member States, Iceland, Liechtenstein and Norway, in particular United States, Australia and in countries where IRU and the IRU’s members are located. Non-EEA countries may not offer the same level of personal data protection as EEA countries.
If your personal data is transferred outside the EEA, we will therefore put in place suitable safeguards, in particular standard or ad hoc contractual clauses, to ensure such transfer is carried out in compliance with the applicable data protection rules. You may request additional information in this respect and obtain a copy of the relevant safeguard by exercising your rights as set out below.
6. For which purposes do we process personal data?
We may use your personal data for the following purposes only:
- providing products or services you may have requested, including on-line services (such as TIR-EPD, Asktirweb and TIR-Custom-Portal) or solutions as instructed or requested by you or your organisation;
- managing and administering your or your organisation's business relationship with IRU, including processing payments, accounting, auditing, billing and collection, support services;
- to comply with our legal and regulatory obligations, including court orders and exercises and/or defend our legal rights, reporting to and/or being audited by regulatory bodies, record keeping obligations (e.g. to keep records for tax purposes);
- to analyse and improve our services and communications to you;
- protecting the security of and managing access to our premises, IT and communication systems, online platforms, websites and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities;
- for any purpose related and/or ancillary to any of the above or any other purpose for which your personal data was provided to us;
- because the processing is necessary to perform our contractual obligations towards you or to take pre-contractual steps at your request; and
- because processing is necessary for purposes of our legitimate interest or those of any third party recipients that receive your personal data, provided that such interests are not overridden by your interests or fundamental rights and freedoms.
Where you have expressly given us your consent, we may process your personal data also for the following purposes:
- communicating with you through the channels you have approved to keep you up to date on the latest legal developments, announcements, and other information about IRU services, products and technologies, events and projects;
- conducting surveys, marketing campaigns, market analysis or other promotional activities or events; and/or
- collecting information about your preferences to create a user profile to personalise and foster the quality of our communication and interaction with you (for example, by way of newsletter tracking or website analytics).
In relation to prospective members of the personnel, we may also process personal data for any recruitment activities (for example, performing employment and background checks) and any other purposes imposed by law and authorities.
A cookie is a package of data containing a string of text that identifies you as it travels between your computer and ours. This helps ensure the right information is delivered to the right destination.
8. For how long do we retain your personal data?
Your personal data will be deleted when it is no longer reasonably required for the permitted purposes defined above or you withdraw your consent (where applicable) and we are not legally required or otherwise permitted to continue storing such data. We will, in particular, retain your personal data where required for IRU to assert or defend against legal claims until the end of the relevant retention period or until the claims in question have been settled.
9. What are your rights regarding your personal data?
Subject to certain legal conditions, you have the right to request a copy of the personal data about you which we hold, to have any inaccurate personal data corrected, to request that your personal data be deleted and to object to or restrict our using your personal data, by sending an email to email@example.com.
If you object to the processing of your personal information, or withdraw your consent previously given, we will respect that choice in accordance with our legal obligations.
Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above or that you may not be able to make use of the services and products offered by us. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your personal data to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.
We must ensure that your personal data is accurate and up to date. Therefore, please advise us of any changes to your information by sending an email to firstname.lastname@example.org.
11. How to get in touch with IRU?