Policy Statement of the Brussels International Center for Strategic Analysis (BIC-SA) with regards to data protection
BIC focuses on treating all individuals who interact with it in such a way that their privacy is protected. European Regulation 2016/679 replaces, at European Union level, the previous directives, as well as national laws on the protection of privacy with regard to the use of private data. BIC being located in the European Union, it has adopted the principles of this regulation in order to comply with it. The following principles apply to any processing of private data, whether electronic or not. These principles apply to all our establishments, in the European Union or not.
What do we mean by?
Establishment: we mean by establishment the head office of BIC as well as all its branches, national or not. In the context of our internet activity, the establishment is supposed to be the head office of BIC.
Processor: BIC is the company that determines the processing of the data that needs to be done and what are the justifications for this treatment. BIC is therefore the processor
Subcontractor: BIC may, depending on the case, entrust the processing of personal data to a subcontractor, for example, a service provider in the cloud. The latter is qualified as a subcontractor.
Individual: any natural person in relation with BIC
Data Protection Officer (DPO): A person or entity in charge of applying the policy of BIC in terms of personal data protection and contact with the authorities.
Personal data: any data that can be linked, directly or indirectly, to an individual. These data make it possible to identify the individual.
Special personal data: personal data that is protected by European regulations during processing. Their treatment can only be done under specific conditions. Are covered by this framework the data: racial, sexual orientation, political opinion, religious or philosophical orientation, union membership, genetics, medical and biometric data.
Consent: The fact that a person agrees to the processing of her data. This agreement must be a positive confirmation. This means that simply not confirming does not equate to an agreement.
Minor: For the European regulation, a minor is anyone under 16 years old. Like in Belgium, local laws can reduce this age to 13. BIC respect local laws for each of its establishments.
Processing: any transaction or set of transactions involving personal data.
Profiling: An automatic treatment whose purpose is to evaluate, predict or analyze characteristics of an individual.
What is our policy towards the General Data Protection Regulation?
BIC complies with the general data protection regulations, including its local variants. BIC intends to apply the rules set out in this policy statement to any processing involving individual data, whether for its customers, suppliers, employees or other members of its team.
BIC is the controller within the framework of the general regulation. BIC has a register of individual data processing. This one is reviewed annually. This review is facilitated by the Data Protection Officer or DPO. This register is kept at the disposal of the authorities. Our subcontractors are forced to adhere to our data protection policies and take all necessary measures in place to protect your data.
If there is no specific legitimate reason, for example in order to execute a contract, BIC will obtain the consent of the individual before processing his data. This consent must be clear and free. It must be positive and not allow ambiguity. It will be limited to one or more specific processes. In the case of children, BIC seek parental consent first. If BIC does not get that consent, BIC will seek the consent of a parent, father or mother, as to the child’s consent. If BIC does not obtain that consent, BIC will not process the child’s data. BIC will follow this process for any individual of less than 16 years old.
BIC shall provide clear information on the purpose of collecting information and the consequences of collecting it before obtaining consent. In most cases, this consent will be based on a written record.
BIC complies with Article 5 of the General Regulation as regards the processing of personal data, namely:
BIC will communicate information to the owner of the data in a simple and understandable way
When specific information is communicated, BIC will communicate, a minima:
Data to identify and reach the internal manager in charge of the processing of personal data,
The purpose of the data processing under review as well as the justification of the treatment.
BIC, as well as its subcontractors, puts in place technical measures to protect your data.The Data Protection Officer of BIC will nevertheless contact you in case of violation of the principles of BIC or the general regulation in terms of data protection. He will do this in parallel with his reports to the supervisory authorities. BIC will not maintain, more than necessary, data that identifies a person. In general, any data that is not necessary for the accounting treatment will not be kept more than one year after the end of the relationship or the expression of the will of the individual to be forgotten. Any data that intervenes in the accounting of BIC will be kept 7 years after the end of the accounting period impacted by these data, and this in line with the Belgian statutory requirements. The destruction of the data will be done according to the standards in force in the industry and in a controlled way.
- BIC will process personal information fairly
- BIC will only collect data for specific, explicit and legitimate reasons. If these data were to be communicated to another party, or used for other purposes, BIC will inform you of such communication.
- BIC will only collect data that is adequate, relevant and necessary for its processing. BIC will make every reasonable effort to keep the data accurate and up-to-date. BIC will erase or correct the incorrect data as soon as possible.
- BIC respects the right of individuals to their personal data, namely:
- Every individual has the right to access his data, in other words, to know what BIC has as information about him. Each individual can also know who his information is communicated to.
- Every individual has the right to have their data corrected in the event of an error.
- Every individual has the right, within the framework of the legal constraints or policies of BIC, to see his data erased.
- Individuals may, within the limits of legal and practical constraints, object to the automatic processing of their data.
- Individuals may object to the use of their data to automatically draw conclusions about their unique characteristics.
- Everyone has the right to the portability of their data
How to report a problem?
You can also contact the Data Protection Authority. The coordinates are:
Data Protection Authority
Rue de la Presse, 35, 1000 Bruxelles
+32 (0)2 274 48 00