Privacy and cookie policy

We collect and process personal data when you visit this website, in compliance with all applicable data protection regulations.

With this data protection declaration we would like to explain to you which data we collect on our website for which purposes and on what legal basis this is done. In addition, we will inform you about your rights and who you can contact if you have any questions about data protection or complaints

1 Contact details of responsible data collector

Responsible for the collection, processing and use of your personal data within the meaning of Art. 4 No. 7 DSGVO is

IAPA International Au Pair Association

Office address:

Oetztalerstr. 1

81373 Munich

phone: +49 (0)89 20189550

e-Mail: info@iapa.org

Address of incorporation:

Nygade 5

1164 Copenhagen

Denmark

Non profit organisation registered at CVR Kopenhagen, Denmark

CVR Number: 29342199

If you wish to object to the collection, processing or use of your data by us in accordance with these data protection regulations as a whole or for individual measures, you can address your objection to the person responsible Patricia Brunner patricia.brunner@iapa.org 

2 General reasons to process data

We may use personal data to run our website and for the execution of statutory services and obligations

3 What data do we collect and why?

3.1  Data for provision of our statutory duties and services

We process personal information and the data of our members, supporters, interested parties, customers or other persons in accordance with Art. 6 Para. 1 lit. b. GDPR,  to run this website and if we offer them contractual  services or become active within the framework of an existing business relationship, e.g. with members, or if we ourselves are recipients of services and benefits. In all other respects, we process the data of subjects in accordance with Art. 6 para. 1 lit. f. DSGVO on the basis of our legitimate interests, e.g. when administrative tasks are involved.

The data processed in this context, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship (Membership). In principle, this includes inventory and basic data of the persons (e.g., name, address, etc.), as well as contact data (e.g., e-mail address, telephone, etc.), contract data (e.g., services used, contents and information provided, names of contact persons) and if we offer chargeable services or products, payment data (e.g., bank details, payment history, etc.).

3.2 Hosting

The hosting services we use help us to provide the following services: Infrastructure and platform services, computing capacity, storage and database services, security services and technical maintenance services that we use to operate the website.

We or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta- and communication data of customers, interested parties and visitors to this website on the basis of our legitimate interests in an efficient and secure provision of our website in accordance with Art. 6 Para. 1 S. 1 f) GDPR in conjunction with. Art. 28 GDPR.

3.3 Access data

We collect information about you when you use this website. We automatically collect information about your usage behavior and interaction with us and record data about your computer or mobile device. We collect, store and use data about every access to our website (so-called server log files). Access data includes:

  • Name and URL of the retrieved file
  • Date and time of retrieval
  • transferred data volume
  • Message about successful retrieval (HTTP response code)
  • Browser type and browser version
  • operating system
  • Websites accessed by the user’s system through our website
  • Internet service provider of the user
  • IP address and the requesting provider

We use this log data without allocation to your person or other profiling for statistical evaluations for the purpose of operating, security and optimization of our website, but also for anonymous recording of the number of visitors to our website (traffic) and the extent and type of use of our website and services. Based on this information, we can provide relevant content, analyze traffic, troubleshoot and correct errors, and improve our services.

This is also our legitimate interest pursuant to Art 6 para. 1 sentence 1 f) GDPR.

We reserve the right to check the log data subsequently if there is a justified suspicion of illegal use based on concrete evidence. We store IP addresses in the log files for a limited period of time if this is necessary for security. We also store IP addresses if we have a concrete suspicion of a criminal offence in connection with the use of our website. In addition, we store the date of your last visit as part of your account (e.g. when registering, logging in, clicking on links, etc.).See also point 3.5   Webtracking/Matomo

3.4 Cookies

A “cookie” is a small text file that is created when you visit our website and is stored on your computer. Cookies help us to know whether you have visited our website before. A cookie can only contain information that we ourselves send to your computer – private data cannot be read out with it. If you accept the cookies on our pages, we do not have access to your personal information, but with the help of cookies we can identify your computer.

Cookies in use

We use “session cookies” and “persistent cookies”. A “session cookie” is a cookie that is automatically deleted when you close your browser. A “persistent cookie”, on the other hand, remains stored on your terminal until a defined expiry date of the cookie.

Session cookies in use:

PHPSESSID: With the help of this cookie the preferred settings of the user are stored in order to be able to make them available immediately the next time the page is visited. These can be, for example, the language settings or another preference. It also makes it easier to fill in forms. The cookie is deleted at the end of the browser session.

Legal basis of this data collection and use:

Art. 6 para. 1 lit. a GDPR (via cookie banner), alternatively Art. 6 para. 1 lit. f GDPR

How to object to session cookies:

You can change your browser settings so that cookies are either completely blocked or you are informed as soon as a cookie is set. This allows you to decide immediately whether you want to block cookies. However, by rejecting all cookies, the use of certain functions on our website may be restricted. You can usually change your browser settings on your computer or mobile device to block cookiesin the ‘options’ or ‘preferences’ menu of your browser.

3.5 Webtracking / MATOMO

This site uses Matomo (www.matomo.org) to analyze traffic and help us to improve your user experience.  Matomo is a web analysis service software, a service of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, on the basis of our legitimate interest in statistical analysis of user behavior for optimization and marketing purposes pursuant to Art. 6 Para. 1 letter f GDPR. The software places a cookie on the user’s computer (see above for cookies). If individual pages of our website are accessed, the following data is stored:

(1) Two bytes of the IP address of the user’s calling system

(2) The accessed website

(3) The website from which the user has accessed the accessed website (referrer)

(4) The sub-pages accessed from the accessed website

(5) The time spent on the website

(6) The frequency with which the website is accessed

The software runs exclusively on the servers of our website in the Netherlands. The personal data of users is only stored there. The data will not be passed on to third parties. By anonymizing the IP address, users’ interest in protecting their personal data is sufficiently taken into account.

The data will be deleted as soon as they are no longer needed for our recording purposes.

More information about the privacy settings of the Matomo software can be found under the following link: https://matomo.org/docs/privacy/

3.6 Newsletter and communication

Newsletter

When subscribing to the newsletter, your e-mail address will be used for own advertising purposes until you unsubscribe. You can unsubscribe at any time. To unsubscribe, please click on the unsubscribe link at the end of each newsletter.

Legal basis of this data collection and use: Art. 6 para. 1 lit. a GDPR

You can also use other ways of unsubscribing from the newsletter:

by e-mail:Send an informal mail to info@iapa.org with a request to unsubscribe.

By post:  Send an informal message by post to

IAPA International Au Pair Association, Oetztalerstr. 1, 81373 Munich.

Note: IAPA only sends its members information about its own events and conferences, requests to participate in surveys relevant for its members.

E-Mail Contact

If you contact us (e.g. via contact form or e-mail), we will process your details to reply to your enquiry and in the event that follow-up questions arise.  If the data processing is neccessary to execute member application procedures at your request or, if you are already a member, for the execution of the membership contract, the legal basis for this data processing is Art. 6 Para. 1 S. 1 b) GDPR. We will only process further personal data if you give your consent (Art. 6 para. 1 sentence 1 a) GDPR) or if we have a legitimate interest in processing your data (Art. 6 para. 1 sentence 1 f) GDPR). For example, there is a legitimate interest in replying to your e-mail.

If you wish to contact us by e-mail, we would like to point out that the confidentiality of the transmitted information is not guaranteed. The content of e-mails can be viewed by third parties. We therefore recommend that you only send us confidential information by post.

Use of Mailchimp for newsletters and e-mails

IAPA sends newsletters and further information to its members by the mail service provider “MailChimp”, a newsletter delivery platform of the US provider

Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with the European data protection level (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).

The service provider is used on the basis of our legitimate interests according to Art. 6 Para. 1 letter f GDPR and an order processing contract according to Art. 28 Para. 3 S. 1 GDPR. This guarantee has been given to IAPA with signed contract.

Mailchimp can use the recipient’s data in anonymized form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletter or for statistical purposes. However, Mailchimp does not use the data of our communication recipients to contact them itself or to pass the data on to third parties.

The data protection regulations of the e-mail service provider can be viewed here: https://mailchimp.com/legal/privacy/

3.7 CRM system from salesforce

We use the CRM system of the provider salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, in order to process and administrate enquiries and membership data faster and more efficiently (legitimate interest according to art. 6 par. 1 lit. f. GDPRO ).

salesforce is certified under the Privacy Shield Agreement and thus offers an additional guarantee to comply with European data protection law if data is processed in the USA (https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK&status=Active)

salesforce uses the user data only for technical processing of inquiries and does not pass them on to third parties. To use salesforce, at least a correct email address is required. Pseudonymous use is possible. During the processing of service requests, it may be necessary to collect further data (name, address).

If users disagree with data collection and storage in salesforce’s external system, we offer alternative contacts for submitting service requests by e-mail, telephone or mail.

Find more information in salesforce’s privacy policy: https://www.salesforce.com/de/company/privacy/.

3.8 Social Media Buttons

Our Website uses Social Media Buttons of the following Social media providers:

  • Twitter, Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA
  • facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
  • Linkedin LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA

These social media buttons only provide links to the respective providers. As long as these buttons are not clicked, no transfer to these providers takes place.

If you click on these buttons, you will be redirected to the website of the respective social media service. Depending on whether you were registered with the respective provider at the time of clicking, your data will be processed in accordance with the data use guidelines of these organizations and, if necessary, used to create a profile, which is not our area of responsibility.

Further information on the data use guidelines of the individual social media services can be found under the following links:

If you do not want these companies to collect information about you, you should not click these buttons.

3.9 Vimeo

We integrate videos of the platform “Vimeo” of the provider Vimeo Inc, Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. Privacy policy:https://vimeo.com/privacy.

Please note that Vimeo may use Google Analytics and refer to the privacy policy https://www.google.com/policies/privacyand opt-out options for Google Analytics http://tools.google.com/dlpage/gaoptout?hl=en  or Google’s settings for data use for marketing purposes https://adssettings.google.com/

4 What details we ask for from members / membership applicants and why

As part of the membership application process and for the registration of details in IAPA Online Directory, IAPA International Au Pair Association (hereafter called IAPA) collects and processes personal data relating to membership applications of organizations. We are committed to being transparent about how we collect and use that data and to meeting our data protection obligations.

4.1 What information do we collect?

IAPA International Au Pair Association collects a range of information about you and your organization.

This includes:

  • Company name, address, website, phone number
  • contact details of persons in charge, title, role including their business e-mail address and phone number
  • details of your organization´s correct registration, financial report, number of employees
  • references supplied by other IAPA member organizations or external sources to support your application according to statutory  requirements for membership
  • company logo and short description

IAPA may collect this information in a variety of ways. For example, data might be contained in application forms, or collected through interviews or other forms of assessment.

Data will be stored in a range of different places, including on your application record in our Salesforce CRM system and on other IT systems (including email) See also point 3.6 of this policy.

4.2 Why does IAPA International Au Pair Association process personal data of its members and  membership applicants?

We need to process data to take steps at your request prior to accepting your organization as a member as required by the IAPA constitution and rules and regulations.

In some cases, we need to process data to ensure that we are complying with legal obligations.

IAPA has a legitimate interest in processing personal data during the application process and for keeping records of the process in accordance with Art. 6 para. 1 lit. f. GDPR. Processing data from membership applicants allows us to manage the application process, assess and confirm an organization’s suitability for membership according to the requirements in our constitution and rules and regulations. We may also need to process data from member applications to respond to and defend against legal claims.

In the membership application process IAPA does not collect special categories of data, such as information about ethnic origin, sexual orientation, health, religion or beliefs.

If your application is unsuccessful or after termination of your membership, IAPA International Au Pair Association may keep your company´s data on file in case there are future membership opportunities which may be suitable for your organization as well as with regards to warranty or liability obligations . We will ask for your consent before we keep your data for this purpose and you are free to withdraw your consent at any time.

4.3 What if you do not provide personal data?

You are under no statutory or contractual obligation to provide data to IAPA International Au Pair Association during the membership application process. However, if you do not provide the information, we may not be able to process your application properly or at all.

4.4 Who has access to data?

Your information may be shared internally for the purposes of application process. This includes the Managing Director, members of the Executive Board and IT staff if access to the data is necessary for the performance of their roles. However, requested financial report information will only be reviewed by the Managing Director alone and not shared with anyone else.

IAPA usually welcomes new member organizations on its website and in social media. The member organizations will also be listed on our website in the member list and member search area for customers to find their services. By applying  for membership you agree to our sharing this information publicly by giving consent to this policy. However, we will not share your data with third parties without your consent.

We will also share very limited data (name of organization and main email address, person in charge) with third party namely WYSE Travel Confederation www.wysetc.org to invite and communicate with you about our annual event WETM-IAC www.wetm-iac.org.

Please note that membership payments are partially processed by our payment partner Studypay. IAPA is informed by Studypay when a payment is made by a member, but does not receive or hold credit/debit card details. However, you always have the option to make a direct bank transfer without the use of the payment service.

5 How does IAPA International Au Pair Association protect data?

We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees/Board members in the proper performance of their duties. Your data is stored in a secure operating environment that is not accessible.

All information you provide to us is stored on our secure servers in the EU.

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA“). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

Unfortunately, the transmission of information via internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

6 For how long does IAPA International Au Pair Association keep  data?

If your application for membership is unsuccessful, we will hold your data on file for 6 (six) months after the end of the application process. If you agree to allow us to keep your personal data on file, we will hold your data on file for a time agreed with you for consideration should your organization qualify for membership later. At the end of that period, or once you withdraw your consent, your data is deleted or destroyed.

If your application for membership is successful, personal data gathered during the application process will be transferred to your member file (electronic based) and retained during your entire membership. We delete data that is no longer required for the performance of our statutory and contractual services. This is determined according to the respective tasks and contractual relationships. In the case of business processing, we store the data for as long as it can be relevant for business transactions as well as with regards to any warranty or liability obligations. The necessity of data storage is reviewed every three years; in all other respects, the legal storage obligations  (e.g. for invoices and receipts) apply.

7 Your rights

According to the European  General Data Protection Regulation (GDPR), you have a number of rights. You can:

  • access and obtain a copy of your data on request at no cost;
  • require the association to change incorrect or incomplete data;
  • require the association to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
  • object to the processing of your data where IAPA International Au Pair Association is relying on its legitimate interests as the legal ground for processing.

If you would like to exercise any of these rights, please contact Patricia Brunner at patricia.brunner@iapa.org
If you believe that the association has not complied with your data protection rights, you can complain to the Bavarian data protection authority.

Contact details of the Bavarian data protection authority:

Bayerisches Landesamt für Datenschutzaufsicht

Postanschrift

Postfach 606

91511 Ansbach

Deutschland

Telefon: +49 (0) 981 53 1300

Telefax: +49 (0) 981 53 98 1300

E-Mail:poststelle@lda.bayern.de

8 Links to other websites

The IAPA website contains links to other websites of our member organization as well as Facebook, Twitter and Linkedin. This Policy only applies to the IAPA Website. Please read their own privacy policies when linking to their websites.

9 Changes to this Policy

We keep this Policy under regular review and will post any updates on this webpage. This Policy was last updated May, 24 2018.