The website https://europeandesign.org/ (hereinafter the “Website”) is owned and operated by Design Federation OÜ (hereinafter “Company”, “we”, “us” and “our”). We are committed to protecting the Website users’ (hereinafter “You” or “Users”) personal data by respecting and complying with the applicable data protection and privacy laws. In this Policy we provide you with transparent information on how we collect and process your personal data when you visit and use the Website and its services. We encourage you to carefully read this Policy which we have written in a clear and comprehensible manner to facilitate its understanding.
2. Who we are – Data controller
2.1 The Website belongs to Design Federation OÜ, a company registered in Estonia, Narva mnt 13, 101 51 Tallinn under registration number 12958895. Company is the Data Controller within the meaning of the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
You can contact us:
(a) by post, to Narva mnt 13, 101 51 Tallinn, Estonia;
(b) by telephone, at +37 260 270 70; or
(c) by email, using firstname.lastname@example.org .
3. What personal data we collect – Purposes and legal bases for the data processing.
3.1 Account data. To participate in the European Design Awards (hereinafter “EDAWARDS”), you need to create a user account. By registering for an account, you provide us with credentials (e.g., email, username, password), company information (e.g., company name, country, address, city, county/region, phone, website, VAT number, company description, etc.), and personal information such as first name, last name, and job title. We collect all the information necessary to identify you, manage your registration, and provide you with our services. We also process the information necessary to manage your submission at a second stage (e.g., billing and shipping address). The legal basis for the processing is the performance of the contract (article 6 (1) (b) GDPR).
Once you create an account, you can add more information on your profile such as account names on social media platforms (e.g., Facebook, Twitter, etc.) The purpose of collecting this data is to publish them on the winners΄ page for promotion purposes. Processing is necessary for the purposes of the legitimate interest pursued by Company (Article 6 (1) (f) GDPR), which is to promote itself as well as the winners of EDAWARDS.
3.2 Submissions – Entries. We process the information included in your EDAWARDS entries when you enter a submission. The entries data may include submission category, submission title, client, product description, project web link, media uploaded by you, first name, last name and job title of credited people (e.g., full name of art director, designer), messages to organizers and jurors, etc. We process this data to manage and evaluate your submissions in connection with EDAWARDS (e.g., jury proceedings). The legal basis for the processing is the performance of the contract (article 6 (1) (b) GDPR). We also process this data for the overall promotion of your work and the European Design Awards (e.g., publication on the winners’ page, publication in the yearly European Design Awards Catalogue, screenings, exhibitions, etc.). The legal basis for this processing is the legitimate interest pursued by Company (Article 6 (1) (f) GDPR), which is the promotion of the winners and EDAWARDS.
We and our third-party providers will also process your transaction information when you pay the submission fees (“transaction data”). The transaction data may include your contact details, card details and the transaction details. We process only the information necessary for the execution of transactions. Nets Holding A/S processes these data in order to secure the safety and accurate completion of each transaction via our website. The legal basis for the processing is the performance of the contract (article 6 (1) (b) GDPR). Keeping transaction data is also necessary for compliance with legal obligations to which we are subject (article 6 (1) (c) GDPR) (e.g., keeping transaction records for tax purposes).
3.3 Contact form. When you use the contact form of the Website, we process the requested data to fulfill your requests by answering your questions and providing information. In this case, the legal basis for the processing is the consent (article 6 (1) (a) GDPR) that you give by ticking the specific check-box before submitting your message. You do not have an obligation to consent. However, if you do not do so, you will not be able to send a message through our contact form.
3.4 Marketing. We may also use contact details of registered users for marketing purposes to inform them about our latest EDAWARDS news, Website services, features, etc. This processing is carried out for our legitimate interest to promote our products and services (article 6 (1) (f) GDPR). You are always entitled to object to this processing since we provide an opt-out option (“unsubscribe”) within each marketing email you receive.
3.5 Data collected automatically. We also collect information automatically when you visit the Website. This data may include your IP address, geographical location, browser type and version, operating system, referral source. We process this data for improving user experience.
3.6 Other purposes for processing. We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
Please do not give us any other person’s personal data unless we prompt you to do so and without having obtained their consent.
4. Recipients of personal data
Your data shall not be disclosed to any third party, apart from the following:
(a) Vendors (service providers) who may need to have access to personal data to provide their services (e.g., IT services company, hosting providers, payment service providers, accounting office, legal advisors). All vendors are bound by non-disclosure and confidentiality agreements.
(b) Authorized employees who have access to personal data only when this is necessary to provide their services to Company (e.g., employees that reply to the messages you send through the Website’s contact form). All such employees are bound by non-disclosure and confidentiality agreements.
(c) Members of our group of companies (e.g., our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as it is reasonably necessary for the purposes set out in this Policy.
(c) Jurors who evaluate the submissions of the candidates. The members of the jury are required to maintain absolute secrecy with regard to the evaluation of the submissions.
(d) Public or independent authorities such as Public Prosecutor's Office, Cybercrime Division, Data Protection Authority (DPA), etc. when that disclosure is necessary to comply with a law or to prevent unlawful acts against us or users of the Website.
(e) The general public, when we publish the EDAWARDS participants or winners lists.
(f)Third-party partners setting cookies. Some Cookies are put in place by third-party service providers. These partners have access to cookie-related information that may under certain circumstances constitute personal data (for more information about cookies, see our Cookies Policy).
5. Data security - International data transfers
We have adopted measures of a technical and organizational nature required to guarantee the security of your data and prevent it from being lost, processed, or accessed illegally. We regularly monitor our systems for possible vulnerabilities and attacks and review all processing practices to update security measures. If you believe that your account is no longer secure, please contact us at email@example.com
Company’s servers are located within the European Economic Area (EEA). For service efficiency purposes, some of our third-party providers such as advertising and marketing related partners, hold servers outside the EEA. We inform you that this data is transferred with adequate safeguards and is always kept safe.
6. How long we retain your data
If you request the deletion of your account, we delete all information about you upon deletion of your account unless:
(a) we must keep it to comply with applicable law or to keep evidence for such compliance;
(b) there is a dispute or claim and we need to retain all relevant information until it is resolved; or
(c) we must keep the information for our legitimate business interests, such as fraud prevention and Website users security.
7. Links to third-party websites
The Website may contain links, hyperlinks, banners or tabs leading to websites operated by third-parties. We kindly recommend that you review the Privacy Notice of each external website and get informed about how each third-party uses your personal data. Company shall not be held responsible for processing activities carried out by those third-parties.
8. Rights of data subjects
We want to ensure that you can exercise your rights enshrined under the applicable laws. To this end, for as long we retain your data you may exercise your rights free of charge.
However, we may charge a reasonable fee in case of manifestly unfounded, disproportionate or repeated requests.
In particular, you have the following rights:
• to request access to the personal data that we hold;
• to request rectification of inaccurate or incomplete data;
• to request erasure of your personal data to the extent that they are no longer necessary for the purpose for which we need to keep processing them, as we have explained above, or when we are no longer legally permitted to process them;
• to request that we limit the processing of your personal data;
• if you have given us your consent to process your data, you also have the right to withdraw such consent at any time. In the event that you withdraw your consent, this will not affect the legality of the processing carried out previously.
• When we process your data based on your consent of for the purposes of a contract, you can also request portability of your personal data.
• When the processing of your data is based on our legitimate interest, you are entitled to object to the processing.
You can exercise the above-mentioned rights by sending us an email message at firstname.lastname@example.org.
Finally, we inform you that you have the right to lodge a complaint with the competent Data Protection Authority if you have concerns that we have violated your rights.
10. Contact us
In case you need any clarification about the processing of personal data, please do not hesitate to contact us via e-mail at email@example.com.