1. WHO WE ARE
We”, “us” or “our” means EIT FOOD and its affiliated companies. The controller of your data is the EIT Food branch that initially collected your data and decided the purposes and means for using your data. Please find information about all our branches via https://www.eitfood.eu/contact.
- Via email: firstname.lastname@example.org
- By post: EIT Food iVZW Ubicenter A Philipssite 5 bus 34, Belgium
2. HOW WE USE AND COLLECT YOUR PERSONAL DATA
Personal data is defined as any information relating to an identified or identifiable natural person. Identifiable refers to identifiers (such as name, identification number, location data, etc.), that can be used to directly or indirectly identify a natural person.
The personal data we collect, is collected and used for the purposes as listed hereunder:
- In the event you use the contact form on our website, we will use your personal data in order to reply to your query, via email or telephone.
- In the event you register for our newsletter, your email address will be used in order to send you our newsletters, which may include invites to events, seminars, etc. organised by us.
- We process your personal data for the purpose of supporting the website and enhancing your user experience, which includes ensuring the security, availability, performance, capacity and health of the website.
- We process your personal data to enforce or exercise any rights that are available to us based on the applicable law, such as use for the establishment, exercise or defense of legal claims.
- We may also use your personal data to fulfil our obligations as set out by the applicable law.
The following categories of personal data can be distinguished:
- Contact data: in the event you make use of the contact form, you will be asked to provide the following information: name, address, email address, phone number, and any personal data that you choose to put in the designated blank field (please do not provide us with any sensitive information, such as health information, information pertaining to criminal convictions, or credit card/account numbers). This is information that is provided directly by you.
- Newsletter: if you register for our newsletter, you will be asked to provide your email address. This is information provided directly by you
- Transaction data: we collect personal data relating to transactions that you make through the website, including your “contact data”, payment information and the goods and/or services purchased. This is personal data provided directly by you.
The legal basis for the processing of your personal data is based on consent. You have the right to withdraw your consent at any time. This will, however, not affect the lawfulness of any processing done prior to the withdrawal of consent.
Your personal data will solely be used for the purposes as set out in this article.
3. RETENTION OF YOUR DATA AND DELETION
Your personal data will be retained for a period of 3 years.
In the event you withdraw your consent or you object to our use of your personal data, and such objection is successful, we will remove your personal data from our databases. Please note that we will retain the personal data necessary to ensure your preferences are respected in the future.
The foregoing will, however, not prevent us from retaining any personal data if this is necessary to comply with our legal obligations, in order to file a legal claim or defend ourselves against a legal claim, or for evidential purposes.
4. YOUR RIGHTS
This article lists your principal rights under data protection law. We have tried to summarise them for you in a clear and legible way.
The right to access
You have the right to receive from us a copy of your personal data we have in our possession, provided that this does not adversely affect the rights and freedoms of others. The first copy will be provided free of charge, but we reserve the right to charge a reasonable fee if you request further copies.
The right to rectification
If the personal data we hold about you is inaccurate or incomplete, you have the right to have this information rectified or, taking into account the purposes of the processing, completed.
The right to erasure (right to be forgotten)
In some circumstances, you have the right to the erasure of your personal data without undue delay. Those circumstances include:
- The personal data are no longer needed in relation to the purposes for which they were collected or otherwise processed;
- You withdraw your consent, and no other lawful ground exists;
- The processing is for direct marketing purposes;
- The personal data have been unlawfully processed; or,
- Erasure is necessary for compliance with EU law or Belgian law.
There are certain exclusions to the right to erasure. Those exclusions include where processing is necessary,
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation; or,
- for the establishment, exercise or defense of legal claims.
The right to restrict processing
You have the right to restrict the processing of your personal data (meaning that the personal data may only be stored by us and may only be used for limited purposes), if:
- You contest the accuracy of the personal data (and only for as long as it takes to verify that accuracy);
- The processing is unlawful and you request restriction (as opposed to exercising the right to erasure);
- We no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; or,
- You have objected to processing, pending the verification of that objection.
In addition to our right to store your personal data, we may still otherwise process it but only:
- with your consent;
- for the establishment, exercise or defense of legal claims;
- for the protection of the rights of another natural or legal person; or,
- for reasons of important public interest.
We will inform you before we lift the restriction of processing.
The right to data portability
To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
You also have the right to have your personal data transferred directly to another company, if this is technically possible, and/or to store your personal data for further personal use on a private device.
The right to object to processing
You have the right to object to the processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for:
- The performance of a task carried out in the public interest or in the exercise of any official authority vested in us;
- The purposes of the legitimate interests pursued by us or by a third party.
If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
The right to complain to a supervisory authority
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. In Belgium, you can submit a complaint to the Authority for the protection of personal data (Privacy Commission), Drukpersstraat 35, 1000 Brussel (Contact@apd-gba.be)
5. DISCLOSURE TO THIRD PARTIES
To the extent necessary or appropriate, EIT Food may disclose your Personal Information to external 3rd Parties, such as IT consultants carrying out testing and development work on our IT systems and other service and software providers who we may appoint as data processors such as e.g. for CRM purposes.
Where applicable, we will impose appropriate contractual, security, confidentiality and other obligations on to 3rd party providers and processors we have appointed, based on the nature of the services they provide to us. We will only permit them to process your Personal Information in accordance with the law and our instructions. We do not allow them to use your Personal Information for their own purposes and when our relationship ends we will ensure your Personal Information is securely returned or destroyed.
The above mentioned third parties may be located both within and outside the EEA. In the latter case, we will take the necessary measures to ensure that your Personal Information is adequately protected, secure, kept confidential and that we have a lawful basis for the transfer.
In addition, we may disclose your personal data in the event such disclosure is required or necessary in order to fulfil a legal obligation. We may also disclose personal data in order to protect your vital interests or the vital interest of another natural person.
As such, we do not disclose your personal data to our social media partners. We do, however, make use of social media plugins to direct you to our social media channels and to allow you to interact with our content. These social media channels are Facebook, LinkedIn, Twitter, Instagram and YouTube. In the event you click such link, such social media service provider may collect personal data about you and may link this information to your existing profile on such social media.
We are not responsible for the use of your personal data by such social media service provider. In such case, the social media service provider will act as controller and we refer to the privacy policies of those social media channels for information about the use of your personal data.
We have put in place appropriate security measures to prevent your Personal Information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Information to those employees, agents, contractors and other third parties who have a business need to do so.
We have put in place procedures to deal with any suspected Personal Information breaches and we will notify you and the applicable supervisory authority of a breach where we are legally required to do so.
7. INTERNATIONAL TRANSFERS
We will ensure that any transfer of personal data to countries outside of the European Economic Area will take place pursuant to the appropriate safeguards.
If there is a transfer of your personal data and/or anonymised and/or aggregated data, the following legal protection mechanism will be implemented:
Country outside EEA
Legal transmission mechanism