This privacy notice provides information to individuals whose data are collected through the website www.unife.org and other websites controlled and/or operated by UNIFE that link to this privacy notice, and those individuals whom UNIFE encounters in conducting its activities, such as participants to UNIFE events, representatives of UNIFE members and public institutions and authorities, specialists in the fields of European and public affairs, transport and railways, UNIFE contacts and other people with whom UNIFE has a relationship (hereinafter each referred to as an “Individual”), regarding how their personal information is collected and processed by UNIFE or within its affiliated entities, in compliance with the applicable data protection laws, in particular the European Regulation 2016/679 of 27 April 2016 called the General Data Protection Regulation (hereinafter “GDPR”).
This privacy notice explains why and how personal information about Individuals (hereinafter “Personal Data”) is collected, what Personal Data is processed, who has access to Personal Data, how Personal Data is protected, how long Personal Data is retained, the rights of the Individuals and who to contact for further information. This notice is without prejudice to specific provisions set out in other related documents or any contract entered into between UNIFE and the Individual concerned or his/her organisation.
1. Why UNIFE processes PERSONAL DATA?
UNIFE, whose registered offices are located at Avenue Louise 221, 1050 Brussels, Belgium and registered with the Crossroads Bank for Enterprises under the number BE0453405417, keeps and processes Personal Data, whether or not in electronic form, for administrative, marketing and customer/supplier management purposes, especially in light of the following non-exhaustive activities:
- responding to any communication, inquiry or request which an Individual submits to UNIFE;
- managing relationships and maintaining contact with the Individuals;
- introducing the Individuals to other Individuals during projects of UNIFE events;
- negotiating and executing agreements;
- processing information relating to a proposed or actual purchase or sale of products or services by UNIFE, including sending statements and invoices;
- improving UNIFE’s products and/or services;
- providing the Individuals with newsletters and marketing communications and/or any other information relating to the activities of UNIFE, and/or conducting surveys and market research;
- legal and/or regulatory compliance, including dispute resolution.
2. What are the legal grounds for processing the PERSONAL data?
These data are processed on one or more of the following legal grounds:
- The consent of the Individual concerned (e.g. for responding to a survey);
- In view of the entering into and the performance of a sales contract or another contract with the Individual or his/her organisation, including the invoicing process;
- To comply with legal obligations applicable to UNIFE (e.g. regarding tax matters, etc.);
- In the framework of the legitimate interests of UNIFE and/or a third party, but which UNIFE believes also beneﬁt the Individuals, such as, but not limited to, direct marketing and data analytics.
3. Which categories of personal data are processed?
Personal Data is all personal information relating to an identified or identifiable natural person who is an Individual. For the abovementioned purposes, the processing of personal data may include the following categories:
- Personal identification data, such as the name and the address;
- Electronic identification data, such as the email address and the phone number;
- Personal details, such as the date and place of birth, language, nationality, and gender;
- Professional details, such as the organization/employer name and his/her function/position/role;
- Financial data (bank account number, etc.);
- Images and video footage;
- Consumption habits (sales history, etc.);
- Information collected through cookies and similar technology;
- Survey data.
4. Where do the PERSONAL data come from?
When an Individual contacts UNIFE, Personal Data will likely come directly from the individual concerned. UNIFE may also contact an Individual for prospecting purposes if initial contact information has not been obtained directly from such individual, including receiving such information from publicly available sources or from other persons who have transmitted this data to UNIFE. During the course of the relationship, the Individual concerned, or another representative of his/her organization, will provide UNIFE with further information for the management of the relationship.
UNIFE may also receive or generate data relating to an Individual from other individuals or organisations, or those to whom such Individual communicates by email or other systems.
The Personal Data collected directly or indirectly by UNIFE is required to fulfil legal requirements and/or to enter into a contract and maintain contact for the duration of the relationship. Failure to provide UNIFE with required information will negatively affect UNIFE’s ability to communicate with the Individual concerned (including the ability to provide any applicable electronic newsletters if an Individual does not wish to share his/her email address) or to enter into a contract with the Individual or his/her organisation or to continue the performance of a contract once entered into without access to necessary Personal Data.
5. Who has access to the personal data?
For the abovementioned purposes, Personal Data will be shared on a need to know basis with:
- the Individuals themselves or other individuals employed by or representing their organisation,
- the personnel of UNIFE,
- UNIFE members,
- government, regulatory bodies and/or public authorities where it is necessary to comply with legal or regulatory obligations which UNIFE is subject to or as permitted by applicable law,
- authorized third party agents, service providers, professional advisors and/or subcontractors of UNIFE such as for website maintenance, assistance with promotional campaigns, etc.
Also, UNIFE’s websites contain social media buttons allowing the user to share content with third parties. When using such buttons, some information (e.g. IP address) may be accessed by the social media operator. UNIFE does not control which information is accessed and how that information is processed by such operators. Please see the applicable privacy policies to check how they use this information.
6. Are the PERSONAL data transferred INTERNATIONALLY?
It may be necessary in limited circumstances to transfer Personal Data abroad or to an international organisation to process and/or store this information to comply with our legal or contractual requirements. For transfers of data outside the European Union, UNIFE has implemented appropriate safeguards in line with GDPR requirements. To ensure an appropriate level of protection for Personal Data, UNIFE will either use a data transfer agreement with the third-party recipient based on standard contractual clauses approved by the European Commission, ensure that the transfer is to a jurisdiction that is the subject of an adequacy decision by the European Commission or to the United States under the EU-US Privacy Shield framework.
7. How long are the PERSONAL data retained?
The Personal Data are retained no longer than necessary for the purposes described in this privacy notice. As a rule, and unless otherwise stated in other related documents for specific categories of Data, the Personal Data are retained during the term of the contract as well as following the expiration or termination of the contract for as long as UNIFE can have legal liability for which the use of these Data can be relevant, taking into account the applicable statutory periods of limitation and legal retention obligations. For marketing purposes, the applicable data will be retained as long as the Individuals concerned do not object.
That being said, information may be retained for a shorter period of time where an Individual objects to the processing of his/her Personal Data and there is no longer a legitimate purpose to retain such information.
8. How IS PERSONAL data protected?
UNIFE has implemented adequate technical and organizational measures to protect Personal Data and keep it as safe and secure as reasonably possible, protecting it against unauthorized, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access and against other unlawful forms of processing. These security measures have been implemented taking into account the state of the art of the technology, their cost of implementation, the risks presented by the processing and the nature of the Personal Data in question.
9. What are the INDIVIDUAL’S rights and who can they contact UNIFE?
Individuals who have Personal Data collected and processed have the right at any time to contact UNIFE to access their Personal Data and, by providing enough proof of their identity, request a correction of any incorrect or incomplete information.
Subject to and in accordance with applicable law, Individuals may also have the right to:
- request the deletion of their Personal Data;
- request restrictions or object to the processing of their Personal Data;
- data portability, allowing the Individuals concerned to copy or transfer their Personal Data;
- withdraw their consent at any time where consent was provided to process their Personal Data, provided this will not affect the validity of the processing prior to such withdrawal of consent; and
- receive more information about the safeguards in case of international data transfers.
Individuals have also a right to lodge a complaint with the Belgian Data Protection Authority or another EU supervisory authority if they think UNIFE has not acted in line with any applicable data protection laws in respect of dealing with their Personal Data.
For any further information about these rights or to make a request, please contact UNIFE or its DPO at:
- By e-mail: firstname.lastname@example.org
- By letter: UNIFE – the European Rail Industry, Avenue Louise 221, 1050 Brussels
its DPO: GOlegal
- By e-mail: email@example.com, firstname.lastname@example.org
- By letter: GOlegal, Avenue Louise 523, 1050 Brussels, Belgium
- By phone: +32 2 880 82 69
10. COOKIES AND SIMILAR TECHNOLOGY
11. Changes TO PRIVACY NOTICE
This privacy notice may be updated from time to time as needed, notably to comply with changes in any applicable laws, regulations or requirements introduced by data protection authorities.
This privacy notice was last updated on 8 March 2019.