OUR CHARTER FOR YOUR PERSONAL DATA
VERSION OF MAY 2019
WHAT ARE PERSONAL DATA?
“Personal Data” (hereinafter “PD”) are any data relating to you that makes it possible to identify you directly or indirectly.
This can include your username, name, sex, date of birth, postal address or your email.
To ensure optimal use of our services and, in particular, personalised services, you provide certain PD to the CFA. The provision of certain data is even essential in order to obtain certain services (e.g. inscribing for events).
This may therefore include usage data collected automatically when you connect to our website. We store information about your usage using a tracking method, such as a cookie.
POOL IS COOL vzw (hereinafter “CFA”) is the organizer of EXPEDITION SWIM.
We attach great importance to the respect and protection of your PD that we process in the performance of our mission and services.
We undertake to process your PD in a fair, lawful and transparent manner as required by the Law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data (hereinafter “the Law”) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “the GDPR”).
This Charter is in keeping with our desire to act in a fully transparent manner and to enable you to improve your user experience.
WHO ARE WE?
We act as Data Controller (hereinafter “DC”) for our productions, joint data controller for our co-productions and as a new data controller for the events of other external organisers and parties that rent halls.
CONTACT DETAILS FOR THE DC
POOL IS COOL vzw
If you have any questions concerning your PD, please contact us at the following address: email@example.com
WHAT CATEGORIES OF PD DO WE PROCESS?
Your identification data such as your last name, first name, postal address, telephone number(s), email address(es), identity card, photo, images recorded, etc.
Date of birth: we are legally obliged to obtain parental permission for those under 13 years of age and these data are also necessary for age verification for certain events.
Browsing data such as IP address, date and time of access, type of domain with which you connect to the Internet, your preferences, etc.
Location Data or other communication-related data;
Sensitive data: we do not process data such as your sexual orientation, religious or political beliefs or data relating to your health or ethnic background.
Payment and billing data: these data are retained to enable us to process orders and comply with our legal accounting obligations.
WHAT ARE OUR SOURCES?
You are our main direct source for collection of PD when you sign up for a newsletter, for example, or when purchasing tickets. We therefore expect you to provide us with correct and up-to-date PD.
Certain PD, such as the pages you have viewed, the date and time that you access our website or your location data, are automatically collected, via the servers visited (when you visit the pages of our website or the application) and from “cookies” placed on our site.
WHAT DO WE DO WITH YOUR PERSONAL DATA?
Purchasing tickets or registration for a free event We collect your PD mainly to establish, develop and manage the contractual relationship surrounding your order for tickets for an event taking place at the CFA (e.g. to manage your booking and keep you informed about the event for which you have purchased tickets).
We might ask you for your identity card when you attend one of our events to verify your date of birth.
Subscribing to one or more newsletters
We collect your PD when you subscribe to one or more of our newsletters.
Direct marketing and newsletters
The data are also used for the purposes of direct marketing for similar events in the CFA’s offering. You may object to such direct marketing at any time and request that the CFA removes you from the list. You will therefore find an unsubscribe link at the bottom of every email. By removing yourself from this list, you will also be unsubscribed from all newsletters to which you have subscribed.
The CFA combines the data you have provided with your usage of the site to optimise your browsing experience and to notify you of personalised offers by email.
Some of our events may be filmed for live streaming or recorded for later broadcast. You may be filmed on such occasions.
Transfer to third parties
We do not provide your PD to third parties.
Verification of the legality of operations
PD may be processed to prevent or detect crime, such as infringement of intellectual property rights, electronic payment fraud or other offences.
Processing job applications
If you apply for a position at the CFA, your PD are retained to comply with the application procedure.
Complaints or lost property
Your PD may be used to respond to a complaint submitted to us by you. The same applies when you lose any personal belongings while visiting the CFA.
Improving our services
Your PD enable us to optimise our services (such as adapting and improving content or navigation on our website), improve the effectiveness of our marketing or advertising campaigns and compile statistics.
They will not be used for any other purpose without your prior express consent, such as for third party advertising or to send you a new newsletter to which you have not yet subscribed.
WHO PROCESSES YOUR PD?
In keeping with the principle of minimisation, only authorised CFA personnel have access to your PD.
Our external service providers and contractors
In order to perform certain tasks and provide our services, we use the services of external providers.
This may include, among others, our application provider and our ticketing system.
We require our subcontractors to provide the same level of protection as we do and that they do not use your PD for purposes other than those specified by us.
They must also have appropriate security measures to protect against unauthorised or unlawful processing of your PD and against accidental loss, destruction or damage of your PD.
This is guaranteed contractually and they are only authorised to process your PD for the authorised purpose, with the requisite discretion and security.
DO WE SHARE YOUR PD?
Your PD may be disclosed in compliance with laws or regulations or pursuant to a decision of a competent regulatory or judicial authority.
HOW SECURE ARE YOUR PD?
We are committed to protecting your PD in accordance with the law and the state of the art.
We have therefore implemented appropriate technical and organisational measures to protect your PD. These measures are designed to provide a level of security appropriate to the risks posed by the processing of your PD.
Our IT infrastructure is protected by various technical means such as perimeter security services using firewalls as well as email filtering systems. Several systems have been put in place that permit the backing up of data. In addition, exchanges of data between the various interfaces are encrypted and therefore protected.
Your transactions are also secured through encryption.
In order to prevent unauthorised access or unauthorised changes to data to the greatest extent possible, CFA staff, partners or subcontractors only process your PD in accordance with this Privacy Charter.
However, we draw your attention to the fact that we cannot guarantee the security of your PD while being transmitted over the Internet.
We draw your attention to these particular risks connected with the specific nature of the Internet and networks and the fact that information relating to PD may be captured and/or transferred, without your knowledge, including to countries that do not guarantee an adequate level of protection.
FOR HOW LONG DO WE RETAIN YOUR PD?
The CFA only retains your data for as long as necessary for the purposes described above as well as to comply with the statutory data retention obligations applicable to us.
The retention period for PD is generally set at 10 years.
This time period has been decided for practical reasons and to satisfy our accounting obligation to retain data for 10 years and for reasons of technical feasibility.
If you have not shown any activity for a period of 10 years or have not made any contact with the CFA, you will receive an email asking if we can disable your account.
After this, your PD are deleted, anonymised or stored exclusively for statistical purposes and are not used for any other purpose whatsoever.
YOUR CHILDREN’S PD?
As parents, you are asked to monitor your child(ren)’s usage of his/her/their PD and his/her/their access to the CFA’s online/offline services.
The digital age of consent on the web is 13 years. Children under 13 years of age must therefore declare and acknowledge that they have obtained the prior authorisation of their parents or a legal guardian.
WHAT ARE YOUR RIGHTS?
You have a right of access, a right to rectification (in case of inaccurate data) and a right of erasure of your registration data.
You have the right to object, based on serious and legitimate grounds, to the processing of your registration data.
You have the right to object, at any time, to the use of your PD for direct marketing purposes.
You can submit your request for access, changes, erasure or objection by sending a detailed request by email to firstname.lastname@example.org
We will assess the validity of your request and determine the possibility of responding to your request as soon as possible and no later than within one month of receipt of the request.
If necessary, this period may be extended by two months, depending on the complexity and number of requests.
In addition, following your request, the CFA may need to verify your identity to prevent identity theft or abuse. This verification may require the transmission of additional data such as a copy of your identity card.
REMEDIES AVAILABLE AND COMPETENT SUPERVISORY AUTHORITY
In case of a dispute concerning a decision of the DPO or any other complaint relating to the processing of your PD, you may submit a complaint to the supervisory authority free of charge:
BELGIAN DATA PROTECTION AUTHORITY
Rue de la Presse 35, 1000 Brussels
Telephone: +32 (0)2 274 48 00
Fax: +32 (0)2 274 48 35
CHANGES TO THIS CHARTER
This Charter may be amended at any time as a result of the development of new forms of processing implemented by the CFA or changes to the applicable legislation.
Any change shall enter into force immediately. We therefore invite you to visit this page regularly.
Last updated on 14/05/2019.