Privacy policy

We attach great importance to the security and confidentiality of the personal data we process. We also want to be very clear and transparent about what happens with the personal data we collect from you and how we use it. Hence this privacy policy.

This privacy policy only applies to the personal data we process as a result of the communication or interaction we have with you. As an archives institute, however, we also process personal data that is found in our archive content. This is subject to a specific privacy policy.

1. When is your personal data collected and used?

We collect and use your personal data when you:

  • use our website, platforms or social media, or communicate with us by email, phone or any other digital communication channel;

  • subscribe to one of our newsletters;

  • enter into an agreement with us (e.g. register on one of our platforms, enrol for training or an event, arrange deliveries) and communicate with us in this context as our customer/user or supplier;

  • apply for one of our vacancies.

2. What if this privacy policy doesn’t answer all your questions?

You are entitled to certain information on the basis of the legislation regarding data protection (in particular the GDPR and Law of 30 July 2018), so we’d like to ask for your attention. If you have any further questions about the processing of your personal data after reading this policy, please do not hesitate to contact our data protection officer (DPO). You can email us at: privacy@meemoo.be.

3. Who are ‘we’?

In this privacy policy, ‘we’ refers to VIAA:

Flemish Institute for Archives (VIAA) vzw

Kleindokkaai 9A,

9000 Ghent

Belgium

Company Number 0644.450.380

Tel.: +32 9 298 05 01

VIAA is responsible for processing your personal data as explained in this privacy policy. In 2018 it was decided to merge VIAA vzw with Packed vzw and Lukas vzw. From 2020, the new integrated organisation will continue to operate under its new name: meemoo, Flemish Institute for Archives.

4. Which personal data do we process and why?

4.1. When you make use of our website or social media, or communicate with us by phone, email or through any other digital communication channel, we will collect and use your personal data to:

  1. facilitate communication between you and us, whereby we have a legitimate interest in being able to respond to requests, questions or comments, or contact you proactively with questions of any nature (e.g. when you respond to a blog, make use of our contact form or contact us via social media, phone or email);

  2. improve the content and overall experience on our website, platforms and social media pages, for which we have a legitimate interest in being able to provide our visitors with an interesting online experience;

  3. detect and prevent malware, illegal content and conduct, and other forms of misuse, for which we have a legitimate interest in keeping our online presence secure.

In order to achieve the aforementioned objectives, we may process the following personal data:

  1. basic identity information when you provide it to us, such as name, email, address, phone number, company or organisation where you work, your role;

  2. the content and technical details of the communication (who you are corresponding with, date and time, etc.);

  3. technical information about the device you use, such as IP address, browser type, geographical location and operating system;

  4. information about your browsing behaviour, such as how long you browse, which links you click, which pages you visit and how often you visit a page;

  5. all other personal data that you provide to us.

If our websites or platforms use cookies, you can find more information about this in the cookie policy.

4.2. When you subscribe to our online newsletter, we will collect and use your personal data to send you our newsletter or other electronic communication. We will always ask you for your explicit consent before we send you our newsletter unless you are an existing user/customer/partner whom we want to keep informed about our services. You can unsubscribe from our newsletter at any time.

In order to send you our newsletter, we only process your basic identity data, such as your name, email, organisation and/or role.

4.3. When we (wish to) enter into an agreement with you, whether as a user/customer or supplier, we will collect and use your personal data for the purposes of:

  1. fulfilling our contractual obligations. If you are our user/customer or supplier as an individual, we rely on the need to process your personal data to implement and fulfil the agreement we have with you. If you are acting on behalf of a company or organisation, however, we rely on our legitimate interest in being able to enter into contracts with customers and suppliers; we will process your personal data in the precontractual phase to assess whether we want to enter into an agreement with you;

  2. our normal administration (e.g. invoicing and relationship management), for which we rely on our legitimate interests to manage our activities in a responsible and professional way;

  3. defending ourselves in legal procedures, when it is in our legitimate interest to use your personal data in these procedures.

The personal data that we process for these purposes always relate to your basic identity information such as name, email, address, phone number, the company or organisation you work for and your role, login details, etc. We can also process other personal data that you provide to us, depending on our contractual relationship with you. Specifically for The Archive for Education platform, we process: name, email, organisation, role, sector, position, profession, level of education, academic year, ‘stamboeknummer’ (teacher registration number) and your activity status on the platform.

4.4. When you apply for one of our vacancies, we will collect and use your personal data for the purposes of:

  1. assessing your application, for which we rely on the need to process your personal data in order to possibly reach an agreement with you;

  2. keeping you on our reserve list, for which we will ask for your consent;

  3. defending ourselves in legal procedures, when it is in our legitimate interest to use your personal data in these procedures.

The personal data that we process when you register with us is:

  1. your basic identity information such as name, email, address and phone number;

  2. (any) information that you have made public on the internet, (including in particular) social media, or which third parties have published about you on the internet;

  3. information that you have included in your CV and accompanying letter;

  4. all other personal data that you have chosen to include in your application.

4.5. We believe that the aforementioned purposes for processing your personal data are within everyone’s reasonable expectations. However, for all the personal data that we’ve collected in the aforementioned circumstances, we want to make it clear that we will also process your personal data:

  1. to comply with legal obligations or, to the extent permitted, to satisfy every reasonable request from authorised police services, legal authorities and/or government institutions or bodies, including competent data protection authorities;

  2. to inform a third party in the context of a possible merger with, acquisition/takeover of/by or demerger from this third party, even if this third party is located outside the EU, in which case we invoke our legitimate interest to enter into business transactions.

We want to emphasise that confidentiality is of utmost importance to us. This means that we will only process your personal data when this is permitted, taking these confidentiality requirements into account.

5. Who do we share your personal data with?

We share your personal data with nobody other than the people who work for VIAA and our content partners and suppliers who assist with the processing of your personal data. This includes organisations that we have engaged among other things for the following purposes: administration, communication, hosting, maintenance of our websites, data analysis, authentication of users, marketing purposes, etc.

We share your personal data with nobody other than the people who work for VIAA and our content partners and suppliers who assist with the processing of your personal data. This includes organisations that we have engaged among other things for the following purposes: administration, communication, hosting, maintenance of our websites, data analysis, authentication of users, marketing purposes, etc.

  • yourself;

  • your employer or business partners, but only when this is necessary for the purposes stated above (for example when your employer is our supplier or customer);

  • VIAA employees, content partners and suppliers described above;

  • government or legal authorities to the extent we are obliged to send them your personal data (e.g. tax authority, police or legal authorities).

Your personal data is not sent outside of the European Economic Area (EEA) by us in principle (the European Economic Area consists of the EU, Liechtenstein, Norway and Iceland), unless if: (1) this country has been placed on the ‘white list’ on the basis of an adequacy decision from the European Commission, (2) we take sufficient safeguards to protect your personal data during transfer (e.g. by making an agreement based on standard contractual clauses such as those drawn up by the European Commission) or (3) there is a possibility of a specific situation for which the GDPR provides an exemption.

We will in any case transfer your personal data outside the EEA when you or your employer, as a customer or supplier, has branches outside the EEA that we need to communicate with.

6. How long do we store your personal data?

Your personal data is only processed for as long as necessary to achieve the purposes described above or, when we have requested your consent, until the time you withdraw your consent. This article provides you with the information you need to assess how long we keep your personal data identifiable.

As a general rule, we will anonymise your personal data when it is no longer needed for the purposes described above or when the period for which we store it, as explained in this article, elapses. We cannot delete your personal data, however, if there is a legal or regulatory obligation or a court or administrative order that prevents VIAA from doing so.

We will keep all the personal data that we collect from our interactions with you via the website, social media, phone, email and other communication channels for as long as is necessary to communicate with you, but also to keep a historical archive of our communication. This enables us to refer back to our earlier communications if you come back to us with new queries, requests, comments or other input.

We will store all the personal data that we collect in order to send you our newsletters for as long as you are subscribed to our mailing list or remain a customer or user of one of our platforms.

We store all the personal data that we collect in the context of a contractual relationship with you or the organisation you represent for the duration of the contractual relationship and up to 10 years thereafter.

We store all the personal data that we collect in the context of your application for the duration of the application procedure and, if we choose to engage your services, for the full duration of your contract with us and up to 10 years after the end of the contract. If we choose not to engage your services, but have invited you for an interview, we will store your personal data for 5 years after the assessment process has been closed.

7. What do we do to ensure your personal data is stored securely?

As explained previously, the security and confidentiality of all the data we process is very important for us. We have therefore taken the following measures to ensure that all processed personal data is stored securely. Among other things, these steps include only processing the personal data that is required to achieve the purposes we have informed you of. We have also taken technical and organisational measures to protect our infrastructure, systems, applications, premises and processes.

You will understand that these technical and organisational measures contain sensitive information about our organisation that we don’t want to disclose publicly. You can always contact us, however, if you would like more information about this.

8. What rights do you have with regard to your personal data?

When we collect and use your personal data, you are granted a number of rights which you can exercise as described below. Take into account that when you want to exercise a right, we will ask you for proof of identity. We do this to ensure we do not violate any personal data rights, for example because an unauthorised person is impersonating you and exercising a right in your name.

8.1. You are entitled to access your personal data, which means that you can ask us to provide you with information about the personal data we have for you. You can even request a copy of your personal data. Take into account that you need to state the processing activities that you wish to have access to your personal data for.

If you repeatedly submit the same request and so cause clear inconvenience, we can refuse these successive requests or charge you an administrative fee to cover the costs. We can also refuse you the right to access your personal data, or only grant partial access, if this access could cause disproportionate harm to the rights and freedoms of others, including those of VIAA.

8.2. You are entitled to request that we correct your personal data if you can demonstrate that the personal data that we hold for you is incorrect, incomplete or out of date. Please indicate the context in which we use your personal data (for example to send you newsletters or respond to a request), so that we can assess your request quickly and accurately.

8.3. If we have asked for and received your consent to collect and use your personal data, for example to send you newsletters, you are always entitled to withdraw this previously granted consent at any time.

8.4. You can ask us to delete your personal data if it is no longer needed for the purposes for which we have collected it, if its collection was unlawful, or if you’ve successfully used your right to withdraw your consent or object to the processing of your personal data.

We will immediately delete your personal data when one of these circumstances applies unless legal obligations or administrative or court orders prevent us from doing so.

8.5. You can ask us to restrict the processing of your personal data:

  • during the time when we are assessing your request to correct your personal data;

  • during the time when we are assessing your objection to the processing of your personal data;

  • when such processing was unlawful, but you prefer a restriction to deletion;

  • when we no longer need your personal data, but you need it to establish, exercise or defend against a legal claim.

8.6. When we process your personal data on the basis of our own interests, i.e. you have not given your consent and we don’t need it for the implementation or execution of an agreement, or to satisfy legal obligations, you have the right to object to our processing of your personal data. We will grant your request immediately if our interest relates to direct marketing. For other interests, for example our security interests, we ask you to describe your specific circumstances that lead to such a request. We then need to balance your circumstances against our interests. If this consideration leads to your circumstances outweighing our interests, we will stop processing your personal data.

8.7. When we have collected your personal data on the basis of your consent or because it was needed to implement an agreement with you, you are entitled to receive a copy from us in a structured, commonly used and machine readable format. This right only applies to personal data that you have provided to us, however.

8.8. Please send us an email if you want to exercise any of these rights. You can reach us via privacy@meemoo.be.

You can rest assured that we will not interpret an email from you indicating your wish to exercise a right as your consent to the processing of your personal data, beyond what is necessary to process your request.

Any request must clearly state and specify which right you wish to exercise. Please always state the context in which we have received your personal data, so that we can handle your request quickly and carefully. Your request also needs to be dated, signed and accompanied by a digital scanned copy of your passport or driving licence to prove your identity.

We will immediately confirm receipt of this request. If the request proves to be justified, we will inform you as soon as possible and no later than thirty (30) days after receipt of the request.

If you have a complaint about the processing of your personal data by VIAA, you can always contact us via the email address given above. If you are not satisfied with our answer, you can submit a complaint to the authorised data protection authority, i.e. the Belgian data protection authority and/or the Flemish Supervisory Committee.

© 2020