1. Introduction and overview of the data controller
This Privacy Policy (hereinafter referred to as ‘The Policy’ or ‘this document’) is drawn up by the Association Nationale pour la Protection contre l’Incendie et le Vol [National association for the prevention of fire and theft; ANPI], whose head office is located at Granbonpré 1 - Parc scientifique Fleming - 1348 Louvain-la-Neuve, Belgium.
ANPI (hereinafter referred to as ‘we/us’, ‘our’, or ‘ANPI’) is a non-profit organisation founded at the initiative of Belgian insurance companies belonging to Assuralia, the professional union of insurance companies. In addition to insurers, the members of ANPI now include industrial federations and professional associations conscious of fire and theft prevention, including public authorities.
The aim of this Policy is to explain to you how ANPI collects, uses and stores your personal data. It is important to understand that personal data protection and respecting your privacy are key values for ANPI, and we are committed to protecting them.
‘Personal data’ shall be understood to mean any information relating to you that allows you to be directly or indirectly identified as a natural person. As part of our activities relating to the anpi.eu website, we are required to process some of your personal data. This Policy also aims to describe the different types of processing that we carry out on your data.
Broadly speaking, this Policy is part of our objective to act transparently and in compliance with the General Data Protection Regulation (GDPR) and with the legislation made under this regulation and other data protection provisions.
In accordance with this text, we shall be considered as data controllers within the meaning of Article 4(7) of the GDPR, in that we alone determine the purposes and means of processing your personal data collected via our website.
2. Personal data processing
First of all, it is important to define what processing means.
The GDPR defines processing as ‘any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means’.
Processing covers a series of actions, such as:
- Recording;
- Erasure or destruction;
- Organisation;
- Storage;
- Use;
- Collection;
- Adaptation or alteration;
- Structuring;
- Consultation;
- Restriction;
- Disclosure by transmission;
- Dissemination or otherwise making available;
- Alignment or combination.
3. Categories of processed data and collection methods
Next are the questions concerning what categories of data we are required to process via our website anpi.eu, and how they are collected.
a. Collection methods
We collect your personal data directly from you:
- When you use our website anpi.eu;
- When you sign up to our press releases;
- When you wish to contact us to ask for information on the services we offer;
- When you wish to make a speculative or non-speculative job application;
- When you wish to subscribe as a member;
- When you make an order via our e-shop.
b. Categories of collected data
Our commercial activity, as part of your use of our website anpi.eu, requires us to collect a certain amount of personal data.
The main personal data that we will collect is as follows:
- Identifying data (first name and surname);
- Electronic data (email address, logs, IP address, etc.);
- Telephone data (private and work telephone number);
- Postal data (postcode, town/city);
- Billing data (VAT information, purchase orders, etc.);
- Data collected from a CV (photo, date of birth, professional and academic experience, lifestyle information, etc.);
- Any other type of data that you communicate to us voluntarily.
c. Non-personal data
As part of the performance of our activities, we may be required to collect non-personal data.
This data is qualified as non-personal data as it does not allow you to be directly or indirectly identified as a natural person.
This type of data may be used for any purposes.
On the other hand, if this non-personal data is combined with personal data in such a way that identification becomes possible, this data will be treated as personal data until it becomes impossible to link it to you.
4. Purposes and legal bases for processing
a. Legal bases
In order for the processing of personal data to be lawful, it must be founded on one of the six legal bases set out in Article 6 of the GDPR.
The legal bases are as follows:
- Your clear consent for one or more specific purposes.
- The need to perform a contract to which we are party with you or to take steps at your request prior to entering into a contract.
- The need to comply with a legal obligation to which we are subject.
- The need to protect your vital interests or those of another natural person.
- The need to perform a task carried out in the public interest or in the exercise of official authority vested in us.
- The need to pursue our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights.
b. Related purposes and legal bases
As mentioned, we need to justify the reasons for processing your data in line with one of the legal bases set out in Article 6 of the GDPR.
Processing | Basis/purpose | Legal basis |
Request for information about a service
| Contact with potential future clients (pre-contractual phase) | Execution of pre-contractual steps |
Contact form | Customer service management | Consent |
Signing up to our press releases | Awareness of clients interested in a commercial prospection of our services | Consent |
Signing up as a member | Processing necessary for the performance of a contract
| Performance of a contract |
Sending a speculative job application
| Determining the candidate's identity and professional abilities | Consent |
Purchase via our e-shop | Processing necessary for the performance of a contract
| Performance of a contract |
5. Unexpected data processing and compatibility with current processing
In the event that we are required to carry out processing for purposes that are not yet set out in this policy, we may use your personal data provided that these purposes are compatible with the purposes for which we initially collected the data.
In this case, we take particular consideration of any link between the initial purposes, final purposes and context (our relationship, the nature of the data as well as the consequences for you) under which the data has been collected. If we deem the purposes to be incompatible with the initial purposes, we will contact you before processing the data for these other purposes.
6. Duration of retention
In accordance with the principles of storage limitation, the retention duration of the data will last strictly for the period necessary for the performance of the purposes for which the processing is justified, and no longer. Under no circumstances will your data be retained for an unlimited duration.
When the data is no longer necessary for the performance of the purposes for which their processing was justified, or if you withdraw your consent and no other legal basis can be proven, the data must be destroyed so that it is impossible for anyone to trace it to your identity.
7. Data recipients
a. Transmission to internal recipients
We only grant access to your personal data to internal persons whose duties require it. Access to your data is strictly limited to them. We regularly review this access and secure the information transmitted wherever possible.
b. Transmission to third-party recipients
As part of our activities, we may be required to transmit certain personal data to ‘recipients’ who are not part of our internal organisation.
The GDPR defines ‘recipients’ as a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not.
This may therefore include:
- Our contractual partners or natural persons representing them, including their subcontractors, potential secondary subcontractors, and potential co-data controllers;
- Public authorities, including banking institutions, labour inspectorate, tax authorities, police services, judicial officers, insurance companies, the social secretariat, the national office for annual leave (ONVA), the social security office (ONSS), the national employment office (ONEM), the welfare fund, any administrations informed upon unemployment (unemployment, health, pension and mutual insurance), etc.;
- Any other authorised service or entity.
8. Your rights under the GDPR
The GDPR expressly sets out a series of rights that are fully available for you to exercise (Articles 12 to 22). In this Policy, we shall inform you of the way in which you can exercise your rights. This enables you to maintain a form of control over how your personal data is used.
There are seven rights and they can be listed as follows:
- Right to access, be informed about and receive copies of your data;
- Right to rectification;
- Right to object to processing;
- Right to erasure (‘right to be forgotten’);
- Right to restrict processing;
- Right to data portability;
- Right to withdraw consent.
a. Right to access, be informed about and receive copies of your data
You have the right to obtain confirmation about the presence of your data being processed.
You also have the right to access a range of information: the purposes justifying this processing, the categories of data concerned, the third parties to whom your data will potentially be divulged, where and for how long your data will be stored, the existence of the right to rectification, limitation or objection, the right to lodge a complaint with the supervisory authorities, information relating to the origin of the data if it was not collected from you directly, the existence of automated decision-making, and finally, any relevant information concerning the logic, significance and consequences of such processing for you.
We must provide an electronic or hard copy of the data being processed, without charge, when you request it.
If you request additional copies, we may request a reasonable fee for the administrative costs involved in this reproduction.
b. Right to rectification
You have the right to immediately inform us of your wish to rectify the accuracy of certain data concerning you when you deem it to be inaccurate, incomplete or obsolete.
Taking into account the purposes of the processing, you have the right to have your incomplete personal data completed, including by providing a supplementary statement.
c. Right to object to processing
When we process your data on the basis of legitimate interest, you have the right to object to this processing of your personal data, at any time, as well as for reasons relating to your particular situation.
We must then stop processing unless we can demonstrate compelling legitimate grounds to continue processing which override your interests, rights and freedoms, or if the processing is for the establishment, exercise or defence of legal claims.
Furthermore, you have the right to object at any time to communications made for marketing purposes.
d. Right to erasure (‘right to be forgotten’)
In certain circumstances, you have the right to have the personal data concerning you immediately erased.
You can have your personal data erased when one of the following reasons applies:
- The data is no longer necessary for the purposes for which it was processed.
- We rely on your consent as the lawful basis for processing, and you withdraw your consent.
- You object to the processing of your data.
- We have processed your personal data unlawfully.
- The data that we possess is incomplete, inaccurate or obsolete.
- We must erase your personal data in order to comply with a legal obligation (under EU or Member State law) to which we are subject.
If we have disclosed your data to other entities, we have the obligation to take any measures necessary to inform these entities that you have requested your data to be erased.
If we are legally required to retain certain personal data, then we will be unable to fulfil this request.
e. Right to restrict processing
You have the right to request limits or restrictions on the processing of your personal data. This right can be exercised under different circumstances and may supplement the application of other rights.
If the processing restriction no longer applies, we will inform you of this.
f. Right to data portability
In the event that we are processing your personal data based on the performance of a contract or your consent and the processing is carried out by automated means, you can ask us to transfer all of your personal data or transmit it to another data controller.
g. Right to withdraw consent
When the processing is carried out under the lawful basis of your consent, you have the right to withdraw this consent at any time. This withdrawal of consent shall not affect the lawfulness of processing based on your consent before its withdrawal.
9. Exercising your rights
To exercise your rights, you can send us a dated and signed written request either by post to:
Granbonpré 1
Parc scientifique Fleming
1348 Louvain-la-Neuve
BELGIUM
administration@anpi.be
In other to be able to help you ensure that your rights are respected, we must verify that your request concerns your own personal data.
We will likely ask you for additional information when it is not reasonably possible to identify you with the information in our possession.
We have the obligation to provide you with information on the measures taken following your request without delay, and in any event within one (1) month after receiving your request.
If needed, this time limit may be extended by two (2) months if the request is complex or if we receive a high number of requests. In this case, we are required to inform you of this extension within one month following receipt of the request.
If the request is refused, you will be able to lodge a complaint with a supervisory authority or take legal action.
10. Data security
We are required to take all appropriate technical and organisational measures to ensure that your data is processed with a level of security appropriate to the risk involved. We promise to make every effort, to the best of our abilities, to prevent your data from being distorted, damaged or accessed by unauthorised parties.
We make our staff members who have access to personal data aware of the risks and consequences of data breaches (e.g. hacking, theft of a work computer, sending an attachment containing data from another client, etc.) and of the need to secure their processing. If these scenarios occur while we have control over your data, we will act quickly to identify the cause of the problem and take appropriate action.
11. Amendments
We reserve the right to change this Policy in order to adapt it to new legal requirements. Such amendments shall take effect immediately after this document is updated, and will be published on the website anpi.eu.
12. Data that we collect via cookies
A cookie is a text file that is placed on your device when you visit a website, mobile app or online publication. They are stored in a specific area on the hard drive of your computer or mobile device. Cookies are managed by your internet browser or the mobile app that you are using, and only the issuer of the cookie can decide to read or modify the information contained within it.
Cookies have many purposes to allow you to navigate a website or mobile application efficiently, and remember your choices and the goods and services you wish to purchase. They also offer relevant advertising content in line with the interests that you have expressed while browsing. You can find out more information on cookies at the following websites:
ANPI uses the following cookies:
Strictly necessary cookies
These cookies are essential for the website to function correctly, and cannot be deactivated from our systems. They are generally only activated in response to actions that you carry out that are a request for services, such as setting your privacy preferences, logging in or filling out forms. You can configure your browser to block cookies or be notified when cookies are being used. However, if this category of cookies – which does not store any personal data – is blocked, certain parts of the website may not work.
Performance cookies
These cookies allow us to determine the number of visits and sources of traffic on our website, in order to measure and improve performance. They also help us identify the most/least visited pages and assess how visitors browse our site. All the information collected by these cookies is aggregated and anonymised. If you do not accept this category of cookies, we cannot know when you visited our website.
Targeted advertising cookies
These cookies can be activated on our website for our advertising partners. They can be used by these companies to build profiles on your interests, and offer you targeted ads on other websites. They only work by identifying your browser and device. If you do not accept this category of cookies, you will be shown ads that are less targeted to your interests when you browse on other websites.
For more information on the different cookies used, their purpose and their retention period:
Cookie name: _ga
Sample value: GA1.2.62921070.1685519044
Expire: 5 weeks
Vendor: Google Analytics
Type: Measurement
Cookie name: _gat
Sample value: 1
Expire: at the end of the user session
Vendor: Google Analytics
Type: Measurement
Cookie name: _gid
Sample value: GA1.2.440478999.1685519299
Expire: 24 hours
Vendor: Google Analytics
Type: Measurement
Cookie name: __atuvc
Sample value: 1%7F22
Expire: 1 month
Vendor: Google Analytics
Type: Measurement
Cookie name: __atuvs
Sample value: 64fbc39b0f4bdee1200
Expire: 30 minutes
Vendor: Google Analytics
Type: Measurement
Cookie name: cookie-agreed-version
Sample value: 1.0.0
Expire: 4 months
Vendor: Drupal
Type: Function
Cookie name: cookie-agreed
Sample value: 2
Expire: 4 months
Vendor: Drupal
Type: Function
13. Applicable law and competent jurisdiction
This Policy is governed by Belgian law.
Any dispute relating to the interpretation or execution of this Policy will fall under the exclusive jurisdiction of the courts in the judicial district of Walloon Brabant.
14. Complaints and claims to the data protection authority
You can also submit a complaint to the Belgian Data Protection Authority at the following address:
Autorité de Protection des Données (APD)
Rue de la Presse, 35
1000 Brussels, Belgium
Telephone +32 2 274 48 00
Fax +32 2 274 48 35
contact@apd-gba.be
Website: https://www.autoriteprotectiondonnees.be
Latest update: March 2023