Scope of this policy
UNESDA, Rue du Trône 14-16, 1000 Brussels, Belgium, registered under number 0450702679 (hereinafter referred to as “Unesda” or “we”) collects and processes certain information about individuals.
These individuals, also knowns as “data subjects” can include members, suppliers, business contacts, participants to events, employees and other people the association has a relationship with or may need to contact.
Unesda is committed to handle personal data in compliance with applicable data protection laws, including as of 25 May 2018, the General Data Protection Regulation (“GDPR”). In particular, Unesda commits to only collect and process personal data that is: processed fairly, in a transparent way and based on valid legal grounds; obtained for specific lawful purposes; adequate, relevant and not excessive; accurate and kept up to date; not held for longer than necessary; protected in appropriate ways and not transferred outside of the European Economic Area, unless adequate protective measures are in place.
Unesda is also committed to protect all personal data it processes and has to that end deployed adequate organisational and technical measures, including encryption and data classification, to prevent data breaches.
What personal data do we collect?
Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identify of that natural person.
Unesda may collect the following categories of personal data to the extent necessary to achieve the purposes outlined in this policy:
Identification data, such as first name, name, pictures, IP address, cookies, photographs;
Contact data, such as email address, telephone number, postal address;
Personal information, such as age, date of birth, gender, marital status, citizenship;
Financial data, such as bank account details;
Education and profession and employment data, such as university, specialisation, function, past employers;
In some circumstances, we also collect and process special categories of data, such as health data, memberships or political affiliation.
In most instances, we collect personal data directly from the data subjects, but we may sometimes obtain personal data from third parties (such as the data subject’s employer or from a public authority).
Why we process personal data and on what basis?
When Unesda processes personal data of its staff, it does so for the purposes of managing and administering, monitoring and supervising its personnel, based on legal obligations under the Belgian Law on Employment Contracts of 3 July 1978 and/or on the necessity to perform its obligations as employer under the employment contracts signed with its employees or under the consultancy contracts signed with its consultants.
Unesda also processes personal data of candidates who apply for job positions at Unesda for the purpose of recruitment activities, based either on the candidates’ consent or on the necessity to conclude a contract with candidates that have been selected.
Unesda also has a legitimate interest in the processing of personal data to the extent strictly necessary for the purposes of ensuring network and information security.
As part of its general mission, Unesda processes personal data for the following purposes:
- For general membership administration: Unesda has legitimate interests in the processing of personal data of the contact persons at Unesda’s members for the purpose of administering the membership and collecting membership fees. Unesda is also bound by Belgian Company Law obligations with respect to the organisation of general assemblies and board of directors meetings.
- For contract management purposes: Unesda has legitimate interests in the processing of personal data of representatives and contact persons of entities and associations with which Unesda contracts (e.g. with respect to consortium agreements, services agreements, consultancy agreements, research agreements, procurement agreements).
- For public relations purposes: Unesda processes contact details of Members of Parliament, Officials from the European Commission and from EU Member States, Academics, professors and lobbyists in European affairs for the purposes of carrying out its advocacy activities.
- For organising events and conferences: Unesda processes identification details of individuals who register online to participate to events and conferences organised by Unesda for the purpose of managing the registration and participation to such events based on the necessity for Unesda to meet its obligations as organiser of the events under the general terms and conditions that are expressly accepted by the individuals and/or based on consent for certain personal data.
- For websites administration purposes: Unesda processes identification data from individuals who register themselves on the Unesda websites and give their express consent to receive newsletters or information from Unesda or to participate to Unesda’s blog.
How long do we keep personal data?
Unesda will only keep personal data for the time that is strictly necessary to achieve the purpose(s) for which they were collected, e.g. for the duration of a contractual relationship or of a project, and for a period of time thereafter if so required by applicable law or if in the primary interests of the data subjects.
Do we transfer personal data?
Unesda does not transfer personal data outside of the European Economic Area (EEA), unless adequate protective measures are in place.
What are your rights as data subjects and how to exercise them?
As data subject, you have the following rights with respect to personal data we hold about you, subject to applicable legal restrictions:
- Right of access to your personal data;
- Right to rectification of incorrect or incomplete personal data;
- Right to erasure of your personal data;
- Right to restriction of processing of your personal data;
- Right to data portability, i.e., the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and to transmit those data to another controller;
- Right to object to all or part of the processing, when legally allowed;
- Right not to be subject to automated individual decision-making, including profiling within the limits set out by the law;
- Right to withdraw consent at any time when we process your personal data based on your consent;
- Right to lodge a complaint with a supervisory authority in the EU.
If you wish to exercise any of these rights or if you are not satisfied about how we protect your privacy, you should address your request by email together with a copy of your ID (which we will only use to verify your identity), to Unesda, as data controller at the following address: firstname.lastname@example.org.
Individuals will not be charged for subject access requests, except if the requests are manifestly unfounded or excessive (e.g. repetitive). In such case, Unesda may charge a reasonable fee or refuse to act on the request.
Unesda will aim at responding to data subject requests without undue delay and in any event within 1 month of receipt of the request.