ECRC and your data
I. PRESENTATION
II. WHAT KIND OF PERSONAL DATA DO WE PROCESS AND HOW DO WE OBTAIN THEM ?
III. FOR WHAT PURPOSE DO WE COLLECT YOUR DATA?
A. COMPLIANCE WITH OUR LEGAL OBLIGATIONS
B. AS A PART OF THE MEMBERSHIP CONTRACT
C. OUR LEGITIMATE INTERESTS
D. CONSENT
IV. HOW LONG DO WE RETAIN YOUR PERSONAL DATA ?
Your rights under the GDPR
V. ACCESS, WITHDRAWAL, RECTIFICATION, ERASURE, PORTABILITY, LIMITATION AND OPPOSITION.
A. RIGHT TO ACCESS AND COPY
B. RIGHT TO WITHDRAWAL OF CONSENT
C. RIGHT TO RECTIFICATION
D. RIGHT TO ERASURE (TO BE FORGOTTEN)
E. RIGHT TO DATA PORTABILITY
F. RIGHT TO RESTRICTION OF PROCESSING
G. RIGHT TO OBJECT
H. AUTOMATED INDIVIDUAL DECISION-MAKING INCLUDING PROFILING
VI. HOW TO EXERCISE YOUR RIGHTS ?
A. IDENTIFICATION
B. WHEN WILL WE REPLY ?
General information
VII. TRANSFER TO THIRD PARTIES
A. SUBCONTRACTOR
B. TRANSFER OF INFORMATION DUE TO LEGAL CONSTRAINTS OR BY ORDER OF COMPETENT AUTHORITY
VIII. SECURITY
IX. CLAIMS AND COMPLAINTS
X. HOW TO CONTACT US ?
XI. AMENDMENTS
XII. RELEVANT LEGISLATION AND COMPETENT JURISDICTION
ECRC and your data
I. Presentation
The following privacy policy is established by the non-profit organisation named “The European Cool Roofs Council” (hereinafter referred to as « ECRC »), owner of the website https://coolroofcouncil.eu (hereinafter referred to as the « website »). Its headquarters are located at Drève du Pressoir n° 38, 1190 Brussels and it is registered in the Belgian Company Register under the number 0839.014.168.
ECRC (in the following text, « we », « us », « our ») is a voluntary organisation that brings value by promoting the benefits of cool roofing products to regulators, policy makers, consumers and other stakeholders.
In the framework of our activities we collect and process personal data concerning our members (specifically people working for our members), any “data subject” who is in contact with us.
The aim of the Policy is to explain how we collect, store and use personal data.
Protecting your personal data and the respect of your privacy are essential values for us and we commit ourselves to handle and preserve your personal data with loyalty and transparency in accordance with the Belgian law and the GDPR.
We hereby consider « personal data » as any information relating to an identified or identifiable natural person (data subject).
The following policy is in line with our values and wish to act in full transparency in accordance with the Belgian Data Protection Act of 30 July 2018 on the protection of natural persons in relation to the processing of personal data (as amended) (“Privacy Act”) and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) (together: “Privacy Legislation”).
If you wish to react to the practices described below, do not hesitate to contact us.
II. What kind of personal data do we process and how do we obtain them ?
Identification data | Name, surname, adress of the company, country you are living in. | You give us these data when you fill in our application form or when you communicate with us. We also receive these data when you send us an email or give us your business cards. |
Electronical data | Phone number, email (professional and or private), cookies (via our website),… | You give us these data when you fill in our application form or when you communicate with us (email and/or business card). Also, when you are on our website, we collect cookies (regarding this matter, please see our cookies policy). |
Professional data | Employee title, workplace, title and job description,… Membership / participation in professional organisations, functions performed Professional experience | When you fill in our application form, we receive these data. We’ll mostly use it in the framework of your company membership. We could also receive this kind of data when we received email from you or when you give us your business card. If we work together, we know that you are involved in (at least) one professional organisation (ECRC). We might have these data if we collaborate. |
A. Non-personal data
It is possible that we collect non-personal data. This data is qualified as such as it does not identify you directly or indirectly. These may then be used for any purpose whatsoever, for example, to improve our website, or improve the service offered.
III. For what purpose do we collect your data?
We collect and process your personal data for the purposes described below.
We have determined these purposes and ensure that only necessary and relevant personal data are processed in accordance with the principle of data minimisation.
In general, we base the processing of your personal data on the following legal bases:
- In order to comply with our legal obligations;
- In order to take necessary preliminary measures and execute the contract that binds us (membership contract) ;
- In order to achieve our legitimate interest (in this case we always make sure to seek and respect the balance between our interest and your rights and freedoms);
- And finally, on basis of your consent.
In the event we collect and process data that had not been mentioned in the present Policy, we shall contact you before making use of your personal data. The purpose of this contact will be to inform you about this processing operation and, if necessary, to ask you for your explicit consent.
A. Compliance with our legal obligations
In some cases, we are obliged to process your personal data in the context of our legal obligations or when we cooperate with the competent authorities. In these cases, we transmit your personal data to meet our obligations.
B. As a part of the membership contract
As member of our organisation, we have to process personal data in order to comply with our duties (to inform you, to send you your fees invoice, …)
In order to carry out such duties, we process your personal data for the following purposes:
- In view of a first contact directly requested by a potential future member;
- To manage the membership relation (info, invoices, …);
- To contact you regarding all the membership contract matter (responses to email, … ).
C. Our legitimate interests
In some cases, it is in our legitimate interest to process your personal data.
To this end, we always ensure that we maintain a fair balance between the need to process your personal data and the respect of your rights and freedoms, including the protection of your privacy.
Your personal data are processed for:
- The identification on the website;
- Contacting you after you gave us your business card ;
- Customisation of our services and value proposition ;
- Commercial prospecting and prospect management (updating prospecting files, organising promotional operations, contacts for commercial purposes, etc.);
- The preparation of studies, models (risk, marketing and other) and statistics, using anonymisation and/or pseudonymisation techniques wherever possible;
- Preservation of security of property and persons, the fight against fraud or attempts at intrusion, abuse or other offences;
- Maintaining a list of people who no longer wish to be contacted;
- The improvement of our existing services and experience of the website’s users;
- Managing your requests related to the application of your rights (including identifying you);
- The recognition, exercise, defense and preservation of our rights.
D. Consent
When you register on our website, we ask you to read and accept that we process your personal data in accordance with this Policy.
We also ask your consent in our application form to be sure you agree to receive all our marketing communication.
Please note that you have the right to withdraw your consent to the processing of personal data at any time.
IV. How long do we retain your personal data ?
In general, we ensure not to keep your personal data beyond the time necessary for the purpose for which they were intended.
As part of the execution of a contract, we do not store your personal data for more than 10 years after the end of the contract.
In the context of commercial prospecting (such as you giving us your business card), if you don’t reply to any request 3 years after our last contact, we will delete your personal data.
At the end of the storage period, we shall do our utmost to ensure that your personal data has been made unavailable and inaccessible.
Your rights under the GDPR
V. Access, withdrawal, rectification, erasure, portability, limitation and opposition.
Your rights under the regulations allow you to keep control of what we do with your personal data.
A. Right to access and copy
This right to access data we possess about you applies toall the purposes we have mentioned above.
This right allows you to inquire in particular whether or not we process your personal data, for what purposes, the categories of data concerned and the recipients of your data.
You may also ask us for a copy of all the personal data we process that concerns you.
B. Right to withdrawal of consent
As soon as we process your personal data on the legal basis of consent, you can always withdraw your consent.
C. Right to rectification
You also have a right of rectification allowing you to ask us, at any time, to modify information that is inaccurate, incomplete or has become obsolete.
D. Right to erasure (to be forgotten)
You can obtain the deletion of your personal data when one of the following applies:
- The data is no longer necessary in regard to the intended purpose;
- You withdraw your consent to the processing of your data and we base this processing only on the legal basis of your consent;
- You object to the processing;
- We have processed your personal data unlawfully;
- In the event that the data we have is incomplete, inaccurate or obsolete;
- We must delete your personal data in order to comply with a legal obligation (under Union law or national law of the Member State) to which we are subjected.
E. Right to data portability
In the event that we process your personal data on the basis of a contract or your consent, you may ask us to transfer all your personal data to you or to transfer them to another controller.
F. Right to restriction of processing
In some cases, you may also ask us to limit the processing of your personal data.
The situations in which you may ask us to limit the processing of your personal data are listed as follows:
- If you dispute the accuracy of a personal data for as long as we can verify the accuracy of such data;
- If we unlawfully process your personal data and you prefer that we limit this processing rather than the deletion of your personal data.
Without doubt, as soon as the processing restriction no longer applies, we will inform you before it is lifted.
G. Right to object
In the event the processing of data should be used for direct marketing purposes, you have the right to object, at any time, to the processing of your personal data for this purpose.
H. Automated individual decision-making including profiling
You will never be subject to a decision based solely on automated processing.
VI. How to exercise your rights ?
A. Identification
In order for us to be able to help you enforce your rights, we must verify that your request concerns your personal data.
To this end, we will verify your identity by asking you a copy of your ID card or your passport.
B. When will we reply ?
We commit ourselves to return to you as soon as possible and, at the latest, within one month of your request.
Nevertheless, we may have to extend this period to two months if your request is complex or we face an excess of requests. Should such a situation arise, we will inform you of the reasons for the delay.
General information
VII. Transfer to third parties
In some cases, we shall transfer your personal data to third parties.
A. Subcontractor
We use subcontractors such as accountants, IT external services, … who should have access to your personal data.
Even so, we ask them to comply with the legal and regulatory provisions in force, just as we do. In addition, we also ask them to comply with the present Policy.
B. Transfer of information due to legal constraints or by order of competent authority
As explained above, in certain cases, we will have to transfer your personal data to comply with legal obligations in force, judicial decisions or requests from any competent authority.
VIII. Security
We shall, by all technical and organisational means necessary, guarantee a suitable security standard for the processing of your personal data. This standard, is determined on basis of risks occurred through the processing and the nature of the data to be protected.
We have put in place appropriate security measures, thus protecting your personal data from loss, theft, the misuse or alteration of the information received and the unauthorised disclosure or use of your personal data.
In the rare and unfortunate event where your personal data should be compromised due to a security breach, we commit ourselves to promptly act to identify the cause of the breach and take appropriate action.
If necessary, in accordance with the applicable law, we will inform you of this incident.
IX. Claims and complaints
If you question any information described in this Policy, we recommend that you contact us directly to see how we can help you.
You can also file a complaint with the Data Protection Authority at the following address:
Data Protection Authority | Rue de la Presse, 35 - 1000 Bruxelles + 32 2 274 48 00 + 32 2 274 48 35 contact(at)apd-gba.be |
For further information on possible complaints and means of redress, we invite you to consult the website of the Data Protection Authority:
https://www.autoriteprotectiondonnees.be
In addition, you can always file a complaint with the Court of First Instance of Brussels.
X. How to contact us ?
For any further questions and/or complaints concerning the present policy, do not hesitate to contact us.
https://coolroofcouncil.eu/contact
Drève du Pressoir n° 38, 1190 Brussels
XI. Amendments
We reserve all rights to amend at any time the provisions held in the present Policy. We shall publish the amendments directly on our website.
XII. Relevant legislation and competent jurisdiction
This Policy is governed by Belgian law.
Any dispute relating to the interpretation or the execution of this Policy shall be governed by Belgian law and shall fall within the exclusive jurisdiction of the French-speaking courts of the judicial district of Brussels.
This version of the Policy is effective and has been updated as of 8 of March 2019.