Cefic takes personal data protection very seriously and makes sure to comply with Regulation 2016/679 on the protection of personal data (the “GDPR“) and any other applicable national act or regulation regarding the processing of personal data or the protection of privacy.
If you have been referred to this policy, it is to make you aware of data protection practices and policies implemented by Cefic as data controller and inform you of your rights.
1. Who we are
Cefic – the European Chemical Industry Council – is an international non-profit association having its registered offices at Rue Belliard 40, 1040 Brussels, Belgium. For more information, see our Statutes.
This policy relates to situations where we act as data controller, i.e. situations where we solely and autonomously determine the purposes and means of the processing of your personal data.
This policy mainly relates to the processing of personal data of:
- individual representatives of Cefic Members and Partners
- people employed by or representing contractual partners
- people who have expressed an interest in Cefic and its activities (e.g. by registering to one of our events or newsletters)
- people with whom Cefic engages with, in the framework of its purpose and activities
3. Type of personal data processed and purpose of processing
Cefic is devoted to promoting a thriving European Chemical Industry that is broadly recognised to provide sustainable, safe, innovative and resource efficient solutions to foster prosperity, growth and investments in Europe and meet the challenges for future generations.
Our main purpose is to serve the Members and the European chemical industry by generating and aggregating scientific knowledge that fosters the purpose of the Association in critical areas and by offering needs-oriented services and expertise to its Members in, amongst others, regulatory, scientific and technical matters. In view of supporting this main purpose, the Association may, in compliance with the antitrust law, promote, defend and represent with particular emphasis on their scientific, technical, pedagogic, environmental, economic, statistical, legal and structural aspects, all matters of common interest to the European chemical industry, in the widest sense, at European and global level, always endeavouring to add value as a collective compared to Member’s activities.
In this context Cefic may process certain personal data. We describe below the categories of data that we process. The data can be either provided directly by yourself or potentially gathered from other sources.
- If you are working for a Member or Partner of Cefic and that you represent that Member or Partner within Cefic, we will collect the following information about you: first name, last name, e-mail, work address, position, phone number (fixed and/or mobile). Depending on agreed activities, we may as well collect from you: passport/ID details, travel details, academic record/qualifications, biographical information, dietary requirements/allergies.
- If you contacted or have been contacted by Cefic in the framework of our interest representation activities (e.g.local/national, European, international public servant, national or European parliamentarians and their assistants, interest representatives), we will collect: first name, last name, position, professional email, work address, and other work-related details. Such contacts aim to foster a dialogue between authorities, stakeholders and the chemical sector on national, EU or international policy and regulatory issues.
- If you sign up for one of our email communications, we will collect and process your personal data to follow up on your request and handle any feedback or query from you. We will collect your first name, last name, organisation, position and e-mail address. You can unsubscribe at any time by using the ‘unsubscribe button’ in the email or by sending an email to the originator.
- If you attend events organised by Cefic, we will keep a record of your participation. If you are a participant, we will collect your name, position, organisation and professional contact details provided voluntarily for the purposes of the event. We may use that information to keep you informed of future events. If you are a speaker, we may additionally collect your bio and picture or other information you volunteer as a speaker. The participants list (name, surname, organisation) is usually made available at the venue.
- If you represent/work for a company having a business or contractual relationship with Cefic (e.g. service supplier), we will collect your name and professional contact details for the purposes of the business relation or contract, general administrative management, compliance with laws and regulations; and the protection of our rights.
If you visit our website(s) please be aware that our website(s) use(s) cookies. See our cookies policy.
4. On which legal basis and for what purposes does Cefic process your data?
We always process your personal data within the boundaries of the legal bases laid down under applicable law. We also ensure to limit the processing of your personal data to what is strictly necessary for the achievement and performance of these purposes.
When we process your personal data for specific purposes beyond the usual interactions with Cefic Member/Partner representatives, civil servants, politicians, interest representatives and our institutional communication, we strive to rely on your consent to put you in control of your personal data.
Your prior informed, explicit consent will be requested for registering to Cefic’s communications. Your consent will also be sought in case your presentation or speech is filmed or if your portrait is photographed at events that we organise. You always have the right to withdraw your consent at any time by contacting the event organiser/email initiator or by sending an email to privacy[@]cefic.be.
Performance of legal, statutory or contractual duties
We may process your personal data where this is necessary for the performance of our legal/statutory duties or the performance of our contractual obligation towards you. In such a case, we limit the processing of your personal data to the extent of what is strictly necessary.
If a person applies to represent his/her organisation in a Cefic governance body or structure, Cefic may process personal data of the Member/Partner representative for the functioning in its governance bodies, such as Board Members administration, management, voting procedures and related, following Cefic Statutes, by-laws and operating rules, and Title III of the Belgian law of 27 June 1921 on non-profit associations, foundations, European political parties and European political foundations.
We also process Member and/or Partner representatives’ personal data to ensure the respective Member/Partner enjoys the rights granted by the Cefic Statutes, by-laws, operating rules; and Sector Group Operating Rules (cf. access to Cefic working structures and information).
Legitimate interests of Cefic
Cefic may also process your personal data for other purposes, falling under the achievement and the realisation of its legitimate interests, e.g.:
- to contact policy-makers, stakeholders and journalists on legislative issues, and communicate the position of Cefic on policy issues;
- to manage the communication and updates to Cefic’s Member or Partner individuals (news, updates, activities) not falling under the abovementioned communications;
- to publish newsletters and website stories;
- to draft and publish Cefic’s reports;
to ensure an effective relationship between the Association and its Members/Partners.In such a case, however, Cefic strives to maintain a fair balance between the need to process your data and the preservation of your rights and freedoms, including the protection of your privacy..
5. With whom and how do we share your data?
Beyond the usual interactions with Cefic Member/Partner representatives, civil servants, politicians and interest representatives, your personal data will not be shared with third parties without your express prior consent – except in the following two situations.
We sometimes rely on contractually bound third-party companies and external service providers to provide our services. These service providers may need to process personal data to perform their contractual obligations. When this is the case, processors are permitted to use the data only for the purposes and duration specified by us. Furthermore, they are contractually obligated to handle your data exclusively in line with the applicable data protection laws.
We use service providers for the following:
- conference/event organisation;
- distribution of newsletters, the execution of surveys
- website or data hosting/maintenance;
- advise/support on public relations and affairs
- study research, statistics, scientific studies, etc.;
- logistics service providers, for sending you materials relating to Cefic activities;
- payment service providers for the purpose of processing all payments from you to us or vice versa;
- IT service providers for the provision of hardware and software and for the implementation of maintenance work.
Data is disclosed to processors based on Article 28(1) of the GDPR or, alternatively, on the basis of our legitimate interests in the economic and technical advantages associated with the use of specialised processors and on the basis of circumstances in which your rights and interests in the protection of your personal data are not overridden (see point (f) of Article 6(1) of the GDPR).
For prosecution reasons
Where required to investigate the unlawful use of our services or for the purposes of prosecution, personal data will be disclosed to the relevant law enforcement authorities and, where applicable, to any third-party claimants. However, such a course of action will only take place if there is concrete evidence of unlawful conduct or misuse. In such cases, your data may also be shared if doing so is required for the fulfilment of terms and conditions of use or other agreements. If requested, we are also legally obligated to disclose such data to certain public authorities, such as law enforcement bodies, authorities that penalise offences with financial penalties, and financial authorities.
In these cases, data is disclosed on the basis of our legitimate interest in combating misuse, aiding the prosecution of criminal offences, and aiding the establishment, assertion and enforcement of claims, in line with point (f) of Article 6(1) of the GDPR.
6. What are your rights?
Access, rectification, erasure, portability and objection rights
For all the purposes defined above, and subject to applicable data protection laws, you have the following rights:
- the right to ask us to provide you with copies of personal data that we hold about you at any time, which include the right to ask us: whether we process your personal data, for what purposes; the categories of data; the recipients to whom the data are shared;
- the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you;
- the right to withdraw your consent where such consent has been given;
- the right to erasure within the limits afforded by data protection legislation;
- the right to oppose to the processing of your personal data, within the limits afforded by data protection legislation;
- the right to data portability within the limits afforded by data protection legislation.
How to exercise those rights?
You may at any time exercise the abovementioned rights in accordance with data protection regulations, by sending a request with a copy of your ID card (passport or other proof of identity) to firstname.lastname@example.org or in writing to Rue Belliard 40 b15, 1040 Brussels, and subject to complying with our reasonable requests to verify your identity.
Right to lodge a complaint
You can also lodge a complaint to the Belgian Data Protection Authority either by post at rue de la Presse 35, 1000 Brussels; by e-mail at email@example.com; by phone at +32 2 274 48 00 or first-line assistance at +32 2 274 48 78.
7. How long do we keep your personal data?
We will not store your personal data beyond the time necessary for the performance of the purposes for which the data is processed. Specifically, we distinguish between a retention period and an archiving period:
- The retention period is the maximum period of use of your personal data for specific purposes:
- the data processed for the execution of the contractual relationship or the performance of a legal duty is kept for the entire duration of the contract, or as long as the legal duty applies, and for the prescription period upon termination of the contract or of the legal obligation;
- the data processed for other purposes may be retained for a longer period during which we will reassess the need to keep this data and pseudonymize the data where it does not affect the realisation of the purposes.
- The archiving period meets our legal obligation as well as the legal need to retain your data beyond the retention period for evidentiary purposes or to respond to requests for information from the competent authorities.
8. How do we protect your personal data?
We take appropriate technical and organisational measures to safeguard and protect your personal data, against unauthorised or unlawful processing and against accidental destruction, loss, access, misuses, damage and any other unlawful forms of processing of the personal data in our possession.
9. How to contact us?
Last updated on 13 September 2019