1. WHO WE ARE
We”, “us” or “our” means EIT Food’s North-West regional office which consists of the UK, Ireland and Iceland. The controller of your data is the EIT Food branch that initially collected your data and decided the purposes and means for using your data. Please find information about all our branches via https://www.eitfood.eu/contact.
- Via email: firstname.lastname@example.org
You can also contact our EIT Food Headquarters:
- By post: EIT Food iVZW Ubicenter A Philipssite 5 bus 34, Belgium
- Via email: email@example.com
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by contacting the EIT Food North-West regional office.
- Via email: firstname.lastname@example.org
2. HOW WE USE AND COLLECT YOUR PERSONAL DATA
Personal data is defined as any information relating to an identified or identifiable natural person. Identifiable refers to identifiers (such as name, identification number, location data, etc.), that can be used to directly or indirectly identify a natural person.
The personal data we collect, is collected and used for the purposes as listed hereunder:
- In the event you contact our regional office via post, email or telephone, we will use your personal data in order to reply to your query, via email or telephone.
- In the event you register for our regional newsletter, your email address will be used in order to send you our newsletters, which may include invites to events, seminars, etc. organised by us.
- In the event you register for an event hosted or associated with our region, your email address may be used in order to invite you to future events, seminars, etc. organised by us.
- In the event you contact our regional office via social media messaging or social media posting or any other communication that you send us, your social media account name may be stored on our databases.
- In the event we contact you under a legitimate interest, we would ask to store your personal data to be used on our databases.
- We process your personal data to enforce or exercise any rights that are available to us based on the applicable law, such as use for the establishment, exercise or defense of legal claims.
- We may also use your personal data to fulfil our obligations as set out by the applicable law.
The following categories of personal data can be distinguished:
- Contact data: in the event you contact our regional office, the information that is provided is directly from you. In the event we contact you under a legitimate interest, we will ask to store your personal information. The following information: name, address, email address, phone number, and any personal data that you choose to share with us, may be stored in our regional databases.
- Newsletter: if you register for our newsletter, you will be asked to provide your name and email address. This is information provided directly by you.
- Event: if your register for one of our events, you may be asked the following information: name, address, email address, phone number. This is information provided directly by you.
- Transaction data: we collect personal data relating to transactions that you make through the website, including your “contact data”, payment information and the goods and/or services purchased. This is personal data provided directly by you.
The legal basis for the processing of your personal data is based on consent. You have the right to withdraw your consent at any time. This will, however, not affect the lawfulness of any processing done prior to the withdrawal of consent.
Sensitive Data: We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
Your personal data will solely be used for the purposes as set out in this article. In case we need to use your details for an unrelated new purpose we will let you know and explain the legal grounds for processing. We may process your personal data without your knowledge or consent where this is required or permitted by law.
3. RETENTION OF YOUR DATA AND DELETION
Your personal data will be retained for a period of 3 years.
In the event you withdraw your consent or you object to our use of your personal data, and such objection is successful, we will remove your personal data from our databases. Please note that we will retain the personal data necessary to ensure your preferences are respected in the future.
The foregoing will, however, not prevent us from retaining any personal data if this is necessary to comply with our legal obligations, in order to file a legal claim or defend ourselves against a legal claim, or for evidential purposes.
4. YOUR RIGHTS
This article lists your principal rights under data protection law. We have tried to summarise them for you in a clear and legible way.
The right to access
You have the right to receive from us a copy of your personal data we have in our possession, provided that this does not adversely affect the rights and freedoms of others. The first copy will be provided free of charge, but we reserve the right to charge a reasonable fee if you request further copies.
The right to rectification
If the personal data we hold about you is inaccurate or incomplete, you have the right to have this information rectified or, taking into account the purposes of the processing, completed.
The right to erasure (right to be forgotten)
In some circumstances, you have the right to the erasure of your personal data without undue delay. Those circumstances include:
- The personal data are no longer needed in relation to the purposes for which they were collected or otherwise processed;
- You withdraw your consent, and no other lawful ground exists;
- The processing is for direct marketing purposes;
- The personal data have been unlawfully processed; or,
- Erasure is necessary for compliance with EU law or Belgian law.
There are certain exclusions to the right to erasure. Those exclusions include where processing is necessary,
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation; or,
- for the establishment, exercise or defense of legal claims.
The right to restrict processing
You have the right to restrict the processing of your personal data (meaning that the personal data may only be stored by us and may only be used for limited purposes), if:
- You contest the accuracy of the personal data (and only for as long as it takes to verify that accuracy);
- The processing is unlawful and you request restriction (as opposed to exercising the right to erasure);
- We no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; or,
- You have objected to processing, pending the verification of that objection.
In addition to our right to store your personal data, we may still otherwise process it but only:
- with your consent;
- for the establishment, exercise or defense of legal claims;
- for the protection of the rights of another natural or legal person; or,
- for reasons of important public interest.
We will inform you before we lift the restriction of processing.
The right to data portability
To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
You also have the right to have your personal data transferred directly to another company, if this is technically possible, and/or to store your personal data for further personal use on a private device.
The right to object to processing
You have the right to object to the processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for:
- The performance of a task carried out in the public interest or in the exercise of any official authority vested in us;
- The purposes of the legitimate interests pursued by us or by a third party.
If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
The right to complain to a supervisory authority
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
- In the UK, you can submit a complaint to the Information Commissioners Office.
- In the Republic of Ireland, you can submit a complaint to the Data Protection Commission.
- In Iceland, you can submit a complaint to the Icelandic Data Protection Authority.
If you are within the UK and are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
If you are within the EU and are not happy with any aspect of how we collect and use your data, you have the right to complain to the data protection authority of the country in which you are based. We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
5. DISCLOSURE TO THIRD PARTIES
To the extent necessary or appropriate, EIT Food North-West may disclose your Personal Information to external 3rd Parties, such as IT consultants carrying out testing and development work on our IT systems and other service and software providers who we may appoint as data processors such as e.g. for CRM purposes.
Where applicable, we will impose appropriate contractual, security, confidentiality and other obligations on to 3rd party providers and processors we have appointed, based on the nature of the services they provide to us. We will only permit them to process your Personal Information in accordance with the law and our instructions. We do not allow them to use your Personal Information for their own purposes and when our relationship ends we will ensure your Personal Information is securely returned or destroyed.
The above mentioned third parties may be located both within and outside the EEA. In the latter case, we will take the necessary measures to ensure that your Personal Information is adequately protected, secure, kept confidential and that we have a lawful basis for the transfer.
In addition, we may disclose your personal data in the event such disclosure is required or necessary in order to fulfil a legal obligation. We may also disclose personal data in order to protect your vital interests or the vital interest of another natural person.
As such, we do not disclose your personal data to our social media partners. We do, however, make use of social media plugins to direct you to our social media channels and to allow you to interact with our content. These social media channels are Facebook, LinkedIn, Twitter, Instagram and YouTube. In the event you click such link, such social media service provider may collect personal data about you and may link this information to your existing profile on such social media.
We are not responsible for the use of your personal data by such social media service provider. In such case, the social media service provider will act as controller and we refer to the privacy policies of those social media channels for information about the use of your personal data.
We have put in place appropriate security measures to prevent your Personal Information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Information to those employees, agents, contractors and other third parties who have a business need to do so.
We have put in place procedures to deal with any suspected Personal Information breaches and we will notify you and the applicable supervisory authority of a breach where we are legally required to do so.
7. INTERNATIONAL TRANSFERS
We will ensure that any transfer of personal data to countries outside of the European Economic Area will take place pursuant to the appropriate safeguards.