(Last updated 21 April 2023)
Regulation (EU) 2016/679 (known as the “General Data Protection Regulation” or “GDPR”) establishes a regime of protection of personal data. European Union member states have also adopted laws in this area. The GDPR, supplemented by applicable national laws, provides a frame of reference for the processing of personal data by the Training Institute for Psychology & Health (“TIBH”).
General notions about personal data
A number of key terms are used in this policy:
- “Personal data” means any information relating to an identified or identifiable natural person.
- “Processing” means any operation performed on personal data, such as collection, consultation, alteration or storage.
- “Controller” means the person that determines the purposes and means of the processing.
- “Processor” means the person that processes personal data on behalf of a controller.
- “Purpose of processing” means the reason for which personal data are processed.
- “Means of processing” means the methods and tools used to perform the processing.
- “Data subject” means the person to whom the personal data relate.
- “Sensitive data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership and genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Why does TIBH process your personal data?
Here is a list of the main purposes for which TIBH processes your personal data:
- Commercial and professional management, including activities such as:
- Organizing meetings;
- Sending newsletters; and
- Professional correspondence.
- Professional monitoring, including activities linked to searching for information such as:
- Technological monitoring;
- Strategic monitoring;
- Searching for business partners; and
- Searching for customers.
- Website management, including activities such as:
- Administration and maintenance of TIBH’s website; and
- Verification of the legality of the use of the services.
When TIBH decides to process personal data for a purpose other than that for which it was initially collected, it will inform you of this new purpose.
What categories of personal data does TIBH collect?
The categories of personal data that TIBH may collect include:
- Personal information, such as your name, phone numbers, email addresses and nationality.
- Information about your professional life, such as your business title, your employer’s name and information about your education and qualifications.
- Information of a technical nature, such as identifiers used for security purposes, records of traffic on TIBH’s website, including connection data.
- User-generated content, such as photos, videos, comments, news, newspaper articles and information about you or others published by you on the internet.
Is all processing allowed?
The GDPR does not allow all processing. In general, only processing that meets at least one of the conditions in the following list is allowed. We refer to this as the legal basis.
- The data subject has given consent to the processing.
- Processing is necessary for the performance of a contract to which the data subject is a party.
- Processing is necessary for compliance with a legal obligation to which the controller is subject.
- Processing is necessary to protect the vital interests of the data subject.
- Processing is necessary for the performance of a task carried out in the public interest.
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
When TIBH bases the processing on its legitimate interests, it will point them out to you when your personal data are collected.
The GDPR prohibits the processing of sensitive data except in special cases that are specifically regulated. Indeed, these data are, by nature, particularly sensitive from the point of view of fundamental rights and freedoms and require specific protection since the context in which they are processed could create significant risks for these freedoms and rights.
Other laws or regulations may also impose limits on the processing of certain types of personal data. For example, it may be necessary to ask for the data subject’s consent for the use of his image.
Who are the recipients of your personal data?
TIBH ensures that your personal data are only accessible to people with an identified need to know them, by implementing access control measures.
The number of TIBH people who can access your personal data depends on the nature of the data. Some personal data may be viewed by anyone working at TIBH (for example, publicly available data about you). Access to most of your personal data is limited to certain employees, to the extent that this access is necessary for the performance of their work (for example to write invitation letters or organize meetings).
In addition, TIBH may send your personal data to the following recipients:
1. Authorized third-party companies: TIBH may share your personal data with third entities that process personal data on behalf of TIBH, provide services to TIBH or process personal data for their own use. In all cases, TIBH ensures that there is an identified need to transfer your personal data.
Outside entities include, for example:
- Telecommunications and internet service providers;
- Website analytics service providers;
- E-mail marketing service providers;
- Web hosting service providers;
- Webinar and videoconference streaming providers;
- Video platform providers; and
- Web development and web marketing service providers.
When TIBH uses a processor, it enters into a contract with it to protect your personal data and in particular to prohibit any processing that has not been decided by TIBH.
2. Public authorities and bodies exercising a public-interest mission: TIBH may be required by law to disclose your personal data to certain authorities or other third parties, for example, the police or other entity law-enforcement authorities acting within the scope of their duties.
International transfers of personal data
TIBH may sometimes transfer your personal data to countries outside the European Union. Some of these countries are recognized by the Commission of the European Union as ensuring an adequate level of protection of personal data, through an adequacy decision. When TIBH transfers your personal data to a country that has not been the subject of an adequacy decision, it implements appropriate safeguards to provide adequate protection to your personal data. These safeguards may take the form of standard contractual clauses for the protection of personal data approved by the European Commission.
How long are your personal data stored?
TIBH only keeps your personal data for the time necessary for the purposes for which they are processed. In most cases, the personal data will be kept during the period of your commercial relationship with TIBH, if applicable, then archived for the legally required period. They may also be kept if necessary for periods in accordance with industry standards or the recommendations of the competent data-protection supervisory authorities.
What are your rights?
Regarding the processing of your personal data, you have the following rights:
- Right of access: you have the right to request access to your personal data processed by TIBH.
- Right to rectification and erasure: You have the right to request the rectification and deletion of your personal data processed by TIBH. You can help keep your personal data up-to-date by informing TIBH if they change.
- Right to restriction: you have the right to ask TIBH to restrict the processing of your personal data, meaning that your personal data held by TIBH are marked to limit their future processing.
- Right to object: you have the right to object to TIBH’s processing your personal data on grounds relating to your particular situation.
- Data portability: when TIBH processes your data on the basis of your consent or a contract with you and by automated means, you have the right to receive the personal data you have provided to TIBH in a structured, commonly used and machine-readable format and forward them to another controller and the right to have them forwarded directly by TIBH when technically possible.
- Right to withdrawal of consent: when processing is based on your consent, you have the right at any time to withdraw that consent, without the withdrawal’s having retroactive effect.
- Right to lodge a complaint with a supervisory authority: if you consider that the processing constitutes a violation of the GDPR, you have the right to lodge a complaint with a supervisory authority. In Belgium, the competent supervisory authority is the Data Protection Authority (APD).
If you intend to lodge a complaint with a supervisory authority, TIBH would appreciate your first informing the controller of your comments, questions or complaints (see section “How to contact us” below).
TIBH will inform you whether the provision of your personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the data and of the possible consequences of your failure to provide them.
How to contact us
You can access your data, ask questions about the management of personal data within TIBH, obtain a copy of the safeguards mentioned above and exercise most of your rights described above by contacting TIBH at email@example.com or by mail at the following address:
Training Institute for Psychology & Health
Route de Gembloux 72
Before processing your request, TIBH may need to identify you, for example by asking you for proof of identity. TIBH will respond to your request as soon as possible and in any case within one month, but this period can be extended by two months, in view of the complexity and the number of requests.
Controller of your personal data
The identity and contact details of the controller are as follows:
Training Institute for Psychology & Health
Legal form: limited liability company
Registered office: Route de Gembloux 72, B-5310 Eghezée, Belgium
Company number: 0727.441.602
Telephone: +32 471 083236