Policy Statement of the Brussels International Center for Research and Human Rights (BIC-RHR) with regards to data protection

  1. Context

    BIC-rhr focuses on treating all individuals who interact with it in such a way that their privacy is protected. European Regulation 2016/679 replaces, at European Union level, the previous directives, as well as national laws on the protection of privacy with regard to the use of private data. BIC-rhr being located in the European Union, it has adopted the principles of this regulation in order to comply with it. The following principles apply to any processing of private data, whether electronic or not. These principles apply to all our establishments, in the European Union or not.

  2. What do we mean by?

    • Establishment: we mean by establishment the head office of BIC-rhr as well as all its branches, national or not. In the context of our internet activity, the establishment is supposed to be the head office of BIC-rhr.
    • Processor: BIC-rhr is the company that determines the processing of the data that needs to be done and what are the justifications for this treatment. BIC-rhr is therefore the processor
    • Subcontractor: BIC-rhr may, depending on the case, entrust the processing of personal data to a subcontractor, for example, a service provider in the cloud. The latter is qualified as a subcontractor.
    • Individual: any natural person in relation with BIC-rhr
    • Data Protection Officer (DPO): A person or entity in charge of applying the policy of BIC-rhr in terms of personal data protection and contact with the authorities.
    • Personal data: any data that can be linked, directly or indirectly, to an individual. These data make it possible to identify the individual.
    • Special personal data: personal data that is protected by European regulations during processing. Their treatment can only be done under specific conditions. Are covered by this framework the data: racial, sexual orientation, political opinion, religious or philosophical orientation, union membership, genetics, medical and biometric data.
    • Consent: The fact that a person agrees to the processing of her data. This agreement must be a positive confirmation. This means that simply not confirming does not equate to an agreement.
    • Minor: For the European regulation, a minor is anyone under 16 years old. Like in Belgium, local laws can reduce this age to 13. BIC-rhr respect local laws for each of its establishments.
    • Processing: any transaction or set of transactions involving personal data.
    • Profiling: An automatic treatment whose purpose is to evaluate, predict or analyze characteristics of an individual.
  3. What is our policy towards the General Data Protection Regulation?

    BIC-rhr complies with the general data protection regulations, including its local variants. BIC-rhr intends to apply the rules set out in this policy statement to any processing involving individual data, whether for its customers, suppliers, employees or other members of its team.
    BIC-rhr is the controller within the framework of the general regulation.
    BIC-rhr has a register of individual data processing. This one is reviewed annually. This review is facilitated by the Data Protection Officer or DPO. This register is kept at the disposal of the authorities.
    Our subcontractors are forced to adhere to our data protection policies and take all necessary measures in place to protect your data.
    If there is no specific legitimate reason, for example in order to execute a contract, BIC-rhr will obtain the consent of the individual before processing his data. This consent must be clear and free. It must be positive and not allow ambiguity. It will be limited to one or more specific processes. In the case of children, BIC-rhr seek parental consent first. If BIC-rhr does not get that consent, BIC-rhr will seek the consent of a parent, father or mother, as to the child’s consent. If BIC-rhr does not obtain that consent, BIC-rhr will not process the child’s data. BIC-rhr will follow this process for any individual of less than 16 years old.
    BIC-rhr shall provide clear information on the purpose of collecting information and the consequences of collecting it before obtaining consent. In most cases, this consent will be based on a written record.
    BIC-rhr complies with Article 5 of the General Regulation as regards the processing of personal data, namely:
    BIC-rhr will communicate information to the owner of the data in a simple and understandable way
    When specific information is communicated, BIC-rhr will communicate, a minima:
    Data to identify and reach the internal manager in charge of the processing of personal data,
    The purpose of the data processing under review as well as the justification of the treatment
    The duration of data storage
    The rights of the data owner
    Categories of data processed
    The recipient of this data.  

If there is a transfer of this data to a third party, and why

  • BIC-rhr, as well as its subcontractors, puts in place technical measures to protect your data.
  • The Data Protection Officer of BIC-rhr will nevertheless contact you in case of violation of the principles of BIC-rhr or the general regulation in terms of data protection. He will do this in parallel with his reports to the supervisory authorities.
  • BIC-rhr will not maintain, more than necessary, data that identifies a person. In general, any data that is not necessary for the accounting treatment will not be kept more than one year after the end of the relationship or the expression of the will of the individual to be forgotten. Any data that intervenes in the accounting of BIC-rhr will be kept 7 years after the end of the accounting period impacted by these data, and this in line with the Belgian statutory requirements.
  • The destruction of the data will be done according to the standards in force in the industry and in a controlled way.
  •  BIC-rhr will process personal information fairly
  •  BIC-rhr will only collect data for specific, explicit and legitimate reasons. If these data were to be communicated to another party, or used for other purposes, BIC-rhr will inform you of such communication.
  •  BIC-rhr will only collect data that is adequate, relevant and necessary for its processing. BIC-rhr will make every reasonable effort to keep the data accurate and up-to-date. BIC-rhr will erase or correct the incorrect data as soon as possible.
  •  BIC-rhr respects the right of individuals to their personal data, namely:
  •  Every individual has the right to access his data, in other words, to know what BIC-rhr has as information about him. Each individual can also know who his information is communicated to.
  •  Every individual has the right to have their data corrected in the event of an error.
  •  Every individual has the right, within the framework of the legal constraints or policies of BIC-rhr, to see his data erased.
  •  Individuals may, within the limits of legal and practical constraints, object to the automatic processing of their data.
  •  Individuals may object to the use of their data to automatically draw conclusions about their unique characteristics.
  •  Everyone has the right to the portability of their data

 

 

How to report a problem?

     You can always contact the Data Protection Officer of BIC-rhr. His contact details are:

     Kathryn Jackson

    +32 (0)2 725 84 66

    +32 (0)2 725 29 54

     kate.jackson@bic-rhr.com

You can also contact the Data Protection Authority. The coordinates are:

     Data Protection Authority

     Rue de la Presse, 35, 1000 Bruxelles

    +32 (0)2 274 48 00

    contact@apd-gba.be