Privacy Policy

This ERTICO Privacy Policy (version 1.2) is effective as of 1 September, 2020.
Your privacy is important to ERTICO.

We have drafted this ERTICO Privacy Policy (also referred to in this document as “Policy”) in an easy and comprehensible way in order to help you understand who we are, what personal data we collect about you, why we collect it, and what we do with it.

Keep in mind that personal data (in this Policy also referred to as “data” or “your data”) means any information or set of information from which we are able, directly or indirectly, to personally identify you, in particular by reference to an identifier, e.g. name and surname, email address, phone number, etc.

Please keep in mind that since ERTICO is a company with international activities, this Policy may be replaced or supplemented in order to fulfil local requirements, as well as to provide you with additional information on how we process your data through specific ERTICO products, services, systems or applications.

As specific products or services may have specific processing of your data, this Policy is supplemented by our product specific notices, which provide more specific or additional information on the processing of your data related to the specific product or service.
Where applicable, we publish an additional (layered) privacy notice as we want you to be informed and to be aware of this. You can find additional (layered) privacy notices here.

If you want to learn more about who we are, how you can contact us and how we process personal data, please send us an email at privacy@mail.ertico.com.

We strongly encourage you to take some time to read this Policy in full. If you do not agree to this Policy, please do not provide us with your data.

WHO IS ERTICO?

ERTICO is a public-private partnership of 120 companies and organisations representing service providers, suppliers, traffic and transport industry, research, public authorities, user organisations, mobile network operators, and vehicle manufacturers.

The services provided by ERTICO (EUROPEAN ROAD TRANSPORT TELEMATICS IMPLEMENTATION COORDINATION ORGANISATION SCRL, avenue Louise 326 at 1050 Brussels, RPM : 0445.743.506, hereafter also “we” “us”) consist of organising and coordinating events, seminars, workshops, courses, surveys, research, conferences, congresses, e-learning, and other forms of events, as well as providing logistical and organisational support for these services. These services are referred to below as ‘(the) Activities’.

WHEN DOES THIS PRIVACY POLICY APPLY?

This Policy covers how we collect and use your data e.g.

• when you isit or use our website, applications or social media channels;
• when you subscribe to our newsletters;
• when you provide to us your goods or services;
• when you contact our support;
• when you join our events;
• or otherwise when you interact with us (directly or indirectly) in your capacity as consumer, business customer, partner, (sub) supplier, contractor or other person with a business relationship with us in the context of the Activities.

Under the present policy, the “User” is the data subject whose personal data we are processing as part of the Activities. The User is also being referred to as “you” below.

WHAT TYPES OF DATA DO WE COLLECT ABOUT YOU?

Depending on who you are (e.g. customer, consumer, supplier, business partner, etc.) and how you interact with us (e.g. online, offline, over the phone, etc.) we may process different data about you.

We may collect your data, for example, when you visit or use our website, applications or social media channels, purchase and use our products, services, web-based tools, mobile applications, systems, subscribe to our newsletters, install a software update, provide to us your goods or services, contact our customer support, join our business events, participate to our contests, promotions and surveys or otherwise interact with us.

Below you will find an overview of the categories of data that we may collect as part of the Activities.

Information you provide to us directly

Categories of data	Examples of types of data
Personal identification data	Surname, first name, title, date of birth.
Contact information data	Professional address and locality, professional e-mail address, telephone and/or mobile phone number.
Account log in credentials	Log in ID, password or other security codes (such as username, password, security question and answer to this question,…).
Images and/or videos from which you may be identified	Pictures uploaded into ERTICO accounts or otherwise provided to us.
Financial data	Credit card data, bank account data.
Activities to which you participated	Information about the ERTICO Activities you have been subscribed or have participated to, as participant, speaker, partner, sponsor, supplier, collaborator, etc., …
Any other information that you decide to voluntarily share with ERTICO or its partners as part of our Activities	Feedback, complaints, opinions, reviews, comments, travel data, hotel reservations, uploaded files, interests, biography, food preferences, either via our website or our event sites, via our event partners, our support channels, etc.

Lastly, if you visit our premises, for security reasons we might also record your data through video or other electronic, digital or wireless surveillance system or device (e.g. CCTV).

Information we collect automatically
 
When you visit or use our websites or applications, subscribe to our newsletters or otherwise interact with us through our digital channels, in addition to the information you provide to us directly, we may collect information sent to us by your computer, mobile phone or other access device. For example, we may collect:

Categories of data	Examples of types of data
Device information	Hardware model, IMEI number and other unique device identifiers, MAC address, IP address, operating system version, settings of the device you use to access the services, and device configuration.
Log information	Time,  duration and manner of use of our products and services or products and services connected to ours.
Location information	Your location (derived from your IP address, or identifiers, or other location-based technologies), that may be collected when you enable location-based products or features such as through our apps.
Other information about your use of our digital channels or products	E.g. sections in our website you visit, links you click within our advertising e-mail. Please note that when using our website or other digital products, our cookie notice applies.

Information we may collect from other sources
 
To the extent permitted by applicable law, in addition to our websites, applications and other digital channels, we may also obtain information about you from other sources, such as public databases, joint marketing partners, social media platforms and other third parties.
For example, depending on your social media settings, if you choose to connect your social media account to your ERTICO account, certain data from your social media account will be shared with us, which may include data that is part of your profile.
To the extent permitted by applicable law, in addition to our websites, applications and other digital channels, we may also obtain information about you from other sources, such as public databases, joint marketing partners, social media platforms and other third parties.
For example, depending on your social media settings, if you choose to connect your social media account to your ERTICO account, certain data from your social media account will be shared with us, which may include data that is part of your profile. If you interact with us through social networks (‘SNS’) we might process your personal information in accordance with this Policy.
What data we process will depend on what personal information you have provided to the SNS (such as your name, email address and other information you have made publicly available) when creating your account. Note that the data we collect from and through a SNS may depend on the privacy settings you have set with the SNS and the permissions you grant to us in connection with linking your account with our products or services to your account with an SNS. Your interactions with third parties through an SNS or similar features are governed by the respective privacy policies of those third parties and your agreement with the SNS. You acknowledge that you are entitled to use your SNS account for the purposes described herein without breach by you of any of the terms and conditions that govern the SNS.

Information we may aggregate from different sources to your profile
 
If you have indicated to us that you wish to receive personalised direct marketing communications, we might aggregate data from different sources (both internally and externally) to have a better understanding of your preference and interests, and be able to serve you with more relevant communications. You can always object to these activities by way of opposing to this. In particular, you can always opt-out from receiving marketing-related emails by following the unsubscribe instructions provided in each email. You can always contact us (you will find the contact details in the below section “contact info”) to opt-out from receiving marketing-related communications.

HOW DO WE USE YOUR DATA?

 
We may use your data for different legitimate reasons and business purposes. Below you will find an overview of the purposes for which we may process your data:

 
If we ask you to provide us with your data, but you chose not to, in some cases we will not be able to provide you with the full functionality of our products, services, systems or applications. Also, we might not be able to respond to requests you might have.

If you decide to provide us with personal data of any other individual as part of your participation to our Activities, you guarantee that you have obtained consent from that individual prior to providing the information to us. It is your responsibility to ensure that information you share with us does not violate any third party’s rights.

ERTICO guarantees that the personal data processed:

• Are processed for specified, explicit and legitimate purposes, and are not further processed in a manner inconsistent with the original purposes for which the data were collected.
• ERTICO will at all times clearly communicate the purposes before starting a data processing.
• The data processing will be proportional, within the limits of what is necessary for the purposes for which the data were collected. ERTICO will not process the personal data longer than necessary.
• ERTICO secures the data appropriately, in order to minimise the risks for the data subjects.
• As specified below, the processing is linked to a specified retention period, which corresponds to what is (strictly) necessary for the concerned purposes.
• The data processing activities take into account the data life cycle: where necessary, the data will be updated and/or deleted. ERTICO has adopted measures to provide access to the data, erase and / or correct the personal data, taking into account the specificities of the processing (lawfulness, purposes).

PROTECTION OF YOUR DATA: CONFIDENTIALITY AND INTEGRITY

To protect your data, we will take appropriate measures that are consistent with applicable data protection and data security laws and regulations, including requiring our service providers to use appropriate measures to protect the confidentiality and security of your data. 

More in particular, ERTICO has taken and is taking measures to secure them and protect them against any loss, modification or unauthorised access:

• By updating security measures as the technology evolves, as needed (e.g. sites accessible through “https”; password rules have been implemented);
• By ensuring that your data is only accessible to authorised personnel: the personal data is only accessible to the ERTICO workers and subcontractors on a “need-to-now” basis.
  More in particular, only collaborators that are responsible for the relevant Activities gain access to personal data being processed;
• By requesting a proof of identity before being able to provide you with any personal information concerning you;
• By performing periodic back-ups and storing the personal data on secure servers;
• By deleting and/or anonymising your data at the end of the retention period (namely as soon as it is no longer needed for the finalities pursued);
• Those who have access to the personal data have followed or will be following trainings in the processing of personal data and how to process your personal data. They are bound by the confidentiality clauses to guarantee the integrity and confidentiality of your data.

Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.
Depending on the state of the art, the costs of the implementation and the nature of the data to be protected, we put in place technical and organisational measures to prevent risks such as destruction, loss, alteration, unauthorised disclosure of, or access to your data. If you have reason to think that your interaction with us or your personal data is no longer processed in a secure manner, please reach out to the ERTICO Privacy Office (contact details below section “contact info”).

WHEN DO WE SHARE YOUR DATA?

We do not share any of your data except in the limited cases described here.
If it is necessary for the fulfilment of the purposes described in this Policy, we may disclose your data to the following entities. Access to your data will be granted on a need-to-know basis:

• ERTICO members: due to our global nature, your data may be shared with certain ERTICO affiliated members;
• Service providers: like many businesses, we may outsource certain data processing activities to trusted third party service providers to perform functions and provide services to us, such as ICT service providers, consulting providers, shipping providers, payment providers, electronic communication service platforms;
• Business partners: we may share your data with trusted business partners so they can provide you with the services you request;
• Public and governmental authorities: when required by law, or as necessary to protect our rights, we may share your data with entities that regulate or have jurisdiction over ERTICO.
• Professional advisors and others: we may share your data with other parties including professional advisors, such as banks, insurance companies, auditors, lawyers, accountants, other professional advisors.
• Upon your request in case of a personal data portability request.

We have taken the necessary steps to ensure that all recipients of your data provide sufficient and appropriate safeguards to ensure the security (including the integrity and confidentiality) of your personal data.
ERTICO of course also closely monitors how the data is being processed by its subcontractors.
Typically, we work with external parties to organisze the events and/or create event / web pages.
The processing of personal data by these parties may be applicable. You can find there additional (layered) privacy notices here.

WHEN DO WE TRANSFER YOUR DATA ABROAD?

Due to our global activities, data you provide to us may be transferred to or accessed by ERTICO partners, and trusted third parties from many countries around the world.
As a result, your data may be processed outside the country where you live, if this is necessary for the fulfilment of the purposes described in this Policy.

If you are located in a country member of the European Economic Area, we may transfer your data to countries located outside of the European Economic Area. Some of these countries are recognised by the European Commission as providing an adequate level of protection.

With regard to transfers from the European Economic Area to other countries that are not are recognised by the European Commission as providing an adequate level of protection, we have put in place adequate measures to protect your data, such as organisational and legal measures (e.g. binding corporate rules and approved European Commission standard contractual clauses). You may obtain a copy of these measures by contacting the ERTICO Privacy Office (contact details below section “contact info”).

As a general rule, your personal data will be hosted in the European Union, and limited to the finality and data retention periods for the data processing.
For the purposes of our mailings, we are asking you your consent through our website, because we are using the campaign platform Mailchimp. If you agree for us to send you mailings via email, the Mailchimp terms and conditions will be applicable. They can be found here: https://mailchimp.com/legal/privacy/. For more information about Mailchimp’s data storage and security, click here: https://mailchimp.com/about/security/.
For surveys, we use Google forms. The following policies apply https://policies.google.com/privacy?hl=en-US by reference.

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We keep your data for the period necessary to fulfil the purposes for which it has been collected (for details on these purposes, see above section “How do we use your data?”). Please keep in mind that in certain cases a longer retention period may be required or permitted by law. The criteria used to determine our retention periods include:

• How long is the data needed to provide you with our products or services or to operate our business?
• Do you have an account with us? (e.g. as a recurring event partner, ERTICO member or event visitor). In this case, we will keep your data while your account is active or for as long as needed to provide the services to you.
• Are we subject to a legal, contractual, or similar obligation to retain your data? Examples can include mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation, or protection against a possible claim.

For ERTICO Congresses, ERTICO creates a new instance (typically a new database and event site) for each Congress. The personal data of each instance is kept during 26 months rolling. This corresponds the registration period for the current event + the event immediately after that event.
Example: The personal data being processed for “Event 2019” is deleted as soon as we can decommission that platform. This is done as soon as N+1 Event is open for submissions. The instance for Event 2019 is “active” in the period from September 2018 until September 2019. The instance for Event 2020 is available in the period from September 2019 to September 2020. The instance of Event 2019 is being decommissioned as soon as the platform for Event 2021 is active for
submissions (= September 2021).
For ERTICO surveys: each survey results containing personal data will only be accessible to the data analysts analysing the data and making the report (need to know basis), and then pseudonymiszed and archived. The archived data will be retained during a period of six months after publication of the final report after which it is deleted.
The works of authorship shared with us and uploaded on our sites (e.g. research papers, articles, PowerPoints etc.) may also contain personal data. If this is the case, in view of the proportionality principle, ERTICO will remove any excess personal data before it further processes them for the Activities. As a general rule, the works of authorship only contain name + surname + affiliation of the author(s).

WHAT ARE YOUR RESPONSIBILITIES?

We would like to remind you that it is your responsibility to ensure, to the best of your knowledge, that the data you provide us with, are accurate, complete and up-to-date. Furthermore, if you share with us data of other people, it is your responsibility to collect such data in compliance with local legal requirements. For instance, you should inform such other people, whose data you provide to us, about the content of this Policy and obtain their prior consent.

WHAT ARE YOUR RIGHTS?

Data protection law provides with various rights relating to the processing of personal data, so that the data subject can continue to exercise sufficient control over the processing of its personal data:

• Right of access and rectification of personal data: You have the right to obtain confirmation from ERTICO on which personal data are being processed. For the sake of facility, you can find most personal data we process already in the Application itself (see the “your profile” section in the Application), where you can also rectify any inaccurate recorded data. Should you also want to rectify the email address or other data we process, please contact us, as indicated above.
• Right to delete personal data: You may request the deletion of your personal data, being understood that when we are processing your personal data based on the execution of the agreement we have with you, we will delete your personal data as soon as the announced retention time has lapsed and/or the agreement is terminated.
• Right to limit the processing of personal data: You may request the limitation of the processing if the accuracy of the personal data is in question and during the period necessary for the verification of their accuracy.
• Right to oppose the processing of personal data: You may object to certain data processing. This is not the case when it comes to the performance of a contract or the performance of a legal obligation or legal action.

Procedure concerning the exercise of rights
Within ERTICO, the data subject can exercise his rights by sending a request to the ERTICO Data Protection Office. ERTICO has the right to ask the person concerned to identify him/herself in order to ensure that the effective exercise of the rights is requested by the person concerned (and not someone else who does not have the right to ask for this information).
ERTICO will respond to the request of the interested party within a maximum of one month.
Otherwise, ERTICO informs the person concerned of the reasons for his/her inaction or the delay in following up with the request.
Of course, if necessary, ERTICO will also make the necessary efforts to inform the recipients of the personal data of the data subject that the data subject is exercising the right to correct, delete or limit the processing.

CONTACT INFORMATION

You can always contact the ERTICO Privacy Office if you would like to:

• review, change or delete the data you have supplied us with (to the extent ERTICO is not otherwise permitted or required to keep such data);
• object to certain data processing operations (e.g., opt-out from marketing communications);
• receive a copy of your data (in a common machine readable format, to the extent it is required by applicable law);
• ask us any other questions related to the protection of your personal data by ERTICO.

For any questions or reasonable inquiry related to the protection of your personal data or regarding this Policy in general, you can contact the ERTICO Privacy Office. The tasks of this office are:

• to align and coordinate approaches to privacy and information security within and across ERTICO's various activities to ensure a systematic approach;
• to ensure the implementation and enforcement of data protection legislation and the present policy within ERTICO.

ERTICO asks you to send your requests, questions and possible complaints to the mailbox of the service, by email: privacy@mail.ertico.com or by post: ERTICO Data Protection Office, FAD Department, Avenue Louise 326 to 1050 Brussels (Belgium).

If you have any questions about this policy or if you wish to make a complaint, you can contact us either via email or by mail using the contact information mentioned above.

You also have the right to lodge a complaint with the Belgian Data Protection Authority: Rue de la Presse 35, 1000 Brussels, +32 (0) 2 274 48 00 +32 (0) 2 274 48 35, contact@apd-gba.be.

WHAT ARE THE UPDATES TO THIS PRIVACY POLICY?

This privacy policy might change from to time. The most current version of the Policy will govern our use of your data and can be found on the ERTICO website.
If a new version becomes applicable, ERTICO will post it on its website, and, if applicable, on the other digital locations (such as an event website). We may also request you to re-enroll your consent preferences from time to time.

The previous versions can be found here.