Together for Sustainability AISBL (“We“, “TfS” “us”, “our”), is committed to complying with EU Privacy Law. This privacy notice (the “Notice“) describes how We process the Personal Data (as defined below) We collect from designated Representatives of Our Members or their assistant (“You“).
We are a data controller. This means that We are responsible for deciding how We collect and use (process) Personal Data about You. We are required under GDPR to notify You of the information contained in this Notice.
1. What Personal Data do We collect about You?
The Personal Data We collect about You are:
- First name and last name;
- Email address;
- Name and address of the organization (office location) you belong to;
- Function within the organization;
- Your professional office and mobile phone number;
- If you are a member of the TfS Steering Committee or TfS President, a copy of your passport and residence certificate; and
- Photos and videos taken during our meetings and events;
- Username and password of TfS OASIS – the Online Audit Sharing IT Solution (the database we use to share TfS Audit Reports);
The picture You upload on your TfS OASIS profile (only if You make use of this function)
When you are the assistant of a Representative of Our Members, We collect Personal Data listed from (a) to (e) above (and, as the case may be, under (g)).
We typically collect Personal Data directly from You or from the organization You belong (e.g., from your assistant), in such case under the assumption that specific measures have been put in place by such organizations to lawfully provide us with the Your Personal Data.
2. How do We collect and process (use) your Personal Data? And on which legal basis?
We use your Personal Data for different purposes. These include:
- Organizing and handling General Assemblies and, the Steering Committee (if you are a member);
- Keeping records of the TfS Workstream and TfS regional team participants, meetings and Workshops, and circulating minutes; and
- Publishing relevant resolutions such as the appointment, renewal or replacement of members of the Steering Committee in the Belgian Official Journal.
We do so in order to comply with our legal obligations under Belgian laws. In that respect, We are sharing the necessary Personal Data with legal counsels (who are bound by professional secrecy rules).
We also process your Personal Data in order to run the operations of the association and provide You with the associated benefits of your membership.
In particular, We process your Personal Data to:
- Maintain membership records;
- Confirm membership status with third parties, including with regulators or statutory bodies and to provide third parties with information as may be authorized or required by law;
- Administer your organization’s membership;
- Send out contact lists, meeting agendas and minutes, surveys, and other information relevant to our functions and obligations;
- Process membership fees’ payments;
- Establish and maintain communications with You;
- Provide content or services for all members that TfS has agreed upon;
- Invite You to participate in our Workstreams and Regional Teams and coordinate them;
- Publish the TfS Annual Report;
- Send You our newsletters, publications, brochures, reports and other materials;
- Invite You to our workshops and events (including populating the attendees’ list, record the event and share the record with Representatives of Our Members);
- Allow You to log in and access TfS OASIS;
- Share your details in contact list by mail or on SharePoint (our intranet system), or on TfS OASIS, in order to allow You and other members to communicate with each other and to interact with auditors and suppliers; and
- Allow You to upload a picture for your TfS OASIS profile if You wish to do so.
We do so based on our legitimate interest (or, for the case referred under (b) above, in order to comply with legal obligations under Belgian laws). As an industry association, We have the interest in carrying out the activities necessary to perform the purpose ascribed in our articles of associations and governing rules and principles. In doing so, We considered your rights and expectations as a Data Subject and have assessed that your interest, fundamental rights and freedoms are not put at risk. When We collect and process your Personal Data based on legitimate interest, You have specific rights (see s.7 below for more information in that regard).
3. Change of purpose
We will only use your Personal Data for the purposes for which We collected it, unless We reasonably consider that We need to use it for another reason and that reason is compatible with the original purpose. If We need to use your Personal Data for an unrelated purpose, We will notify You and We will explain the legal basis which allows us to do so (as well as your rights in relation to such further processing).
4. Which third-parties process your Personal Data? Do We Share, Disclose or Transfer Personal Data?
In order to conduct our activities, We may have to share or disclose your Personal Data with third parties, including third-party service providers.
We share your Personal Data with:
- IT experts who provide services to TfS (e.g., data storage or website administration), including SharePoint and ChainPoint, the online secure platform We rely on to share the TfS Audit Reports (hosting TfS OASIS);
- Where necessary and appropriate with legal counsels (who are bound by professional secrecy rules) or financial institutions;
- Event-management, communications and printing agencies as well as meeting venues only for our event organizing purposes;
- Service providers and cooperation partners We work with, for the purpose of co-organizing events; and
- Other external parties We may cooperate with to run specific projects; (e.g. other industry associations or sustainability initiatives, consultants).
We do not use other third-parties to process your Personal Data or otherwise transfer Personal Data outside of the EEA and/or disclose your Personal Data to other recipients than those mentioned in this Notice. If We were to do so, We will comply with EU Privacy Law. If You would like to know more about the measures We take to protect your Personal Data, You can contact us at email@example.com.
5. Data security
We take appropriate technical and organisational measures to safeguard and protect your Personal Data, against unauthorised or unlawful processing and against accidental destruction, loss, access, misuses, damage and any other unlawful forms of processing of the Personal Data in our possession.
6. How long will You retain my Personal Data?
We retain your Personal Data in accordance with our Retention/Destruction Procedures and Policy. As a general principle, We keep your Personal Data only as long as it is necessary.
7. Your rights in connection with Personal Data<
Under certain circumstances, by law You have the right to:
- Request access to your Personal Data. This enables You to receive a copy of the Personal Data We hold about You and to check that We are lawfully processing it.
- Request correction of the Personal Data that We hold about You. This enables You to have any incomplete or inaccurate information We hold about You corrected.
- Request erasure of your Personal Data. This enables You to ask us to delete or remove personal information where there is no good reasons for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where You have exercised your right to object to processing (see below).
- Object to processing of your Personal Data where We are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes You want to object to the processing on this ground.
- Request the restriction of processing of your Personal Data. This enables You to ask us to suspend the processing of Personal Data about You, for example if You want us to establish its accuracy or the reason for processing it.
- Request the transfer of your Personal Data to another party (data portability).
If You are dissatisfied with any aspect of our handling of your Personal Data, You have the right to make a complaint at any time to the Supervisory Authority.
8. How can You contact us?
For more information, or if You have questions about your Personal Data, or on the way We collect and process Personal Data, or want to exercise any of your rights under this Notice, You can e-mail us at: firstname.lastname@example.org.
9. Effect of Notice and changes to Notice
We may revise this Notice from time to time and any revisions will be made available to You via email.
10. Our contact details
Together for Sustainability AISBL (TfS)
Rue Belliard 40, bte 20
T: +32 2436 9620
In this Notice:
“Data Subject” means an identified or identifiable individual.
“EU Privacy Law” means the General Data Protection Regulation 2016/679 (“GDPR“) and the Belgian national privacy laws, as amended from time to time.
“Personal Data” means for the purpose of this Notice, your first name, last name and email address and, if You are holding any statutory position with us, this also includes: your home address, date of birth, national number and/or ID and passport number.
“Processing” means any operation performed on Personal Data, manually or by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Representatives of Our Members” means, for instance, the Chief Procurement Officers of the member companies, who form TfS’ General Assembly and may be part of TfS Steering Committee, other designated representatives from member companies who take part in TfS Work Streams or TfS Regional Teams.
“Supervisory Authority” means the Belgian Data Protection Authority or the relevant data protection authority of the Data Subjects’ habitual residence or place of work.
Version No. 3