European ATM Security Team Ltd, trading as the European Association for Secure Transactions (EAST) and hereinafter known as ‘EAST’ is committed to safeguarding the data privacy of our users while providing the highest possible quality of service. Under the terms of the Data Protection legislation, we are required to explain to you how we will treat any personal and/or private data which we collect from you.

Who we are

Founded in February 2004 as the European ATM Security Team, EAST became the European Association for Secure Transactions in June 2017. EAST is a non-profit organisation which has set up a framework network structure to improve cooperation with industry and law enforcement in order to achieve increased awareness and better results in the fight against organised cross-border crime. EAST National Members represent 35 countries.

In this Data Privacy Notice references to we, us and our, are to EAST. References to our Website or the Website are to https://www.association-secure-transactions.eu.

What information we collect and how

As an international membership organisation EAST has active teams and working groups and, as such, there is a requirement to obtain, use, record and store personal data from both within and outside the European Economic Area (EEA).  In order for EAST to operate effectively, designated staff from EAST member organisations need to be able to contact each other.  Certain information, with the consent of those affected, is stored on a secure platform on this website (the EAST Intranet).

The information we collect via the Website and through emails and other correspondence may include:

  1. Your name and email address provided when you knowingly subscribed to our EAST Monthly Updates by using the form on our Website.
  2. Any personal details you knowingly provide us with through other forms and our email, such as name, address, telephone number etc.
  3. Information about you, such as name address, telephone number etc that may be supplied to us by your employer or other related organisation joining EAST as a Member (National or Associate).
  4. In order to effectively process credit or debit card transactions it may be necessary for the bank or card processing agency to verify your personal details for authorisation outside the EEA. Such information will not be transferred out of the EEA for any other purpose.
  5. Under no circumstances will we hold sensitive payment details such as your card number, expiry date and security code. All card transactions are handled through our accredited payment bureau, PayPal. For more information on PayPal privacy policy please refer to https://www.paypal.com.
  6. Your preferences and use of email updates, recorded by emails we send you (if you select to receive email updates on products and offers).
  7. Your IP Address, this is a string of numbers unique to your computer that is recorded by our web server when you request any page or component on the Website. This information is used to monitor your usage of the Website.
  8. Data recorded by the Website which allows us to recognise you and your preferred settings, this saves you from re-entering information on return visits to the site. Such data is recorded locally on your computer through the use of cookies. More information on cookies can be found in our Cookie Policy at the end of this Data Privacy Statement.

What we do with your information

Any personal information we collect from this website, and through emails and other correspondence, will be used in accordance with the EU General Data Protection Regulation (GDPR) and other applicable laws. The details we collect will be used:

  1. To send you EAST Monthly Updates if you have registered to receive them through the form on our website.
  2. If your organisation is a member of EAST, and you have been authorised to receive them, to send you Fraud Updates, Payment Terminal Crime Reports, Fraud Alerts, Payment Alerts, Physical Attack Alerts and other EAST outputs.
  3. To send you information about EAST Events that are classed as ‘Open’.
  4. If you are authorised to receive such information, to send you information about EAST Events that are classed as ‘Closed’ .
  5. To allow registered staff members from EAST National Member organisations to identify and contact each other for the purposes of networking and liaison as required. This data, stored on the EAST Intranet, may be accessed by designated parties, with specific access rights, from both within and outside the EEA.
  6. To allow registered members of our Expert Groups to identify and contact each other for the purposes of networking and liaison as required. Our Expert Groups are currently defined as the EAST Exert Group on All Terminal Fraud (EGAF), the EAST Expert Group on ATM and ATS Physical Attacks (EGAP) and the EAST Payments Task Force (EPTF). This data, stored on the EAST Intranet, may be accessed by designated parties, with specific access rights, from both within and outside the EEA.
  7. If applicable to process your membership application and to provide member services (we may pass your details to another organisation to supply/deliver membership services you have purchased and/or to provide membership support).
  8. In certain cases we may use your email address to send you information on our other products and services offered by EAST. In such a case you will be offered the option to opt in/out before completing your purchase.
  9. We may need to pass the information we collect to other companies for administrative purposes. We may use third parties to carry out certain activities, such as processing and sorting data, monitoring how customers use the Website and issuing our e-mails for us. Third parties will not be allowed to use your personal information for their own purposes.

EAST takes reasonable steps to ensure that personal data held is kept accurate and up to date. Your personal data will be held by us until you unsubscribe from our EAST Monthly Updates and/or, if registered through a member organisation, until we receive an instruction from you to remove you from the relevant list of authorised persons, or until we are instructed to remove it by that organisation, or until that organisation ceases to be a member of EAST.

Your Rights

You have the right to request a copy of any information that we currently hold about you. In order to receive such information please email our Data Controller at coordinator@eas-team.eu or fill in the form at https://www.association-secure-transactions.eu/contact/ putting ‘Data Privacy’ in the subject field. Before supplying any information to you, our Data Controller will always verify your identity.  There is normally no charge for this.  In certain circumstances we reserve the right to make a small charge to cover administration expenses when handling such requests.

Other Websites

This Data Privacy Notice only covers this website. Any other websites which may be linked to by our website are subject to their own policy, which may differ from ours. In such cases we urge you to be careful when you enter any personal information online. EAST accepts no responsibility or liability for these sites. EAST provides these links to you only as a convenience and the inclusion of any link does not imply endorsement of the site by EAST.

GDPR

EAST operates in accordance with the EU General Data Protection Regulation (GDPR) which describes how organisations must collect, handle and store personal information.  As part of normal operations some personal data is necessarily shared by EAST with other organisations for the specific purposes of ensuring that all member administrative procedures are followed, and to allow for the proper organisation and administration of EAST events.  In all cases such information is shared by EAST under the strict proviso that these organisations are fully compliant with GDPR in all respects.


Cookie Policy

A ‘cookie’ is a piece of information, like a tag, which some websites create against your PC. EAST uses cookies to provide a higher level of service to its customers. When someone visits our Website we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We collect this information in a way which does not not identify anyone. We do not make any attempt to find out identities of those visiting our Website. We do not associate any data gathered from this site with any personally identifying information from any source. If we do want to collect personally identifiable information through our Website, we will be up front about this. We make it clear we collect personal information and will explain what we intend to do with it.

Most browsers can be programmed to reject, or warn you before downloading cookies. Information regarding this may be found in your browsers help facility. For more information on cookies, please visit www.allaboutcookies.org.