The European Travel Commission AISBL (hereunder as “ETC” or “We”) is committed to processing your personal data with the utmost care, in accordance with the legislation on the protection of personal data (the General Data Protection Regulation, GDPR). In cases where the Belgian law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data contains stricter requirements, we will act in accordance with this legislation.
This privacy statement is intended to help you understand what personal data we collect about you, why we collect it, and what we do with it when you enter on our website ( visiteurope.com), call us, email us, in person, or in any other way.
This Privacy Statement applies to the personal data of all persons who visit our website or use our services (collectively, “Users”).
This statement sets out the principles that ETC applies, in its capacity as data controller, to all personal data of users that are collected and processed in any form, electronic or paper.
With this privacy statement, ETC guarantees that you, as a User, will:
Consent: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she consents, by a statement or by a clear affirmative action, to the processing of personal data concerning him or her;
Personal data: any information relating to an identified or identifiable natural person;
Special data: personal data that reveals about an individual:
Data protection legislation and regulations: European Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, or “GDPR”), as well as the Belgian law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data;
Data subject: a person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person;
Personnel: any person who, in the performance of his/her function within ETC, processes personal data.
Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing;
Processor: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, interconnection, limitation, erasure or destruction;
Personal data breach: a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
Cookies: A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
For more information regarding cookies, please consult our cookies policy.
When visiting/using ETC websites and services and while managing and administering our services and platform, we may collect various categories of personal data about you, including:
Identification data | : Surname, first name, etc. |
Contact details | : telephone, e-mail address, IP address, etc.
|
Electronic identification data | : user’s device type, location, time and duration of the website visit, cookies, etc. |
This list is illustrative and not exhaustive.
We might receive information about you from third parties whom you authorize to interact with us. That information might include your name and possibly other information used by that third party to identify you.
We do not need to collect sensitive data about you, such as data revealing your ethnic origin, political, religious or philosophical opinions, trade union membership, health or sex life, unless it is necessary to comply with our legal obligations. Please be aware that if you choose to spontaneously provide us with unsolicited sensitive data you do so under your own responsibility, and we will not take it into account in regard of our processing activities.
ETC undertakes to adopt the necessary and appropriate technical and organisational measures to protect personal data against unauthorised access, unlawful processing, accidental loss or damage, and unauthorised destruction.
We therefore take all appropriate measures to ensure that your personal data is accurate, up-to-date and in accordance with the intended purposes.
Users should bear in mind that they are partially responsible for the accuracy of their personal data.
We only process personal data that is adequate, relevant and limited to what is necessary for the specific purpose of managing and administering our services and platform.
This includes, but is not limited to :
When you register for our e-mail newsletter, various personal data is collected from you (name, email address).
By registering to our newsletter, you give us your consent to process the data you provided. This includes the regular delivery of the newsletter to the specified address and the analysis of user behaviour for statistical purposes, contributing to the enhancement of our newsletter.
We utilise services from various companies to provide you with engaging online offers. This involves analysing your user activity on our website and other platforms to deliver personalised online advertisements based on your individual preferences.
In addition to the data already mentioned, when cookies are used, and which may reach companies in the advertising networks. The data considered in the selection of potentially relevant advertising includes information about your user behaviour on our website and other platforms. This analysis helps tailor the advertisements to better align with your individual interests and needs.
For more information regarding the cookies used on this website, you can read the Cookies Policy.
We might also process your personal data:
This list is illustrative and not exhaustive.
We are committed to only processing your personal data in a manner that is compatible with the purposes for which it was originally collected.
Regardless of the personal data collected, whether direct or indirect, the processing of personal data by ETC must be based on one of the legal bases listed in the GDPR. Therefore, we process:
In the exceptional event that we would like to process your personal data for purposes other than those for which it was originally collected, we will always ask for your explicit consent.
First, your personal data may be shared internally for the purposes described above. Only ETC members & personnel who need it to perform their duties have access to personal data.
Secondly, we may use external parties such as Amazon Web Services (AWS).
Some of those external parties may act as processors for the processing of your personal data. These external parties will only be required to process ETC users’ personal data in accordance with ETC’s instructions and on the basis of processing agreements that require them to maintain adequate organisational and technical security measures for such personal data.
Finally, your personal data may be transferred to public institutions due to legal obligations.
Your personal data will only be transferred to entities in non-EEA countries if required or permitted by applicable data protection legislation and only if the recipient in that country provides appropriate safeguards to ensure an adequate level of data protection. For such transfers to a third country that is not subject to an adequacy decision by the European Commission, ETC shall implement appropriate safeguards, such as Standard Contractual Clauses (SCCs), to ensure that the recipient provides an adequate level of protection for your personal data.
We take appropriate measures to ensure that your personal data is not retained for longer than is necessary to fulfil the above purposes. This is because certain retention periods are determined by law: personal data must then be retained in accordance with these periods.
Personal data that we collect on the basis of your consent, for example, will be retained by us for as long as your consent remains valid.
In all cases, personal data may be retained for a longer period if there is a legal or regulatory reason to do so, or for a shorter period if the data subject objects to the processing of his/her personal data and if there is no longer a legitimate reason to retain them.
We guarantee to only provide limited access to archived data and to remove or render anonymous your personal data if the retention period has passed.
The GDPR gives you a number of rights in relation to the processing of your personal data. You can exercise these rights at any time with ETC. These rights are:
Right of access: You have the right at any time and free of charge to access your personal data and to request a copy of the personal data that ETC collects about you.
Right to rectification: you have the right to have your data amended if it is incorrect and/or incomplete. The modification of personal data may be related to contractual and/or legal restrictions, which sometimes make it impossible to change it due to our obligations.
Right to erasure of data (“right to be forgotten” ): You have the right to have your data erased from our systems. The deletion of personal data is sometimes not possible due to contractual obligations, legal provisions and the general interest of our organisation, which means that this request cannot always be granted.
Right to object: You have the right to object to the processing of your ETC personal data.
Right to revoke your consent: You have the right to revoke your consent at any time if the processing of your data is based on consent. This can be done in the same way that you gave your consent or by contacting us.
Right to restrict processing: You have the right to request that the processing of your data be restricted. In this case, ETC will continue to store your data, but its use will be restricted according to your request. This request can be made, for example, if you find that your personal data is incorrect, pending its rectification. We only have to respond to these requests in the cases provided for by law.
Right to data portability: You have the right to obtain your personal data processed by ETC in a structured, common and digitally readable form and/or to transmit this personal data directly to another data controller.
These rights can be exercised free of charge by sending an e-mail to [email protected]. We undertake to respond to your request within one month of receipt. We may first ask you for additional information in order to confirm your identity and ensure that the request is from you.
All of the above requests are free of charge, unless ETC considers the request to be manifestly unfounded or excessive (as is the case, for example, with a repeated request). In such cases, ETC may charge a fee that is reasonable in light of the administrative costs or refuse to comply with the request.
At any point in time, you can unsubscribe from our communications & event notification by clicking on the “Unsubscribe” button placed at the bottom of our emails, or by sending an email to [email protected].
If at any time you believe that ETC is infringing on your privacy, you have the right to lodge a complaint with the Belgian Data Protection Authority: Data Protection Authority, Rue de la Presse 35, 1000 Brussels, tel. +32 (0)2 274 48 00, e-mail: [email protected].
ETC acknowledges its responsibility to ensure an appropriate level of security with respect to the information you provide. As a result, we have implemented various measures to protect personal data from loss, alteration, accidental or unlawful destruction, unauthorised disclosure of, or access to, personal data.
Below is a non-exhaustive list of our security efforts:
In addition, all data is physically stored only in AWS data centers meeting ISO 27001 compliance.
These lists are illustrative and not exhaustive.
Social Media
On our website we have included links to our profiles on the social networks of the following providers:
Changes to this Privacy Statement may be made from time to time. This will be done in accordance with the GDPR or other Belgian privacy laws, decrees and regulations. When we change the content of this policy, we will change the date and version number of the “last updated” of this privacy policy. You will be notified of these changes appropriately. Nevertheless, we encourage you to read our Privacy Statement periodically.
If you have any questions regarding the content of this statement, the processing of your personal data or the exercise of your rights in relation to the data processed by ETC, you can contact us at the following [email protected] or by phone at 32 (0)2 548 90 00.
You may also write to us at:
European Travel Commission AISBL
Rue du Marche aux Herbes 61
1000 Brussels, Belgium