The protection of your personal data is very important to us. The purpose of this policy is to inform you, in a transparent manner, about the data we collect, the purpose for collecting it, the way we use it and the rights you have regarding the processing of your data. If you have any further questions, please do not hesitate to contact the controller.
We collect and store information including:
- Personal information
- Information collected for tracking and customisation (cookies)
- Automatically collected information
Name and address of the controller
The controller of your personal data, under applicable data privacy legislation and in regard to the processing of personal information, is:
European Business Summit Network ASBL
Rue du Belvederestraat 28, 1050 Brussels, Belgium
Exercising your rights
According to the applicable laws, you have various rights regarding your personal data:
- Right to obtain confirmation and access
- Right to request rectification
- Right to erasure (right to be forgotten)
- Right to request restriction of processing
- Right to data portability
- Right to object
- Right to withdraw the given consent
If you wish to assert these rights, please send your request by e-mail or by post to the following address: Rue du Belvederestraat 28, 1050 Brussels, Belgium or privacy@ebsummit.eu.
Your request should include:
- Your full name and contact information.
- Details of the specific right you wish to exercise.
- Any relevant details to help identify the data in question (e.g., context of collection, dates, or project activities).
Once your request is received:
- You will receive an acknowledgement of receipt within 3 working days.
- If additional information is needed to verify your identity or clarify your request, you will be contacted promptly.
The ERAMET project will respond to your request within one month of receipt, following Article 12(3) GDPR.
At any point, should you deem that any of your rights have not been respected. You may also lodge a complaint with the Data Protection Authority. The Belgian Data Protection Authority (GBA) is an independent body of the federal Parliament which ensures compliance with the fundamental principles of the protection of personal data.
Do you want to exercise your rights, do you have a question or a complaint about how the DPA processes your personal data? Contact our Data Protection Officer:
- via mail: dpo@apd-gba.be
- by post: Rue de la Presse 35, 1000 Brussels.
(see https://www.dataprotectionauthority.be/).
Personal information
You may have the opportunity via our website or other means to provide us with personal information about you and your interests. This information may include, but is not limited to, your name, e-mail address and policy interests.
If you choose to share any personal data with us via our website or e-mail, we may store it and use that information to assist you with any questions you may have.
We collect your personal data (email, name) so that we can send you newsletters. We provide users the opportunity to unsubscribe from our mailing lists through an “unsubscribe” button, which is available at the bottom of any e-mail. We will not sell, rent, loan, trade, or lease any personal information collected online or offline. All information shall be kept absolutely confidential unless given consent to by the user.
Personal data is processed based on explicit, informed consent obtained from individuals where required. This applies to all the activities where individuals voluntarily provide their data.
For individual registrations to the project e-newsletter, subscribers will either register themselves to receive the e-newsletter through the website registration form by ticking the relevant checkbox (By writing your email in the box above your consent to receiving newsletters from the ERAMET project and sharing your information according to the Privacy Policy available on this website) or, if invited to register by an ERAMET partner, they will also be directed to this registration form.
Information will be stored in an ERAMET database solely for the purpose of ERAMET use and managed solely by EBSN. Unless otherwise determined, the database will be deleted if no further dissemination is planned beyond the end date. If you have expressed permission for us to store information pertaining to you, this will be kept secure via 256-bit encryption.
All contacts will be exclusively managed by EBSN, thereby obviating the need for the transfer of personal data between project partners.
Information collected for tracking and customisation (Cookies)
You may visit our website anonymously. Except as described in this privacy statement, we do not collect identification data of our visitors.
We do, however, use cookies (small computer files that stay on your computer and let us know when and how often you visit our website) to keep and track general information about website usage. Cookies do not identify the individual user, just the computer used.
Cookies and other similar technology can make it easier for you to use the website during future visits. Cookies only record which areas of the website have been visited by the computer in question, and for how long. This information allows us to understand how our website is being used so we can assess how well it is working and help us make decisions about how to improve it.
Allowing us to create a cookie does not give us access to the rest of your computer and we will not use cookies to track your online activity once you leave our website. Cookies are read only by the server that placed them and are unable to execute any code or virus.
There are two types of cookies, session and persistent. Session cookies last only as long as your web browser is open. Once you close your browser, the cookie disappears. Persistent cookies store information on your computer for longer periods. We use session and persistent cookies. However, at no time is your Personal Information, whether stored in persistent cookies or elsewhere, shared with third parties who have no right to that information.
If you do not wish to have cookies stored on your computer you can easily change your web browser to refuse them, or to let you know when you get a new cookie. Please refer to your browser instructions to learn more about these functions. Refusing cookies, however, can restrict your use of the website. To enjoy the website to the full we recommend you leave cookies switched on.
Automatically collected information
We collect and store certain technical information about your visit for use in website management and security purposes. This information includes The Internet domain from which you access our website (for example, “xcompany.com” if you use a private Internet access account, or “yourschool.edu” if you connect from an educational domain); The IP address (a unique number for each computer connected to the Internet) from which you access our website; The type of browser (e.g. Internet Explorer, Chrome) used to access our site; The operating system (e.g. Windows) used to access our site; The date and time you access our site; The URLs of the pages you visit; Your username, if it was used to log in to the website; and If you visited this website from another website, the URL of the forwarding site.
This information is used to help us make our website more useful for you. With this data, we learn about the number of visitors to our website and the types of technology our visitors use. Except for authorised law enforcement investigations, no attempts are made to identify individual users or their usage habits. Raw data logs are retained temporarily as required for security and website management purposes only.
Security
Security for all personal data is important to us. We store your personal data securely and use procedures designed to protect the information we collect from loss, misuse, unauthorised access or disclosure, alteration or destruction.
Access to sensitive data classified shall be limited to authorised persons whose job responsibilities require it, as determined by ERAMET’s Data Management Plan.
Data security includes:
- Confidentiality – Data cannot be accessed by unauthorised people or systems.
- Integrity – Data is not modified by unauthorised people or systems, system failure, or any other unwanted causes.
- Availability – Data is accessible when it is needed.
Data Encryption
- In Transit: All personal data transmitted over networks is encrypted using protocols like TLS (Transport Layer Security) to prevent unauthorized interception.
- At Rest: Sensitive data stored in databases or on devices is encrypted using industry-standard algorithms such as AES-256.
Access Control Mechanisms
- Role-based access control (RBAC) ensures that only authorized personnel can access specific data.
- Multi-factor authentication (MFA) is implemented for accessing sensitive systems.
- Access logs are maintained to track all activities and detect unauthorized access attempts.
Data Anonymization and Pseudonymization
- Personal data is anonymized or pseudonymized where possible to reduce privacy risks.
- Identifiers are replaced with pseudonyms in datasets used for analysis to protect data subjects’ identities.
Regular Data Backups
- Personal data is backed up regularly, and backups are encrypted.
- Disaster recovery plans ensure quick restoration of data in case of loss or breach.
Secure Development Practices
- The project adheres to secure coding practices, and systems undergo vulnerability assessments before deployment.
Monitoring and Intrusion Detection
- Systems are equipped with intrusion detection and prevention systems (IDPS) to monitor and protect against unauthorized access or breaches.
Data breach notification process
A procedure has been established to handle personal data breaches in compliance with the EU General Data Protection Regulation (GDPR). In the event of a breach, the following steps will be taken:
- Immediate Assessment
Upon discovery of a potential data breach, an assessment will be conducted to determine the nature and extent of the incident, as well as its impact on personal data and associated risks to the rights and freedoms of individuals. - Notification to Supervisory Authorities
If the breach is deemed likely to result in a risk to the rights and freedoms of individuals, the Belgian supervisory authority will be notified within 72 hours of becoming aware of the breach.- If it is not possible to provide full details within 72 hours, an initial notification will be submitted with the available details, and updates will be provided as more information becomes clear.
- Communication to Affected Individuals
If the breach is likely to result in a high risk to the rights and freedoms of affected individuals, direct communication will be provided without undue delay. The communication will include:- A description of the nature of the breach.
- Contact details of the project’s Data Protection Officer or other relevant contact points.
- Details of the potential consequences of the breach.
- Steps being taken to mitigate the adverse effects of the breach.
- Documentation and Mitigation
All breaches, regardless of their severity, will be documented in our internal records, including details of the breach, its impact, and the measures taken.
Corrective actions will be implemented to address vulnerabilities and prevent future breaches.
International Data Transfer
In compliance with Chapter V of the General Data Protection Regulation (GDPR), we are committed to ensuring the security and protection of personal data, particularly when transferring data outside the European Union (EU) or European Economic Area (EEA).
At present, we do not transfer personal data outside the EU/EEA.
Updates to our privacy policy
We will revise or update this policy if our practices change, or as we develop better ways to keep you informed about them. Please refer to this page for the latest information and the effective date of any changes. If we decide to change this policy, we will post a new policy on our website and change the date at the bottom. Changes to the policy shall not apply retroactively.
Users will be notified via email in case of significant changes to the privacy policy.