Last updated in February 2019 by A.SPIRE
Protecting your data and privacy is of the utmost importance for us at A.SPIRE. We comply with data protection laws, including the European Regulation 2016/679 of 27 April 2016 on the protection of personal data (the “GDPR”) and any other applicable national acts or regulations regarding the processing of personal data or the protection of privacy.
1. A.SPIRE’s Role as Data Controller
The data controller responsible for the processing of your data is the A.SPIRE aisbl, having its registered offices at Rue Belliard 40,bte 21 – 1000 Brussels, Belgium.
As a data controller we solely and autonomously determine the purposes and means of the processing of your personal data.
2. What Data Does A.SPIRE Collect?
We collect and process your personal data only for the purposes set out in this Policy. Your data can either be submitted to us, or collected by us, in different ways (including via our Website, written correspondence and e-mails).
As you browse the Website, interact or sign up to the newsletter via the online form, A.SPIRE will collect the following personal data:
- Identification data: only if you decide to provide identification information via the Website, such as your email address, first name, last name, company.
3. On Which Legal Basis and for What Purposes Do We Process Your Data?
We always process your personal data on the basis, and within the boundaries of the legal principles as laid down under the applicable law. We do our utmost to limit the processing of your personal data to that which is strictly necessary for the achievement and performance of the purposes described below.
3.1 Performance of Our Duties
We may also process candidates’ or clients’ personal data where necessary for the performance of our legal duties or the performance of our contractual obligation towards our clients. In such a case, we limit the processing of your personal data to the extent strictly necessary.
(a) Legal obligation
A.SPIRE may process your personal data in order to respond to queries from regulatory or law enforcement agencies where we are required to do so.
3.2 Legitimate Interests of A.SPIRE
When not strictly necessary for any of the above-mentioned purposes A.SPIRE may also process your personal data for other reasons including the achievement and the realisation of its legitimate interests. In such cases, however, A.SPIRE will always strive to maintain a fair balance between the need to process your data and the protection of your privacy. Whenever this is the case, A.SPIRE will keep you informed regarding the type of legitimate interest we are pursuing and will provide you with transparent information about the processing operations and your rights.
In particular, we may process your personal data for the following reasons:
- To evaluate and improve our Website;
- To evaluate the usage of our Website;
- For any direct e-mailing related to our activities as an association, events, news and industry updates, competitions, reports or other info (subject to a specific opt-in where needed and optout);
- To notify members about future opportunities beyond the specific reason for which they have joined, contacted us or beyond a specific mission;
- To maintain our relationship, whether you are a public website visitor or member, including by sending you occasional updates or general information about A.SPIRE.
3.3 Your Consent
4. With whom and How Do We Share Your Data?
4.1 Law Enforcement and Public Authorities
Where required by a public authority or a law enforcement agency, we may share your personal data in accordance with applicable law and only to the extent necessary.
More specifically, we use the services of the following processors in particular:
- Business development providers;
- Service providers for the distribution of newsletters, bulletins, event promotion or the execution of surveys;
- IT service providers for the provision of hardware and software as well as for the implementation of maintenance work.
Data is disclosed to processors on the basis of Article 28(1) of the GDPR or, alternatively, on the basis of our legitimate interests in the economic and technical advantages associated with the use of specialised processors and on the basis of circumstances in which your rights and interests in the protection of your personal data are not overridden (see point (f) of Article 6(1) of the GDPR).
5. What Are Your Rights?
5.1 Access, Rectification, Erasure, Portability and Objection Rights
- The right to ask us to provide you with copies of personal data held about you at any time, which includes the right to inquire : whether we process your personal data, for what purposes; the categories of data; the recipients to whom the data are shared;
- The right to ask us to update or correct any out-of-date or incorrect personal data that we hold about you;
- The right to withdraw your consent where such consent has been given;
- The right to erasure within the limits afforded by data protection legislation;
- The right to oppose the processing of your personal data, within the limits afforded by data protection legislation;
- The right to data portability within the limits afforded by data protection legislation.
5.2 How Can You Exercise Your Rights?
You may at any time exercise the abovementioned rights in accordance with data protection regulations, by sending a request with a copy of your ID card (passport or other proof of identity) to firstname.lastname@example.org by writing us at rue Belliard 40, bte 21 – 1040 Brussels, Belgium and subject to complying with our reasonable requests to verify your identity.
5.3 Right to Lodge a Complaint
You may also lodge a complaint with the Belgian Data Protection Authority either by post at Rue de la Presse 35, 1000 Brussels, or by e-mail at email@example.com or by phone at +32 2 274 48 00 or firstline assistance at +32 2 274 48 78.
6. How Long Do We Keep Your Personal Data?
We will not store your personal data beyond the time necessary for the performance of the purposes for which the data is processed. Specifically, we distinguish between a retention period and an archiving period:
- The retention period is the maximum period of use of your personal data for specific purposes:
- The data processed for the execution of the contractual relationship or the performance of a legal duty is kept for the entire duration of the contract, or as long as the legal duty applies, and for the prescription period upon termination of the contract or of the legal obligation;
- The data processed for other purposes may be retained for a longer period during which we will reassess the need to keep this data and pseudonymize the data where it does not affect the realisation of the purposes.
- The archiving period meets our legal obligation as well as the legal need to retain your data beyond the retention period for evidentiary purposes or to respond to requests for information from the competent authorities.
7. How Do We Protect Your Personal Data?
We take appropriate technical and organisational measures to safeguard and protect your personal data against unauthorised or unlawful processing and against accidental destruction, loss, access, misuse, damage and any other unlawful forms of processing of personal data in our possession.
9. How Can You Contact Us?