|Terms & Conditions||Site policy||All users|
This policy constitutes the Institute’s position on its contractual obligations with customers.
The following terms and conditions apply to the sale of goods and services provided by the Institute and its representatives to its clients.
"Provider" refers to IEIS, its subsidiary bodies, agents, staff and associates.
"Event" refers to any event, course or other activity organised by the provider on behalf of its clients.
"Applicant" refers to any individual or group who has applied for an event either for themselves or for others.
"Attendee" refers to any individual or group in attendance at an event or intending to attend.
Applicants must request attendance via the website or by e-mail, providing evidence that minimum requirements for the event as set out in the eligibility criteria have been met. All attendees will be assessed against the eligibility criteria. Applications are not considered complete until all evidence (including receipt of deposit) has been received by the provider.
Applicants that are not accepted will receive a rejection e-mail citing the reason why the application was rejected and be given the right to appeal the decision to an executive authority.
If insufficient information was provided, the application will be considered on its existing merits. A request for further information may be issued together with an offer of attendance at the event. Such an offer will be made by e-mail and will be on condition that all remaining evidence is received by the provider no less than 28 days prior to the event start date.
Applications that are accepted will result in the applicant receiving an unconditional offer of attendance at an event by e-mail.
If the applicant and the attendee are the same person the offer is confirmed on issuance of remaining evidence and full settlement of fees. Otherwise, the attendee is required to confirm their acceptance of the offer. In cases of competitive entry, attendees with a confirmed offer are always admitted in place of those without.
In the event of any cancellation, the provider will first make every effort to negotiate a concession suitable to both the provider and the attendee (e.g. deferral, varying delivery methods, etc). In the event that no concession can be reached, the offer has not been confirmed and the applicant has provided more than 28 days notice, a full refund or transfer to an alternate event will be provided. Unavoidable expenses resulting from a cancellation and any administrative charges incurred in processing the application will always be deducted from the refund. Confirmed attendees and applicants providing less than 28 days notice of cancellation remain liable for the balance of all payments and fees.
The provider reserves the right to change the details of an event at any time and refuse anyone access to an event without notice. The provider may cancel or reschedule any event with 28 days notice to the applicant. If the provider cancels or reschedules an event with less than 28 days notice, the applicant is entitled to a full refund or transfer to an alternate event. Refunds pertain exclusively to fees. The provider is not liable for any other costs and expenses incurred by the applicant or attendee.
Full payment of fees is required 28 days prior to the event start date. Fees must be paid in Euros (EUR) and settled by electronic transfer (e.g. credit card, bank transfer, paypal, etc.) unless otherwise agreed with the provider. Receipts, invoices and estimates will be provided upon request.
The normal 28 day notice period for applications and payment may be reduced to 7 days if sufficient information is presented in the application to make a confirmed offer and a 20% late booking fee is accepted by the applicant.
Due to the administrative burden involved, as a matter of policy, providers do not operate in jurisdictions where they would be required to register for VAT.
Events are run as independent legal entities and/or under the authority of the provider. Listed fees do not generally include tax unless otherwise stipulated, as tax obligations vary depending upon the provider's status and where the event is delivered. The provider typically operates below the threshold for VAT registration due to the Institute’s unincorporated cellular structure, and consequentially nominal turnover per cell. The provider may also carry non-profit status and other privileges which grant special exemptions from other forms of local taxation. Typically attendance events are liable for taxation at local rates at the point of service delivery in accordance with the appropriate tax laws for that country. The most common exemptions for this are if events are digital, excursions or otherwise exempt locally. Excursions are optional, ancillary, non-profit, educational events delivered overseas as a part of a significantly larger digital or local event liable for taxation at local rates. The delivery of digital products and services is completed locally, as a "hands-on" EU cross-border digital service, or is exempt from taxation outside of the EU and therefore only liable for taxation at local rates.
All non-educational materials delivered at the event remain the intellectual property of the provider. All rights not expressly granted shall be reserved by the provider. Modification or incorporation of materials shall not constitute a joint work. If the attendee wishes to make additional use of materials not covered in these terms and conditions the attendee shall obtain permission from the provider and pay an additional fee to be agreed upon. If permission is granted for the attendee to make additional use of materials, a credit in the name of the provider shall accompany the materials whenever practical and the attendee shall supply the provider with a copy of any publication the material appears in.
Due to the potential for material covered at events to be abused, attendees have a legal duty to protect the public from any harm caused by reckless or negligent disclosure. Specifically, attendees may not disclose materials covered at events without taking due diligence precautions the public would expect relating to such material (e.g. security vetting, clearances, contracts, etc).
Some events place special requirements upon the attendee prior to attendance (e.g. security vetting) and whilst at the event (e.g. venue security requirements). Attendees must adhere to those requirements and be willing to undertake all necessary action in order to comply with them. The applicant is liable for any costs the provider incurs in meeting these requirements. The Baseline Security Check (BSC) for access to RESTRICTED events involves an International Criminal History Check (ICHC), identity check, enhanced reference check (academic, professional, medical and character) and security interview. If these checks are required the normal 28 day notice period for applications and payment is be extended to 6 months in order to complete sufficient security investigations.
Amongst other commitments attendees may also be required to limit personal movements in venues, limit communication with others on or before events, share data with European authorities and sign non-disclosure agreements. These requirements will be communicated to the applicant prior to an offer of a place at the event. With the exception of forfeiture of a place at the event the applicant or attendee will not suffer any further disadvantage for non-cooperation with special requirements.
In lieu of a current EU or NATO security clearance of any level, written authority at UN ASG, NATO OF-6 or EU DDG level, or enhanced security investigations with necessary and justifiable "need-to-know/attend" will be accepted. Photographic proof of identity will be requested at course registration.
By agreeing to these terms and conditions an attendee agrees to the following declaration:
"In applying for this event I hereby declare that I have no unlawful or unethical intent nor do I intend to use skills or knowledge gained therein to commit unlawful or unethical actions in the future. Furthermore, I recognise and attest to my on-going legal obligation not to pass on course material to others and not to misuse that material to commit or conspire in unlawful or unethical actions that undermine the rule of law.”
|Policy owner:||Chair of the Institute|
|Authorised date:||06 July 2015|
|Operational date:||22 July 2015|
This policy constitutes the Institute’s position on the use of personal information in fulfilling its obligations to the public.
This policy constitutes the Institute's position on the use of personal information in fulfilling its obligations to the public.
This website is hosted by the Institute for European Intelligence and Security. Representatives of the Institute may be reached via the contact page.
The Institute needs to gather and use certain information about individuals in order to function. This can include contact details, security, medical, financial and other personal information. This policy describes the Institutes position on how this information must be collected, handled and stored.
This policy ensures that the Institute:
This policy applies to:
The policy applies to all data that the Institute holds relating to identifiable individuals. This can include any information relating to individuals including but not limited to:
This policy helps to protect the Institute from data security risks, including:
Information provided to the Institute shall be treated in full accordance with the EU regulations and standards.
Personal data will:
Everyone who works for or with the Institute has some responsibility for ensuring data is collected, stored and handled in line with this policy and data protection principles. However, these roles have key areas of responsibility:
All those covered by this policy are required to follow general protection guidelines for personal data:
These guidelines describe how and where personal data should be safely stored. Further questions about storing data can be directed to the data controller:
Personal data is at the greatest risk of loss, corruption or theft at the point of access. Therefore, personal data should:
The law requires that the Institute take reasonable and proportional steps to ensure data is accurate and up to date:
All individuals who are the subject of personal data held by the Institute are entitled to:
Requests for subject information should be made by e-mail, addressed to the data controller at the link below. The data controller can supply standard request forms but individuals do not have to use these.
Once a request for personal data is made by a data subject the data controller must provide the relevant data within 1 month.
Prior to releasing subject information individuals may be required to pay an administrative fee not exceeding €50 and proportional to the expenses incurred in processing the request. The identity of an individual making a request must always be verified prior to the release of any personal information.
In limited circumstances, a subject may make a request to prevent processing if it causes damage or distress. To do so a request must be made by e-mail stating what the objection is, how processing is unwarranted and reasons why handling is causing damage or distress.
The Institute aims to ensure that individuals are aware that their data is being processed and that they understand:
For the reasons described in this policy outline how personal data is used by the Institute.
The Chair of the Institute is a designated data controller for the purposes of this policy and relating legislation. The Institute takes takes great care to ensure that personal information is handled appropriately and confidence in their security and discretion is maintained.
The Institute may obtain personal information from a variety of open and closed sources, including government agencies, private individuals and organisations.
Personal information is typically processed by the Institute to facilitate, protect and promote the:
Personal and non-personal information may be processed in the legitimate interests of the Institute when those interests are not overridden by the interests of the fundamental rights and freedoms of the data subject. However, it is strictly prohibited for sensitive information to be processed for ancillary support purposes (e.g. routine administration, public relations, advertising and other marketing activities).
Our website automatically gathers some impersonal information from your computer such as your general location, when and what you viewed. This is collected to provide some insight into our visitors (e.g what pages to people like to visit most, from what countries and when?) so we can improve our site and services. None of the data our site gathers is specific enough to identify an individual.
The Institute will never make decisions that may affect an individual based solely upon the automated analysis of personal data.
By voluntarily submitting personal data to the Institute the data subject explicitly grants the Institute permission to process it for the purpose for which it was originally supplied and to retain it for as long as may be required to fulfil that purpose and satisfy any legal obligations relating to it.
The Institute ensures that personal information is handled lawfully and justifiably. Personal information must be as accurate and current as possible, adequate and not excessive to the task, in respect of individual's rights.
The Institute complies with the relevant parts of European data protection regulation, common security policies and ISO27001 information security standards.
Any data breach likely to result in risks to the rights and freedoms of individuals will be reported to the relevant authority within 72 hours of the data controller becoming aware of it.
Oversight: The Inspectorate is the independent regulator responsible for overseeing data protection compliance. In limited circumstances complaints may also be lodged with the relevant national data protection or supervisory authorities. To find out where your relevant authority is located please contact the data controller who will aim to address your query within 14 days.
For legal and security reasons the Institute is required hold some sensitive data on data subjects (e.g. in order to satisfy legal obligations to conduct security checks on delegates). Sensitive information is subject to rigorous security standards and may only be used in the interests of public safety and security. The use of such information for ancillary support (e.g. routine administration, public relations, advertising and other marketing activities) is strictly prohibited.
When processing sensitive data, the Institute and its personnel are typically subject to national security, law-enforcement, research/analysis or third-party exemptions.
Risk assessment and mitigation is required whenever specific risks to the rights and freedoms of data subjects are identified. Recurring high risk functions have been identified in legal disclosure, security vetting and unsolicited communication. All risks have been mitigated or reduced through the application of security procedures. Further details are available upon request.
Additional security regulations outlined in 2013/488/EU surround the use of sensitive, privileged and classified material and form the basis of the Institutes standard operating procedure for the protection of that material.
Additional policies regarding the terms and conditions of sale and use of services provided by the Institute are provided in the Institutes general terms and conditions.
|Policy owner:||Data Controller|
|Authorised date:||14 May 2018|
|Operational date:||25 May 2018|