THE IMPORTANCE OF DATA PROTECTION
G-STIC was established by VITO. VITO is responsible for protecting the data processed under G-STIC, particularly personal data. VITO would like to use this privacy statement to strategically lay down the ways in which data are protected, the responsibilities that are assigned in this regard and the priorities that VITO has determined concerning data protection.
SCOPE OF THIS PRIVACY POLICY
This privacy statement applies to the entire lifespan of information within VITO websites, from obtaining information to final deletion of information within the organisation.
Additional guidelines or procedures can be established for specific areas or processes (for instance research or questionnaires) within VITO that provide a detailed explanation of the measures that are being taken in order to achieve the desired level of data protection.
As ICT suppliers play an important role in setting up the ICT environment for processing data, the privacy statement also stipulates the policy principles for this.
WHICH PERSONAL DATA DO WE COLLECT?
We collect various types of personal data:
- Personal data that you provide us with via web forms: for example, your name, email address and telephone number when you use our contact form;
- Personal data that we obtain as a result of you using the websites:
- Log file information: we keep the following data in server logs, amongst other data:
- IP address;
- Browser information;
- The external web page from which you visited us;
- The pages that you have visited on our websites;
- The time at which the pages were visited and how long they were visited for.
- Device details: we can keep track of which device you use to visit our websites;
- Cookies: we use cookies to identify our visitors and we need to do so in order to obtain visitor statistics. For more information regarding cookies, please refer to our cookie policy.
WHAT DO WE USE THE PERSONAL DATA FOR?
We use the personal data that we collect in order to provide the correct service and to maintain, protect and improve it. Your personal data are only retained for as long as this is required to fulfil the objective for which we have collected these. When your personal data is no longer needed, we will remove it.
We can use your personal data to inform you and communicate with you:
- Primarily to give feedback when you have submitted a question via the contact form;
- When issuing our newsletters and magazines if you have subscribed to these.
WE ONLY SHARE YOUR PERSONAL DATA:
- With your consent: we only share your personal data with companies other than VITO providing that you have consented to this. Be aware that when you click on a social media button, the privacy policy of this provider applies;
- For legal reasons: it may be the case that we need to share your personal data in order to comply with a statutory obligation;
- With parties that process personal data for us: these parties may only process personal data by order of VITO. Processing of this type is laid down in a processing agreement concluded between VITO and this party.
What do we do to protect your personal data?
WHAT DO WE DO TO PROTECT YOUR PERSONAL DATA?
In particular, VITO takes all reasonable measures to ensure that the data of website users and the personal data that they make available are protected against:
- loss: data are no longer available;
- leaks: data falling into the wrong hands;
- errors: data are not correct; for example, obsolete or incomplete;
- not accessible: data are not accessible when required;
- wrongful access: viewed by persons who are not authorised to do so;
- the inability to establish who viewed, amended or deleted the data;
- processing that is not in line with legislation, guidelines and standards.
YOUR RIGHTS
You can ask us (free of charge):
- Which data we have about you;
- What the aim is of specific processing;
- Who processes your personal data.
You have the right (free of charge):
- To have a copy of your personal data that we process for a particular purpose;
- To submit a request that your data be deleted;
- To ask us to no longer process your personal data (if you have a valid and legal reason for this).
- VITO will never process personal data relating to political or religious preferences or beliefs, race, or any other data relating to your health or sexuality.
PROTOCOLS
For some of our projects we will collaborate with various government, institutions and occasionally exchange data. In order to provide full transparency in these matters we are often required to draft a protocol which details this exchange. These documents are available here on our website:
VITO – AAPD: read the document (in Dutch)
CaPaKey-data which concerns buildings, their details and their unique ID-codes are transferred to aid the federal AAPD agency with their legal task of calculating the cadastral income.
VITO – VLABEL: read the document (in Dutch)
WLTP values (vehicular emission information) are sent to VLABEL in order to help them perform research and simulations regarding CO2 emissions, which are used to calculate certain norms and taxes.
We add fuel codes to chassis numbers and provide these data to Statbel to assist them in fulfilling their legal duty as statistical authority.
VITO – STATBEL: read the document (in Dutch)
VITO – VLAIO: read the document (in Dutch)
VITO – Federaal Planbureau: read the document (in Dutch)
CONTACT INFORMATION
If you have any further questions regarding the processing of personal data, if you would like to submit a request to amend, view, delete or report a databreach of your data, please fill out the privacy contact form. We kindly request proof of identity and we will process your request within 30 days of receipt of your email.
Get in touch with our DPO directly: assist-dpo@vito.be
POLICY PRINCIPLES FOR DATA PROTECTION
VITO, both in its role as a controller and processor:
- Is transparent regarding the personal data that it processes and the processing purpose, both to those involved, the clients and the supervisors. The communication is honest, easily accessible and comprehensible. The transparency principle also applies when personal data are being exchanged.
- Only processes the data that are relevant to the execution of its tasks. Each task where personal data are processed is justifiable. This is also evaluated in the event of a new processing purpose, if necessary based on a data protection impact assessment.
- Only processes the personal data that are strictly necessary to carry out its activities. As a result, identifying factors that form part of the personal data will be kept to a minimum.
- Assesses the integrity of personal data during the entire processing cycle.
- Does not store data for longer than is necessary. The necessity is checked against statutory obligations and the rights and freedoms of those affected.
- Prevents infringements that ensue as a result of processing personal data. Information security, data protection by design and privacy-friendly standard settings are useful resources here. If an infringement occurs, reporting is carried out in this regard in line with relevant legislation in this area.
- Is able to implement all of the valid rights of anyone affected, such as the right to access, copy and even delete data.
- Actively checks that the rights and freedoms of the person affected are safeguarded when processing personal data for a particular purpose.
- Processes data in line with the rights and freedoms that apply in the European Economic Area and checks that these apply when data is exchanged outside the EEA.
- Can demonstrate that it complies with all policy objectives, in accordance with the statutory provisions. This accountability is monitored by means of internal supervision and control and can be achieved in accordance with the legally applicable principles.
THIS POLICY APPLIES ACROSS VITO:
- The head office and VITO's other registered offices;
- All VITO employees, and external parties who work within VITO on a fixed or non-fixed contract;
- All company resources and information processing systems that VITO manages and systems that external employees manage for the purpose of information processing for VITO such as databases, information irrespective of the carrier, networks, data centres, etc.;
- All processing activities, both as a controller and processor.