Efma, a certified association under French law, its subsidiaries and affiliates respect your privacy and are committed to protecting it through our compliance with this policy and any and all applicable laws, rules, and regulations including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
In the following, we provide an overview of what information we collect when you visit our websites, how this data is used and when we share it with third party.
Although many areas of our websites do not require registration and may be accessed without having to disclose any Personal Data other than cookies as described hereinafter, we may ask you for certain kinds of Personal Data when creating a personal Efma account.
Efma collects some personal information from individuals in order to deliver services to its members and non-members (banks, insurance companies, academic institutions and research centers, consulting companies, IT companies, fintech, and nonprofit associations) and to other companies.
Personal data is data relating to your identity. This includes, for example, particulars such as your name, mailing address, telephone number, user name and password and email address.
The Efma account creation is needed to receive information from Efma, vote at Efma awards, submit an innovation, access to the portals libraries, other specific features from portals, register at Efma events, download an Efma report, read some exclusive news and other types of content. To create an account, user has to go to https://www.efma.com or any other Efma portal (innovation in banking portal, innovation in insurance portal, FinTechVisor portal). Your ID and password are required to access to the exclusive section of these sites.
Your personal data is processed in accordance with French and European data protection regulations.
We have taken technical and organizational security measures to protect your personal data from loss, destruction, manipulation and unauthorized access. All our employees and any third parties involved in data processing must comply with the EU General Data Protection Regulation (GDPR) and the confidential handling of personal data. Our security measures are regularly updated in accordance with technological developments.
2. The processing of data on our websites
a) Purposes of the processing of Personal Data
Efma collects some personal information from individuals in order to deliver services to its members and non members (banks, insurance companies, academic institutions and research centers, consulting companies, IT companies, fintech, non profit associations) and to other companies.
Information that Efma stores is aimed to deliver our mission: invite individual to events about financial services, confirm registration to events and send user guides, invoice individuals who have purchased specific services (conference fee, learning expedition fee…), connect members to members, send news about finance, inform about new reports, offer trainings about financial and IT topics, provide insights from the community, inform about Efma. Efma stores your Efma usage, preferences and web navigation on Efma websites in order to improve your online experience, suggest reports, other content and services that are relevant to you.
The above mentioned Personal Data will not be retained by Efma for longer than necessary in accordance with applicable laws. In any case, our policy is to remove all inactive contacts after 3 (three) years of no contact. An email is sent to the inactive contact to ensure the contact doesn’t exist anymore or doesn’t reply. If no reply within two weeks, Efma removes all information about this individual from its database.
b) Data transmission and recording for statistical purposes
Your internet browser transmits data to our web server when you access our websites. The data collected includes the date and time of access, URL of the referring website, name of the accessed file, browser type and version, operating system and IP address ("access data"). Access data is stored separately from other data you enter when using our website. Access data is evaluated for statistical purposes
c) Payment information
Registration forms that include credit cards numbers are destroyed after performance of the corresponding obligation.
Online payment is secured: SSL protocol.
The content of a permanent cookie is limited to an identification number. Name, IP address or other information regarding your true identity are not stored, and we do not set up any individual profiles regarding your pattern of use. Permanent cookies are automatically deleted. Storage duration varies depending on the cookie. You may delete permanent cookies at any time under the security settings of your web browser.
2. The processing of data on our websites
Once you logged in your user account on our websites, as part of your professional activity, you will receive from Efma email communications concerning financial services, such as newsletter or Efma communication.
You may opt out of receiving email communications anytime by following the instructions provided at the bottom of each email, clicking the “unsubscribe” button at the bottom of emails we sent you; and/or by managing your preferences of our Efma account profile on https://www.efma.com, and/or by emailing us at firstname.lastname@example.org. Opting out of receiving communications will not prevent you from using Efma’s websites and portals.
4. Access to and disclosure of Personal Data
Efma doesn’t sell or resell any Personal Data. We share your Personal Data with Efma partners (associate members or sponsors) only if the individual user has accepted the Efma data policy and confirm he/she allows Efma to share personal data with third parties.
Efma might disclose the access to Personal Data you transmit through the websites to the following categories of recipients:
- Affiliated companies and subsidiaries of Efma
- Partners as described in section 5 hereinafter
- Several service providers which are instructed in connection with the performance of contractual obligations, such as hosting companies, subprocessors or marketing teams.
- Those public or private bodies to which we have to disclose Personal Data to meet a statutory obligation.
We provide these companies only with the information they need to perform their services. We require that these recipients agree to keep all information shared with them confidential and to use the information only to perform their obligations to us.
In any case, any and each recipients of Personal Data must comply with GDPR requirements and take all necessary technical and organizational measures to perform processing in accordance with the regulation.
5. Efma partners
Our partners are selected by Efma and recognized for their value in financial services.
a) Efma events
b) Co-branded reports, webinars and roadshows:
Co-branded reports, webinars and roadshows that are a common initiative from Efma and an Associate Member (selected Efma’s partner: called Associate Members) can be accessed after identification of the user. In that case, the individual can opt out the share of personal contact details with the partners or modify his/her profile options. However, Name, First Name, Job Titles and Compagny names will be shared with the co-organizer or co-publisher (exclusive Associate Member).
c) Efma portals:
Efma has created dedicated portals and specific initiatives with few selected partners to bring more services to Efma members about financial services like the Efma banking innovation portal (called DMI), the Efma innovation in insurance portal, the FinTechVisor portal.<
Portals that are Efma and an Associate Member (selected Efma’s partner) that are common initiatives, can be accessed after identification of the user. In that case, the individual can opt out the sharing of contact details with the partners or modify his/her profile. However, names, job titles and company names will be shared with the exclusive partner of the initiative.
d) Clubs and exclusive Forums
By coming to Efma Club and Banking Forum Asia, you allow Efma to share personal information but no contact details with our partner.
For more information about these specific initiatives and our ecosystem of partners in Financial services, please visit: https://www.efma.com/partner
6. Security of your Personal Data
a) Security of your Efma account
Any individual can create an Efma account by providing professional information and a password. It enables any user to access Efma services that require this account information. User ID is the user professional email address. Password is minimum 3 characters created by the user. The password is encrypted and Efma doesn’t store it on its database. No one, even the user nor any Efma employee, can retrieve passwords. If the password is forgotten by the user, he or she needs to create and submit a new one and activate the account by clicking on the link contained in the received email.
b) Other security measures
Personal Data are stored at Efma’s facilities protected by a firewall Juniper SSG 410.
Our data set is hosted on Mediactive which provide a high security data storage environment and includes a firewall Juniper SRX 240. Our servers run Symantec Endpoint Protection to ensure a safe environment (anti-virus and Anti-malware).
In order to prevent external attack through our desktops, Efma runs Kaspersky Endpoint Security 10 on each desktop.
7. Your rights when your personal data is processed
You have a permanent right of access, rectification, opposition, erasure, restriction and portability to all your Personal Data, in accordance with the Data Protection Legislation.
If you have given us your consent, you also have the right to revoke your consent at any time with effect for the future.
You have the right to object at any time to the processing of your personal data on grounds relating to your particular situation.
In such cases Efma will no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
8. Contact information
If you have any further questions relating to data protection and the processing of your Personal Data, you can exercise your rights, by e-mailing email@example.com or with a detailed request.
Efma’s Data Privacy Officer (DPO) is Céline Ristors. She can be contacted at the following address:
Phone number: +33 1 47 42 52 72
You also have a right to lodge a complaint with a supervisory authority, such as the CNIL, if you consider that any processing of your Personal Data infringes the requirements of Data Protection Legislation.