Industrial Alliance Logo

Privacy Notice

Version 1.4 – Last updated: 13 July 2026

This notice explains how personal data is processed on the Platform of the IA Working Group SC, an internal collaboration platform for authorised participants of the Working Group Supply Chain. It provides the information required by Articles 13 and 14 of the General Data Protection Regulation (GDPR).

1. Controller

The controller for the processing of personal data on this platform is:

Working Group Supply Chain of the Industrial Alliance on Processors and Semiconductor Technologies
c/o Opaix GmbH, Grüner Weg 54, 23566 Lübeck, Germany
Email: privacy@ia-sc-sc-wg.eu

The platform is technically operated and maintained by Opaix GmbH on behalf of the working group.

2. What data we process and where it comes from

The platform processes the following categories of personal data:

Source of your data: your email address and your initial role assignment are provided by the working-group host of your partner organisation or by a platform administrator when you are admitted to the access list. Subsequent role assignments and changes to your account status are made by authorised hosts or administrators, or are generated automatically according to the platform's account lifecycle rules (see section 6). Authentication and activity records, download counters and technical logs are generated through your use of the platform and the operation of its technical systems.

3. Purposes and legal bases

All processing on this platform is based on legitimate interest (Art. 6(1)(f) GDPR). The specific purposes and the interests pursued are:

4. Emails sent by the platform

The platform sends transactional emails only: one-time login codes, security notifications (for example when a daily download limit is reached), account notices (for example before an inactive account is deactivated) and periodic access-review requests to the designated review contact of each partner organisation. No marketing or promotional emails are sent. These emails are delivered through the email delivery service Brevo (Sendinblue SAS, Paris, France) acting as a processor on our behalf; the delivery process generates dispatch metadata (recipient address, time of dispatch, delivery status).

5. Recipients and data location

Personal data is disclosed to the following categories of recipients:

Activity records and technical logs are accessible only to platform administrators.

The platform itself and its databases are hosted on servers located within the European Union. Brevo may engage affiliated companies and subprocessors located outside the EU/EEA or permit them to access personal data. Where personal data is transferred outside the EU/EEA, Brevo uses the safeguards required under Chapter V GDPR, including adequacy decisions such as the EU-US Data Privacy Framework or the European Commission's Standard Contractual Clauses together with supplementary measures. Further information about these safeguards or a copy of the relevant safeguards may be requested at privacy@ia-sc-sc-wg.eu. Personal data is not sold or disclosed to third parties for their own marketing purposes.

6. Retention

7. Cookies and tracking

The platform sets only strictly necessary cookies required by the platform and its sign-in service to authenticate you and maintain secure sessions. These cookies are used exclusively for authentication and session management and are not used for analytics, advertising or cross-site tracking. The platform session cookie expires no later than 12 hours after sign-in; the sign-in service's session cookies expire when the corresponding sign-in session ends and no later than 12 hours after sign-in. As these cookies are strictly necessary for the service you request, no consent is required for them. There is no tracking, no analytics based on personal data and no profiling; usage statistics (such as page views) are compiled only in aggregate and are not linked to an identifiable user.

8. No automated decision-making

The platform does not use solely automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you within the meaning of Art. 22 GDPR. Access to platform areas is granted or denied automatically according to the role assignments made by hosts and administrators; these technical access checks do not produce such effects.

9. Is the provision of your data required?

Providing and processing your email address is necessary to operate your access to the platform: without it, no account can be created, no login codes can be delivered and access cannot be granted. There is no statutory or contractual obligation for you personally to provide it; if you do not wish your email address to be processed, contact your organisation's host to be removed from the access list.

10. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on Art. 6(1)(f) GDPR (Art. 21(1) GDPR). We will then no longer process the data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims. To object, contact privacy@ia-sc-sc-wg.eu.

11. Your other rights

Under the GDPR you additionally have the right to obtain access to the personal data we hold about you (Art. 15), the right to rectification of inaccurate data (Art. 16), the right to erasure (Art. 17) and the right to restriction of processing (Art. 18). Where the applicable legal requirements are met, you may also have the right to data portability under Art. 20 GDPR.

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The supervisory authority competent for the controller is the Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD), Holstenstraße 98, 24103 Kiel, Germany (datenschutzzentrum.de). You may however also contact the supervisory authority of the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

To exercise any of these rights, contact privacy@ia-sc-sc-wg.eu.

12. Changes to this notice

We will update this notice when the processing described here changes, for example when a new service provider is engaged. The version published on this page is the current one.