We collect and use your personal data whenever you
The data protection laws oblige us to provide you with quite a lot of information, so please bear with us. Should you have further questions regarding the processing of your personal data, do not hesitate to contact our DPO, (which is short for "data protection officer"). You can contact our DPO via e-mail: email@example.com
Royal Institute for Cultural Heritage
Company number 0356.463.617
Whenever you have a question, a request or an issue with the processing of your personal data as explained here, you can just address that question, request or issue to KIK-IRPA.
When you use our website, we will collect and use your personal data to:
To achieve the above-mentioned purposes, we process the following personal data:
When we have the pleasure of welcoming you as a user of our AGATO-tool and being able to enter into a user agreement with you, we will collect and use your personal data to:
The personal data we process for these purposes will always involve your basic identity information such as name, e-mail address, postal address, telephone number, the organization you work for and your function.
We believe that the above-mentioned purposes for processing your personal data are within anyone's reasonable expectations. However, for all of the personal data we have collected in the aforementioned circumstances, we wish to make it clear that we will also process your personal data to:
In principle we will not share your personal data with anyone but the people working for KIK-IRPA, as well as our suppliers who help us process your personal data. Anyone who has access to your personal data will always be bound by strict legal or contractual obligations to keep your personal data safe and confidential. This means that only the following recipients will receive your personal data:
Your personal data are not sent outside the European Economic Area by us (the European Economic Area consists of the EU, Liechtenstein, Norway and Iceland). We will only transfer your personal data outside the EEA when you or your employer, as client or supplier, has establishments outside the EEA with which we are required to interact. If a transfer would take place, we will take adequate safeguards to protect your personal when transferred (e.g. by putting in place standard contractual clauses as drafted by the European Commission).
Your personal data are only processed for as long as needed to achieve the purposes which are described above or, when we asked for your consent, up until such time where you withdraw your consent. In this article we provide you with the information you need to assess how long we will keep your personal data identifiable. As a general rule, we will de-identify your personal data when they are no longer necessary for the purposes outlined above or when the retention period as explained in this article has expired. However, we cannot de-identify your personal data if there is a legal or regulatory obligation or a judicial or administrative order that prevents KIK-IRPA from de-identifying them.
All personal data we collect in the context of user agreement with you or the organization you represent, we will keep for the duration of the contractual relationship and at least until 7 years thereafter.
As explained earlier, the security and confidentiality of all data we process is very important to us. Hence, we have taken steps to ensure that all personal data processed are kept safe. These steps include processing only the personal data required for achieving the purposes we have communicated to you. We have also taken technical and organizational measures to secure our infrastructure, systems, applications, premises and processes.
When we collect and use your personal data, you enjoy a number of rights which you can exercise in the manner described below. Please be aware that whenever you wish to exercise a right, we will ask you for a proof of identity. We do this to avoid that we have a data breach on our hands, e.g. because an unauthorized person pretends to be you and exercises a right in your name.
You have the right to access your personal data, which means that you can ask us to provide you information regarding the personal data we have about you. You can even ask for a copy of your personal data. However, note that you must specify for which processing activities you would like to have access to your personal data. If you make the same request repeatedly, clearly causing us nuisance, we are allowed to refuse granting you these subsequent requests or charge an administrative fee covering the expenses. We can also refuse granting you a right to access your personal data, or only grant it partially, if such access would risk disproportional detriment to the rights and freedoms of others, including KIK-IRPA's.
You have the right to ask that we correct your personal data if you can show that the personal data we process about you are incorrect, incomplete or outdated. Please specify the context in which we use your personal data (e.g. to respond to a request), so that we may assess your request swiftly and accurately.
If we asked for your consent to collect and use your personal data, you have the right to withdraw that earlier given consent.
You can ask that we delete your personal data, if these personal data are no longer needed for the purposes for which we collected them in the first place, if our collection of them was illegitimate or if you have successfully exercised your right to withdraw your consent or your right to object to the processing of your personal data. When one of these circumstances applies, we will immediately delete your personal data unless the law, regulatory obligations or administrative or judicial orders prohibit us to delete your personal data.
You can ask that we restrict the processing of your personal data:
When we process your personal data on the basis of our own interests, i.e. you have not given us your consent and we do not need them for the execution or performance of an agreement nor to comply with legal obligations, you have the right to oppose our processing of your personal data. For certain interests, e.g. our security interests, we will ask you to describe your specific circumstances giving rise to request. We then need to balance your circumstances against our interests. If this balancing exercise results in your circumstances outweighing our interests, we will cease processing your personal data.
When we have collected your personal data on the basis of your consent or because they were necessary for the execution or the performance of an agreement with you, you have the right to obtain a copy from us in a structured, commonly used and machine-readable format. However, this right only applies to personal data you have provided to us.
If you would like to exercise any of these rights, we ask that you send us an e-mail. You can reach us at firstname.lastname@example.org. Rest assured that we will not interpret an e-mail from you requesting to exercise a right as your consent with any processing of your personal data beyond what is required for handling your request. A request should clearly state and specify which right you wish to exercise. Always indicate the context in which we have obtained your personal data so that we may handle your request swiftly and diligently. Your request should also be dated and signed, and accompanied by a digitally scanned copy of your valid identity card proving your identity. We will promptly inform you of having received this request. If the request proves valid, we will notify you as soon as reasonably possible and at the latest thirty (30) days after having received the request.
If you have any complaint regarding the processing of your personal data by KIK-IRPA, you may always contact us via the e-mail address mentioned in the first paragraph of this clause. If you remain unsatisfied with our response, you may file a complaint with the competent data protection authority, i.e. the Belgian data protection authority (https://www.dataprotectionauthority.be/)