Cookies are small text files that are placed on your computer when you visit our website. They help us do various things, such as enabling certain functionality or measuring how visitors like you use our website.
The legislation regarding the processing of personal data (GDPR and Law of 30 July 2018) and relevant electronic communications (Law of 13 June 2005) obliges us to provide you with lots of information, so we’d like to ask for your attention. If you have any further questions about using cookies to process your personal data after reading this policy, please do not hesitate to email our DPO (data protection officer): firstname.lastname@example.org
2. Who are 'we'?
Flemish Institute for Archives (VIAA) vzw
Company number 0644.450.380
Tel.: +32 9 298 05 01
You can of course contact always VIAA with all your questions, requests or problems relating to the processing of your personal data (remember the aforementioned DPO).
3. Which cookies do we use and why?
When you use our website, we place these cookies on your device.
We need to place the strictly necessary cookies on your device. You cannot choose whether or not we use these cookies, because they are necessary for the website to work.
We need your prior consent for performance and marketing cookies.
You can give your consent by clicking on the relevant button in the cookie banner. You can withdraw your consent at any time by deleting the cookies stored in your browser. You can find more information about how to do this on your respective browser websites:
4. Who do we share your personal data with?
We share the personal data collected via cookies with nobody other than the people who work for VIAA, our content partners and the suppliers who assist us with the processing. These are organisations that we have engaged for the following purposes, among others: administration, communication, hosting, website maintenance, data analysis, user authentication, marketing, etc.
Everyone who has access to your personal data will always be bound by strict legal or contractual obligations to keep your personal data secure and confidential. This means that only the following recipients receive your personal data:
the VIAA employees, content partners and suppliers described above;
government or legal authorities to the extent we are obliged to send them your personal data (e.g. tax authority, police or legal authorities).
Your personal data is not sent outside of the European Economic Area (EEA) by us in principle (the European Economic Area consists of the EU, Liechtenstein, Norway and Iceland), unless if: (1) this country has been placed on the ‘white list’ on the basis of an adequacy decision from the European Commission, (2) we take sufficient safeguards to protect your personal data during transfer (e.g. by making an agreement based on standard contractual clauses such as those drawn up by the European Commission) or (3) there is a possibility of a specific situation for which the GDPR provides an exemption.
5. How long do we store your personal data?
Your personal data is only processed for as long as necessary to achieve the purposes of the cookies described above or, if we have requested your consent, until the time you withdraw your consent. This article provides you with the information you need to assess how long we keep your personal data identifiable.
As a general rule, we will anonymise your personal data when it is no longer needed for the purposes described above or when the period for which we store it, as explained in this article, elapses. We cannot delete your personal data, however, if there is a legal or regulatory obligation or a court or administrative order that prevents VIAA from doing so.
We will save all the personal data that we collect via cookies at least until the moment when the cookies are deleted from your device.
We store all the personal data collected via cookies in the context of a contractual relationship with you or the organisation you represent for the duration of the contractual relationship and up to 10 years thereafter, even if the cookies in question have already been deleted from your device.
6. What do we do to ensure your personal data is stored securely?
As explained previously, the security and confidentiality of all the data we process is very important to us. We have therefore taken the following measures to ensure that all processed personal data is stored securely. Among other things, these steps include only processing the personal data that is required to achieve the purposes we have informed you of. We have also taken technical and organisational measures to protect our infrastructure, systems, applications, premises and processes.
You will understand that these technical and organisational measures contain sensitive information about our organisation that we don’t want to disclose publicly. You can always contact us, however, if you would like more information about this.
7. What rights do you have with regard to your personal data?
When we collect and use your personal data, you are granted a number of rights which you can exercise as described below. Take into account that when you want to exercise a right, we will ask you for proof of identity. We do this to ensure we do not violate any personal data rights, for example because an unauthorised person is impersonating you and exercising a right in your name.
7.1 You are entitled to access your personal data, which means that you can ask us to provide you with information about the personal data we have for you. You can even request a copy of your personal data. Take into account that you need to state the processing activities that you wish to have access to your personal data for.
If you repeatedly submit the same request and so cause clear inconvenience, we can refuse these successive requests or charge you an administrative fee to cover the costs. We can also refuse you the right to access your personal data, or only grant partial access, if this access could cause disproportionate harm to the rights and freedoms of others, including those of VIAA.
7.2 You are entitled to request that we correct your personal data if you can demonstrate that the personal data that we hold for you is incorrect, incomplete or out of date. Please indicate the context in which we use your personal data (for example to send you newsletters or respond to a request), so that we can assess your request quickly and accurately.
7.3 If we have asked for and received your consent to collect and use your personal data, for example for commercial cookies, you are always entitled to withdraw this previously granted consent at any time.
7.4 You can ask us to delete your personal data if it is no longer needed for the purposes for which we have collected it, if its collection was unlawful, or if you’ve successfully used your right to withdraw your consent or object to the processing of your personal data.
We will immediately delete your personal data when one of these circumstances applies unless legal obligations or administrative or court orders prevent us from doing so.
7.5 You can ask us to restrict the processing of your personal data:
during the time when we are assessing your request to correct your personal data;
during the time when we are assessing your objection to the processing of your personal data;
when such processing was unlawful, but you prefer a restriction to deletion;
when we no longer need your personal data, but you need it to establish, exercise or defend against a legal claim.
7.6 When we process your personal data on the basis of our own interests, i.e. you have not given your consent and we don’t need it for the implementation or execution of an agreement, or to satisfy legal obligations, you have the right to object to our processing of your personal data.
We will grant your request immediately if our interest relates to the use of commercial cookies. For other interests, for example our security interests, we ask you to describe your specific circumstances that lead to such a request. We then need to balance your circumstances against our interests. If this consideration leads to your circumstances outweighing our interests, we will stop processing your personal data.
7.7 When we have collected your personal data on the basis of your consent or because it was needed to implement an agreement with you, you are entitled to receive a copy from us in a structured, commonly used and machine readable format. This right only applies to personal data that you have provided to us, however.
7.8 Please send us an email if you want to exercise any of these rights. You can reach us via email@example.com.
You can rest assured that we will not interpret an email from you indicating your wish to exercise a right as your consent to the processing of your personal data, beyond what is necessary to process your request.
Any request must clearly state and specify which right you wish to exercise. Please always state the context in which we have received your personal data, so that we can handle your request quickly and carefully. Your request also needs to be dated, signed and accompanied by a digital scanned copy of your pasport or driving licence to prove your identity.
We will immediately confirm receipt of this request. If the request proves to be justified, we will inform you as soon as possible and no later than thirty (30) days after receipt of the request.
If you have a complaint about the processing of your personal data by VIAA, you can always contact us via the email address given above. If you are not satisfied with our answer, you can submit a complaint to the authorised data protection authority, i.e. the Belgian data protection authority (https://www.dataprotectionauthority.be/) and/or the Flemish Supervisory Committee (https://overheid.vlaanderen.be/vlaamse-toezichtcommissie).