ui.skipToContent
About fragrance
About IFRA
Latest updates All latest updates
Initiatives & positions All topics
IFRA Regions All regions
All publications
Standards Library

Privacy Policy

Privacy – your data, your rights

The Inter­na­tio­nal Fra­gran­ce Asso­cia­tion collects and pro­ces­ses cer­tain infor­ma­tion about individuals.

We want to inform you about how and why we collect and pro­cess this data, and what your rights are regar­ding this data.

Our data sub­jects’ are indi­vi­duals that inclu­de mem­bers, sup­pliers, busi­ness con­tacts, par­ti­ci­pants at events, emplo­yees and other peo­ple the asso­cia­tion has a rela­tionship with or may need to contact.

We are com­mit­ted to hand­ling per­so­nal data in com­plian­ce with the law. As an orga­ni­za­tion with an ope­ra­tio­nal cen­tre in the Euro­pean Union, legal requi­re­ments inclu­de notably the EU’s Gene­ral Data Pro­tec­tion Regu­la­tion (GDPR), which ente­red into for­ce on 25 May 2018.

IFRA com­mits to collect and pro­cess per­so­nal data only when this data is:

  • pro­ces­sed fairly, in a trans­pa­rent way and based on valid legal grounds
  • obtai­ned for spe­ci­fic law­ful purposes
  • ade­qua­te, rele­vant and not excessive
  • accu­ra­te and kept up to date
  • not held for lon­ger than necessary
  • pro­tec­ted in appro­pria­te ways and not trans­fe­rred outsi­de of the Euro­pean Eco­no­mic Area unless ade­qua­te pro­tec­ti­ve mea­su­res are in place.

We are also com­mit­ted to esta­blishing and main­tai­ning pro­ce­du­ral and tech­ni­cal mea­su­res to pre­vent data breaches.

Types of data

What per­so­nal data do we collect?

Per­so­nal data means any infor­ma­tion rela­ting to an iden­ti­fied or iden­ti­fia­ble natu­ral per­son. This means someo­ne who can be iden­ti­fied, directly or indi­rectly, by refe­ren­ce to infor­ma­tion such as a name, an iden­ti­fi­ca­tion num­ber, loca­tion data, an onli­ne iden­ti­fier or to one or more fac­tors spe­ci­fic to the phy­si­cal, phy­sio­lo­gi­cal, gene­tic, men­tal, eco­no­mic, cul­tu­ral or social iden­tify of that natu­ral person.

IFRA may collect the follo­wing cate­go­ries of per­so­nal data to the extent neces­sary to achie­ve the pur­po­ses outli­ned in this policy:

  • Iden­ti­fi­ca­tion data, such as first name, name, pic­tu­res, IP address, coo­kies, photographs
  • Con­tact data, such as email address, telepho­ne num­ber, pos­tal address
  • Per­so­nal infor­ma­tion, such as age, date of birth, gen­der, mari­tal sta­tus, citizenship
  • Finan­cial data, such as bank account details
  • Edu­ca­tion and pro­fes­sion and employ­ment data

In some cir­cums­tan­ces, we also collect and pro­cess spe­cial cate­go­ries of data, such as health data, mem­berships or poli­ti­cal affiliation.

In most ins­tan­ces, we collect per­so­nal data directly from the data sub­jects, but we may some­ti­mes obtain per­so­nal data from third par­ties (such as the data subject’s emplo­yer or from a public authority).

Read our Coo­kies policy

Data collection – who and why

From whom do we collect per­so­nal data, and why?

IFRA collects per­so­nal data of staff for the pur­po­ses of mana­ging and admi­nis­te­ring, moni­to­ring and super­vi­sing its per­son­nel, based on legal obli­ga­tions or con­tracts with emplo­yees and consultants.

IFRA also pro­ces­ses per­so­nal data of can­di­da­tes who apply for employ­ment at IFRA, based either on the can­di­da­tes’ con­sent or on the neces­sity to con­clu­de a con­tract with can­di­da­tes that have been selected.

IFRA also has a legi­ti­ma­te inter­est in the pro­ces­sing of per­so­nal data to the extent strictly neces­sary for the pur­po­ses of ensu­ring net­work and infor­ma­tion security.

For gene­ral mem­bership admi­nis­tra­tion, IFRA has legi­ti­ma­te inter­ests in the pro­ces­sing of per­so­nal data of the con­tact per­sons at our mem­bers for the pur­po­se of admi­nis­te­ring the mem­bership and collec­ting mem­bership fees.

For con­tract mana­ge­ment, IFRA has legi­ti­ma­te inter­ests in the pro­ces­sing of per­so­nal data of repre­sen­ta­ti­ves and con­tact per­sons of enti­ties and asso­cia­tions with which we con­clu­de contracts.

For public rela­tions, IFRA pro­ces­ses con­tact details of Mem­bers of Par­lia­ment, govern­ment offi­cials, aca­de­mics and other sta­kehol­ders for the pur­po­ses of carrying out advo­cacy activities.

For orga­ni­zing events and con­fe­ren­ces, IFRA pro­ces­ses iden­ti­fi­ca­tion details of indi­vi­duals who regis­ter to par­ti­ci­pa­te in our events and con­fe­ren­ces. This is done for the pur­po­se of mana­ging the regis­tra­tion to and par­ti­ci­pa­tion in such events and to meet our obli­ga­tions as an event orga­ni­zer. When wor­king with event orga­ni­zers, we may sha­re data with them for the­se same pur­po­ses, based on a clearly defi­ned and time-limi­ted mis­sion, and with a requi­re­ment not to sto­re data for lon­ger than neces­sary and not to sha­re data with third parties.

For web­si­te admi­nis­tra­tion, IFRA pro­ces­ses iden­ti­fi­ca­tion data from indi­vi­duals who visit the IFRA web­si­te and express con­sent to using coo­kies or pro­vi­de per­so­nal infor­ma­tion on the site.

Data retention and transfer

How long do we keep per­so­nal data?

IFRA keeps per­so­nal data for the time that is strictly neces­sary to achie­ve the purpose(s) for which they were collec­ted, such as for the dura­tion of a con­trac­tual rela­tionship or of a pro­ject, and for a period of time the­reaf­ter if so requi­red by appli­ca­ble law or if in the pri­mary inter­ests of the data subjects.

Do we trans­fer per­so­nal data?

IFRA does not trans­fer per­so­nal data outsi­de of the Euro­pean Eco­no­mic Area (EEA) unless ade­qua­te pro­tec­ti­ve mea­su­res are in place.

Exercising your rights

What are your rights as data sub­jects and how to exer­ci­se them?

As a data sub­ject, you have the follo­wing rights with res­pect to per­so­nal data we hold about you, sub­ject to appli­ca­ble legal restrictions:

  • Right to access your per­so­nal data
  • Right to rec­tify inco­rrect or incom­ple­te per­so­nal data
  • Right to era­se your per­so­nal data
  • Right to res­trict pro­ces­sing of your per­so­nal data
  • Right to data por­ta­bi­lity (to recei­ve per­so­nal data con­cer­ning you in a struc­tu­red, com­monly used and machi­ne-reada­ble for­mat and to trans­mit tho­se data to another controller)
  • Right to object to all or part of the pro­ces­sing, when legally allowed
  • Right not to be sub­ject to auto­ma­ted indi­vi­dual deci­sion-making, inclu­ding pro­fi­ling within the limits set out by the law
  • Right to with­draw con­sent at any time when we pro­cess your per­so­nal data based on your consent
  • Right to lod­ge a com­plaint with a super­vi­sory autho­rity in the EU

If you wish to exer­ci­se any of the­se rights or if you are not satis­fied about how we pro­tect your pri­vacy, you should address your request by email together with a copy of your ID (which we will only use to verify your iden­tity), to IFRA, as data con­tro­ller, via info@​ifrafragrance.​org, with the sub­ject line Data pro­tec­tion request’.

Indi­vi­duals will not be char­ged for sub­ject access requests, except if the requests are mani­festly unfoun­ded or excessive/​repetitive. In such cases, IFRA may char­ge a reaso­na­ble fee or refu­se to act on the request.

IFRA aims to res­pond to data sub­ject requests without undue delay, and in any event within one month of receipt of the request.