THE EUROPEAN
FUEL MANUFACTURERS ASSOCIATION
PRIVACY NOTICE FOR MEMBER COMPANIES' REPRESENTATIVES AND NOIA
REPRESENTATIVES AND OTHER EXTRANET USERS
The European Fuel Manufacturers Association AISBL, acting through its Concawe and
FuelsEurope divisions ("We",
"us", "our"), is committed to complying with EU Privacy Law.
This privacy notice (the "Notice")
describes how We
process the Personal Data We collect from designated representatives of our members and National
Oil Industry Associations ("NOIA") representatives and other Extranet
Users ("You").
We are a data controller. This means that We
are responsible for deciding how We collect and use (process) Personal Data
about You. We are required under GDPR to notify You of the information contained
in this Notice.
1.
What Personal Data do We collect about You?
The personal data We collect about You are:
(a)
First Name and Last
Name;
(b)
Email address;
(c)
If you are an officer
of the association (director, alternate director, treasurer, president or
vice-president), a copy of your ID card or passport;
(d)
Name of the
organization you belong to;
(e)
Function within the
organization;
(f)
Your professional fixed
and/ or mobile phone number; and
(g)
If you are a director
or alternate director, or the chair of a working group, the information in your
CV.
All together your "Personal Data"
We typically collect Personal Data directly from
You or from the organization You belong by email or fax (in such case under the
assumption that specific measures have been put in place by such organizations
to lawfully provide us with your Personal Data).
2.
How do We collect and process (use) your
Personal Data? And on which legal basis?
We use your
Personal Data for different purposes. These include:
(a)
Organizing and handling
general assemblies and board meetings (including power of attorneys for proxy
voting procedures);
(b)
Keeping records of the
board meetings and the general assembly and circulating minutes;
(c)
Publishing relevant
resolutions such as the appointment, renewal or replacement of directors in the
Belgian official journal;
(d)
If you are the director
general, the president or treasurer of the association, submitting beneficial ownership and
related mandatory declarations (Déclaration bénéficiaire effectif).
We do so in order to comply with our legal
obligations under Belgian laws.
We also process your Personal Data in order to
run the operations of the association and provide You with the associated
benefits of your membership.
In particular, We process your Personal Data
to:
(a)
Administer your organization's
membership;
(b)
Keep membership
records;
(c)
Process membership
fees' payments;
(d)
Send out surveys,
voting papers and other information relevant to our functions and obligations;
(e)
Establish and maintain
communications with You;
(f)
Provide content or
services You request from us;
(g)
Invite You to attend
our committees, working groups and task forces and run such committees, working
groups and task forces;
(h)
Send You our publications, brochures, newsletters, reports and other materials;
(i)
Invite You to our
events, conferences and workshops;
(j)
Publish your contact
details on Sharepoint in order for our members to be
able to know who is participating in the different working groups and be able
to work on cross-border matters;
(k)
Manage complaints and
conduct investigations and disciplinary or dispute resolution activities.
We do so based on our legitimate interest
(or, for cases referred under (b), (c), and (k) above, in order to comply with
legal obligations under Belgian laws). As a trade association, we have the
interest in carrying out the activities necessary to perform the purpose ascribed
in our statutes and operating guidelines. In doing so, we considered your
rights and expectations as a Data Subject and have assessed that your interest,
fundamental rights and freedoms are not put at risks. When we collect and
process your Personal Data based on legitimate interest, You have specific
rights (see s8 below for more information in that regard).
When
You register to our events, webcasts, seminars, etc., You will receive a
specific privacy notice.
3.
Change of purpose
We will only use your Personal Data for the purposes for which We
collected it, unless We reasonably consider that We need to use it for another
reason and that reason is compatible with the original purpose. If We need to
use your Personal Data for an unrelated purpose, We will notify You and We will
explain the legal basis which allows us to do so (as well as your rights in
relation to such further processing).
4.
Which
third-parties process your Personal Data? Do We share, disclose or transfer
Personal Data?
In order to conduct our activities, We may have
to share or disclose your Personal Data with third parties, including
third-party service providers.
We may, should the need arise, share your
Personal Data with:
(a)
IT service providers;
(b)
Travel agencies;
(c)
Where necessary and
appropriate with our counsel (who is bound by professional secrecy rules) or
financial institutions.
In order to send You our newsletter and
reports, We share your Personal Data with MailChimp (https://mailchimp.com/), a third party providing email
marketing services. MailChimp is located in the United
States. Your Personal Data are transferred to, stored and processed in the
United States and may be shared there. We have taken steps with MailChimp to ensure
that the transfer of your Personal Data to MailChimp complies with EU Privacy
Law. MailChimp participates in and has certified its compliance
with the EU-U.S. Privacy Shield Framework. We have also signed a Data
Processing Agreement incorporating Standard Contractual Clauses with MailChimp. If You would like to receive a copy of the
agreement, You can contact us at privacy@fuelmanufacturers.eu.
We do
not use other third-parties to process your Personal Data or otherwise transfer
Personal Data outside of the EEA and/or disclose your Personal Data to other
recipients than those identified in this Notice. If we were to do so, We will comply with EU Privacy Law.
5.
Data security
Your Personal Data are treated as confidential.
In order to safeguard your Personal
Data from unauthorized
access, collection use, disclosure copying, modification, disposal or similar
risks, We have put in
place appropriate administrative, physical and technical measures. We
update and test our security technology on an ongoing basis. We restrict access
to Your Personal Data to those employees and staff who need to know that
information to provide benefits or services to You. In addition, We train our
staff about the importance of confidentiality and maintaining the privacy and
security of Your information. We commit to taking appropriate disciplinary
measures to enforce our staff' privacy responsibilities.
6.
How long will We
retain your Personal Data?
We retain your
Personal Data in accordance with our retention policy. As a general principle,
We keep your Personal Data only as long as it is necessary or legally required.
7.
"Cookies" and Internet tags
We process
information about visits to our websites, the web pages visited, the date and
time that you view our website and what you clicked on, your
IP address, the geographical location from which you accessed our website based
on your IP address, information about your computer or device (device and
browser type). Such information includes Personal Data. We use this information
for internal purposes to compile aggregate statistical data about users'
browsing actions and patterns and to estimate our audience size and usage
patterns. We obtain information by installing technical "cookies" to
capture session data.
8.
Your rights in
connection with your Personal Data
Under certain
circumstances, by law You have the right to:
(a)
Request access to
your Personal Data. This enables You to receive a copy of the Personal Data We
hold about You and to check that we are lawfully processing it.
(b)
Request
correction of the Personal Data that We hold about You. This
enables You to have any incomplete or inaccurate information We hold about You
corrected.
(c)
Request erasure of
your Personal Data. This enables You to ask us to delete or remove personal
information where there is no good reasons for us continuing to process it. You
also have the right to ask us to delete or remove your Personal Data where You
have exercised your right to object to processing (see below).
(d)
Object to
processing of your Personal Data where We are relying on a
legitimate interest (or those of a third party) and there is something about
your particular situation which makes You want to object to the processing on
this ground.
(e)
Request the
restriction of processing of your Personal Data. This enables You to ask
us to suspend the processing of Personal Data about You, for example if You
want us to establish its accuracy or the reason for processing it.
(f)
Request the
transfer of your Personal Data to another party (data
portability).
If You are dissatisfied with any aspect of our
handling of your Personal Data, You have the right to make a complaint at any
time to the Supervisory Authority.
9.
How can You contact us?
For more information, or if You have questions
about your Personal Data, on the way We collect and process Personal Data, or
want to exercise any of your rights under this Notice, You can contact the association's Legal Advisor at +32 2
566 91 22 or the Finance s Manager at +32 2 566 91 18. You can also contact the
association via email at privacy@fuelmanufacturers.eu
10.
Changes to Notice
We may revise
this Notice from time to time and any revisions will be made available to You via
Extranet.
11.
Our contact details
European Fuel
Manufacturers Association AISBL
FuelsEurope /
Concawe
Boulevard du
Souverain 165 - 3rd floor, 1060 Brussels,
Belgium
Tel. +32 2 566
91 00
Fax. +32 2 566 91 11
Email: privacy@fuelmanufacturers.eu
12.
Glossary
In this Notice:
"Data Processing
Agreement"
means the agreement that sets out BSEF and MailChimp's
responsibility in line with Article 28 GDPR (or any other similar agreement to
be entered in due course by us in accordance with EU Privacy Law).
"Data Subject" means an identified
or identifiable individual.
"EU Privacy
Law" means the
General Data Protection Regulation 2016/679 ("GDPR") and the Belgian national privacy laws, as amended from
time to time.
"EU-US Privacy
Shield Framework" means the framework designed by the EU Commission and the US Department
of Commerce allowing organisations located in the EU to transfer personal data
to US companies certified under the framework.
"Processing" means any operation
performed on Personal Data, manually or by automated means, such as collection,
recording, organization, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or otherwise
making available, alignment or combination, restriction, erasure or
destruction.
"Supervisory
Authority" means
the Belgian Data Protection Authority or the relevant data protection authority
of the data subjects' habitual residence or place of work.
"Standard
Contractual Clauses" means the clauses adopted by the EU Commission to allow the transfer of
personal data (as defined under EU Privacy Law) outside of the European Union.
Last update: June 2022