Join us
PRIVACY POLICY
1. Introduction
At BELAB, we attach great importance to your privacy. To protect the security and confidentiality of your data, we have developed this website with the professional assistance and ongoing support of our trusted and ISO 27001:2013-certified supplier UniWeb.
Thanks to their high standards and strong information security controls, we are able to optimally protect your critical and sensitive personal data processed in our information systems. This helps prevent your personal data from being compromised, altered, lost, destroyed, published, or shared or disclosed without proper authorization.
This privacy statement has been drawn up in accordance with the General Data Protection Regulation (GDPR).
2. Who has access?
Data Controller
BELAB
ADDRESS
Data Processor
BELAB relies on the ongoing support of UniWeb (hereinafter referred to as the “Processor”, as defined in applicable data protection legislation) for the development, hosting, and maintenance of this website.
UniWeb processes personal data submitted, stored, transmitted, or received by BELAB (hereinafter the “Data Controller”) and by you as a user (hereinafter the “Data Subject”) (“processing”, “personal data”, “Data Controller”, and “Data Subject” as defined in applicable data protection legislation).
UniWeb processes this personal data solely for the purpose of providing services and technical support as contractually agreed between UniWeb and BELAB.
Third parties
Neither the Data Controller nor the Data Processor sells users’ personal data to third parties.
All suppliers are thoroughly screened before BELAB makes use of their services. Compliance with applicable data protection legislation (including GDPR compliance) forms part of the selection criteria for these suppliers.
Cooperation with suppliers and the related conditions are regularly evaluated, including ongoing compliance with all applicable legal and regulatory requirements. Cooperation may be terminated if a supplier no longer meets these requirements.
To the extent permitted by applicable legislation, the Data Controller or the Data Processor may also disclose your personal data to the following parties:
- Government and regulatory authorities and law enforcement agencies;
- (Internal/external) auditors;
- In response to subpoenas, court orders, or other legal, regulatory, or judicial proceedings; to establish or exercise the legal rights of the Data Controller or the Data Processor; to defend against legal claims; or where otherwise required by law or pursuant to a binding order;
- Where the Data Controller or the Data Processor deems it necessary to investigate, prevent, or take action against illegal activities; or to protect and defend the rights, property, or safety of UniWeb, its users, or others;
- In connection with a corporate transaction, such as a divestiture, merger, consolidation, or sale of assets, or in the unlikely event of bankruptcy;
- With affiliated companies of the Data Controller or the Data Processor.
The Data Controller or the Data Processor may also share aggregated or anonymized information with third parties, including partners, advertisers, and investors.
3. What data do we process and why?
During the design process of this website, the Data Controller prepared a data inventory. We intend to collect and process only the data that are strictly necessary to achieve the purposes described below.
When applying for membership or contacting BELAB
BELAB collects data when visitors apply for membership via the website or complete the contact form. The information you provide will not be used by BELAB for marketing purposes and will not be shared with third parties.
Log files
Information is also stored in log files. BELAB may use these data for internal purposes, such as traffic analysis. This helps to better tailor services to customer needs.
Cookies
BELAB uses “cookies”. These are small pieces of information stored on the user’s hard drive to facilitate use of the website. The use of cookies is generally accepted by users and is common on almost all websites. If you choose to disable cookies in your browser, we cannot guarantee the proper functioning of the BELAB website.
If you wish to consult the detailed data inventory or obtain more information about the purpose of the data processing activities, you may contact the DPO.
4. Where do we store your personal data?
The Data Processor is responsible for hosting this website and has full control over the hardware used to store your personal data.
The production and test servers are located in Belgium, in the secure data center of the Data Processor’s supplier, Interxion, which is ISO 27001:2013- and ISO 22301:2012-certified. The Data Processor’s development servers are also located in Belgium, in UniWeb’s secure offices.
Back-ups of all servers are stored at both locations.
5. How long do we retain personal data?
Standard retention period
As required by applicable data protection legislation, the Data Controller aims to delete your personal data as soon as they are no longer necessary to achieve the purpose for which they were originally collected, and at the latest within two weeks (hereinafter referred to as the standard retention period).
The data are completely removed from back-ups within 365 days.
Retention in case of a deletion request
See: Deleting your data
6. How do we ensure security?
Security by design
The following security measures have been implemented to protect personal data processed via this website against unauthorized access, modification, loss, or destruction (non-exhaustive list):
- All data are encrypted, both at rest and in transit between the service and your browser.
- All data are fully backed up.
Information security incidents
If an information security incident occurs, the Data Controller and the Data Processor will handle it promptly and adequately, in accordance with standard procedures. As with the security measures, these procedures are regularly evaluated and updated to address the continuously evolving information security challenges.
All employees of the Data Controller and the Data Processor receive regular training on security best practices and the company’s internal procedures. The same commitment is expected from all suppliers. Their services are regularly evaluated (see: Third parties).
7. What are your rights as a Data Subject?
Unless your request is reasonably considered excessive or unfounded, you may exercise the following rights with regard to your personal data processed via this website:
- Request information about the processing of your personal data;
- Request a copy of all data held by the Data Controller and the Data Processor, in a standard format;
- Request the Data Controller to amend or correct your personal data if they are inaccurate;
- In certain circumstances, request restriction of the processing of your data, as defined in applicable data protection legislation;
- Object to certain processing activities, as defined in applicable data protection legislation;
- Withdraw your consent;
- In certain circumstances, request deletion of your personal data, as defined in applicable data protection legislation.
For a complete overview of your rights as a Data Subject, you may consult the GDPR.
You can easily exercise your rights by completing our online form.
The Data Controller reserves the right to charge a reasonable fee if your request is deemed excessive at its sole discretion.
Amending or correcting personal data
If you wish to amend or correct your data, you may request the Data Controller to do so.
Deletion of your personal data
The following procedure applies when BELAB receives a request from a Data Subject to delete personal data:
- The Data Subject must submit a written deletion request to the DPO.
- The DPO assesses the nature of the request without undue delay and determines which data must be removed from which databases, in accordance with GDPR requirements.
- If the personal data are present in the application and no GDPR exception applies, the Data Controller will delete the personal data from the application/system database within 30 calendar days of receipt of the request. The DPO will notify the Data Subject in writing of the deletion within 30 calendar days.
- If the Data Controller cannot comply with the deletion request, the DPO will inform the Data Subject in writing of the decision and the reasoning within 30 days of the request.
All personal data selected for deletion will be completely removed from back-ups within 180 days.
8. How can you give consent?
By accepting this privacy statement and providing personal data via the website, the Data Subject expressly consents to the Data Controller processing these data for the stated purposes.
If the Data Controller or the Data Processor wishes to transfer specific personal data to third parties, additional consent will be requested from the user.
The above also applies to the processing of personal data outside the EU, both in countries recognized or not recognized by the European Commission as providing an adequate level of data protection. Where required, a data transfer agreement will be concluded in accordance with the contractual clauses laid down in European Commission Decision C(2010)593 on Standard Contractual Clauses (processors) (for the purposes of Article 26(2) of Directive 95/46/EC).
9. Who can you contact?
If you have any questions about this privacy statement, or if you wish to exercise any of the above-mentioned rights as a Data Subject, you may contact our DPO via:
BELAB
ADDRESS