CHARTER ON THE PROTECTION OF YOUR PERSONAL DATA

Why a charter on the protection of your personal data?

The non-profit association FEBIAC (hereinafter ‘FEBIAC’ or ‘we’) considers your privacy to be a priority. So we undertake to treat the personal data of our customers, potential customers and online users (hereinafter ‘you’) with the greatest care and to provide the best possible protection for such data in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter ‘GDPR’) and the law.

This charter provides information about:
– the personal data that we collect about you and why we do so;
– the terms of use of your personal data;
– your rights as regards your personal data and the ways in which you can exercise them.

Most recently modified on: 20.04.2020

Explanatory glossary of the main legal terms used in this Charter:

Terms that are often used in this CharterDefinitions provided by the GDPR (General Data Protection Regulation)Explanation of the terms in standard language
Data of a personal nature (hereinafter ‘personal data’)Any information relating to an identified or identifiable natural person (hereinafter ‘the data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.All sorts of information relating to a natural person, that is an individual, who can be identified as a person, directly or indirectly who can be distinguished from other people.
Examples: a name, a photo, a fingerprint, an e-mail address, a telephone number, a social security number, an IP address, a voice mail, your browsing data on a website, data relating to an online purchase, etc.
ProcessingAn operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.Any use of personal data, regardless of the procedure involved (recording, organisation, storage, adaptation, alignment with other data, transmission, etc. of personal data).
Example: the use of your data to manage an order, a delivery, send a newsletter, etc.
ControllerThe natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.The person, public authority, company or body which manages your data and determines how they are used. He/She decides whether to start or discontinue processing and determines why your data will be processed and to whom they will be transferred. He/she is the main party responsible for ensuring the protection of your data.
ProcessorThe natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.Any natural or legal person that performs processing tasks following the instructions and under the responsibility of the controller.

Explanatory glossary of the other terms used in this Charter:

Customer A natural person (acting in the capacity of consumer or professional) with whom we already maintained a contractual relationship (in particular obtaining tickets to trade fairs of events).
Potential customerA natural person (acting in the capacity of consumer or professional) who may be interested in concluding a service provision contract with us (in particular obtaining tickets to trade fairs or events).

1. Who is responsible for the use of your data in the context of your relationship with our services?

1.1. CONTROLLER
The Controller for your personal data is the non-profit association FEBIAC, with its registered office at 1200 Brussels, Woluwelaan 46, box 6, listed in the KBO/CBE (central business database) under No 0407.693.572. Any question or request concerning the processing of your data can be sent to the following e-mail address: dataprivacy@febiac.be.

2. Why do we collect your personal data and on what bases?

We collect personal data about you for various reasons.
FEBIAC collects and uses your personal data to be able to work efficiently and offer you the best possible experience with its services.
Moreover, you should know that we can only collect and use your personal data if this use is based on one of the legal grounds defined by the GDPR (e.g. your consent or the performance of a contract concluded with you).

The table below lists more specifically the purposes for which FEBIAC uses your personal data and the corresponding legal basis.

Purposes for which your personal data are collectedLegal basis for the processing of your personal data
(1) The management of the pre-contract relationships with potential clients.

We process your personal data in order to respond to inquiries you send us about our meeting rooms; your request to receive information concerning the different services that we offer (organizing your event, catering services, etc.); your various questions sent by e-mail (in particular via the contact form on our website) or by post.
The legitimate interest of FEBIAC to process the personal data of potential clients in order to respond to their demand and their expectations (Article 6.1).f. of the GDPR).
(2) Customer Relationship ManagementThe legitimate interest of FEBIAC to process the personal data of its customers in order to promote the performance of their contractual services (in particular Events & Meetings Venue renting) and the performance of the contract in question (Article 6.1.f and b of the GDPR).
(3) Marketing with regard to our customers and potential customers, in particular:


– sending newsletters about the services offered by the ‘W46’ (room rental, organization of your event, catering services, etc.) and;

– sending invitations to events and contests that we organize to introduce our meeting rooms and services.
FEBIAC has a legitimate interest in processing the personal data of its customers (in particular those obtained directly in the context of Events & Meetings Venue renting) to inform them about similar services & activities that it organises.

In application of Article XII.13(1) of the Economic Code and the Royal Decree of 4 April 2003, after having obtained prior permission, FEBIAC processes the personal data of potential customers to inform them of the trade fairs and activities its organises.

3. What data do we collect about you?

Below we give details of the personal data that we collect about you, the reason why they are collected, the way in which they are collected (data provided directly by you, ) information collected with your consent or data collected by our IT systems).

Purpose of the collectionPersonal data collectedDirect or indirect collection of your personal data
(1) Potential Customer Relationship Management• Personal identification data (surname, first name,
postal address, e-mail address, telephone number, language)
As part of this purpose, the data are collected directly from you or indirectly via a third party to whom you have given consent to pass on your data to FEBIAC.
(2) Customer Relationship Management• Personal identification data (surname, first name,
postal address, e-mail address, telephone number, language)
• Financial information (account number, payment method, other payment information)
In the context of this purpose, the data are collected directly from you.
(3) Marketing• Personal identification data (surname, first name,
postal address, e-mail address, telephone number)
• Electronic identification data (IP address, cookies, connection log)
As part of this purpose, the data are collected directly from you or indirectly via a third party to whom you have given consent to pass on your data to FEBIAC.
(4) Organising competitions• Personal identification data (surname, first name,
postal address, e-mail address, telephone number)
In the context of this purpose, the data are collected directly from you.

4. With whom do we share your personal data?

In the context of our activities, we may share your personal data. It goes without saying that should this be the case, we will ensure optimal protection of your personal data.

4.1. Sharing your personal data with our service providers, partners and/or subcontractors
Our service providers, partners and/or subcontractors can access your personal data for the processing operations they perform. Below you will find the list of subcontractors with whom we share your data, their location and the reason why we share the information in question with them.

Service providers, partners and/or subcontractors that are involved in the sharing of your personal dataLocation of service providers, partners and/or subcontractorsReason for sharing your personal data
Brussels Special VenuesBelgiumThe association Brussels Special Venues is a network grouping the 30 largest venues (sites / locations / meeting rooms) in Brussels (where ‘W46’ is part of), aiming towards event organizers, associations, institutions or the private sector. When one of the members of the association is unable to respond to a request, it is sent to the other members of the association. When an application is sent through this intermediary to the ‘W46’ (because our rooms and services correspond to the search criteria), we process the personal data of the applicant in order to be able to answer to his requests and wishes (“management of pre-contractual relations with potential clients “).
With your prior authorization, we also provide your personal data to Brussels Special Venues when we are unable to fulfill your request (for example, when no rooms are available on the requested dates). If this is the case and if the room of another Brussels Special Venues member corresponding to your search criteria is available, you will be contacted by this one.
SAS OVHFranceHosting locations for trade fairs and/or events.
EASIBelgiumInfrastructure and systems maintenance
Business & DecisionBelgiumApplication maintenance

4.2. With government bodies, in response to legal requests, including requests, including requirements regarding national security or the application of Law.

4.3. In the conteect of a transaction, such as a merger, a takeover, a consolidation, or a sale of assets, it may be that we have to share your personal data with buyers or sellers.

4 bis Do we capitalise on your personal data?

We do not share your data with commercial partners who may want to offer you products or services.

5. How long do we keep your personal data?

FEBIAC has laid down precise rules on the storage period for your personal data. This period varies depending on the respective objectives and has to take account of any legal obligations to keep some of your data.

Reason for the collectionCategories of personal data collectedStorage period
(1) Potential Customer Relationship Management• Personal identification data (surname, first name, postal address, e-mail address, telephone number, language)The expiry date is three years from the last action / reaction of the data subject.
(2) Customer Relationship Management• Personal identification data (surname, first name, postal address, e-mail address, telephone number, language)
• Financial information (account number, payment method, other payment information)
The expiry date is ten years after the end of the contract.
(3) Marketing• Personal identification data (surname, first name, postal address, e-mail address, telephone number)
• Electronic identification data (IP address, cookies, connection log)
• Demographic characteristics, sex, year of birth, country, language)
• Hobbies and interests
The expiry date is three years from the last action / reaction of the data subject.
(4) Organising competitions• Personal identification data (surname, first name, postal address, e-mail address, telephone number)The expiry date is ten years after the end of the competition.

6. What rights do you have as regard your personal data and how can you exercise these rights?

We aim to inform you as clearly as we can about your rights with regard to your personal data. And we aim to ensure that you can easily exercise these rights.

Please find below a summary of your rights and a description of the way in which you can exercise them.

Right of access

You can ask us to grant you access to all the following information with regard to:
   • the categories of personal data that we collect about you;
   • the reasons why we use these data;
   • the categories of people with whom we share or will share your personal data and in particular those who are located outside Europe;
   • the periods for which your personal data will be kept in our systems;
   • your right to ask us to correct or delete your personal data or to limit the use that we make of your personal data and your right to object to this use;
   • your right to lodge a complaint with a European data protection body;
   • information about the source, when we have not collected your personal data directly from you;
   • the way in which your personal data are protected when they are transferred to countries outside Europe.

How can you exercise your right to access?

For this, you simply have to contact us by e-mail at dataprivacy@febiac.be, indicating “right to access: personal data” in the subject line and attaching a copy of your identity card and a brief description of the data you wish to access. Unless you indicate otherwise, you will receive the requested data free of charge in an electronic format within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request.

If you are unable to consult your data by e-mail, you can also send us your request by post to the address below:

Woluwelaan 46, box 6, 1200 Brussels.

Written requests must be signed and accompanied by a copy of your identity card. The request must specify the address to which the reply must be sent. In that case, a reply will be sent to you within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request or if FEBIAC receives an excessively large number of requests.

Right of correction

You can ask FEBIAC to correct and/or update your personal data.

How can you exercise your right to have data corrected?

For this, you simply have to send an e-mail to dataprivacy@febiac.be giving your surname and first name, indicating “right to correction: personal data” in the subject line and attaching a copy of your identity card.

Do not forget to give the reason for your e-mail in the text itself: the correction of inaccurate data and the information to be corrected, with proof of the correct information if necessary, if you have this.

You can also exercise this right by sending a letter to the following address: Woluwelaan 46, box 6, 1200 Brussels. Your written request must be signed and accompanied by a copy of your identity card. The request must specify the address to which the reply must be sent. In that case, a reply will be sent to you within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request or if FEBIAC receives an excessively large number of requests.

The right to have data deleted

If you find yourself in one of the following situations, you can contact us at any time to ask us to delete the personal data that we process concerning you:
   – Your personal data are no longer necessary for the reasons for which they were collected or processed in a different way;
   – You have withdrawn the consent on which the processing of your personal data by FEBIAC is based;
   – Because you believe, for a specific reason, that further processing would adversely affect your privacy and could cause excessive damage;
   – You no longer wish to receive commercial offers from us;
   – Your personal data are not processed in accordance with the GDPR and the Belgian law;
   – Your personal data have to be deleted to fulfil a legal obligation laid down in the law of the European Union or the national law to which FEBIAC is subject;
   – Your personal data were collected in the context of an offer from a website directed at children.

How can you exercise your right to have data deleted?

For this, you simply have to send an e-mail to dataprivacy@febiac.be giving your surname and first name, indicating “right to have data deleted” in the subject line and attaching a copy of your identity card. Do not forget to give the reason for your e-mail in the text itself (e.g. the deletion of your data when you have withdrawn your consent (on which the processing is based)).

You can also exercise this right by sending a letter to the following address: Woluwelaan 46, box 6, 1200 Brussels. Your written request must be signed and accompanied by a copy of your identity card. The request must specify the address to which the reply must be sent. In that case, a reply will be sent to you within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request or if FEBIAC receives an excessively large number of requests.

However, we may be unable to respond to your request to exercise your right to be forgotten. It is important to remember that this right is not absolute. We have to ensure that this right is balanced against other important rights and values, such as freedom of expression, compliance with a legal requirement to which we are subject or important reasons of public interest.

The right to be forgotten

Our website may contain personal data that concern you. If you do not wish these data to appear on the website, you can ask us to remove them if you are in one of the following situations:
   – Your personal data are no longer necessary for the reasons for which they were collected or processed in a different way;
   – You have withdrawn the consent on which the processing of your personal data by FEBIAC is based;
   – Because you believe, for a specific reason, that further processing would adversely affect your privacy and could cause excessive damage;
   – You no longer wish to receive commercial offers from us;
   – Your personal data are not processed in accordance with the GDPR and the Belgian law;
   – Your personal data have to be deleted to fulfil a legal obligation laid down in the law of the European Union or the national law to which FEBIAC is subject;
   – Your personal data were collected in the context of an offer from a website directed at children.

Furthermore, we are also obliged to take reasonable measures to inform the other companies (data controllers) which process the personal data for which you have submitted the request to delete any reference or any copy.

How can you exercise your right to be forgotten?

To have certain information concerning you removed from our website, you simply have to send an e-mail to dataprivacy@febiac.be, giving your surname and first name, indicating “right to be forgotten: personal data” in the subject line and attaching a copy of your identity card. Do not forget to give the reason for your request in the text of your e-mail, for example a brief explanation, and the precise address (URL) of the page in question.

You can also exercise this right by sending a letter to the following address: Woluwelaan 46, box 6, 1200 Brussels. Your written request must be signed and accompanied by a copy of your identity card. The request must specify the address to which the reply must be sent. In that case, a reply will be sent to you within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request or if FEBIAC receives an excessively large number of requests.

However, we may be unable to respond to your request to exercise your right to be forgotten. It is important to remember that this right is not absolute. We have to ensure that this right is balanced against other important rights and values, such as freedom of expression, compliance with a legal requirement to which we are subject or important reasons of public interest.

The right to object

   • You can object to the use of your personal data for the following purposes: commercial requests, and more specifically advertisements.
   • You have the right to object to our processing of your personal data because you believe, for a specific reason, that further processing would adversely affect your privacy and could cause excessive damage.

You cannot, under any circumstances, prevent us from processing your data:
   – if the processing is necessary to conclude or fulfil your contract;
   – if the processing is required by a law or legal provision. This is the case in particular when you move to a different commune;
   – if the processing is necessary to be able to establish, exercise or assert your rights before the courts.

How can you exercise your right to object?

For this, you simply have to send an e-mail to dataprivacy@febiac.be giving your surname and first name, indicating “right to object: personal data” in the subject line and attaching a copy of your identity card.

It is important to indicate the reasons for your request to object.

You can also exercise this right by sending a letter to the following address: Woluwelaan 46, box 6, 1200 Brussels. Your written request must be signed and accompanied by a copy of your identity card. The request must specify the address to which the reply must be sent.

FEBIAC has two months in which to respond to your request to object. If your request is insufficiently precise or does not contain all the elements to enable us to undertake the requested operations, we will ask you to supply us with the necessary information within this period.

However, we may not be able to respond to your request. In that case, we will of course reply to you as clearly as possible.

In addition, any e-mails or information letters that may be sent to you will include a link which you can click so that you no longer receive any promotional information from us.

The right to the transferability of data

This right offers you the possibility of controlling your personal data more easily yourself and more specifically:
   – retrieving your personal data processed by us for your personal use and for example storing them on a device or in a personal cloud;
   – transferring your personal data from us to another company, either doing this yourself or having it done directly by us, on condition that such a transfer is ‘technically possible’.

This right relates to data provided actively and knowingly to create your online account (e.g. e-mail address, username, age), and data collected by FEBIAC.

Conversely, the personal data derived, calculated or put together from the information provided by you, such as the result of an assessment of your health, are excluded from the right of transferability of data because they were created by FEBIAC.

How can you exercise your right to the transferability of data?

For this, you simply have to send an e-mail to dataprivacy@febiac.be, giving your surname and first name, indicating “right to the transferability of data: personal data” in the subject line and attaching a copy of your identity card. Do not forget to specify the respective files and the type of request (return of data and/or transfer to a new service provider) in your e-mail.

You can also exercise this right by sending a letter to the following address: Woluwelaan 46, box 6, 1200 Brussels. Your written request must be signed and accompanied by a copy of your identity card. The request must specify the address to which the reply must be sent. In that case, a reply will be sent to you within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request or if FEBIAC receives an excessively large number of requests.

However, you should know that FEBIAC has the right to refuse your request for the transferability of data. This right only applies to personal data that were collected on the basis of your consent or the performance of a contract concluded with you. (To find out more specifically about the personal data that may be the subject of the right to the transferability of data, click on the purposes and bases section). Moreover, this right may infringe the rights and freedoms of third parties, whose data may form part of the data which would be transferred further to the request for transferability.

The right to limit processing

You have the right to ask us to limit your data, that is to say the marking (for example, a temporary move of your data to another processing system or a lock of your data making them inaccessible) of your personal registered data, in order to limit future processing.

You can call upon this right when:
   • the accuracy of the data in question is disputed;
   • your personal data is not processed in accordance with the GDPR and Belgian law;
   • the data is no longer necessary to achieve the original purposes but cannot yet be removed for legal reasons (in particular for the ascertainment, the execution or defense of your rights in court);
   • the decision regarding your request is in progress.

In case of processing limitations, your personal data will no longer be subject to any treatment without your prior consent, with the exception of their storage.

Your personal data may nevertheless still be processed for the purpose of ascertaining, exercising or defending legal rights, or for the protection of the rights of another legal or natural person, or for important reasons of public interest in the Union or the Member State.

In case of limitation of the treatment of some of your personal data, we will keep you informed about the timing when the measures will be lifted.

How to call upon your limitation right?

In order to do this, simply send us an email to dataprivacy@febiac.be, indicating your last name, first name and subject “right to limitation: personal data” as well as a copy of your identity card.

Don’t forget to mention the reason why, in the body of your email.

You can also exercise this right by sending us your request by postal mail at the following address:

Woluwelaan 46, box 6

1200 Brussels

Belgium

Your written request must be signed and accompanied by a copy of your identity card. The request must specify the address to which the answer must be sent. A response will be sent to you within 1 month after we received your postal mail, or 2 months in case of in-depth analysis and research or, if FEBIAC receives too many important requests.

7. Are your personal data transferred abroad?

icone html5   Data transfer within Europe

Within the European Economic Area (hover over: 27 EU members states, Iceland, Norway, Liechtenstein) personal data will benefit from the same level of protection.

icone html5   Data transfer outside Europe

We do not transfer any of your personal data to a location outside Europe. All our servers are located in the EEA.

8. Would you like to contact us about this Charter on the protection of your personal data and/or would you like to lodge a complaint with a data protection authority?

Do you have a question or a suggestion about this Charter on the protection of your personal data?

If so, do not hesitate to pass this on to us by contacting us here or sending a letter to:

Woluwelaan 46, box 6, 1200 Brussels.

We will be pleased to read your message or letter and reply as soon as possible.

Do you think we do not protect your personal data sufficiently?

If you think FEBIAC does not process your personal data in accordance with the GDPR and the Belgian law, you have the right to lodge a complaint with:

– the data protection authority of the European country in which you are usually resident; or
– the data protection authority of the European country in which you work; or
– the data protection authority of the European country in which the infringement of the GDPR was committed.

Lodging a complaint with the Belgian data protection authority.
→ By letter:

Gegevensbeschermingsautoriteit
Drukpersstraat 35, 1000 Brussels

→ By e-mail: contact@apd-gba.be

Lodging a complaint with another European data protection authority.
Please consult the list here to lodge a complaint with another data protection authority.

9. How can you find out whether this Charter on the protection of your personal data has been modified?

This Charter on the protection of your personal data may be modified at any time, in particular to take account of any legal or statutory changes and the development of our services.

Any major changes that may be made will be announced via our website or by e-mail, as far as possible at least thirty days before they come into force.

When we publish modifications to this Charter, we will adapt the date of the “most recent update” at the top of the confidentiality policy and describe the modifications on the page entitled “History of the modifications”.

We advise you to consult this Charter regularly to find out how FEBIAC protects your personal data.