1.1 ATIEL with its registered office at 1160 Auderghem (Belgium), Boulevard du Souverain 165, collectsand uses certain Personal Data. ATIEL is responsible for ensuring that it uses that Personal Data in compliance with data protection laws.
“ATIEL”, “we”or “us”means the Technical Association of the European Lubricants Industry (Association Technique de l’Industrie européenne des Lubrifiants).
“Cookie”means a small file that includes a small quantity of information sent to the browser of a website user,by a web server, and stored on the hard disk drive of a computer for archiving purposes.
“Personal Data”means any data which relates to a living individual who can be identified from that data or from that data and other information which is in the possession of, or is likely to come into the possession of, ATIEL (or its representatives or service providers). In addition to factual information, it includes any expression of opinion about an individual and any indication of the intentions of ATIEL or anyother person in respect of an individual.
2. THE TYPES OF PERSONAL DATA WE COLLECT
2.1 Many of the services offered by ATIEL require us to obtain Personal Dataabout you in order to perform ourservices.Wewill collect and process the following Personal Data about you:
• Information that you provide to ATIEL.
This includes information about you that you provide to us. The nature of the services you are requesting will determine the kind of Personal Data we might ask for, though such information may include (by way of a non-exhaustive list):
-basic Personal Data(such as first name; family name; position in the company; company name; company email address; business phone number; business address; city; postcode; country);
-any information that you choose to share with us either through ATIEL’swebsiteor otherwise and which can be considered as Personal Data;
•Information that we collect or generateabout you.
This includes, among other information, the Personal Data provided to or exchanged with us in the context of interactions about ATIEL Servicesor other interactions with us;
When you visit this website, Cookies are used to collect technical information about the services thatyou use, and how you use them.For further information about Cookies used by ATIEL, please refer to paragraph9below;
In addition to the categories of Personal Data described above, ATIEL will also process urther anonymized information and data that is not processed by reference to a specific individual.
3. HOW WE USE YOUR INFORMATION
3.1 Your Personal Data may be stored and processed by usin the following ways and for the following purposes:
•for ongoing review and improvement of the information provided on this websiteto ensure they areuser friendly and to prevent any potential disruptions or cyber attacks;
•to allow you to use and access the functionality provided by this website;
•to assess your application for ATIEL’sservices(including membership), where applicable;
•to provide you with ATIEL’sservices;
•toset upATIEL’s customers or members;
•to invite you to events organized by ATIEL, its partners and members;
•to manage your attendance to the above events;
•to understand feedback on ATIEL and ATIEL’sservicesand to help provide more information on the use of those services quickly and easily;
•to communicate with you in order to provide you with services or information about ATIEL;
•to understand your needs and interests;
•for the management and administration of our business;
•in order to comply with and in order to assess compliance with applicable laws, rules and regulations, and internal policies and procedures; and / or
•for the administration and maintenance of databases storing Personal Data.
3.2 When we use Personal Data we make sure that the usage complies with law (including but not limited to GDPR) and the law allows us and requires us to use Personal Data for a variety of reasons. These includewhere:
•we need to do so in order to perform ourcontractual obligations withourcustomersor members;
•we have obtained your consent;
•we have legal and regulatory obligations that we have to discharge;
•we may need to do so in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings;
•the use of your Personal Data as describedaboveis necessary for our legitimate interests, such as: -allowing us to manage and administer the operation of our activitieseffectively and efficiently; -maintaining compliance with internal policies and procedures; -overseeing compliance with the ATIEL Code of Practice and Compliance Policy; -promoting our activities and those of our members.
4.DISCLOSURE OF YOUR INFORMATION TO THIRD PARTIES
4.1 We may share your Personal Data withATIEL membersfor the purposesdescribed above.
4.2 We may also share your Personal Data outside of the aforementionedgroup of associations and / or members for the following purposes:
•With our business partners; For example, this could include intermediaries who introduced you to ATIEL. Personal Data will only be transferred to a business partner who is contractually obliged to comply with appropriate data protection obligationsand the relevant privacy and confidentiality legislation;
•To the extent required by law;
For example, this could include situations where we are under a duty to disclose your Personal Data in order to comply with any legal obligation (including, without limitation, in order to comply with tax reporting requirementsand disclosures to regulators), or to establish, exercise or defend ourlegal rights;
5. INTERNATIONAL TRANSFERS OF PERSONAL DATA
5.1 ATIEL carries out its activities at a global level. Our membersand our operations are spread around the world. As a result we collect and transfer Personal Data on a global basis. That means that we may transfer your Personal Datato locations outside of your jurisdiction.
5.2 Where we transfer your Personal Data to another country outside the EEA, wewill ensure that it is protected and transferred in a manner consistent with legal requirements. In relation to data being transferred outside of Europe, for example, this may be done in one of the following ways:
•the country that we send the data to might be approved by the European Commission as offering an adequate level of protection for Personal Data(see the list of approved jurisdictions on the European Commission website);
•the recipient might have signed up to a contract based on “model contractual clauses”approved by the European Commission, obliging them to protect your Personal Data;
•where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme; or•in other circumstances the law may permit us to otherwise transfer your Personal Data outside Europe.
5.3 You can obtain more details of the protection given to your Personal Data when it is transferred outside Europe (including a copy of the standard data protection clauses which we have entered into with recipients of your Personal Data) by contacting us as described in paragraph 10below.
6. HOW WE SAFEGUARD YOUR INFORMATION
6.1 We have controls in place to maintain the security of our information and information systems. The files and documentation which we have in our databases are protectedwith safeguards aligned withthe sensitivity of therelevantinformation. Appropriate controls (such as restricted access) are placed on our computer systems. Physical access to areas where Personal Data is gathered, processed or stored is limited to authorised officials.
6.2 As a condition of contract, ATIEL’s officialsare required to follow all applicable laws and regulations, including in relation to data protection law. Access to sensitive Personal Data is limited to those officialswho need to it to perform their roles. Unauthorised use or disclosure of confidential client information by an ATIEL officialis prohibited and may result in disciplinary measures.
6.3 When you contactan ATIEL official or representativeabout files and documentation which concern you, you may be asked for some proof of your identity. This type of safeguard is designed to ensure that only you, or someone authorised by you, has access to your file.
7. HOW LONG WE KEEP YOUR PERSONAL DATA
7.1 How long we will hold your Personal Data for will vary and will be determined by the following criteria:
•the purpose for which we are using it –ATIEL will need to keep the data for as long as is necessary for that purpose; and
•our legal obligations – laws or regulation may set a minimum period for which we have to keep your Personal Data.
8. YOUR RIGHTS
8.1 In all the above cases in which we collect, use or store your Personal Data, you may have the following rights and, in most cases, you can exercise them free of charge. These rights include:
•the right to obtain information regarding the processing of your Personal Data and access to the Personal Data which ATIEL holdsabout you;
•the right to withdraw your consent to the processing of your Personal Data at any time. Please note, however, that ATIEL may still be entitled to process your Personal Data if we have another legitimate reason for doing so. For example, we may need to retain Personal Data to comply with a legal obligation;
•in some circumstances, the right to receive some Personal Data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to Personal Data which you have provided directly to ATIEL;
•the right to request that we rectify your Personal Data if it is inaccurate or incomplete;•the right to request that we erase your Personal Data in certain circumstances. Please note that there maybe circumstances where you ask us to erase your Personal Data but we arelegally entitled to retain it;
•the right to object to, or request that we restrict,our processing of your Personal Data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict,our processing of your Personal Data but we are legally entitled to refuse that request; and
•the right to lodge a complaint with the relevant data protection regulator if you think that any of your rights have been infringed by us.
8.2 You can exercise your rights by contacting us using the details listed in paragraph 10 below.
10. QUESTIONS AND CONCERNS
ATIEL ASBL, Rue Belliard 40, 1140 Brussels
We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from us, you may escalate concerns to the applicable privacy regulator in your jurisdiction. For Belgium, the contact information for the Data Protection Authorityare as follows:
Autorité de protection des données / Gegevensbeschermingsautoriteit
Rue de la Presse, 35, 1000 Bruxelles
Tel.: +32 (0)2 274 48 00
Fax: +32 (0)2 274 48 35