Privacy Policy
WHY A CHARTER
ON THE PROTECTION OF YOUR PERSONAL DATA?
The non-profit association FEBIAC (hereinafter
‘FEBIAC’ or ‘we’) considers your privacy to be a priority. So we undertake to
treat the personal data of our customers, potential customers and online users
(hereinafter ‘you’) with the greatest care and to provide the best possible
protection for such data in accordance with Regulation (EU) 2016/679 of 27
April 2016 on the protection of natural persons with regard to the processing of
personal data and on the free movement of such data (hereinafter ‘GDPR’) and
the law of 8 December 1992 on the protection of privacy as regards the
processing of personal data (hereinafter the ‘Belgian law’).
This charter provides information about:
- the personal data that we collect about you
and why we do so;
- the terms of use of your personal data;
- your rights as regards your personal data and
the ways in which you can exercise them.
Most recently modified on: 04.06.2018.
Explanatory
glossary of the main legal terms used in this Charter:
Terms that are often used in this Charter
|
Definitions provided by the GDPR (General
Data Protection Regulation)
|
Explanation of the terms in standard
language
|
Data of a personal nature (hereinafter
‘personal data’)
|
Any information relating to an identified
or identifiable natural person (hereinafter ‘the data subject’); an
identifiable natural person is one who can be identified, directly or
indirectly, in particular by reference to an identifier such as a name, an identification
number, location data, an online identifier or one or more factors specific
to the physical, physiological, genetic, mental, economic, cultural or social
identity of that natural person.
|
All sorts of information relating to a
natural person, that is an individual, who can be identified as a person,
directly or indirectly who can be distinguished from other people.
Examples: a name, a photo, a fingerprint, an e-mail address, a telephone
number, a social security number, an IP address, a voice mail, your browsing
data on a website, data relating to an online purchase, etc.
|
Data protection officer
|
/
|
The data protection officer (DPO) is the
person in the company responsible for ensuring compliance with the GDPR and
the applicable national laws as well as our guidelines and practices
concerning the management of your personal data. He is also responsible for
cooperation with the supervisory authorities. The DPO is your first point of
contact for any questions about your personal data.
|
Processing
|
An operation or set of operations which is
performed on personal data or sets of personal data, whether or not by
automated means, such as collection, recording, organisation, structuring,
storage, adaptation or alteration, retrieval, consultation, use, disclosure
by transmission, dissemination or otherwise making available, alignment or
combination, restriction, erasure or destruction.
|
Any use of personal data, regardless of the
procedure involved (recording, organisation, storage, adaptation, alignment
with other data, transmission, etc. of personal data).
Example: the use of your data to manage an order, a delivery, send a
newsletter, etc.
|
Controller
|
The natural or legal person, public
authority, agency or other body which, alone or jointly with others, determines
the purposes and means of the processing of personal data.
|
The person, public authority, company or
body which manages your data and determines how they are used. He/She decides
whether to start or discontinue processing and determines why your data will
be processed and to whom they will be transferred. He/she is the main party
responsible for ensuring the protection of your data.
|
Processor
|
The natural or legal person, public
authority, agency or other body which processes personal data on behalf of
the controller.
|
Any natural or legal person that performs
processing tasks following the instructions and under the responsibility of
the controller.
|
Explanatory
glossary of the other terms used in this Charter:
Customer
|
A natural person (acting in the capacity of
consumer or professional) with whom we already maintained a contractual
relationship (in particular obtaining tickets to trade fairs of events).
|
Potential customer
|
A natural person (acting in the capacity of
consumer or professional) who may be interested in concluding a service
provision contract with us (in particular obtaining tickets to trade fairs or
events).
|
Partner
|
Any natural or legal persons who may
intervene with a view to helping to organise or facilitate our activity in
the context of the organisation of the various services.
|
User
|
A natural person (acting in the capacity of
consumer) with whom we already maintained a contractual relationship (especially user of applications)
|
1. Who is
responsible for the use of your data in the context of your relationship with
our services?
1.1.
CONTROLLER
The Controller for your personal data is the
non-profit association FEBIAC, with its registered office at 1200 Brussels,
Woluwelaan 46, box 6, listed in the KBO/CBE (central business database) under
No 0407.693.572. Any question or request concerning the processing of your data
can be sent to the following e-mail address: dataprivacy@febiac.be.
2. Why do we
collect your personal data and on what bases?
We collect personal data about you for various
reasons.
FEBIAC collects and uses your personal data to be
able to work efficiently and offer you the best possible experience with its
services.
Moreover, you should know that we can only collect
and use your personal data if this use is based on one of the legal grounds
defined by the GDPR (e.g. your consent or the performance of a contract
concluded with you).
The table below lists more specifically the
purposes for which FEBIAC uses your personal data and the corresponding legal
basis.
Purposes for which your personal data are
collected
|
Legal basis for the processing of your
personal data
|
(1) Customer Relationship Management
|
The legitimate interest of FEBIAC to
process the personal data of its customers in order to promote the
performance of their contractual services (in particular in the context of
the issuing of tickets to trade fairs or events) and the performance of the contract
in question (Article 6.1.f and b of the GDPR).
|
(2) Marketing and statistical studies
with regard to our customers and potential customers, in particular:
– sending newsletters about the various trade fairs organised by
FEBIAC;
– sending invitations to trade fairs and/or events (opening evenings,
gala evenings, ‘Marketing Managers Meeting’, etc.); and
– sending requests to take part in satisfaction surveys.
– sending of statistics
to the user of applications developed by Febiac
– General statistics generated
by the usage of the app by the users
|
FEBIAC has a legitimate interest in
processing the personal data of its customers (in particular those obtained
directly in the context of the organisation of a trade fair) to inform them
about future trade fairs and activities that it organises.
In application of Article XII.13(1) of the Economic Code and the Royal
Decree of 4 April 2003, after having obtained prior permission,
FEBIAC processes the personal data of potential customers to inform them of
the trade fairs and activities its organises.
|
(3) Organisation of competitions
The data of participants in a competition are processed by FEBIAC to
ensure that the competition runs smoothly and more specifically to be able to
contact the winners and present them with their prize efficiently and
quickly.
|
The performance of a contract concluded
with you (Article 6.1.b) of the GDPR), in this case, a contract for
participation in a competition
|
(4) The sale and distribution of tickets
for trade fairs and events, both on line and over the counter
|
The performance of a contract concluded
with you (Article 6.1.b) of the GDPR), in this case a contract for the
purchase and use of the ticket or tickets for the trade fair or fairs or for
the event or events
|
(6) After-sales service
|
The performance of a contract concluded
with you (Article 6.1.b) of the GDPR), in this case a contract for the
purchase and use of the ticket or tickets for the trade fair or fairs or for
the event or events
|
3. What data
do we collect about you?
Below we give details of the personal data that we
collect about you, the reason why they are collected, the way in which they are
collected (data provided directly by you, information collected with your
consent or data collected by our IT systems).
Purpose of the collection
|
Personal data collected
|
Direct or indirect collection of your
personal data
|
(1) Customer Relationship Management
|
Personal
identification data (surname, first name, postal address, e-mail address,
telephone number, language, sex)
Data
relating to the purchase of admission ticket(s).
|
In the context of this purpose, the data
are collected directly from you.
|
(2) Marketing and statistical studies
|
Personal
identification data (surname, first name, postal address, e-mail
address, telephone number)
Electronic
identification data (IP address, cookies, connection log)
Demographic
characteristics, sex, year of birth, country, language)
Data
relating to the purchase of admission ticket(s).
For users of our applications, data
related to their vehicle and related to their journeys.
|
As part of this purpose, the data are
collected directly from you or indirectly via a third party to whom you have
given consent to pass on your data to FEBIAC.
|
(3) Organising competitions
|
Personal
identification data (surname, first name, postal address, e-mail
address, telephone number, year of birth)
|
In the context of this purpose, the data
are collected directly from you.
|
(4) The marketing and distribution of
tickets for the trade fair or fairs and event or events on line and over the
counter
|
Personal
identification data (surname, first name, company name, VAT number if
applicable, postal address, e-mail address, telephone number)
|
In the context of this purpose, the data
are collected directly from you.
|
4. With whom
do we share your personal data?
In the context of our activities, we may share your
personal data. It goes without saying that should this be the case, we will
ensure optimal protection of your personal data.
4.1. SHARING
YOUR PERSONAL DATA WITH OUR SERVICE PROVIDERS, PARTNERS AND/OR SUBCONTRACTORS
Our service providers, partners and/or
subcontractors can access your personal data for the processing operations they
perform. Below you will find the list of subcontractors with whom we share your
data, their location and the reason why we share the information in question
with them.
Service providers, partners and/or
subcontractors that are involved in the sharing of your personal data
|
Location of service providers, partners
and/or subcontractors
|
Reason for sharing your personal data
|
Brussels Expo
|
Belgium
|
The
marketing and distribution of tickets for trade fairs and events, on
line and over the counter
|
Mailjet
|
France
|
Marketing
and statistical studies, namely:
– sending newsletters on the various FEBIAC exhibitions;
– sending invitations to exhibitions and/or events (opening evenings,
gala evenings, marketing managers meetings, etc.); and
– sending requests to take part in satisfaction surveys.
|
Amazon Web Services (AWS)
|
Ireland/Germany
|
Hosting locations for trade fairs and/or
events.
|
MV Studio
|
Belgium
|
Development and management of online media
(websites, newsletters and social media management)
|
EASI
|
Belgium
|
Infrastructure and systems maintenance
|
Business & Decision
|
Belgium
|
Application maintenance
|
Our exhibitors
|
Europe
|
The sale and distribution of tickets for
trade fairs and events.
In the fairs or events we organize, we allow our exhibitors to send
you entrance tickets. In this context, we can communicate to the exhibitor
who invited you your personal data when you participated in the fairs or
events.
|
datashift
|
Belgium
|
Infrastructure and systems development and maintenance
|
Motion-S
|
Luxemburg
|
Data processing and augmentation
|
4.2. WITH
GOVERNMENT BODIES, IN RESPONSE TO LEGAL REQUESTS, INCLUDING REQUIREMENTS
REGARDING NATIONAL SECURITY OR THE APPLICATION OF THE LAW.
4.3. IN THE
CONTEXT OF A TRANSACTION, SUCH AS A MERGER, A TAKEOVER, A CONSOLIDATION OR A
SALE OF ASSETS, IT MAY BE THAT WE HAVE TO SHARE YOUR PERSONAL DATA WITH THE
BUYERS OR SELLERS.
4 bis Do we
capitalise on your personal data?
We do not share your data with commercial partners
who may want to offer you products or services.
5. How long
do we keep your personal data?
FEBIAC has laid down precise rules on the storage
period for your personal data. This period varies depending on the respective
objectives and has to take account of any legal obligations to keep some of
your data.
Reason for the collection
|
Categories of personal data collected
|
Storage period
|
(1) Customer Relationship Management
|
Personal
identification data (surname, first name, postal address, e-mail
address, telephone number, language, sex)
|
The expiry date is ten years after the end
of the contract.
|
(2) Marketing and statistical studies
|
Personal
identification data (surname, first name, postal address, e-mail
address, telephone number)
Electronic
identification data (IP address, cookies, connection log)
Demographic
characteristics, sex, year of birth, country, language)
Hobbies
and interests
For users of our applications, data
related to their vehicle and related to their journeys.
|
The expiry date is three years from the
last action / reaction of the data subject.
|
(3) Organising competitions
|
Personal
identification data (surname, first name, postal address, e-mail
address, telephone number)
|
The expiry date is ten years after the end
of the competition.
|
(4) The marketing and distribution of
admission ticket for trade fairs and events on line and over the counter.
|
Personal
identification data (surname, first name, postal address, e-mail
address, telephone number)
|
The expiry date is ten years after the end
of the contract
|
6. What
rights do you have as regard your personal data and how can you exercise these
rights?
We aim to inform you as clearly as we can about
your rights with regard to your personal data. And we aim to ensure that you
can easily exercise these rights.
Please find below a summary of your rights and a
description of the way in which you can exercise them.
- Right of access
You can ask us to grant you access to all the
following information with regard to:
- the categories of personal data that we
collect about you;
- the reasons why we use these data;
- the categories of people with whom we share or
will share your personal data and in particular those who are located
outside Europe;
- the periods for which your personal data will
be kept in our systems;
- your right to ask us to correct or delete your
personal data or to limit the use that we make of your personal data and
your right to object to this use;
- your right to lodge a complaint with a
European data protection body;
- information about the source, when we have not
collected your personal data directly from you;
- the way in which your personal data are
protected when they are transferred to countries outside Europe.
How can you exercise your right to access?
For this, you simply have to contact us by e-mail
at dataprivacy@febiac.be, indicating “right to access: personal data” in the subject line and
attaching a copy of the verso of your identity card and a brief description of
the data you wish to access. Unless you indicate otherwise, you will receive
the requested data free of charge in an electronic format within one month of
receipt of the request and within two months if in-depth research has to be
carried out to meet the request.
If you are unable to consult your data by e-mail,
you can also send us your request by post to the address below:
Woluwelaan 46, box 6, 1200 Brussels. Written
requests must be signed and accompanied by a copy of the verso of your identity
card. The request must specify the address to which the reply must be sent. In
that case, a reply will be sent to you within one month of receipt of the request
and within two months if in-depth research has to be carried out to meet the
request or if FEBIAC receives an excessively large number of requests.
- Right of correction
You can ask FEBIAC to correct and/or update
your personal data.
How can you exercise your right to have data
corrected?
For this, you simply have to send an e-mail
to dataprivacy@febiac.be giving your surname and first name, indicating “right to
correction: personal data” in the subject line and attaching a copy of the
verso of your identity card.
Do not forget to give the reason for your e-mail in
the text itself: the correction of inaccurate data and the information to be
corrected, with proof of the correct information if necessary, if you have
this.
You can also exercise this right by sending a
letter to the following address: Woluwelaan 46, box 6, 1200 Brussels. Your
written request must be signed and accompanied by a copy of the verso of your
identity card. The request must specify the address to which the reply must be
sent. In that case, a reply will be sent to you within one month of receipt of
the request and within two months if in-depth research has to be carried out to
meet the request or if FEBIAC receives an excessively large number of
requests.
- The right to have data deleted
If you find yourself in one of the following
situations, you can contact us at any time to ask us to delete the
personal data that we process concerning you:
- Your personal data are no longer necessary for
the reasons for which they were collected or processed in a different way;
- You have withdrawn the consent on which the
processing of your personal data by FEBIAC is based;
- Because you believe, for a specific reason,
that further processing would adversely affect your privacy and could
cause excessive damage;
- You no longer wish to receive commercial
offers from us;
- Your personal data are not processed in
accordance with the GDPR and the Belgian law;
- Your personal data have to be deleted to
fulfil a legal obligation laid down in the law of the European Union or
the national law to which FEBIAC is subject;
- Your personal data were collected in the
context of an offer from a website directed at children.
How can you exercise your right to have data deleted?
For this, you simply have to send an e-mail
to dataprivacy@febiac.be giving your surname and first name, indicating “right to have data
deleted” in the subject line and attaching a copy of the verso of your identity
card. Do not forget to give the reason for your e-mail in the text itself (e.g.
the deletion of your data when you have withdrawn your consent (on which the
processing is based)).
You can also exercise this right by sending a
letter to the following address: Woluwelaan 46, box 6, 1200 Brussels. Your
written request must be signed and accompanied by a copy of the verso of your
identity card. The request must specify the address to which the reply must be
sent. In that case, a reply will be sent to you within one month of receipt of
the request and within two months if in-depth research has to be carried out to
meet the request or if FEBIAC receives an excessively large number of
requests.
However, we may be unable to respond to your
request to exercise your right to be forgotten. It is important to remember
that this right is not absolute. We have to ensure that this right is balanced
against other important rights and values, such as freedom of expression,
compliance with a legal requirement to which we are subject or important
reasons of public interest.
- The right to be forgotten
Our website may contain personal data that
concern you. If you do not wish these data to appear on the website, you
can ask us to remove them if you are in one of the following situations:
- Your personal data are no longer necessary for
the reasons for which they were collected or processed in a different way;
- You have withdrawn the consent on which the
processing of your personal data by FEBIAC is based;
- Because you believe, for a specific reason,
that further processing would adversely affect your privacy and could
cause excessive damage;
- You no longer wish to receive commercial
offers from us;
- Your personal data are not processed in
accordance with the GDPR and the Belgian law;
- Your personal data have to be deleted to
fulfil a legal obligation laid down in the law of the European Union or
the national law to which FEBIAC is subject;
- Your personal data were collected in the
context of an offer from a website directed at children.
Furthermore, we are also obliged to take reasonable
measures to inform the other companies (data controllers) which process the
personal data for which you have submitted the request to delete any reference
or any copy.
How can you exercise your right to be forgotten?
To have certain information concerning you removed
from our website, you simply have to send an e-mail to dataprivacy@febiac.be, giving your surname and first name, indicating “right to be forgotten:
personal data” in the subject line and attaching a copy of the verso of your
identity card. Do not forget to give the reason for your request in the text of
your e-mail, for example a brief explanation, and the precise address (URL) of
the page in question.
You can also exercise this right by sending a
letter to the following address: Woluwelaan 46, box 6, 1200 Brussels. Your
written request must be signed and accompanied by a copy of the verso of your
identity card. The request must specify the address to which the reply must be
sent. In that case, a reply will be sent to you within one month of receipt of
the request and within two months if in-depth research has to be carried out to
meet the request or if FEBIAC receives an excessively large number of
requests.
However, we may be unable to respond to your
request to exercise your right to be forgotten. It is important to remember
that this right is not absolute. We have to ensure that this right is balanced
against other important rights and values, such as freedom of expression,
compliance with a legal requirement to which we are subject or important
reasons of public interest.
- The right to object
- You can object to the use of your personal
data for the following purposes: commercial requests, and more
specifically advertisements.
- You have the right to object to our processing
of your personal data because you believe, for a specific reason, that
further processing would adversely affect your privacy and could cause
excessive damage.
You cannot, under any circumstances, prevent us
from processing your data:
- if the processing is necessary to conclude or
fulfil your contract;
- if the processing is required by a law or
legal provision. This is the case in particular when you move to a different
commune;
- if the processing is necessary to be able to
establish, exercise or assert your rights before the courts.
How can you exercise your right to object?
For this, you simply have to send an e-mail
to dataprivacy@febiac.be giving your surname and first name, indicating “right to object:
personal data” in the subject line and attaching a copy of the verso of your
identity card.
It is important to indicate the reasons for your
request to object.
You can also exercise this right by sending a
letter to the following address: Woluwelaan 46, box 6, 1200 Brussels. Your
written request must be signed and accompanied by a copy of the verso of your
identity card. The request must specify the address to which the reply must be
sent.
You can also exercise this right by sending a
letter to the following address: Woluwelaan 46, box 6, 1200 Brussels. Your
written request must be signed and accompanied by a copy of your identity card.
The request must specify the address to which the reply must be sent. In that
case, a reply will be sent to you within one month of receipt of the request
and within two months if in-depth research has to be carried out to meet the
request or if FEBIAC receives an excessively large number of requests.
However, we may not be able to respond to your
request. In that case, we will of course reply to you as clearly as possible.
In addition, any e-mails or information letters that may be sent to you will
include a link which you can click so that you no longer receive any
promotional information from us.
- The right to the transferability of data
This right offers you the possibility of
controlling your personal data more easily yourself and more specifically:
- retrieving your personal data processed by us
for your personal use and for example storing them on a device or in a
personal cloud;
- transferring your personal data from us to
another company, either doing this yourself or having it done directly by
us, on condition that such a transfer is ‘technically possible’.
This right relates to data provided actively and
knowingly to create your online account (e.g. e-mail address, username, age),
and data collected by FEBIAC.
Conversely, the personal data derived, calculated
or put together from the information provided by you, such as the result of an
assessment of your health, are excluded from the right of transferability of
data because they were created by FEBIAC.
How can you exercise your right to the
transferability of data?
For this, you simply have to send an e-mail
to dataprivacy@febiac.be, giving your surname and first name, indicating “right to the
transferability of data: personal data” in the subject line and attaching a
copy of the verso of your identity card. Do not forget to specify the
respective files and the type of request (return of data and/or transfer to a
new service provider) in your e-mail.
You can also exercise this right by sending a
letter to the following address: Woluwelaan 46, box 6, 1200 Brussels.
Your written request must be signed and accompanied by a copy of the verso of
your identity card. The request must specify the address to which the reply
must be sent. In that case, a reply will be sent to you within one month of
receipt of the request and within two months if in-depth research has to be
carried out to meet the request or if FEBIAC receives an excessively large
number of requests.
However, you should know that FEBIAC has the right
to refuse your request for the transferability of data. This right only applies
to personal data that were collected on the basis of your consent or the
performance of a contract concluded with you. (To find out more specifically
about the personal data that may be the subject of the right to the
transferability of data, click on the purposes and bases section). Moreover,
this right may infringe the rights and freedoms of third parties, whose data
may form part of the data which would be transferred further to the request for
transferability.
- The right to limit processing
You have the right to ask us to limit your
data, that is to say the marking (for example, a temporary move of your
data to another processing system or a lock of your data making them
inaccessible) of your personal registered data, in order to limit future
processing.
You can call upon this right when:
- the accuracy of the data in question is
disputed;
- your personal data is not processed in
accordance with the GDPR and Belgian law;
- the data is no longer necessary to achieve the
original purposes but cannot yet be removed for legal reasons (in
particular for the ascertainment, the execution or defense of your rights
in court);
- the decision regarding your request is in
progress.
In case of processing limitations, your personal
data will no longer be subject to any treatment without your prior consent,
with the exception of their storage.
Your personal data may nevertheless still be
processed for the purpose of ascertaining, exercising or defending legal
rights, or for the protection of the rights of another legal or natural person,
or for important reasons of public interest in the Union or the Member State.
In case of limitation of the treatment of some of
your personal data, we will keep you informed about the timing when the
measures will be lifted.
How to call upon your limitation right?
In order to do this, simply send us an email
to dataprivacy@febiac.be, indicating your last name, first name and subject “right to
limitation: personal data” as well as a copy of your identity card. Don’t
forget to mention the reason why, in the body of your email.
You can also exercise this right by sending us your
request by postal mail at the following address:
Woluwelaan 46, box 6
1200 Brussels
Belgium
Your written request must be signed and accompanied
by a copy of the recto of your identity card. The request must specify the
address to which the answer must be sent. A response will be sent to you within
1 month after we received your postal mail, or 2 months in case of in-depth
analysis and research or, if FEBIAC receives too many important requests.
7. Are your
personal data transferred abroad?
Data transfer within Europe
Some data are transferred to France for the purpose of certain processing
operations (see point 4.1).
Within the European Economic Area (hover over: 28
EU members states, Iceland, Norway, Liechtenstein) personal data will benefit
from the same level of protection.
Data transfer outside Europe
We do not transfer any of your personal data to a location outside Europe. All
our servers are located in the EEA.
8. Would you
like to contact us about this Charter on the protection of your personal data
and/or would you like to lodge a complaint with a data protection authority?
Do you have a question or a suggestion about this
Charter on the protection of your personal data?
If so, do not hesitate to pass this on to us by
contacting us here (dataprivacy@febiac.be) or sending a letter to: Woluwelaan 46, box 6, 1200 Brussels.
We will be pleased to read your message or letter
and reply as soon as possible.
Do you think we do not protect your personal data
sufficiently?
If you think FEBIAC does not process your personal
data in accordance with the GDPR and the Belgian law, you have the right to
lodge a complaint with:
- the data protection authority of the European
country in which you are usually resident; or
- the data protection authority of the European country
in which you work; or
- the data protection authority of the European
country in which the infringement of the GDPR was committed.
(depending whether the data controller is FR or BE)
Lodging a complaint with the Belgian data protection authority.
Privacy Commission
Drukpersstraat 35, 1000 Brussels
Lodging a complaint with another European data
protection authority.
Please consult the list here to lodge a complaint
with another data protection authority.
9. How can
you find out whether this Charter on the protection of your personal data has
been modified?
This Charter on the protection of your personal
data may be modified at any time, in particular to take account of any legal or
statutory changes and the development of our services.
Any major changes that may be made will be
announced via our website or by e-mail, as far as possible at least thirty days
before they come into force.
When we publish modifications to this Charter, we
will adapt the date of the “most recent update” at the top of the
confidentiality policy and describe the modifications on the page entitled
“History of the modifications”.
We advise you to consult this Charter regularly to
find out how FEBIAC protects your personal data.