1. Introduction

1.1    We are committed to safeguarding the privacy of our website visitors and service users; in this policy we explain how we will handle your personal data.

1.2    By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy.

Who is protected by this policy

1.3.   This privacy and cookies policy applies to the personal data that we process as the data controller. It applies to the processing of the personal data of our users in connections with our website and services as well as to the personal data of the end users who – through their relationship with our users (e.g. visitors and employees) – make use of such website and services.

What does processing of personal data mean and who is responsible for this

1.4.   By “processing personal data” it is meant any processing of data that could be used to identify a natural person. The term “processing” is very broad, and covers, among others aspects, the collection, recording, organizing, saving, updating, modifying, retrieving, consulting, using, distributing or making available of data in any way whatsoever, as well as putting together, combining, archiving, delating or eventually destroying that data.

Processing of the personal data of business users is only appropriate where the business user is a natural person (self-employed), or, if the business user is a legal entity (a company), this privacy policy only applies to the personal date of the natural persons that are processed in the context of their relationship with the business user.

1.5.  EPTDA ASBL with registered office at Grensstraat 7, 1831 Diegem, Belgium and registered with the Crossroads Bank for Enterprises under number BE 0866 898 896 is the data controller of the personal data. This means that EPTDA determines the purpose and the resources for the processing of your personal data.

1.6.   Through our services, you might also use services provided by other parties, such as Facebook, LinkedIn, and Twitter. EPTDA has no control over the information you provide to such third parties, or how this is processed, and EPTDA has no responsibility in this respect.

2. How we use your personal data

2.1    In this Section 2 we have set out:

(a)    the general categories of personal data that we may process;

(b)   the purposes for which we may process personal data; and

(c)    the legal bases of the processing.

2.2    We may process data about your use of our website and services (“usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is Google Analytics. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is consent. The legal basis for this processing is consent that we collect via the website – “cookies’ acceptance” confirmation.

2.3    We may process your account data (“account data”). The account data may include your gender, name, job description/function, company name, address, post code, city, state, country, phone, fax and email address. The account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is consent. We need to know basic information about you in order to provide you with the EPTDA’s services you have trusted us to provide and the possible transactions and data treatment these processes involve, as per the agreement EPTDA has with your company.

2.4    We may process your information included in your personal profile on our website (“profile data”). The profile data may include your name, address, telephone number, fax number, email address, profile picture, gender. The profile data may be processed for the purposes of enabling and monitoring your use of our website and services. The legal basis for this processing is consent.

2.5    We may process information that you post for publication on our website or through our services (“publication data”). The publication data may be processed for the purposes of enabling such publication and administering our website and services. The legal basis for this processing is consent.

2.6    We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (“notification data”). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent

2.6    We may process “convention data”. This data may include your name, address, telephone number, fax number, email address, profile picture, gender, company name, websites. The source of this data is EPTDA app. This data may be processed for improving the user experience. The legal basis for this processing is consent.

2.7    Please do not supply any other person’s personal data to us, unless we prompt you to do so.

2.8    We process the personal data that you give us yourself, by telephone, in writing, electronically or verbally.

2.9.   We might assign personal data to you for the use of our services (e.g. login code(s) and passwords). In addition, our systems also register personal data that is generated during your use of our services (e.g. location and time of calls).

2.10  We will act in compliance of the new GDPR with regards to the data treated within our processes and while we provide you our services. We permanently assess and monitor all processes involved and ensure that our service providers are equally GDPR compliant with regards to your data treatment.

3. Providing your personal data to others

3.1    We may disclose your personal data to any member of our group of companies (EPTDA members and their official representatives in relation with EPTDA as per our membership documents (and their amendments) provided by each member company, including their potential legal successors) insofar as reasonably necessary for the purposes set out in this policy.

3.2    We may disclose your personal data to our professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.

3.3    In addition to the specific disclosures of personal data set out in this Section 3, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject and provided there is a legitimate interest for EPTDA or the third party involved, or in order to protect your vital interests or the vital interests of another natural person.

4. International transfers of your personal data

4.1  We as an association have offices in Belgium. The European Commission has made an “adequacy decision” with respect to the data protection laws of each of these countries. Transfers to each of these countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission.

4.2    You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others. Nevertheless, we have made sure that your data is stored in servers situated in the European Union and we clearly identified our service providers who may be processing your data and required a warranty of GDPR compliance with regards to these data treatment processes.

5. Retaining and deleting personal data

5.1    This Section 5 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.

5.2    Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

5.3    We will retain and delete your personal data as follows:

(a)    personal data will be retained for as long as you do not give your consent to delete your personal data, at which point your personal data will be deleted from our systems.

(b)    company data will be retained for as long as the company is a member of EPTDA after which the data will be stored in a different location until we receive consent to delete the company’s data from our systems.

5.4    In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:

(a)    the period of retention of personal and company data will be determined based on the accuracy of the same.

5.5    Notwithstanding the other provisions of this Section 5, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

6. Amendments

6.1    We may update this policy from time to time by publishing a new version on our website.

6.2    You should check this page occasionally to ensure you are happy with any changes to this policy.

6.3    We may notify you of changes to this policy by email.

7. Your rights

7.1    You may instruct us to provide you with any personal information we held about you, free of charge and in an understandable format; provision of such information will be subject to:

(a)    the supply of appropriate evidence of your identity

7.2    We may withhold personal information that you request to the extent permitted by law.

7.3    You may instruct us at any time not to process your personal information for marketing purposes.

7.4    You may correct your data by providing us updates and correction.

7.5    In practice, you will expressly agree in advance to our use of your personal information for marketing purposes, and we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.

7.6    Should you have a complaint, you can inform us by sending an email to the address mentioned on the website.

8. Third party websites

8.1    Our website includes hyperlinks to, and details of, third party websites.

8.2    We have no control over, and are not responsible for, the privacy policies and practices of third parties.

9. Updating information

9.1    Please let us know by sending an email to the email address published on the website if the personal information that we hold about you needs to be corrected or updated.

9.2    We will generally keep your data for as long as required for the lawful purposes for which it was obtained. If you consent to marketing or administrative purposes, any information we use for this purpose will be kept with us until you notify us that you no longer wish to receive this information. For this request, please send an email to info@eptda.org, with the subject “Unsubscribe from EPTDA”. Please specify inside the email body what information you do not want to receive from EPTDA.

10. About cookies

10.1  A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

10.2  Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

10.3  Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

11. Cookies that we use

11.1  We use cookies for the following purposes:

(a)    authentication – we use cookies to identify you when you visit our website and as you navigate our website;

(b)    status – we use cookies to help us to determine if you are logged into our website;

(c)    security – we use cookies as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally

(d)  personalisation – we use cookies to store information about your preferences and in some cases and wherever possible, personalise the website for you

(e)    analysis – we use cookies to help us to analyse the use and performance of our website and services and

(f)    cookie consent – we use cookies to store your preferences in relation to the use of cookies more generally.

12. Cookies used by our service providers

12.1  Our service providers use cookies and those cookies may be stored on your computer when you visit our website. As mentioned at point 4.2, we make sure our service providers are GDPR-compliant with regards to all data treatment processes where your data is involved.

12.2  We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google’s privacy policy is available at: https://www.google.com/policies/privacy/.

12.3 The cookies from social media websites and applications (Facebook, Twitter, LinkedIn, YouTube, Vimeo) we use in order to provide you our services and/or to disseminate information about our activities are subject to their own GDPR compliance policies that may be found on their respective websites.

13. Managing cookies

13.1  Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:

(a)    https://support.google.com/chrome/answer/95647?hl=en (Chrome);

(b)    https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);

(c)    http://www.opera.com/help/tutorials/security/cookies/ (Opera);

(d)    https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);

(e)    https://support.apple.com/kb/PH21411 (Safari); and

(f)     https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).

13.2  Blocking all cookies may have a negative impact upon the usability of many websites.

13.3  If you block cookies, you will not be able to use all the features on our website.

14. Our details

14.1  This website is owned and operated by EPTDA.

14.2  We are registered in Belgium under registration number BE0866898896, and our registered office is at Grensstraat 7, 1831 Diegem, Belgium.

14.3  Our principal place of business is at Grensstraat 7, 1831 Diegem, Belgium.

14.4  You can contact us:

(a)    by post, using the postal address given above;

(b)    by telephone, on the contact number published on our website from time to time; or

(c)    by email, using the email address published on our website from time to time.

15. Data protection officer

15.1  Our data protection officer’s contact details are: Koen Lauryssenk.lauryssen@eptda.org.

16. Stay up-to-date on changes

We may change this privacy policy from time to time, for example, if we introduce new processing activities. We therefore invite you to always consult the most recent version of this policy on our website.

In case of contradictions between general terms and conditions and/or special terms that may apply to some specific services we might have, such terms and conditions will take precedence over this privacy policy.

17. Escalation to the supervisory authority

For complaints in connection to the processing of your personal data by us, please contact the Gegevensbeschermingsautoriteit (Data Protection Authority), Drukpersstraat 35, 1000 Brussels / +32 (0) 2 274 48 00 / commission@privacycommission.be / www.privacycommission.be