Privacy Policy
Effective date: 2026 · Applies to the European Union / EEA / UK (GDPR) and the United States, including California (CCPA/CPRA).
Template — requires legal review. This Privacy Policy is drafted to align with the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act as amended by the CPRA. It must be reviewed and finalized by qualified privacy counsel, and the bracketed items marked [to be completed] (controller identity, jurisdiction, EU/UK representative, retention periods, and processors) must be supplied before this site collects real personal data.
1. Introduction & scope
This Privacy Policy explains how [legal entity name — to be completed] (“IETB,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal data when you visit this website or use its forms. It applies to individuals in the European Union, European Economic Area, and United Kingdom (under the GDPR and UK GDPR) and to residents of the United States, including California residents (under the CCPA/CPRA). This website is currently a design concept; the practices below govern any personal data you nonetheless choose to submit.
2. Data controller & contact
- Controller: [legal entity name — to be completed]
- Registered office: [address — to be completed]
- Privacy contact / Data Protection Officer: hq@ietb.org
- EU/UK representative (GDPR Art. 27): [to be completed if required]
3. Personal data we collect
We collect only the information you provide through our forms, together with limited technical data:
- Contact identifiers: name, job title/role, email address, telephone number, preferred language.
- Organization data: organization name, type, jurisdiction of registration, website, regulatory status, jurisdictions of operation.
- Inquiry & access-request data: access pathway, objectives, areas of interest, target timeline, approximate scale/assets-under-management band, existing approvals, and any free-text you provide.
- Technical data: data your browser sends automatically (e.g., IP address, device/browser type) and, only with your consent, any analytics cookies. We do not currently deploy advertising or third-party tracking cookies.
The login portals on this website are demonstrations only and are not live; you should not enter real credentials. We do not knowingly store working passwords.
4. How and why we use your data — purposes & GDPR legal bases
- To respond to inquiries and access requests and conduct eligibility review — legal basis: your consent (Art. 6(1)(a)) and our legitimate interests (Art. 6(1)(f)) in responding to institutional contacts.
- To communicate with you about your submission — consent and/or legitimate interests.
- To operate, secure, and improve the website — legitimate interests.
- To comply with legal obligations — legal obligation (Art. 6(1)(c)).
- Analytics cookies (if any) — only with your consent, given via our banner and withdrawable at any time.
We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.
5. How we share your data
We do not sell your personal data. We may share it with: (a) service providers / processors who host the site or handle communications on our behalf under contract; (b) our professional advisers; and (c) authorities where required by law. Form submissions are routed to the IETB engagement office at hq@ietb.org. [List specific processors and sub-processors — to be completed.]
6. International data transfers
Your data may be processed in countries outside your own, including the United States. Where we transfer personal data out of the EEA/UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum) or an adequacy decision. [Confirm transfer mechanisms and hosting locations — to be completed.]
7. Data retention
We keep personal data only as long as necessary for the purposes above, then delete or anonymize it. [Specify retention periods per data category — to be completed.]
8. Your rights in the EU / EEA / UK (GDPR)
Subject to conditions, you have the right to:
- access your personal data;
- rectify inaccurate data;
- erase your data (“right to be forgotten”);
- restrict processing;
- data portability;
- object to processing based on legitimate interests;
- withdraw consent at any time (without affecting prior processing); and
- lodge a complaint with your supervisory authority (in the EU) or the UK Information Commissioner's Office.
To exercise these rights, contact hq@ietb.org. We respond within the timeframes required by law (generally one month under the GDPR).
9. Your rights in the United States / California (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know / access the categories and specific pieces of personal information we collect, use, and disclose;
- Delete personal information we collected from you;
- Correct inaccurate personal information;
- Opt out of the “sale” or “sharing” of personal information;
- Limit the use of sensitive personal information; and
- Non-discrimination for exercising your rights.
We do not sell or share personal information as those terms are defined under the CCPA/CPRA, and we do not knowingly process the personal information of consumers under 16 for sale or sharing. You may exercise your rights, including through an authorized agent, by contacting hq@ietb.org. We will not discriminate against you for exercising these rights. Where required, a “Do Not Sell or Share My Personal Information” and “Limit the Use of My Sensitive Personal Information” mechanism will be provided.
10. Cookies & consent
We use only strictly necessary storage required for the site to function (including remembering your cookie/privacy choice). Any non-essential or analytics cookies are set only after you accept via our consent banner, and you may decline or later change your choice. Declining does not prevent you from using the site. [List any specific cookies/analytics once added — to be completed.]
11. Children's privacy
This website is directed to professional and institutional audiences and is not intended for children. We do not knowingly collect personal data from anyone under 16.
12. Security
We apply appropriate technical and organizational measures to protect personal data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
13. Changes to this policy
We may update this policy from time to time. Material changes will be indicated by updating the “effective date” above and, where appropriate, by a notice on this website.
14. Contact us
Questions or requests: hq@ietb.org.