I. Aim and scope of this Policy
1. This Data Protection Policy (in the followings: Policy) was prepared according to the General Data Protection Regulation of the EU (GDPR). The Policy, effective from 25 May 2018, is published on https://echa.info, and its scope is unlimited. ECHA members registered at https://echa.info are informed about the Policy, and it is compulsory for all members to accept it before registration.
2. Data management starts when members register to become a member of ECHA and lasts until they membership will expire (usually one year).
II. Data management
3. Recorded and managed data of ECHA membership are the following: full name, an e-mail address, mailing address. Recorded email addresses are used for a.) contacting the members via e-mail sending ECHA's semi-annual newsletter and special announcements on e.g. ECHA elections and other key issues related to ECHA membership; recorded mailing addresses are used to post, annually, two hard copies of ECHA's scientific journal, High Ability Studies. ECHA members declare that they have reached the legal age by registering.
4. Data are not transferred anywhere by ECHA except for mailing the issues of High Ability Studies and compulsory cases defined by the law.
III. Rights of registered members
6. Registered members may have information on their own held data upon request. Only the eight members of the ECHA General Committee (https://echa.info/committee) have access to the data besides the data manager. They are not transferring these data anywhere, and use them only for ECHA's own purposes as listed in point 3.
7. Registered members may ask for information about their personal data’s management via the above e-mail address. They may ask for corrections to their data. The data manager must inform the member via e-mail within 30 days when the changes have been made.
8. Registered members may object if the management of their data has conflicted with the Policy, via the above e-mail address. The data manager answers the objection via e-mail within 15 days. In case a user does not agree with the decision, since ECHA is seated in the Netherlands, she/he may turn to the Dutch Data Protection Authority (https://autoriteitpersoonsgegevens.nl/en).
Accepted by the ECHA General Committee on 18th May 2018
An in-depth beginners guide to GDPR (updated for 2019) is available here: https://www.vpngeeks.com/beginners-guide-gdpr