DATA PROTECTION AND PRIVACY POLICY
WSBI-ESBG is committed to abide by the provisions of the GDPR.
What is the GDPR?
The General Data Protection Regulation (hereafter referred to as “the GDPR”) applies from 25 May 2018 onwards. Its ambition is to lay down “rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data”.[1] With respect to the territorial scope, the GDPR applies only in relation to natural persons who are residents of EAA countries.
WSBI-ESBG is committed to abide by the provisions of the GDPR. Therefore, this Data Protection and Privacy Policy seeks to inform you of what this implies with respect to your future relationship with WSBI-ESBG.
Which of your personal data is kept by WSBI-ESBG?
Personal data concerns only natural persons. However, there are two categories of personal data:
- data with which a natural person can be identified, and
- data with which a natural person can be identifiable, meaning that the person can be identified, directly or indirectly by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
What is not personal data: information about individuals from which individuals cannot be identified (such as collection of anonymised statistics), as well as general information about companies and organisations.
WSBI-ESBG keeps on file the following personal data:
- names and surnames,
- contact details (e-mail address, phone numbers)
- details about the employer of the person (name of the company, position within the company/institution, job details),
- photographs collected during WSBI-ESBG events.
In handling this data, WSBI-ESBG can act as either a data controller or rarely as a data processor (processing data for another data controller).
Why do we keep your personal data?
WSBI-ESBG utilizes your personal data in order to fulfil its mission – being the voice of savings and retail banks. Keeping your data in our databases ensures that you will continue to receive invitations to our events, latest updates and other relevant information.
Where do we get your data from?
We collect your personal data from the following sources:
- public websites,
- data of WSBI-ESBG member’s employees provided by these persons willingly,
- from application forms filled out for purposes of WSBI-ESBG’s events, and
- photographs made at WSBI-ESBG’s events.
Basis for data handling with and storing personal data
The primary and most common basis is your consent. In this respect WSBI-ESBG undertakes steps to be able to at any time demonstrate[2] that where needed consent for processing has been acquired.
Other bases for keeping and handling with personal data are:
I. when this is necessary for the performance of a contract
This applies especially in respect of the data of WSBI-ESBG employees.
II. compliance with a legal obligation or task carried out in the public interest (stemming from either national or EU law),
Some personal data of WSBI-ESBG employees must also be processed due to applicable Belgian law.
III. when this is necessary to protect the vital interest of the data subject or another natural person, and
IV. processing for legitimate interests pursued. This legal basis may not be used in cases when overridden by the interests or fundamental rights and freedoms of a person.
WSBI-ESBG stores and uses personal data of representatives of its members for legitimate purposes, i.e. to provide them services which are expected by them.
Principles of data processing
In accordance with the principle of accountability enshrined in the GDPR, WSBI-ESBG is committed to observe the following principles when processing personal data:
- purpose limitation, i.e. processing only for the initial purpose (a second consent or another legal basis is needed for further processing)
- data minimisation, i.e. acquiring the minimum extent of data required,
- data accuracy, i.e. keeping the data up to date,
- storage limitation, i.e. retaining the data for no longer than what is necessary,
- integrity and confidentiality, i.e. adopting appropriate technical and organisational measures.
Your rights with respect to your personal data held by WSBI-ESBG
WSBI-ESBG undertakes to respect the following rights of the data subject:
I. Right of access
This right is twofold; you have the right to find out whether or not personal data is being processed. Secondly, on request you will be granted access to your data as well as certain information (such as that on the purposes of processing, the period for which the data will be stored, the source of the data in cases when this is not collected from the data subject).
II. Right of rectification/ the right to correct inaccurate data
You have the right to ask of WSBI-ESBG to rectify inaccurate personal data as well as, taking into account the purposes of processing, the right to have incomplete data completed.
III. Right to be forgotten
In certain cases, (including when objecting to the processing, and/or withdrawing consent) you can request that your personal data are deleted without undue delay.
IV. Right to restriction of processing
You can obtain from WSBI-ESBG a restriction of processing of your data. This is possible in cases where you have contested the accuracy of the data, where the processing is unlawful, where the data is in fact no longer needed by WSBI-ESBG and finally in cases where you have objected to the processing.
V. Right to object
You are granted this right on grounds relating to your particular situation. WSBI-ESBG undertakes to notify you of this right at the time of the first communication.
VI. Right to data portability
When the legal basis for WSBI-ESBG storing your data is your consent or a contractual obligation, you have the right to receive personal data held by WSBI-ESBG in a format which can be easily transferable to another legal entity to use.
Who receives your data?
WSBI-ESBG utilizes personal data solely for its own purposes. Accordingly, personal data from WSBI-ESBG’s databases is not forwarded to entities other than WSBI-ESBG’ members. However, this does not happen often.
How long do we keep your data?
WSBI-ESBG keeps your data for a period which is needed for the fulfilment of WSBI-ESBG’s mission.. When the legal basis for this is consent, it will be refreshed on an appropriate basis.
WSBI-ESBG responsibilities
Generally speaking WSBI-ESBG shall:
- implement appropriate technical and organisational measures in order to comply with GDPR obligations,
- keep records of data processing activities in order to be presented on demand (this should also include the purpose of processing, the categories of recipients of the data, including those in third countries and information on these transfers)
- notify breaches of personal data to the Belgian Data Protection Authority (as the competent data protection authority – this is because all WSBI-ESBG data processing takes place in Brussels)
However, in accordance with the GDPR WSBI-ESBG is not obliged to designate a data protection officer as:
- WSBI-ESBG is not a public authority or body,
- the core activities of WSBI-ESBG do not require regular and systematic monitoring of data subjects on a large scale,
- the core activities of WSBI-ESBG do not consist of large scale processing of special categories of personal information or data on criminal offences.
Do you have questions/concerns?
If this is the case you can always contact WSBI-ESBG at privacy@wsbi-esbg.org or at the following address:
WSBI-ESBG
Rue Marie-Thérèse 11
1000 Brussels
[1] Article 1(1) of the GDPR.
[2] As required per Article 7(1) of the GDPR.