Privacy Policy

WHY A CHARTER ON THE PROTECTION OF YOUR PERSONAL DATA?

The non-profit association FEBIAC (hereinafter ‘FEBIAC’ or ‘we’) considers your privacy to be a priority. So we undertake to treat the personal data of our customers, potential customers and online users (hereinafter ‘you’) with the greatest care and to provide the best possible protection for such data in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter ‘GDPR’) and the law of 8 December 1992 on the protection of privacy as regards the processing of personal data (hereinafter the ‘Belgian law’).

This charter provides information about:

the personal data that we collect about you and why we do so;
the terms of use of your personal data;
your rights as regards your personal data and the ways in which you can exercise them.

Most recently modified on: 04.06.2018.

Explanatory glossary of the main legal terms used in this Charter:

Terms that are often used in this Charter	Definitions provided by the GDPR (General Data Protection Regulation)	Explanation of the terms in standard language
Data of a personal nature (hereinafter ‘personal data’)	Any information relating to an identified or identifiable natural person (hereinafter ‘the data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.	All sorts of information relating to a natural person, that is an individual, who can be identified as a person, directly or indirectly who can be distinguished from other people. Examples: a name, a photo, a fingerprint, an e-mail address, a telephone number, a social security number, an IP address, a voice mail, your browsing data on a website, data relating to an online purchase, etc.
Data protection officer	/	The data protection officer (DPO) is the person in the company responsible for ensuring compliance with the GDPR and the applicable national laws as well as our guidelines and practices concerning the management of your personal data. He is also responsible for cooperation with the supervisory authorities. The DPO is your first point of contact for any questions about your personal data.
Processing	An operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.	Any use of personal data, regardless of the procedure involved (recording, organisation, storage, adaptation, alignment with other data, transmission, etc. of personal data). Example: the use of your data to manage an order, a delivery, send a newsletter, etc.
Controller	The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.	The person, public authority, company or body which manages your data and determines how they are used. He/She decides whether to start or discontinue processing and determines why your data will be processed and to whom they will be transferred. He/she is the main party responsible for ensuring the protection of your data.
Processor	The natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.	Any natural or legal person that performs processing tasks following the instructions and under the responsibility of the controller.

Explanatory glossary of the other terms used in this Charter:

Customer	A natural person (acting in the capacity of consumer or professional) with whom we already maintained a contractual relationship (in particular obtaining tickets to trade fairs of events).
Potential customer	A natural person (acting in the capacity of consumer or professional) who may be interested in concluding a service provision contract with us (in particular obtaining tickets to trade fairs or events).
Partner	Any natural or legal persons who may intervene with a view to helping to organise or facilitate our activity in the context of the organisation of the various services.
User	A natural person (acting in the capacity of consumer) with whom we already maintained a contractual relationship (especially user of applications)

1. Who is responsible for the use of your data in the context of your relationship with our services?

1.1. CONTROLLER

The Controller for your personal data is the non-profit association FEBIAC, with its registered office at 1200 Brussels, Woluwelaan 46, box 6, listed in the KBO/CBE (central business database) under No 0407.693.572. Any question or request concerning the processing of your data can be sent to the following e-mail address: dataprivacy@febiac.be.

2. Why do we collect your personal data and on what bases?

We collect personal data about you for various reasons.

FEBIAC collects and uses your personal data to be able to work efficiently and offer you the best possible experience with its services.

Moreover, you should know that we can only collect and use your personal data if this use is based on one of the legal grounds defined by the GDPR (e.g. your consent or the performance of a contract concluded with you).

The table below lists more specifically the purposes for which FEBIAC uses your personal data and the corresponding legal basis.

Purposes for which your personal data are collected	Legal basis for the processing of your personal data
(1) Customer Relationship Management	The legitimate interest of FEBIAC to process the personal data of its customers in order to promote the performance of their contractual services (in particular in the context of the issuing of tickets to trade fairs or events) and the performance of the contract in question (Article 6.1.f and b of the GDPR).
(2) Marketing and statistical studies with regard to our customers and potential customers, in particular: – sending newsletters about the various trade fairs organised by FEBIAC; – sending invitations to trade fairs and/or events (opening evenings, gala evenings, ‘Marketing Managers Meeting’, etc.); and – sending requests to take part in satisfaction surveys. – sending of statistics to the user of applications developed by Febiac – General statistics generated by the usage of the app by the users	FEBIAC has a legitimate interest in processing the personal data of its customers (in particular those obtained directly in the context of the organisation of a trade fair) to inform them about future trade fairs and activities that it organises. In application of Article XII.13(1) of the Economic Code and the Royal Decree of 4 April 2003, after having obtained prior permission, FEBIAC processes the personal data of potential customers to inform them of the trade fairs and activities its organises.
(3) Organisation of competitions The data of participants in a competition are processed by FEBIAC to ensure that the competition runs smoothly and more specifically to be able to contact the winners and present them with their prize efficiently and quickly.	The performance of a contract concluded with you (Article 6.1.b) of the GDPR), in this case, a contract for participation in a competition
(4) The sale and distribution of tickets for trade fairs and events, both on line and over the counter	The performance of a contract concluded with you (Article 6.1.b) of the GDPR), in this case a contract for the purchase and use of the ticket or tickets for the trade fair or fairs or for the event or events
(6) After-sales service	The performance of a contract concluded with you (Article 6.1.b) of the GDPR), in this case a contract for the purchase and use of the ticket or tickets for the trade fair or fairs or for the event or events

3. What data do we collect about you?

Below we give details of the personal data that we collect about you, the reason why they are collected, the way in which they are collected (data provided directly by you, information collected with your consent or data collected by our IT systems).

Purpose of the collection	Personal data collected	Direct or indirect collection of your personal data
(1) Customer Relationship Management	Personal identification data (surname, first name, postal address, e-mail address, telephone number, language, sex) Data relating to the purchase of admission ticket(s).	In the context of this purpose, the data are collected directly from you.
(2) Marketing and statistical studies	Personal identification data (surname, first name, postal address, e-mail address, telephone number) Electronic identification data (IP address, cookies, connection log) Demographic characteristics, sex, year of birth, country, language) Data relating to the purchase of admission ticket(s). For users of our applications, data related to their vehicle and related to their journeys.	As part of this purpose, the data are collected directly from you or indirectly via a third party to whom you have given consent to pass on your data to FEBIAC.
(3) Organising competitions	Personal identification data (surname, first name, postal address, e-mail address, telephone number, year of birth)	In the context of this purpose, the data are collected directly from you.
(4) The marketing and distribution of tickets for the trade fair or fairs and event or events on line and over the counter	Personal identification data (surname, first name, company name, VAT number if applicable, postal address, e-mail address, telephone number)	In the context of this purpose, the data are collected directly from you.

4. With whom do we share your personal data?

In the context of our activities, we may share your personal data. It goes without saying that should this be the case, we will ensure optimal protection of your personal data.

4.1. SHARING YOUR PERSONAL DATA WITH OUR SERVICE PROVIDERS, PARTNERS AND/OR SUBCONTRACTORS

Our service providers, partners and/or subcontractors can access your personal data for the processing operations they perform. Below you will find the list of subcontractors with whom we share your data, their location and the reason why we share the information in question with them.

Service providers, partners and/or subcontractors that are involved in the sharing of your personal data	Location of service providers, partners and/or subcontractors	Reason for sharing your personal data
Brussels Expo	Belgium	The marketing and distribution of tickets for trade fairs and events, on line and over the counter
Mailjet	France	Marketing and statistical studies, namely: – sending newsletters on the various FEBIAC exhibitions; – sending invitations to exhibitions and/or events (opening evenings, gala evenings, marketing managers meetings, etc.); and – sending requests to take part in satisfaction surveys.
Amazon Web Services (AWS)	Ireland/Germany	Hosting locations for trade fairs and/or events.
MV Studio	Belgium	Development and management of online media (websites, newsletters and social media management)
EASI	Belgium	Infrastructure and systems maintenance
Business & Decision	Belgium	Application maintenance
Our exhibitors	Europe	The sale and distribution of tickets for trade fairs and events. In the fairs or events we organize, we allow our exhibitors to send you entrance tickets. In this context, we can communicate to the exhibitor who invited you your personal data when you participated in the fairs or events.
datashift	Belgium	Infrastructure and systems development and maintenance
Motion-S	Luxemburg	Data processing and augmentation

4.2. WITH GOVERNMENT BODIES, IN RESPONSE TO LEGAL REQUESTS, INCLUDING REQUIREMENTS REGARDING NATIONAL SECURITY OR THE APPLICATION OF THE LAW.

4.3. IN THE CONTEXT OF A TRANSACTION, SUCH AS A MERGER, A TAKEOVER, A CONSOLIDATION OR A SALE OF ASSETS, IT MAY BE THAT WE HAVE TO SHARE YOUR PERSONAL DATA WITH THE BUYERS OR SELLERS.

4 bis Do we capitalise on your personal data?

We do not share your data with commercial partners who may want to offer you products or services.

5. How long do we keep your personal data?

FEBIAC has laid down precise rules on the storage period for your personal data. This period varies depending on the respective objectives and has to take account of any legal obligations to keep some of your data.

Reason for the collection	Categories of personal data collected	Storage period
(1) Customer Relationship Management	Personal identification data (surname, first name, postal address, e-mail address, telephone number, language, sex)	The expiry date is ten years after the end of the contract.
(2) Marketing and statistical studies	Personal identification data (surname, first name, postal address, e-mail address, telephone number) Electronic identification data (IP address, cookies, connection log) Demographic characteristics, sex, year of birth, country, language) Hobbies and interests For users of our applications, data related to their vehicle and related to their journeys.	The expiry date is three years from the last action / reaction of the data subject.
(3) Organising competitions	Personal identification data (surname, first name, postal address, e-mail address, telephone number)	The expiry date is ten years after the end of the competition.
(4) The marketing and distribution of admission ticket for trade fairs and events on line and over the counter.	Personal identification data (surname, first name, postal address, e-mail address, telephone number)	The expiry date is ten years after the end of the contract

6. What rights do you have as regard your personal data and how can you exercise these rights?

We aim to inform you as clearly as we can about your rights with regard to your personal data. And we aim to ensure that you can easily exercise these rights.

Please find below a summary of your rights and a description of the way in which you can exercise them.

Right of access
You can ask us to grant you access to all the following information with regard to:

the categories of personal data that we collect about you;
the reasons why we use these data;
the categories of people with whom we share or will share your personal data and in particular those who are located outside Europe;
the periods for which your personal data will be kept in our systems;
your right to ask us to correct or delete your personal data or to limit the use that we make of your personal data and your right to object to this use;
your right to lodge a complaint with a European data protection body;
information about the source, when we have not collected your personal data directly from you;
the way in which your personal data are protected when they are transferred to countries outside Europe.

How can you exercise your right to access?

For this, you simply have to contact us by e-mail at dataprivacy@febiac.be, indicating “right to access: personal data” in the subject line and attaching a copy of the verso of your identity card and a brief description of the data you wish to access. Unless you indicate otherwise, you will receive the requested data free of charge in an electronic format within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request.

If you are unable to consult your data by e-mail, you can also send us your request by post to the address below:

Woluwelaan 46, box 6, 1200 Brussels. Written requests must be signed and accompanied by a copy of the verso of your identity card. The request must specify the address to which the reply must be sent. In that case, a reply will be sent to you within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request or if FEBIAC receives an excessively large number of requests.

Right of correction
You can ask FEBIAC to correct and/or update your personal data.

How can you exercise your right to have data corrected?

For this, you simply have to send an e-mail to dataprivacy@febiac.be giving your surname and first name, indicating “right to correction: personal data” in the subject line and attaching a copy of the verso of your identity card.

Do not forget to give the reason for your e-mail in the text itself: the correction of inaccurate data and the information to be corrected, with proof of the correct information if necessary, if you have this.

You can also exercise this right by sending a letter to the following address: Woluwelaan 46, box 6, 1200 Brussels. Your written request must be signed and accompanied by a copy of the verso of your identity card. The request must specify the address to which the reply must be sent. In that case, a reply will be sent to you within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request or if FEBIAC receives an excessively large number of requests.

The right to have data deleted
If you find yourself in one of the following situations, you can contact us at any time to ask us to delete the personal data that we process concerning you:

Your personal data are no longer necessary for the reasons for which they were collected or processed in a different way;
You have withdrawn the consent on which the processing of your personal data by FEBIAC is based;
Because you believe, for a specific reason, that further processing would adversely affect your privacy and could cause excessive damage;
You no longer wish to receive commercial offers from us;
Your personal data are not processed in accordance with the GDPR and the Belgian law;
Your personal data have to be deleted to fulfil a legal obligation laid down in the law of the European Union or the national law to which FEBIAC is subject;
Your personal data were collected in the context of an offer from a website directed at children.

How can you exercise your right to have data deleted?

For this, you simply have to send an e-mail to dataprivacy@febiac.be giving your surname and first name, indicating “right to have data deleted” in the subject line and attaching a copy of the verso of your identity card. Do not forget to give the reason for your e-mail in the text itself (e.g. the deletion of your data when you have withdrawn your consent (on which the processing is based)).

However, we may be unable to respond to your request to exercise your right to be forgotten. It is important to remember that this right is not absolute. We have to ensure that this right is balanced against other important rights and values, such as freedom of expression, compliance with a legal requirement to which we are subject or important reasons of public interest.

The right to be forgotten
Our website may contain personal data that concern you. If you do not wish these data to appear on the website, you can ask us to remove them if you are in one of the following situations:

Your personal data are no longer necessary for the reasons for which they were collected or processed in a different way;
You have withdrawn the consent on which the processing of your personal data by FEBIAC is based;
Because you believe, for a specific reason, that further processing would adversely affect your privacy and could cause excessive damage;
You no longer wish to receive commercial offers from us;
Your personal data are not processed in accordance with the GDPR and the Belgian law;
Your personal data have to be deleted to fulfil a legal obligation laid down in the law of the European Union or the national law to which FEBIAC is subject;
Your personal data were collected in the context of an offer from a website directed at children.

Furthermore, we are also obliged to take reasonable measures to inform the other companies (data controllers) which process the personal data for which you have submitted the request to delete any reference or any copy.

How can you exercise your right to be forgotten?

To have certain information concerning you removed from our website, you simply have to send an e-mail to dataprivacy@febiac.be, giving your surname and first name, indicating “right to be forgotten: personal data” in the subject line and attaching a copy of the verso of your identity card. Do not forget to give the reason for your request in the text of your e-mail, for example a brief explanation, and the precise address (URL) of the page in question.

The right to object
You can object to the use of your personal data for the following purposes: commercial requests, and more specifically advertisements.
You have the right to object to our processing of your personal data because you believe, for a specific reason, that further processing would adversely affect your privacy and could cause excessive damage.

You cannot, under any circumstances, prevent us from processing your data:

if the processing is necessary to conclude or fulfil your contract;
if the processing is required by a law or legal provision. This is the case in particular when you move to a different commune;
if the processing is necessary to be able to establish, exercise or assert your rights before the courts.

How can you exercise your right to object?

For this, you simply have to send an e-mail to dataprivacy@febiac.be giving your surname and first name, indicating “right to object: personal data” in the subject line and attaching a copy of the verso of your identity card.

It is important to indicate the reasons for your request to object.

You can also exercise this right by sending a letter to the following address: Woluwelaan 46, box 6, 1200 Brussels. Your written request must be signed and accompanied by a copy of your identity card. The request must specify the address to which the reply must be sent. In that case, a reply will be sent to you within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request or if FEBIAC receives an excessively large number of requests.

However, we may not be able to respond to your request. In that case, we will of course reply to you as clearly as possible. In addition, any e-mails or information letters that may be sent to you will include a link which you can click so that you no longer receive any promotional information from us.

The right to the transferability of data
This right offers you the possibility of controlling your personal data more easily yourself and more specifically:

retrieving your personal data processed by us for your personal use and for example storing them on a device or in a personal cloud;
transferring your personal data from us to another company, either doing this yourself or having it done directly by us, on condition that such a transfer is ‘technically possible’.

This right relates to data provided actively and knowingly to create your online account (e.g. e-mail address, username, age), and data collected by FEBIAC.

Conversely, the personal data derived, calculated or put together from the information provided by you, such as the result of an assessment of your health, are excluded from the right of transferability of data because they were created by FEBIAC.

How can you exercise your right to the transferability of data?

For this, you simply have to send an e-mail to dataprivacy@febiac.be, giving your surname and first name, indicating “right to the transferability of data: personal data” in the subject line and attaching a copy of the verso of your identity card. Do not forget to specify the respective files and the type of request (return of data and/or transfer to a new service provider) in your e-mail.

However, you should know that FEBIAC has the right to refuse your request for the transferability of data. This right only applies to personal data that were collected on the basis of your consent or the performance of a contract concluded with you. (To find out more specifically about the personal data that may be the subject of the right to the transferability of data, click on the purposes and bases section). Moreover, this right may infringe the rights and freedoms of third parties, whose data may form part of the data which would be transferred further to the request for transferability.

The right to limit processing
You have the right to ask us to limit your data, that is to say the marking (for example, a temporary move of your data to another processing system or a lock of your data making them inaccessible) of your personal registered data, in order to limit future processing.
You can call upon this right when:

the accuracy of the data in question is disputed;
your personal data is not processed in accordance with the GDPR and Belgian law;
the data is no longer necessary to achieve the original purposes but cannot yet be removed for legal reasons (in particular for the ascertainment, the execution or defense of your rights in court);
the decision regarding your request is in progress.

In case of processing limitations, your personal data will no longer be subject to any treatment without your prior consent, with the exception of their storage.

Your personal data may nevertheless still be processed for the purpose of ascertaining, exercising or defending legal rights, or for the protection of the rights of another legal or natural person, or for important reasons of public interest in the Union or the Member State.

In case of limitation of the treatment of some of your personal data, we will keep you informed about the timing when the measures will be lifted.

How to call upon your limitation right?

In order to do this, simply send us an email to dataprivacy@febiac.be, indicating your last name, first name and subject “right to limitation: personal data” as well as a copy of your identity card. Don’t forget to mention the reason why, in the body of your email.

You can also exercise this right by sending us your request by postal mail at the following address:
Woluwelaan 46, box 6
1200 Brussels
Belgium

Your written request must be signed and accompanied by a copy of the recto of your identity card. The request must specify the address to which the answer must be sent. A response will be sent to you within 1 month after we received your postal mail, or 2 months in case of in-depth analysis and research or, if FEBIAC receives too many important requests.

7. Are your personal data transferred abroad?

Data transfer within Europe
Some data are transferred to France for the purpose of certain processing operations (see point 4.1).

Within the European Economic Area (hover over: 28 EU members states, Iceland, Norway, Liechtenstein) personal data will benefit from the same level of protection.
Data transfer outside Europe
We do not transfer any of your personal data to a location outside Europe. All our servers are located in the EEA.

8. Would you like to contact us about this Charter on the protection of your personal data and/or would you like to lodge a complaint with a data protection authority?

Do you have a question or a suggestion about this Charter on the protection of your personal data?

If so, do not hesitate to pass this on to us by contacting us here (dataprivacy@febiac.be) or sending a letter to: Woluwelaan 46, box 6, 1200 Brussels.

We will be pleased to read your message or letter and reply as soon as possible.

Do you think we do not protect your personal data sufficiently?

If you think FEBIAC does not process your personal data in accordance with the GDPR and the Belgian law, you have the right to lodge a complaint with:

the data protection authority of the European country in which you are usually resident; or
the data protection authority of the European country in which you work; or
the data protection authority of the European country in which the infringement of the GDPR was committed.

(depending whether the data controller is FR or BE)
Lodging a complaint with the Belgian data protection authority.

By letter:

Privacy Commission
Drukpersstraat 35, 1000 Brussels

By e-mail: commission@privacycommission.be

Lodging a complaint with another European data protection authority.

Please consult the list here to lodge a complaint with another data protection authority.

9. How can you find out whether this Charter on the protection of your personal data has been modified?

This Charter on the protection of your personal data may be modified at any time, in particular to take account of any legal or statutory changes and the development of our services.

Any major changes that may be made will be announced via our website or by e-mail, as far as possible at least thirty days before they come into force.

When we publish modifications to this Charter, we will adapt the date of the “most recent update” at the top of the confidentiality policy and describe the modifications on the page entitled “History of the modifications”.

We advise you to consult this Charter regularly to find out how FEBIAC protects your personal data.