1.1 We are committed to safeguarding of our website visitors and service users; in this policy we explain how we will handle your personal data.
Who is protected by this policy
1.3. This privacy and cookies policy applies to all “personal data” as referred to under the General Data Protection Regulation (2016/679) that we process as the data controller. It applies to the processing of the personal data of our users in connections with our website and services as well as to the personal data of the end users who – through their relationship with our users (e.g. visitors and employees) – make use of such website and services.
What does processing of personal data mean and who is responsible for this
1.4. By “processing personal data” it is meant any processing of data that could be used to identify a natural person. The term “processing” is very broad, and covers, among others aspects, the collection, recording, organizing, saving, updating, modifying, retrieving, consulting, using, distributing or making available of data in any way whatsoever, as well as putting together, combining, archiving, delating or eventually destroying that data.
1.5. EPTDA ASBL with registered office at Grensstraat 7, 1831 Diegem, Belgium and registered with the Crossroads Bank for Enterprises under number BE 0866 898 896 is the data controller of the personal data. This means that EPTDA determines the purpose and the resources for the processing of your personal data.
1.6. Through our services, you might also use services provided by other parties, . EPTDA has no control over the information you provide to such third parties, or how this is processed, and EPTDA has no responsibility in this respect.
2. How we use your personal data
2.1 In this Section 2 we have set out:
(a) the general categories of personal data that we may process;
(b) the purposes for which we may process personal data; and
(c) the legal bases of the processing.
(d) the nature of personal data that is processed.
2.2 We may process data about your use of our website and services (“usage data“). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is Google Analytics. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is consent that we collect via the website – “cookies’ acceptance” confirmation.
2.3 We may process your account data (“account data“). The account data may include your gender, name, job description/function, company name, address, post code, city, state, country, phone, fax and email address. The account data may be processed for the purposes of administration and management of relations, operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is consent. We need to know basic information about you in order to provide you with the EPTDA’s services you have trusted us to provide and the possible transactions and data treatment these processes involve, as per the agreement EPTDA has with your company.
2.4 We may process your information included in your personal profile on our website (“profile data“). The profile data may include your name, address, telephone number, fax number, email address, profile picture, gender. The profile data may be processed for the purposes of enabling and monitoring your use of our website and services. The legal basis for this processing is consent.
2.5 We may process information that you post for publication on our website or through our services (“publication data“). The publication data may be processed for the purposes of enabling such publication and administering our website and services. The legal basis for this processing is consent.
2.6 We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (“notification data“). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent.
2.7 We may process “convention data” This data may include your name, address, telephone number, fax number, email address, profile picture, gender, company name, websites. The source of this data is EPTDA app. This data may be processed for improving the user experience. The legal basis for this processing is consent.
2.8 Please do not supply any other person’s personal data to us, unless we prompt you to do so.
2.9. We process the personal data that you give us yourself, by telephone, in writing, electronically or verbally.
2.10. We might assign personal data to you for the use of our services (e.g. login code(s) and passwords). In addition, our systems also register personal data that is generated during your use of our services (e.g. location and time of calls ).
2.11 We will act in compliance of the new GDPR with regards to the data treated within our processes and while we provide you our services. We permanently assess and monitor all processes involved and ensure that our service providers are equally GDPR compliant with regards to your data treatment. We have taken technical and organizational measures to protect the databases in which your data is kept against unauthorized access, unauthorized use, theft or loss.
3. Providing your personal data to others
3.1 We may disclose your personal data to any member (EPTDA member companies and their official representatives in relation with EPTDA as per our membership documents (and their amendments) provided by each member company, including their potential legal successors) insofar as reasonably necessary for the purposes set out in this policy.
3.2 We may disclose your personal data to our professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.
3.3 In addition to the specific disclosures of personal data set out in this Section 3, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject and provided there is a legitimate interest for EPTDA or the third party involved, or in order to protect your vital interests or the vital interests of another natural person.
4. International transfers of your personal data
4.1 We as an association have offices in Belgium and Romania. The European Commission has made an “adequacy decision” with respect to the data protection laws of each of these countries. Transfers to each of these countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission.
4.2 You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others. Nevertheless we have made sure that your data is stored in servers situated in the European Union and we clearly identified our service providers who may be processing your data and required a warranty of GDPR compliance with regards to these data treatment processes.
5. Retaining and deleting personal data
5.1 This Section 5 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
5.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
5.3 We will retain and delete your personal data as follows:
(a) personal data will be retained for as long as you do not give your consent to delete your personal data, at which point your personal data will be deleted from our systems.
(b) company data will be retained for as long as the company is a member of EPTDA after which the data will be stored in a different location until we receive consent to delete the company’s data from our systems.
5.4 In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:
(a) the period of retention of personal and company data will be determined based on the accuracy of the same.
5.5 Notwithstanding the other provisions of this Section 5, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
6.1 We may update this policy from time to time by publishing a new version on our website.
6.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
6.3 We may notify you of changes to this policy by email.
7. Your rights
7.1 You may instruct us to provide you with any personal information we held about you, free of charge and in an understandable format; provision of such information will be subject to:
(a) the supply of appropriate evidence of your identity
7.2 We may withhold personal information that you request to the extent permitted by law.
7.3 You may instruct us at any time not to process your personal information for marketing purposes.
7.4 You may correct your data by providing us updates and correction. You have to the right to ask deletion of your personal data.
7.5 In practice, you will expressly agree in advance to our use of your personal information for marketing purposes, and we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.
7.6 Should you have a complaint, you can inform us by sending an email to email@example.com.
8. Third party websites
8.1 Our website includes hyperlinks to, and details of, third party websites.
8.2 We have no control over, and are not responsible for, the privacy policies and practices of third parties.
9. Updating information
9.1 Please let us know by sending an email to the email address published on the website if the personal information that we hold about you needs to be corrected or updated.
9.2 We will generally keep your data for as long as required for the lawful purposes for which it was obtained. The data is kept for no more than 12 months after a person has ceased to use our services unless a longer delay is required by law in which case your data is kept as long as required for the lawful purposes for which it was obtained.
If you consent to marketing or administrative purposes, any information we use for this purpose will be kept with us until you notify us that you no longer wish to receive this information. For this request, please send an email to firstname.lastname@example.org, with the subject “Unsubscribe from EPTDA”. Please specify inside the email body what information you do not want to receive from EPTDA.
10. About cookies
10.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
10.2 Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
10.3 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
11. Cookies that we use
12. Cookies used by our service providers
12.3 The cookies from social media websites and applications (Facebook, Twitter, LinkedIn, YouTube, Vimeo) we use in order to provide you our services and/or to disseminate information about our activities are subject to their own GDPR compliance policies that may be found on their respective websites.
13. Managing cookies
13.1 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);
(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
(c) http://www.opera.com/help/tutorials/security/cookies/ (Opera);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
13.2 Blocking all cookies may have a negative impact upon the usability of many websites.
13.3 If you block cookies, you will not be able to use all the features on our website.
14. Our details
14.1 This website is owned and operated by EPTDA
14.2 We are registered in Belgium under registration number BE0866898896, and our registered office is at Grensstraat 7, 1831 Diegem, Belgium.
14.3 Our principal place of business is at Grensstraat 7, 1831 Diegem, Belgium.
14.4 You can contact us:
(a) by post, using the postal address given above;
(b) by telephone, on the contact number published on our website from time to time; or
(c) by email, using the email address published on our website from time to time.
15. Data protection officer
15.1 Our data protection officer’s contact details are: Vlad Nicolaescu, email@example.com.
16. Stay up-to-date on changes
17. Escalation to the supervisory authority
For complaints in connection to the processing of your personal data by us, please contact the Gegevensbeschermingsautoriteit (Data Protection Authority), Drukpersstraat 35, 1000 Brussels / +32 (0) 2 274 48 00 / firstname.lastname@example.org / www.privacycommission.be