SVIA takes personal data protection very seriously to ensure compliance with the legal requirements set out in the Regulation 2016/679 on General Data Protection and Directive 2002/58/EC on e-Privacy.
In this privacy policy, SVIA (also hereafter ‘we’) provides a clear understanding of how we collect, use, protect or otherwise handle personal data.
A glossary of the key legal terms used in this Charter is provided below.
1. Who is concerned by this privacy policy
This Privacy Notice mainly covers the collection and processing of personal data of members of SVIA (current and old) and their staff, of contractual partners, of people who have expressed an interest in SVIA and its activities, as well as online users (hereinafter “you”).
2. Who is responsible for the use of your data in the context of your relationship with our services?
The Controller responsible for the processing of your personal data is SVIA, the head office of which is at Silversquare Louise, Avenue Louise 523, 1050 Brussels, Belgium registered under VAT number BE0682.874.753.
Should you have any questions, complaints or queries with regards to how we use your information, we encourage you to contact us at info@association-svia.org and we will do our best to answer/resolve it in the shortest possible time.
3. Personal data we collect/process and how we use it
We collect your personal data for various reasons.
We can only collect and use your personal data if this use is based on one of the legal foundations determined by the GDPR (for example, your consent or the performance of an agreement signed between us).
Below, you will find a list of those purposes for which your personal data is used by SVIA and the corresponding legal grounds.
Purpose 1 : to provide and organise services to our members and/or to members of the national associations
This covers the processing of personal data necessary for the provision and the organisation of our services (including consulting services, sharing of good practices, sectoral statistics, impact studies, etc.) to our members
For this purpose If you are or become a member of SVIA we collect information about you, identification data (name business email address, phone number (fixed and/or mobile), job title employer…) and all information that you provide to us voluntarily (e.g. personal mobile number or mailing address) and/or to members of the national associations.
This end purpose is based on SVIA’s legitimate interest in the collection and processing of the personal data of its contacts at legal entity Members in order to contact them in respect with the services provided and guarantee the proper performance of the agreement (GDPR, Article 6.1.(b) and (f)).
Purpose 2: management of messages received, concerns, inquiries or requests received about events and activities
If you have corresponded with us by any form of communication (e.g. email), we may maintain such correspondence. This is also the case if you are a person who contacted or has been contacted by our members or staff in the framework of SVIA’s mission and activities.
For this purpose, we will collect identification data such as name, position, email, address and all information that you provide voluntarily.
This end purpose is based on SVIA’s legitimate interest to process the personal data of people in order to respond to their demand and their expectations and/or in order to defend and protect its Members’ interests as part of its mission and social object (GDPR, Article 6.1. (f)).
Purpose 3: to manage service providers
This covers the processing of personal data necessary for the general management of services providers, including accounting, litigation and legal procedures, the recovery or transfer of receivables and the protection of our rights in general.
To this end, we collect identification data of contact persons (business email address, business telephone number, title…) and any information connected with the intervention of the contact person in the contractual relationship.
This end purpose is based on SVIA’s legitimate interest to collect and process data relating to the contact persons within the organisations of its Suppliers and the need to negotiate and/or perform the contract with your company (GDPR, Article 6.1.(b) and (f)).
Purpose 4: to register for SVIA activities and events
This covers the processing of personal data necessary for the registering for activities and events we organise.
To this end, we collect the following data;
- Members: identification data (name, business email address, phone number (fixed and/or mobile), job title, employer…) and all information that you provide to us voluntarily
- Not members: name, position, organisation and contact details that you voluntarily provided to us;
- Speaker; name, position, organisation, bio, photo or other data that you voluntarily provided to us.
This end purpose is based on the performance of a contract concluded with you (GDPR, Article 6.1.(b)).
Purpose 5: improvement of browsing experience and statistics
When you visit our website(s). SVIA’s website(s) use(s) cookies that do not track users and serve the website’s normal functionality. For more information on the cookies we use please check our cookies policy here.
This includes any data processing necessary for the improvement of your browsing experience and for for the establishment of statistics regarding the quality of the website.
To this end, we collect electronic identification data (such as IP address, cookies, connection log).
This end purpose is based on consent (GDPR, Article 6.1.(a)). Therefore, when visiting our website for the first time, a cookie banner will appear.
4. Transmission of your data to third parties
SVIA does not sell personal data.
In certain cases, your personal data can be transferred to a third party, namely:
- To sub-contractors in the framework of activities linked to the mission of SVIA, for example with a view to organise an event; or
- In case of a joint event, to the co-organiser or supporting partner; or
- With public authorities, in response to legal requests, including to meet national security requirements or for the application of the law; or
- As part of a transaction, such as a sale of assets, we may be required to share your personal data with the buyers or sellers; or
- If you consent to it.
Is your personal data transferred abroad?
► Data transfer within Europe
Some data is transferred in Europe for the purpose of certain processing operations (see point 3).
Within the European Economic Area (28 EU members states – Germany, Austria, Belgium, Bulgaria, Cyprus, Croatia, Denmark, Spain, Estonia, Finland, France, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Czech Republic, Romania, United Kingdom, Slovenia, Slovakia, Sweden – Iceland, Norway and Liechtenstein), personal data will benefit from the same level of protection.
► Data transfer outside Europe
You should be aware that the protection of privacy and the rules allowing authorities to access your personal data in these countries are not necessarily equivalent to those in Europe.
In order to ensure a high standard of data protection and privacy, we only use or assign service providers, partners and subcontractors with sufficient technical and legal guarantees.
We transfer and/or grant access to your personal data collected for the management of messages received, concerns, inquiries or requests received about events and activities (see point 3) to third parties located in a non-EEA country only if (1) third parties are located in a country which ensures an adequate level of protection under an adequacy decision taken by the European Commission or (2) appropriate safeguards in conformity with the GDPR are in place (such as e.g. the signing of the Standard Contractual Clauses of the European Commission for the transfer of personal data to third countries (2001/497/EC; 2004/915/EC)).
To obtain more information and/or a copy of the guarantees taken, simply send us an email to info@association-svia.org with your surname, first name and in the subject “transfers outside the EU: personal data”. Also remember to specify in your e-mail the exact information you wish to obtain.
5. How do we keep your data safe?
We take all measures necessary – organisational and technical – to make sure your data remains protected against data breaches (e.g. unauthorised access, alterations or disclosures; unlawful or accidental destruction or loss).
SVIA staff is made aware of the importance of data protection and is trained to follow the appropriate steps to respect privacy, confidentiality and security of your personal data.
6. What happens in the case of a data breach?
In the case of a data breach we will use all technical and organisational means available to contain and eliminate the breach. We apply the latest technological standards (e.g. firewall, encryption, etc.) to make sure the risk of breaches is minimised.
If we become aware that such breach might imply a high risk to the rights and freedoms of persons involved, we will communicate the personal data breach to the people concerned as soon as possible via email or any other means available.
7. Third-party links on our website
This policy does not cover links within SVIA website(s) to other third-party websites. We are not responsible for the use of any personal information including without limitation cookies which you give directly to such third parties, or which they may collect about you while you visit pages hosted by them. Please refer to their respective privacy policies for information about your rights.
8. How long does SVIA keep your personal data?
SVIA has set precise rules concerning how long we keep your personal data for. This varies depending on the various objectives and must take into account any potential legal obligations regarding the retention of certain categories of data.
Purpose 1 : to provide and organise services to our members
SVIA keeps your data for as long as your relationship with SVIA persists (e.g. if you are a member, a contractual party or a newsletter subscriber). This is without prejudice to specific limitation periods foreseen by law allowing to conserve personal data for longer periods of time.
Purpose 2: management of messages received, concerns, inquiries or requests received about events and activities
SVIA keeps your data for 3 years following the end of the relationship with you and/or the last contact with you.
Purpose 3: to manage service providers
SVIA keeps your data 10 years from the end of the contractual relationship or 5 years from the end of the negotiation.
Purpose 4: to register for SVIA activities and events
SVIA keeps your data 10 years from the end of the contractual relationship.
Purpose 5: improvement of browsing experience and statistics
Please refer to our cookies policy here.
9. What are your rights?
We want to ensure that you have the clearest possible information regarding your rights with regard to your personal data. We also want you to be able to exercise these rights as easily as possible (see point 10 below).
- You have the right to access your personal data;
You can access all of the following information concerning:
- Which categories of personal data we collect in relation to you
- Why we use such data
- The categories of individuals to whom your personal data has been or will be disclosed, notably any located outside of Europe
- The length of time for which your personal data is kept in our systems
- Your right to request the correction or deletion of your personal data or the restriction of the use that we make of your personal data and your right to object to such use
- Your right to file a complaint with a European data protection authority
- Information relating to the source of the data when we have not collected your personal data directly from you
- The manner in which your personal data are protected when transferred outside of Europe
- You have the right to rectify, complete or update your data if they are inaccurate;
- You may also request the transfer of your personal data to another entity;
This right offers you the option to have better personal control over your personal data and, more specifically:
- to recover your personal data processed by us, for your own personal use, and for example to save such data in private cloud storage space or on your own devices,
- to transfer your personal data from us to another company, either yourself or by us directly, subject to such transfer being “technically feasible”.
This right relates both to any data which has been actively and knowingly declared by you such as the data which you provide (e.g. personal identification data) and to the information which we collect.
Conversely, the personal data derived, collected or inferred from the data provided by you are excluded from the scope of the right to data portability as these data have been created by us.
You must however be aware that we have the right not to comply with your portability request.
This right in fact applies only to any personal data based on your consent or on the performance of an agreement signed with you. Similarly, this right must not infringe the rights and freedoms of any third parties whose data could be included within the data disclosed as a result of a portability request.
- You have the right to restrict processing
You have the right to ask us to restrict the processing of your data, i.e. the marking (for example, by temporarily placing your data in another processing system or by locking down your data to render them inaccessible) of your recorded personal data with the aim of limiting their processing in the future.
You may exercise this right whenever:
- the accuracy of the data in question is disputed
- your personal data are not being processed in accordance with the GDPR and with Belgian law
- the data are no longer necessary for the initially intended purposes but cannot yet be erased for legal reasons (notably for the acknowledgment, enforcement or defence of your rights in court)
- a decision is pending in relation to your objection to processing.
In the event of the restriction of processing, your personal data will no longer be processed in any manner without your prior consent, with the exception of their retention (storage).
Your personal data may nevertheless continue to be processed for the acknowledgment, enforcement or defence of rights in court or for the protection of the rights of another legal entity or natural person, or for reasons of significant public interest within the European Union or the EU Member State.
If restrictions are imposed on the processing of certain of your personal data, we will inform you when this restriction is lifted.
- You have the right to object
You have the right to object to the processing by us of your personal data if, for any reason personal to you, you consider that any part of the processing carried out constitutes a breach of your privacy and causes excessive harm to you.
You cannot under any circumstances prevent us from processing your data:
- If the processing is necessary for the signature or performance of an agreement
- If the processing is required by law or by a regulation
- If the processing is necessary in order to acknowledge, enforce or defend any rights in court.
It may however be the case that we are unable to comply with your request for other reasons. Of course, in this case, we guarantee that we would provide you with the clearest possible explanation.
- Subject to some exceptions, you may request us to erase your data, cease to process them or withdraw your consent(e.g. cookies). If you decide to do so you may no longer benefit from all our services;
You can contact us at any time in order to ask us to delete the personal data that we process in relation to you if you are covered by one of the following cases:
- Your personal data are no longer necessary with regard to the reasons why they were collected or processed in any other manner
- You have withdrawn the consent given by you which forms the basis for the processing of your personal data carried out by SVIA for a reason specific to you personally, you consider that some of the processing carried out constitutes a breach of your privacy and causes excessive harm to you
- You no longer wish to receive commercial marketing requests from us
- Your personal data are not being processed in accordance with the GDPR and with Belgian laws
- Your personal data must be erased in order to comply with a legal obligation stipulated by European Union law or by a domestic law applicable to SVIA.
If we have published your personal data and we are obliged to erase these data in accordance with the conditions set out above, we will also erase them from the publicly-available media used. We also have an obligation to take reasonable measures in order to inform any other companies (controllers) which process the personal data for which you have requested the deletion of the corresponding links or of any potential copies.
However, it may be the case that we are unable to comply with your request. Please bear in mind that this is not an absolute right. We must ensure that this is balanced with other important values and rights such as freedom of speech, compliance with a legal obligation applicable to us or significant reasons relating to the public interest.
10. How exercise your rights?
You can exercise these your rights by contacting SVIA at info@associatio-svia.org.
Please indicate the specific right that you wish to enforce, the reasons for your request and attach a copy of both sides of your ID card. The request must state the address to which the reply should be sent.
We have one month in which to respond to your request, plus a further 2 months for any requests that necessitate in-depth research or if we are receiving an exceptionally large number of requests.
It may however be the case that we are unable to comply with your request. Of course, in this case, we guarantee that we would provide you with the clearest possible explanation.
11. How can you contact us? How can you file a complaint with a data protection authority?
If you have any questions or suggestions concerning this Personal Data Protection Charter, please contact us by email or letter (see contact details above). We will read your comments carefully and get back to you as soon as possible.
If you consider that your personal data are not being protected properly, please contact us directly. Please also note that you have the right to file a claim with the Belgian data protection authority.
- By post: Autorité de Protection des Données, Rue de la Presse 35, 1000 Brussels.
- By email: contact@apd-gba.be
12. Update of this privacy policy
It might happen that we have to modify our privacy policy in accordance with the General Data Protection Regulation, for instance to comply with new legal requirements. Should any changes occur, they will be published on this website, without notice, together with the date of the change from which the change is made effective.
Please consult this Charter on a regular basis in order to find out how SVIA protects your personal data.
Last update: 20 February 2019
This is version 1.0 of the charter
13. Glossary of the key legal terms used in this Charter
Terms that are often used in this Charter | Definitions provided by the GDPR (General Data Protection Regulation) | Explanation of the terms in standard language |
Data of a personal nature (hereinafter ‘personal data’) | Any information relating to an identified or identifiable natural person (hereinafter ‘the data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. | All sorts of information relating to a natural person, that is an individual, who can be identified as a person, directly or indirectly who can be distinguished from other people. Examples: a name, a photo, a fingerprint, an e-mail address, a telephone number, a social security number, an IP address, a voice mail, your browsing data on a website, data relating to an online purchase, etc. |
Processing | An operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. | Any use of personal data, regardless of the procedure involved (recording, organisation, storage, adaptation, alignment with other data, transmission, etc. of personal data). Example: the use of your data to manage an order, a delivery, send a newsletter, etc. |
Controller | The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. | The person, public authority, company or body which manages your data and determines how they are used. He/She decides whether to start or discontinue processing and determines why your data will be processed and to whom they will be transferred. He/she is the main party responsible for ensuring the protection of your data. |
Processor | The natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. | Any natural or legal person that performs processing tasks following the instructions and under the responsibility of the controller. |