Transparent information on data collection and processing
The General Data Protection Regulation (GDPR) entered into force on 25 May 2018 and aims to give citizens control regarding the storage and processing of their data.
Personal data is defined as any information relating to an individual, personal or professional.
For the purposes of GDPR, the data controller is VOICE asbl, whose registered office is Rue Royale 71, 1000 Brussels (enterprise number: 0475 213 787).
Information that is stored, archived and on paper (manual processing) is subject to the same data protection rules as digital and other information.
The principles stated below provide a summary of the basic rules that VOICE follows when gathering personal data and ensuring that it is kept confidential and secure.
1. Respect of the core Data Protection principles
VOICE respects all the fundamental rights of the people on whom it holds personal data by
- Implementing the following core privacy principles: transparency, fairness, lawfulness, purpose limitation, security, integrity, quality and data minimization
- Enabling data subjects to access their personal data and exercise their rights to modification and restrict processing.
VOICE always processes personal data only to the extent necessary for the given purpose.
All representatives or employees of VOICE member organisations and of its working partners included in VOICE mailing lists can withdraw their consent at any time by sending an e-mail either to VOICE Communication Officer at firstname.lastname@example.org or to the VOICE staff member they are in contact with.
Subscribers to VOICE’s newsletter can always unsubscribe online or by sending an e-mail to the above address.
Personal data is regularly updated upon request of the individuals, when the person is replaced in the job or when the e-mail address is refused.
2. No transfer to third parties except compulsory by law
VOICE does not process special categories of data or sensitive data. However, VOICE will in no case pass on the personal data to outside parties without prior explicit consent of the person concerned, except upon a Court order or to comply with compelling laws and regulations (especially for employees’ data and payroll information). VOICE will not sell, rent, share or make commercially available the data it stores.
3. Lawful basis for holding and processing the data
Collection and storage are limited to what is necessary.
a) VOICE as a network of NGO member organisations stores and processes its members’ data:
- All members: name, organization, job title, professional address and e-mail address, telephone number (office and mobile), skype and twitter accounts and application file.VOICE maintains an updated key-contact person list (1 or 2 by member organization), a specific list of its Brussels-based members and a list of people having access to the website section dedicated to VOICE members. VOICE also holds specific lists of its working-groups, task forces, , and for thematic advocacy and policy initiatives, and other ad hoc advisory groups and events. It has to be noted that the list of recipients for the membership fee invoice and their invoicing details, as well as relevant archives in terms of membership application, are kept separate with limited access, restricted to VOICE management.
- Board of Directors: in addition to the above information, VOICE also holds documentation as per legal requirements (i.e. publication in Moniteur belge) which are only accessible by VOICE management.
By definition, VOICE members have given their explicit consent for VOICE holding and processing their data.
b) VOICE’s mission is to enhance the collective influence of the network with the European Union including its Member States
- European Commission, Council, European Parliament, relevant representatives in EU Member States: VOICE processes public data posted online or made public by any means. VOICE holds a list of its relevant interlocutors and the persons met in the context of its work. Data is limited to: name, organization, job title, professional address, e-mail address, office telephone number, (where relevant) mobile number, skype and twitter accounts.
VOICE has a specified, explicit and legitimate purpose when processing this institutional data, based on public interest.
c) Other relevant stakeholders
VOICE holds personal data of the representatives of organisations and institutions with whom the Secretariat maintains regular exchanges also based on explicit consent at Brussels’, national and international level. Data is limited to: name, organization, job title, professional address and e-mail address, telephone number (office and mobile), (where relevant) skype and twitter accounts.
Same specified, explicit and legitimate purpose as above.
d) Subscribers to VOICE ‘s bi-annual Newsletter (VOICE Out Loud - VOL)
In addition to the above categories, individuals may subscribe to VOICE’s Newsletter, either online or by sending an e-mail to the Secretariat. They are asked for their name, organization, job title, e-mail address, country and professional sector.
The VOL subscribers’ list is processed through Mailchimp.
By subscribing, individuals have given their explicit consent to receiving the Newsletter. They can opt-out at any time by unsubscribing online or by sending an e-mail to VOICE Communication Officer at email@example.com.
e) Businesses and services providers
Businesses and service providers data is not available from the shared data base. Contacts and contracts are protected, with access restricted to VOICE management only (computer and paper). The data held by VOICE is limited to contractual necessity. Communication with businesses and service providers is reduced to essential and ongoing services.
4. Protection of data
As VOICE can't ensure data privacy unless the personal data is protected by technology, together with its IT experts and suppliers, VOICE has developed
- appropriate physical, electronic, managerial measures to ensure that we keep your information secure, accurate and up to date, and that we only keep it as long as is reasonable and necessary, and
- security measures and tools to prevent as far as possible the accidental destruction, loss, falsification or damage, unauthorized or unlawful access or processing of personal data.
Physically, VOICE has technical and organizational procedures protecting access to computers --including restricted sections on its computer server requiring different levels of authorisation, passwords and logins. Paper files containing personal data are kept in locked cupboards.
VOICE protection measures will be periodically reviewed and adapted to reflect technological progress as required.
Online automated data trackers
The providers of computer tools, applications and online platforms which VOICE uses have their own privacy policies; VOICE cannot be held responsible for the privacy of data collected by websites not owned or managed by VOICE, including those linked through our website.
VOICE providers may use various technologies to collect and store information, and this may include using cookies and similar tracking technologies, such as pixels and web beacons. For example, web beacons used in e-mails track certain behavior such as whether the e-mail sent was delivered and opened and whether links within the e-mail were clicked. They also allow to automatically collect information such as the recipient’s Internet protocol (IP) address, browser, e-mail client type and other similar details.
Whereas essential cookies are necessary for browsing the website, authenticate users and delivering requested information, analytics cookies help to improve the content of the website and to increase its usability. For example, these cookies show the date and time of access to VOICE website or the pages viewed, or help to identify difficulties that may be encountered during navigation and to develop tools and algorithms to prevent violations.
No information is collected that could be used by VOICE to identify website visitors. Each browser (Internet Explorer, Safari, Firefox, Google Chrome, etc.) has its own cookie configuration mode enabling to easily delete, disable or accept cookies. To learn about the procedure to follow concerning each navigator, visit the site: http://www.allaboutcookies.org/manage-cookies/
5. Duration of the processing
VOICE only retains data for as long as necessary for an ongoing legitimate working relation or when there is a legal need to do so.
VOICE deletes personal data as soon as individual consent is withdrawn, when data is no longer relevant to VOICE permitted purposes or when VOICE is no longer legally required to store such data.