ETSI privacy policy

This privacy policy is effective from 16 April 2018 and was last updated on 10 November 2023.

The Data Controller, ETSI (European Telecommunications Standard Institute) is a not-for-profit organization established under the French law of 1st July 1901 and recognized as a European Standards Organization dealing with telecommunication, broadcasting and other electronic communication networks and services.

The purpose of this privacy policy is to inform you about the way your personal data is handled and protected by ETSI in accordance with the French law and the General Data Protection Regulation EU 2016/679.

Scope

This privacy policy sets out how the ETSI Secretariat (hereafter “ETSI”) uses and protects any personal data that you provide us with when using the ETSI websites and, services or when participating to ETSI activities.

“Personal data” has the meaning ascribed to it in the French Data Protection Act n°78-17 dated 6 January 1978 modified in 2018 and means any information relating to an identified or identifiable person; an identifiable person being one who can be identified, directly or indirectly by reference to an identification number or to one or more elements specific to the person. 

ETSI is committed to ensure that your privacy is protected and adopts appropriate technical and organisational measures to ensure the protection and confidentiality of your personal data is processed in accordance with the provisions of the applicable laws and regulation.  When providing us with your personal data, we assure you that we will only use such information in accordance with this Privacy Policy, which describes what information we collect, why we collect it and what we do with it. We may change this privacy policy from time to time by updating this page (Refer to the section “Amendments to this privacy policy” below). 

What kind of personal data we collect and why

When using ETSI website, services, and when participating to ETSI activities, we undertake to collect and process only the personal data necessary to achieve the purposes for which your personal data are collected. As far as ETSI members and EC (European Commission) counsellors are concerned, their delegates and representatives can access to most ETSI services and participate to ETSI activities subject to the creation of an EOL (ETSI Online) account on the ETSI portal.
ETSI needs to collect, process and store some of your personal data, namely name and surname, title, phone number (fix and/or mobile), e-mail and professional postal address, function, and eventually signature in the context of following activities: 

Administrative management of Membership, ISG/SDG Participants and Partnerships:

  • To manage any administrative task in relation with your ETSI membership or engagement as an ISG/SDG Participant or in a context of a Partnership (for example with other Standardization Development Organisations, National Standard organizations…), such as processing your application or ISG/SDG agreement, partnership agreement, invoicing, sending you any relevant communication in relation with the aforementioned… 

This processing is justified by the contract legal basis of the GDPR, to prepare, execute and follow-up the contract ETSI has with you and keep records of them. 

  • To maintain an updated list of official and voting contacts of the National Standardization Bodies of the European Union. 

This processing is justified by the legal obligation basis of GDPR, for ETSI to comply with European Regulation 1025/12.

Organization of Corporate meetings (General Assemblies, Boards, special committees…) and meetings of the Technical Organization (technical committees…) and management of corresponding work:

  • For the preparation and implementation, in terms of logistic, of the meetings to which you are entitled or invited to participate to send you invitations, allow you to register, submit written contributions, edit your badge for check-in, calculate the quorum, manage the voting process or the remote consensus process, manage the process specific to elaboration of European Standards, and communicate to you any relevant information in relation with the aforementioned.

This processing is justified by:

  • The contract legal basis of GDPR in the case of ETSI members, ISG/SDG Participants and representatives entitled to attend a meeting in the context of a partnership (including NSO - National Standards Organizations - agreements).
  • The legitimate interest basis of GDPR for EC Counsellors and other guests.
  • The legal obligation basis of GDPR as far as elaboration of European Standards are concerned, to comply with regulation 1025/12.
  • For the management of written contributions, of ETSI deliverables such as standards, technical reports, and any other documents presented during those meetings or produced in the context of ETSI activities, and keep records of them, as well as keeping track of participants in the minutes.

This processing is justified by:

  • The legal obligation basis as far as identification of persons with an official role (General Assembly Chair, Secretary of General Assembly...) in corporate meetings are concerned.
  • The legitimate interest basis of GDPR for other participants.

Elections:

  • For organization of elections either for roles at corporate level (General Assembly Chair or Vice, Chair, Board…) or at Technical Level (TC Chair, TC Vice Chair…), to receive and process applications, organize the voting process, communicate the results...

This processing is based on the contract legal basis of GDPR, to comply with our Bylaws and operating rules.

In addition, when applying to a role at corporate level, we ask you to enclose a CV with your application. We only ask you to provide us only with the necessary professional information to enable the ETSI membership to appreciate your application, excluding any sensitive information such as religious faith or political affiliation.

This processing of additional information is justified by the legitimate interest basis of GDPR.

  • For the declaration of Elected Officials before relevant French authorities when required by Law.

This Processing is justified by the legal obligation basis of GDPR. 

ETSI IPR Database:

  • For the creation of your account to submit declarations of Standard Essential Patents (SEPs) and licensing commitments, as well as allowing us to process your declaration.
  • To make your declarations publicly available in accordance with the ETSI IPR policy, with the provided contact person to address requests in relation with your SEPs.

These processing are justified by the contract legal basis of GDPR.

Events (conferences, Plugtests, webinars…):

  • For the preparation and implementation of the events to which you participate, in terms of logistic, to send you invitations, allow you to register, edit your badge for check-in, manage confidentiality issues with NDAs (Non-Disclosure Agreements) when applicable, and communicate to you any relevant information in relation with the aforementioned.
  • For the management of presentations for conferences, display for information the names of speakers on the programme, event’s website and other medias used to communicate on the event.

These processing are justified by:

  • The legitimate interest legal basis of GDPR or the contract legal basis when you are bound by a contract with us.
  • The legal obligation basis of GDPR, as far as acknowledgement of authors is concerned, in accordance with copyright law.

Online Store (algorithms, codes, ISG – Industry Specification Groups - Meetings…):

  • For the creation of your account to purchase items, licenses or services sold on the ETSI online store, and allow us to process your purchase, the corresponding invoicing, and ensure the follow-up of your contract with us, keep records of the latter.

This processing is based on the contract legal basis of GDPR.

  • To fulfil export control obligations before relevant French Authorities.

This processing is justified by the legal obligation basis of GDPR.

Marketing Communication (Newsletters, magazines…)

  • To send you marketing communication in relation with ETSI activities and standardization, either:
  • Including you, when becoming an ETSI member, in some of dedicated the mailing list.
  • Giving you the possibility to subscribe to dedicated mailing list to receive such communications.

This processing is justified by the legitimate interest basis of GPDR in the first case and on the consent legal basis of GDPR in the second case.

Management of ETSI IT system

  • For the management of your accounts of the ETSI tools you use or of the e-mail lists to which you subscribed, when participating to ETSI activities. For the management of requests made to the Helpdesk in relation with our IT environment, the management of the information systems, of security issues, and communicate to you any relevant information in relation with your use of the ETSI IT environment.

This processing is justified by the legitimate interest basis of GDPR. 

Statistics and reporting

  • For compiling statistics and producing reporting for ETSI’s own needs, to evaluate ETSI’s activities and their impact, or in the context of funding/grant agreements such as grant agreements with the European Commission.

This processing is justified by the legitimate basis of GDPR.

Cookies

We use cookies, or similar technologies to collect data about your use of ETSI websites and services. Cookies are small pieces of information that are stored by your browser on your computer's hard drive. We use cookies to capture information about your visit for the following purpose:

  • statistical or survey purposes to improve ETSI websites and services for you or evaluate the impact of ETSI’s activities.
  • authentication
  • to administer and provide you with the content of ETSI websites and services

Whilst these websites and services use cookies, you can set up your browser to reject cookies, but disabling their use may materially impact your interaction with ETSI websites and services.

Reasons we communicate personal data to Third Parties

We never sell, lease, or rent your personal data. 

We communicate your personal data to third parties only with your consent or when it is necessary in the context of activities described above in section “What Kind of Personal Data We Collect And Why”, or otherwise when required by law or to respond to a legal proceeding, to protect our users, to protect lives, to maintain the security of our products, and to protect the rights or property of ETSI.

We may hence share your personal data with:

  • suppliers and service providers working on our behalf, partners operating on a contractual basis with us,
  • Public or Legal Authorities, when required by law or to respond to legal proceedings,
  • Public Agencies or Public Entities (such as European Commission) funding and/or collaborating with ETSI.

Besides, activities within ETSI are based on collaborative work between ETSI members, the Secretariat, Counsellors, and other partners involved in ETSI’s activities. When participating to such activities within ETSI, you agree that your personal data as you provide it to us (Title, name, surname, e-mail and postal address, function, organization, phone number), will be accessible to other ETSI members, the Secretariat, EC Counsellors, and other partners to enable you collaborate with them and vice versa. Such personal data may also be available on contributions and other ETSI documents that are shared with other ETSI members, Counsellors and when entitled, to other partners in the context of such collaborative work. However, your personal data, as accessible to other ETSI members, may not be used for another purpose than collaborating with you in the context of ETSI’s activities, may it be in ETSI’s technical activities or ETSI’s corporate activities.

Transfer of Personal Data Outside of the European Economic Area (EEA)

In certain situations, ETSI transfer your personal data outside the EEA (EUROPEAN ECONOMIC AREA). Such Transfer is made on the following basis:

  • The countries have been deemed by the Commission of the European Union to have an adequate level of protection of personal data (so called safe third countries).
  • Otherwise, we will request on a contractual basis that adequate protection for your personal data is provided by our service providers and partners.
  • In particular, when you participate to ETSI's activities, and given that ETSI’s membership is global, this implies that ETSI members located outside the EEA have access to your personal data, in the conditions indicated in the section “Reason We Communicate Personal Data to Third Parties” hereabove.

Sensitive Data

Unless expressly invited or requested to do so, for specific purpose and needs, we ask you not to communicate to us confidential or sensitive personal data such as passport or ID card number, health insurance number, date of birth, driving license number. In case of a request from us involving confidential or sensitive data, you shall be informed of the purpose and method used.

In this instance, you are informed that there are two specific purposes for which you may provide us, on a voluntary basis, your sensitive personal data:

  • we may need your passport number and data indicating on it, when you wish us to assist you in obtaining your visa to travel to some ETSI events or meetings, as required by the hosting country’s immigration law.
  • When registering to an event or a meeting, for which ETSI offers a meal, we may invite you, on a voluntary basis, to inform us of any special dietary requirements to consider.

For both the above cases, the sensitive personal data you communicate to us shall be processed for these sole purposes as indicated hereabove, in accordance with regulations in force. Also, you are informed that we do not store such sensitive personal data once visa formalities have been accomplished or once the corresponding event or meeting has ended

Accuracy of your personal data

We take all reasonable measures to keep the personal data we process accurate and to delete incorrect or unnecessary personal data.

Children’s privacy

Part of ETSI websites and services are open to a general audience and are designed to allow visitors to browse through the websites without providing any personal data.

However, ETSI’s website and more generally, ETSI activities are not intended for minors. We do not knowingly collect personal data from anyone under the age of 13 and will immediately destroy such information from our records if we discover it.

Links to other websites

We may provide links to other websites for your convenience and information, but these websites may operate independently from ETSI and have their own privacy notice or policy which we strongly recommend that you review those organizations’ policies insofar as they apply to your visit to those websites. We are not responsible for the content of those websites and their privacy practices.

Retention

We retain your personal data as described in the present privacy policy for as long as we need it to provide you with our services or to comply with a legal request unless a longer retention period is required or permitted under the applicable law, or unless justified by ETSI’s legitimate interest in the context of its activities.

The security of your personal data

Wherever your personal data may be held by ETSI, we will take reasonable and appropriate measures to protect the personal data that you share with us from unauthorized access or disclosure.
You are responsible to safeguard your credentials, IDs, and passwords. If you suspect that your credentials, IDs and/or passwords have been compromised, please inform us immediately, using the contact methods detailed below.

Amendments to this privacy policy

This privacy policy may be updated from time to time and without prior notice to you in order to reflect changes in our practices related to personal data.
We recommend you visit this page regularly to view the current terms and conditions, bearing in mind that the date of effectiveness will always be mentioned at the top of this privacy policy with the date of the latest update.

Your Rights

You have rights of access, rectification, objection, and erasure related to the personal data we hold about you. You may exercise your rights by contacting us by e-mail or regular mail (see section Contact Us below) or by managing your account and choices through available profile management tools available through our services. When updating your personal data, we may ask you to prove your identity before acting on your request. We may also reject requests that are repetitive, require disproportionate technical effort, conflict with legal requirements, harm the privacy rights of others or would be extremely impracticable.

Contact us

If you have any questions or comments about this Privacy policy or if you would like to exercise your rights mentioned in the above section “Your rights”, please contact us by e-mail at privacy@etsi.org; you may also write to:

ETSI
Privacy and Legal department
650 Route des Lucioles
06921 Sophia-Antipolis CEDEX
France

Right to lodge a complaint

If you consider, after contacting us, that your data protection rights have not been respected, you have the possibility of lodging a complaint before the CNIL online or by regular mail at:

Commission Nationale de l’Informatique et des Libertés
Service des Plaintes
3 places Fontenoy
TSA 80715
75334 Paris Cedex 07