1 July 2018
1. Scope of this Policy
The International Association for Soaps, Detergents and Maintenance Products aisbl (hereinafter referred to as "A.I.S.E.” or "we”) is an international non-profit association (AISBL), with its registered office at Boulevard du Souverain 165, 1160 Brussels, Belgium, and which is registered under number 0538183615.
As many other organisations, A.I.S.E. collects and processes certain information about individuals. These individuals defined as "data subjects” can include members and their representatives, suppliers, business contacts, participants to events, employees and other people A.I.S.E. has a relationship with or may need to contact.
A.I.S.E. is committed to handle and protect the personal data it collects in compliance with applicable data protection laws, including the General Data Protection Regulation ("GDPR”) .
2. Which Personal Data do we collect and process?
Under the GDPR, "personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identify of that natural person.
A.I.S.E. may collect and process the following categories of personal data to the extent necessary to function and to carry out its activities. The type of personal data which are collected may depend on the individuals and their relation to A.I.S.E.: employees, members, suppliers, business contacts.
2. Members and Board members
3. Public relations/Participants to events/Suppliers
A.I.S.E. processes personal data of its staff for the purposes of managing and administering, monitoring and supervising its personnel and of salary management, based on its legal obligations under Belgian Law such as the Law on Employment Contracts of 3 July 1978, on the necessity to perform its obligations as employer under the employment contracts signed with its employees to ensure a proper functioning of the association (our legitimate interest to conduct business).
To these purposes, personal data is collected as follows:
- Identification data, such as first name, name, national identity number, pictures;
- Contact data, such as email address, telephone number, postal address;
- Personal information, such as date of birth, marital status, citizenship;
- Household composition;
- Financial data, such as bank account details, salary and other benefits, insurances provided to employee;
- Educational, professional and employment data, such as university, specialisation, function, experience, past employers;
- Security information such as computer password.
A.I.S.E. processes special categories of personal data only since such processing is necessary for the purposes of carrying out the obligations and exercising specific rights of A.I.S.E. or of the employee in the field of employment and social security and social protection law.
Personal data is usually directly obtained from the employees, but sometimes it may be obtained from third parties (such as the former employer or from a public authority).
These data may be transferred to third parties with the purpose to exercising employer’s legal obligations (e.g. salaries and benefits to be processed by a "Secretariat Social” or data transferred to public services) and other financial benefits (e.g. insurances offered by A.I.S.E. to staff members) which are subject to a written agreement between A.I.S.E. and the employees as well as to A.I.S.E.’s human resources employees and A.I.S.E.’s advisors (such as e.g. lawyers, tax advisors, etc.) .These data may also be transferred to third parties if A.I.S.E. is required by law to do so.
A.I.S.E. also processes personal data of candidates (such as identification data, contact data, personal information and educational and professional data) who apply for job positions at A.I.S.E. for the purpose of recruitment activities, based either on the candidates’ consent to the disclaimer in the job advertisement or on the necessity to conclude a contract with candidates that have been selected. These data are not transferred to third parties unless A.I.S.E. is required by law to do so.
A.I.S.E. will only keep personal data for the time that is strictly necessary to achieve the purpose(s) for which they were collected, e.g. for the duration of a contractual relationship or for a period of time thereafter if so required by applicable law or if in the primary interests of the (former) employee.
2. Members and Board members
A.I.S.E. collects personal data of the contact persons at A.I.S.E.’s members for the purposes of developing and maintening professional relationship with them and of administering the membership (e.g. collecting membership and project fees and organising internal meetings/teleconferences, access to extranet, sharing of A.I.S.E. work documents and newsletters). A.I.S.E. also collects data for the purpose of administration of the Board of Directors.
These data are obtained from the contact persons/the Board members and include identification data such as first name, name, date and place of birth, nationality, position and/or photography and contact data such as email, telephone and/or address. They are kept for as long as a member’s contact person is active within A.I.S.E., as long as it is necessary for a proper member administration or administration of the Board and for a period of time thereafter if so required by applicable law. They are not transferred to third parties unless A.I.S.E. is required by law to do so, e.g. to Public Services, Justice and Police Services, or to Lawyer's offices.
Such processing is necessary for the compliance with A.I.S.E. legal obligations (law of 27 June 1921 on non-profit associations, foundations and international non-profit associations and, for the Board member, the requirements imposed by the commercial Court of Brussels in execution thereof) or is based on A.I.S.E. legitimate interest to exercice its freedom of information and/or to conduct its business.
3. Business contacts/ Participants to events/ Suppliers
As part of its general mission, A.I.S.E. processes personal data for the following purposes:
- For general management and supplier management purposes, A.I.S.E. collects personal data of representatives and contact persons of organisations with which A.I.S.E. contracts. The data processed may be identification data (such as first name, name), contact data (email address, telephone number, postal address) and financial data (such as bank account details). Such data are obtained directly from the data subject.
- For public relations purposes: A.I.S.E. processes contact details originating from publicly accessible sources (identification and contact data such as first name, name, position, political party, picture and e-mail address) of Members of Parliament, officials from the European Commission, the EU Member States, the United Nations and other persons involved directly or indirectly in Public Affairs for the purposes of carrying out its advocacy activities and/or in order to develop and maintain professional relationship with them. A.I.S.E. can process special categories of personal data since they were manifestly made public by the data subject.
- For organising events and conferences: A.I.S.E. processes identification data (such as first name, name, function) and contact data (email address, telephone number, postal address) of individuals who register to participate to events or conferences organised by A.I.S.E. for the purposes of managing the registration and participation to such events and of inviting these individuals to other events that might interest them based on the necessity for A.I.S.E. to meet its obligations as organiser of the events and in order to develop and maintain professional relationship with such individuals, under the general terms and conditions that are expressly accepted by the individuals when registering.
- For websites administration purposes: A.I.S.E. processes identification data (such as first name, name, function) and contact data (email address, telephone number, postal address) from individuals who register themselves on the A.I.S.E. websites e.g. by the mean of the contact form in order to receive information from A.I.S.E. (e.g. request for membership brochures). A.I.S.E only processes such data for the purpose of addressing the request of the individuals.
The consultants provided the following data to A.I.S.E. to be processed for the purposes of managing, administering, monitoring and supervising the carrying on of the agreed services as well as for management of the agreed fees: identification data, contact data, personal information, and financial data information.
The processing of this information is legally required (e.g., under finance law) to manage the invoices or is necessary for a proper functioning of the association (A.I.S.E.’s legitimate interest to conduct a business).
Except otherwise provided, A.I.S.E. processes these data based on its legitimate interest to exercise its right to freedom of information and/or to conduct a business. Data are not transferred to third parties unless A.I.S.E. is required by law to do so.
Except otherwise provided, A.I.S.E. will only keep personal data for the time that is strictly necessary to achieve the purpose(s) for which they were collected, e.g. as long as the data subject keeps its position or for the duration of a contractual relationship or of a project, and for a period of time thereafter if so required by applicable law or if in the primary interests of the data subjects.
The data will not be transferred outside of the European Economic Area (EEA), unless adequate protective measures are in place.
3. What are your rights as data subjects and how to exercise them?
As data subject, you have the following rights with respect to personal data we hold about you, subject to applicable legal restrictions:
- Right of access to your personal data;
- Right to rectification of incorrect or incomplete personal data;
- Right to erasure of your personal data;
- Right to restriction of processing of your personal data;
- Right to data portability, i.e., the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and to transmit those data to another controller;
- Right to object to all or part of the processing, when legally allowed;
- Right not to be subject to automated individual decision-making, including profiling within the limits set out by the law;
- Right to withdraw consent at any time when we process your personal data based on your consent;
- Right to lodge a complaint with a supervisory authority in the EU (https://www.dataprotectionauthority.be/).
If you wish to exercise any of these rights or if you are not satisfied about how we protect your privacy, you should address your request by email together with a proof of your identity (e.g. a copy of your ID), to A.I.S.E. at: email@example.com. By sending us such proof of your identity, you consent to the processing of data it contains. We will only use such information to verify your identity. We will keep such data only for the time necessary to address your request, after which we will delete them.
Individuals will not be charged for subject access requests, except if the requests are manifestly unfounded or excessive (e.g. repetitive). In such case, firstname.lastname@example.org may reserves the right to refuse to act on the request.
A.I.S.E. will aim at responding to data subject requests without undue delay and in any event within 1 month of receipt of the request.