BIRD Group vzw, with registered office at Leuvensesteenweg 643, 1930 Zaventem (hereinafter: “BIRD”), in its capacity as data controller, values privacy and is therefore committed to protect the (personal) data of all its stakeholders with the greatest possible care, and to process personal data only in a fair and lawful manner in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter: “GDPR”) as well as any applicable current or future national legislation in execution or replacement thereof.
The BIRD website may include links to other websites over which we have no control. BIRD is not responsible for the privacy policies or practices of other websites. If you access these websites via our website, you should review the privacy policies of those sites so you can understand how they collect, use and share your information.
On-site visitors’ personal data;
Website visitors’ personal data;
Suppliers and customers contact persons’ personal data.
Stakeholders involve third parties with whom BIRD works or needs to provide personal data to under its legal obligation to do so. BIRD will, to the extent possible, carefully select its partners in order to guarantee confidentiality and the processing of personal data in accordance with the GDPR, applicable local data protection and privacy laws and this policy.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Data subject” is defined as a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Data Protection Authority” or “DPA” means an independent public authority which is established by a Member State to supervise, through investigative and corrective powers, the application of the data protection law.
“Data Protection Impact Assessment” or “DPIA” is a (sometimes mandatory) assessment of the risk related to a new project that formulates how these risks can be minimized.
“Data Protection Officer” or “DPO” as defined in the GDPR and local regulations, and is officially registered with the Supervisory Authority (also known as Data Protection Authority, hereinafter: “DPA”)
“PA” is a processing agreement as defined in the GDPR
“Personal data” is defined as any information relating to an identified or identifiable natural person. An identifiable natural person is the one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or, or access to, personal data transmitted, stored or otherwise processed.
“Privacy responsible” is the person that is responsible for the compliance with data protection laws and regulations, and that fulfills the same role as a DPO but is not officially registered with the DPA.
“Processing” is defined as any operation or a set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Processor” is defined as a natural or legal person (other than an employee of the controller) who processes personal data on behalf of the controller. BIRD has for all relations with processor a valid processing agreement.
“RPA” Records of Processing Activities as defined in the GDPR
“Special categories of data” is defined as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation (art. 9). Data relating to criminal convictions or offences is also sensitive (art. 10).
BIRD wants to continue being an organization that cares about the privacy of people and their data and creates a culture and environment that is resilient to any accidental and deliberate personal data infringement occurring.
With all privacy and data protection efforts in place and envisioned, the achievement of the following objectives is paramount to BIRD:
BIRD processes personal data from customers and suppliers on a daily basis. Any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or, or access to, personal data transmitted, stored or otherwise processed, can lead to, among other things:
In order to guarantee confidentiality and careful handling of personal data, all individuals working for BIRD must ensure that personal data that is being processed happens in line with this policy and the data protection principles. Therefore employees, contractors and other stakeholders involved have the responsibility to:
For questions relating to privacy and data protection, BIRD has appointed a Data Protection Officer which you can reach at email@example.com.
Personal data can be defined as any information that allows a natural person to be identified, directly or indirectly. You can provide us with your personal data in the context of the following activities, for the corresponding purposes and based on the stated grounds:
BIRD considers your personal data as confidential and commits to process it only in a way that is compatible with the purposes for which the data were initially collected.
Every individual has the possibility to exercise the freedoms and rights as described in the GDPR. BIRD has the obligation to respond in a timely manner to data subject requests and to make sure that the legal deadlines are met.
When dealing with a data subject request for exercising his/her rights, please consult the DPO at firstname.lastname@example.org.
The data subject rights explained:
As BIRD is acting as a data controller for the purposes of this website, you, as a data subject, can send a request to exercise your rights to us. We will make sure to handle your request in accordance with the GDPR.
When submitting a request to exercise your rights, BIRD may ask for additional information to identify yourself.
If processing your request requires unreasonable measures (e.g. it is technically or organisationally almost impossible or extremely costly) then BIRD can charge you reasonable compensation in light of the administrative costs involved in fulfilling the request. BIRD can also refuse to process requests that are excessive, particularly due to their repetitive nature.
You can contact us with any questions or requests by sending an e-mail to email@example.com.
BIRD will refrain from disclosing or selling personal data of data subjects to third parties as well as publicly disclosing data subjects’ personal data, unless in the following specific cases:
Regarding international transfers of personal data and processing outside the European Economic Area (EEA), your data are only transferred to parties in third countries, such as software providers and cloud or mailing services, when permitted under the applicable data protection legislation. We guarantee appropriate safeguards which ensure that your rights are also respected by the data recipient outside the EEA in accordance with an adequate level of data protection.
BIRD acknowledges the importance of the protection of personal data. We do not retain your personal data longer than strictly necessary for the realisation of the purposes for which we received the data, or for the execution of a contract or for fulfilling a legal obligation. The retention periods differ with regards to the type of processing activity and the purpose for which the personal data were collected.
The personal data that we collect on the basis of your consent will be kept by us for as long as your consent remains valid.
We keep customer and supplier information about your purchases for as long as reasonably necessary to execute our agreements, to comply with our legal obligations (such as accounting and tax obligations) and to resolve disputes or enforce agreements. Therefore, this personal information is retained for the duration of our contractual relationship.
In all cases, personal data may be retained for a longer period if there is a legal or regulatory reason to do so, or for a shorter period if the data subject objects to the processing of his/her personal data and if there is no longer a legitimate reason to retain them.
We guarantee to only provide limited access to archived data and to remove or render anonymous your personal data if the retention period has passed.
BIRD has taken technical and organizational security measures to prevent the destruction, loss, falsification, alteration, unauthorized access or disclosure of your personal data to third parties and any other unauthorised processing of these data.
We have made every effort to ensure the confidentiality, integrity and availability of the information systems and services that process personal data. The measures include physical and operational security measures, access control, awareness raising and confidentiality clauses. All our employees and third parties engaged by us are obliged to respect the privacy and security of your data.
Examples of measures:
If you have any questions with regard to the content of this policy, the processing of personal data or the exercise of data subject rights in relation to this data processed by BIRD, you can contact firstname.lastname@example.org.
Last update: 18/01/2022