(Ver. 20190603)
In this Privacy Policy, Regions4 Sustainable Development (“Regions4”) is referred to as “we/our/us”. This Privacy Policy informs you about how we use any personal data which you provide to us. We are committed to protecting and respecting your privacy, in accordance with the laws and regulations of Belgium (“applicable laws and regulations”), in particular the EU General Data Protection Regulation of 27 April 2016 (“GDPR”) and the Belgian loi relative à la protection de la vie privée à l’égard des traitements de données à caractère personnel of 8 December 1992 (“LPVP”).
When we use personal data about you or others in connection with promoting and administering our network or providing our services, we do so as data controller.
The data controller is Regions4, a Belgian non-profit international association with registered offices at Chaussée d’Alsemberg 999, 1180 Brussels (Belgium).
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes.
We do not meet the criteria for a mandatory appointment of a Data Protection Officer under the applicable laws and regulations. We have therefore allocated responsibility to a person in our network who can deal with any data protection-related matters. You can contact our Privacy Manager by email at: privacy@regions4.org marking the subject line, ‘For the attention of the Privacy Manager’.
Personal data, or personal information, means any information relating to an identified or identifiable natural person, directly or indirectly. We may receive different kinds of personal data about you, from you and from third parties (for example, a publicly available source). We have grouped this information together as follows:
Our core purposes for processing personal data are to promote and administer our network, provide services to you and comply with the laws and regulations. In relation to you (or the organisation you represent) this involves: communicating with you; building capacity; raising funds; reporting on our work; conducting surveys; concluding agreements/commitments and keeping records thereof; registering you at events, making travel arrangements for you, providing financial support to you for participating to events, and introducing you at events; prospecting; keeping records; concluding service contracts; recruiting staff; making payments; and managing our contacts.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
This table sets out in more detail the legal bases we rely on to process personal data, depending on the category of personal data and the reason we are processing it. Note that we may process your personal data for more than one legal basis depending on the specific purpose for which we are using your data.
Purpose/Activity | Type of data | Legal basis for processing, including basis of legitimate interests where applicable |
To administer our network | (a) ID/Contact Data (b) Work Data (c) Audio/Video Data (d) Financial Data | (a) Legitimate interests (promoting and administering our network) (b) Performance of a contract |
To communicate with you | (a) ID/Contact Data (b) Correspondence/Transcript Data (c) Work Data (d) Audio/Video Data (e) Social Media Data | (a) Legitimate interests (promoting and administering our network) (b) Performance of a contract |
To conclude agreements/commitments and keeping records thereof | ID/Contact Data | Performance of a contract |
To register you at events, make travel arrangements for you, provide financial support to you for participating to events, and introduce you at events | (a) ID/Contact Data (b) Financial Data (c) Work Data | Performance of a contract |
To promote our network | (a) ID/Contact Data (b) Correspondence/Transcript Data (c) Work Data (d) Audio/Video Data (e) Social Media Data | Legitimate interests (promoting and administering our network) |
To prospect | Work Data | Legitimate interests (promoting and administering our network) |
To raise funds | (a) ID/Contact Data (b) Work Data (c) Social Media Data | Legitimate interests (promoting and administering our network) |
To build capacity | Audio/Video Data | Legitimate interests (promoting and administering our network) |
To conduct surveys | (a) ID/Contact Data (b) Work Data | Performance of a contract |
To keep records | Audio/Video Data | Legitimate interests (promoting and administering our network) |
To report on work | ID/Contact Data | Performance of a contract |
To conclude service contracts | ID/Contact Data | Legitimate interests (promoting and administering our network) |
To recruit staff | (a) ID/Contact Data (b) Work Data | Legitimate interests (promoting and administering our network) |
To make payments | (a) ID/Contact Data (b) Financial Data (c) Transaction Data | Performance of a contract |
To manage contacts | (a) ID/Contact Data (b) Work Data (c) Social Media Data | Legitimate interests (promoting and administering our network) |
We may:
We require all third parties to respect the security of personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We will not otherwise share personal information with any third party except where we are required to by law.
We use service providers that may store your data or share it with third parties outside the European Economic Area (EEA), which includes the Member States of the European Union (EU), Iceland, Norway and Liechtenstein. Whenever we do so, we make sure that these service providers comply with the rules in the GDPR, in particular by using one of the standard mechanisms provided for transfers to third countries, i.e., non-EEA countries, such as:
We also sometimes share data with members, partners or service providers located in third countries, where privacy laws may not be as protective as those in the EEA. In order to transfer your data outside the EEA we will use one of the abovementioned mechanisms.
We have put in place appropriate technical and organisational security measures to safeguard your personal data.
We store data digitally and in hard copy, and we keep it for 48 months after the purpose for which it was collected has been fulfilled (e.g., to prevent fraud, resolve disputes, troubleshoot problems), save when a longer retention period is required by law.
If the GDPR applies to you, you have the following rights:
If you wish to exercise any of the rights set out above, please contact the Privacy Manager.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, if your request is clearly unfounded or excessive, we may charge a reasonable fee or, alternatively, refuse to comply with your request.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you.
With regard to data protection, we are supervised by the Data Protection Authority of Belgium (“DPA”). You can find out more about the DPA through its website: https://www.dataprotectionauthority.be/. We would be happy to answer your questions and address your concerns regarding our use of your data. Please email us at privacy@regions4.org and mark the subject line, ‘For the attention of the Privacy Manager’. Please also use that address for any requests to exercise your legal rights or if you have a complaint. Alternatively, you have the right to make a complaint to the DPA at any time, but we prefer you to contact us first. We should be able to resolve the matter quickly and to your satisfaction.
Most of the personal data we process will be obtained directly from you, but we may also acquire personal data about you from other parties connected with you. We also get data from publicly available sources.
You are not under any obligation to provide personal data to us. However, if we need personal data to undertake the core task of promoting and administering our network or providing our services to you, and you do not provide this information, we may not be able to do so. If this happens, we will inform you.
We update this Privacy Policy when necessary or in response to:
When we post changes to this Privacy Policy, we will revise the “last updated” date at the top of the Privacy Policy. If there are material changes to the Privacy Policy, such as a change to the purposes of processing of personal data that is not consistent with the purpose for which it was originally collected, we will notify you either by prominently posting a notice of such changes before they take effect on our website or by directly sending you a notification. We encourage you to periodically review this Privacy Policy.
Last update: 3 June, 2019.