BSEF Privacy Notice
The Bromine Science and Environmental Forum AISBL (“We“, “us”, “our” ), is committed to complying with EU Privacy Law. This privacy notice describes how We, as a controller of Personal Data, Process the personal information of certain categories of Data Subjects that are not associated to us.
In carrying out our activities, We process Personal Data relating to consultants, contractors, suppliers, individuals registering for our publications and/or attending events and conferences, officials of the European institutions and EU agencies, EU Member State officials, journalists and other stakeholders (“You“) in the policy areas that We are involved in.
1. What Personal Data do We hold about You?
Depending on who You are, We collect different Personal Data from You, for specified purposes and based on a specific legal ground.
|Data Subjects||Types of Personal Data||Purposes of Processing||Method of Collection||Legal grounds|
|EU and national government officials and policy stakeholders, including journalists, industry associations and NGOs involved in the policy areas that the Association is active in||Name, job title, email address, name of the organization, address, phone number, social media accounts||Conducting our advocacy activities in the policy fields We are involved in, including contacting You with regard to projects We are involved in, asking You information about the policy areas We are involved in,||Public websites, business cards, public lists, data mapping,||Legitimate interest – We believe that, as an EU Association active in the field of the bromine industry We have the legitimate interest to conduct our advocacy activities|
|Third party contractors and suppliers||Name, job title, email address, name of the organization, bank account details, phone number, social media accounts||Preparing, executing and terminating a contract We have with You||Contracts, invoices, quotes,||Performance of a contract|
|Individuals attending conferences, and events||Name, job title, email address, organisation you work in, your social media accounts, your area of expertise, your interests, address||To send You follow-up emails with regard to the events We both attended, to contact You with regard to your areas of interest, to invite You for events, send You regulatory and policy updates||Business cards, email you send us, oral exchanges, public database, events databases||Legitimate interest – We believe that, as an EU Association active in the field of the bromine industry We have the legitimate interest to conduct our advocacy activities|
|Recipients of our newsletter||Name, job title, email address and telephone number, your area of expertise, your interests, address, social media accounts||To inform You about our activities, send You our newsletter, send You our reports, send You regulatory and policy updates,||Subscription page on our website||Consent|
|Public website, oral exchanges during events We both attended, business cards,||Legitimate interest – We believe that, as an EU Association active in the field of bromine industry We have the legitimate interest to conduct our advocacy activities|
2. Change of purpose
We will only use your Personal Data for the purposes for which We collected it, unless We reasonably consider that We need to use it for another reason and that reason is compatible with the original purpose. If We need to use your Personal Data for an unrelated purpose, We will notify You and We will explain the legal basis which allows us to do so.
3. Which third-parties process your Personal Data?
In order to communicate with You, for example to send You our newsletter and reports, We share your Personal Data with MailChimp (https://mailchimp.com/), a third party providing email marketing services. MailChimp is located in the United States. Your Personal Data are transferred to, stored and processed in the United States and may be shared there. We have taken steps with MailChimp to ensure that the transfer of your Personal Data to MailChimp complies with EU Privacy Law. MailChimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. We have also signed a Data Processing Agreement incorporating Standard Contractual Clauses with MailChimp. If You would like to receive a copy of the agreement, You can contact us at email@example.com
We do not use other third-parties to process your Personal Data or otherwise transfer Personal Data outside of the EEA and/or disclose your Personal Data to other recipients than those identified in this notice. If we were to do so, We will comply with EU Privacy Law.
4. Data security
Your Personal Data are treated as confidential.
We never pass on your contact details to third-parties for commercial purposes.
In order to safeguard your Personal Data from unauthorized access, collection use, disclosure copying, modification, disposal or similar risks, We have put in place appropriate administrative, physical and technical measures. We update and test our security technology on an ongoing basis. We restrict access to your Personal Data to those employees and staff who need to know that information to provide benefits or services to You. In addition, We train our staff about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our staff’ privacy responsibilities.
5. How long will We retain your Personal Data?
We store your Personal Data as long as You don’t withdraw your consent or don’t object to the Processing.
We undertake, absent of any Processing activities within a period of [24 months], to delete the Personal Data We hold on You. However, We may retain your Personal Data under EU or national laws. We may retain electronic copies of files containing Personal Data created pursuant to automatic archiving or back-up procedures which cannot reasonably be deleted. In these cases, We shall ensure that the Personal Data are not further actively processed.
6. Your rights in connection with Personal Data
Under certain circumstances, under EU Privacy Law, You have the right to:
- Request access to your Personal Data. This enables You to receive a copy of the Personal Data We hold about You and to check that We are lawfully Processing it.
- Request correction of the Personal Data that We hold about You. This enables You to have any incomplete or inaccurate information We hold about You corrected.
- Request erasure of your Personal Data. This enables You to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where You have exercised your right to object to Processing (see below).
- Request the restriction of Processing of your Personal Data. This enables You to ask us to suspend the Processing of Personal Data about You, for example if You want us to establish its accuracy or the reason for Processing it.
- Request the transfer of your Personal Data to another party (right to data portability).
To exercise your rights as Data Subject, make queries or complaints, please contact firstname.lastname@example.org
When You provided your consent to the collection, Processing and transfer of your Personal Data for a specific purpose, You have the right to withdraw your consent for that specific Processing at any time.
When We process your Personal Data based on our legitimate interest (or those of a third party), You have the right to object to such Processing. To withdraw your consent or object to the Processing, please contact email@example.com
If You are dissatisfied with any aspect of our handling of your Personal Data, You have the right to make a complaint at any time to the relevant Supervisory Authority.
7. Changes to notice
We may revise this privacy notice from time to time and any revisions will be made available to You via our website.
8.Our contact details
BSEF AISBL Avenue Edmond Van Nieuwenhuyse 4,
1160 Auderghem, Brussels (E: firstname.lastname@example.org, T: +32 2 792 7550)
“EU Privacy Law” means the General Data Protection Regulation 2016/679 (“GDPR“) and the Belgian national privacy laws, as amended from time to time.
“Data Subject” means an identified or identifiable individual.
“Personal Data” means any information relating to an identified or identifiable natural person.
“Processing” means any operation performed on Personal Data, manually or by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Supervisory Authority” means the Belgian Data Protection Authority or the relevant data protection authority of the data subjects’ habitual residence or place of work.