4.1. Why we share personal data
We have agreements with third parties that may receive your personal data, as they need it to carry out certain business activities for us.
As IBFD in its role of data controller is responsible for the personal data we collect from you, we only work with parties that are GDPR-compliant. We (will) have detailed data processing agreements in place with these parties, that outline that any personal data obtained from IBFD is to be kept confidential, and that personal data may only be processed at the direct and precise instruction of IBFD and solely for the purpose defined by IBFD. In case such an agreement is terminated, any personal data in the possession of the third party is either returned to IBFD or deleted.
Recipients of your personal data can be other data controllers, data processors, third party licensees, third countries and international organizations.
4.2. Who we share personal data with
Other data controllers
IBFD has concluded content licenses with other organizations, whom we provide with our published material. The organizations provide us with the personal data of their users (e-mail or IP addresses) that we require to fulfil our obligations, and we provide IBFD content to these end users.
If the content license specifies that IBFD shall determine the means and purpose of the processing of the users’ data, then IBFD is the data controller for the personal data of the organizations’ users.
Note to the end user:
If you use an e-mail or IP address provided by an organization you are affiliated with, e.g. your employer, to access IBFD products and services, that organization may access and process your personal data. IBFD may report to your organization on your usage of our products and services. Please direct your privacy inquiries to your organization’s administrator.
Data processors
IBFD makes use of various types of companies that process data on behalf of IBFD to help us with our daily operations. As stated above, IBFD has concluded or will conclude a GDPR-compliant data processing agreement with such companies.
Categories of data processors used by IBFD:
- Printing companies
- Distributors (for delivery of print content)
- Marketing agencies
- IT service providers
- Hosting companies
- Web analytics services
- Translation agencies
- Legal consultants
- HRM administration companies
- Debt collecting agencies
Third party licensees
IBFD has license agreements with several carefully selected third parties, allowing them to use or sell IBFD content in order to attain a wide spread of IBFD’s information and maximum exposure for its authors. Vice versa, IBFD has agreements in place with third parties that deliver content to IBFD for further use or distribution. These parties may need to obtain personal data from IBFD, or send personal data to IBFD, for example for the purpose of order fulfilment.
Categories of third parties licensed by IBFD:
- Resellers
- Publishing companies
- Academic institutions
- Online training developers
IBFD will not share your personal data with any third parties other than those we have license agreements with, without your prior consent.
Third countries and international organizations
As an international organization with offices in four countries and with a global network of clients (e.g. customers, third party licensees) and suppliers (e.g. authors, printers), IBFD may need to transfer your personal data to (international organizations operating in) countries outside the European Economic Area (EEA).
The countries in the EEA are covered by the GDPR: they all have to comply with the data protection principles set out in the Regulation, which guarantees the protection of your personal data when transferred between EEA countries. The European Commission (EC) has declared that the transfer of data to countries outside the EEA may only take place if the level of protection guaranteed by the GDPR is not undermined.
The EC has taken a number of ‘adequacy decisions’ for non-EU countries that the EC considers to have an adequate level of protection: a full list can be found here.
To enable the transfer of data to countries that have not (yet) been labeled ‘safe’, the European Commission has established a number of Standard Contractual Clauses that can be used in agreements with parties in these countries, in order to safeguard the protection of your personal data.
In cases where IBFD may need to transfer your personal data to (international organizations operating in) third countries, we will ensure that an agreement is in place that includes the relevant Standard Contractual Clauses and outlines precisely which data may be processed, how it may be processed and for which purpose, and which laws and regulations apply.