Privacy statement - Processing of personal data (members / suppliers / candidate members and interested third parties)

​

This Privacy Statement describes how EUROPEAN NURSERYSTOCK ASSOCIATION VZW, with registered offices at Kortrijksesteenweg 1144 J,  9051 Sint-Denijs-Westrem (Belgium), company number 0536.747.223 (“we”) processes your personal data in the context of its activities.

We endeavour to process your personal data in compliance with the European Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation or “GDPR”).

 

The processing

 

In the context of our activities, we process your personal data for various purposes:

• Membership management and administration (contractual necessity)

• Identification data and contact details

• Personal characteristics (gender and language)

• Job and career

 

• Supplier management (contractual necessity)

• Identification data and contact details

• Financial data (payment details)

• Professional information (education and profession)

 

• Direct marketing (legitimate interest, i.e the freedom of association) (consent)

• Identification data and contact details

 

• Compliance with our legal obligations (legal obligation)

• Identification data

• Financial data (payment details)

 

The legal ground is indicated for each processing.

 

The personal data may be collected directly from you, through our website or from third parties, such as your organization, employer or public websites (e.g. LinkedIn, social media, …).

 

If the legal ground is a contractual necessity or a legal obligation, then the personal data must be provided to enable the execution and performance of the agreement or to comply with a legal obligation. In the absence of this information, the execution and performance of the agreement shall not be possible or you may not become a member.

 

The retention period of your personal data is limited to:

• Membership management and administration: 10 years after the end of the membership;

• Supplier management: 10 years after the end of the contract;

• Direct marketing: 3 years after the last meaningful contact;

• Compliance with our legal obligations: retention in accordance with the legal retention periods.

 

Additional information regarding the recipients of your personal data

 

We may share your personal data under certain circumstances to a limited number of recipients:

• We share your personal data with your employer or organization and with our members;

• We share your personal information with banks, insurance companies and other partners in order to make or receive payments;

• We share your personal data with national and European government departments, and, in the context of project implementation, with external companies, in the context of legal obligations;

• We can possibly call on a number of technical processors, such as e.g. hosting of website and files, provided the implementation of the necessary processing agreements;

• We share your data with our professional advisors and lawyers.

 

We may transfer personal data to members located in countries outside the European Economic Area. These countries may not offer adequate protection as described in article 45 GDPR. This transfer is based on the necessity of the transfer for the performance of the membership agreement between us and your organization or, in the absence thereof, on our compelling legitimate interest (our freedom of association). In both cases, the data transfers shall be limited in scope.

 

Implementation of security measures

 

We have implemented an adequate system of protection of your personal data. These measures include technical and organizational measures necessary to protect your personal data against the accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to such data.

 

Nevertheless, no security system can guarantee 100% of security. We strive to continuously improve the safety of our system. You also have an important role to play in the security of your personal data, e.g. where relevant by keeping your account details, if any, confidential and ensuring its adequate security.

 

What rights do you have?

 

The General Data Protection Regulation grants you a number of rights with regard to your personal data:

 

• To access and receive a copy of your personal data;

• To oppose the processing of your personal data for direct marketing purposes and the right to object to the processing based on circumstances related to your specific situation;

• To rectify your personal data;

• To restrict the processing and the right to be forgotten;

• When the processing is based on consent, to retract your consent at any time;

• When the processing is based on consent or on a contract, to data portability;

• To lodge a complaint with the competent supervisory authority (in Belgium, this is the Belgian Data Protection Authority).

 

To exercise these rights, the General Data Protection Regulation imposes restrictions and conditions. In case of doubt, you can always contact us at the address mentioned below.

 

If we have reasonable doubt about your identity, we can ask you to prove your identity on the basis of a copy or scan of the front of your ID or any other relevant document adducing evidence of your identity.

 

How to contact us

 

You can always contact us via the contact details below:

 

gdpr@enaplants.eu

 

Updates

We reserve the right to update this privacy statement from time to time.  If the changes are substantial, we will notify you via our website or by e-mail.