This policy was last updated on 27/11/2018
1. PERSONAL DATA – WHAT IT IS
The General Data Protection Regulation dated 27 April 2016 (Regulation (EU) 2016/679) defines personal data as follows:
Any information relating to identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. WHO WE ARE
For the purposes of data protection law, Art of Chocolate is the ‘controller’ of the personal data it collects from you. This means that it decides why and how your personal data is processed and is responsible for that processing.
3. TYPES OF PERSONAL DATA WE COLLECT ABOUT YOU
Art of Chocolate collects personal data from you if you (or an organisation for whom you work) use our services, request information, register for a programme or an event, sign up to a newsletter, request custom sessions or correspond with us.
We collect and process the following personal data about you:
Identity information, such as your first name, last name, username or similar identifier, title, date of birth and gender.
Contact information, such as billing address, delivery address, email address and telephone numbers.
Technical information, such as internet protocol (IP) address, your login data, browser type and version, location, operating system and platform and device and cookie IDs on the devices you use to access this website and our other web-based products.
Profile information, such as subscriptions made by you, your interests, preferences, feedback and survey responses.
Usage information, such as information about how you use our website, products and services. Our technologies automatically collect and log certain information to help us administer, protect, and improve our services, analyse usage and improve user experience.
Marketing and communications information, such as your preferences in receiving marketing from us and, where applicable, third parties and your communication preferences.
Other information relating to you which you may provide to us, for example in the correspondence that you send to us.
4. HOW WE COLLECT YOUR PERSONAL DATA
We use different methods to collect personal data from and about you as follows:
4.1. Direct contact with you during the course of business. You may give us your contact details, payment details for invoice purposes, by registering online, at events or by corresponding with us by post, phone, email or in other ways (all of which are provided by you on voluntary basis). This includes personal data you provide when you:
subscribe to our services or publications
request marketing information to be sent to you
provide us with some feedback on our services
provide us with your contact details for us to provide you with advice on which programme to follow
interact with us at events and meetings
If you do not provide this information, you will not be able to interact or communicate with us or our services in the ways mentioned above.
4.2. Automated interactions with our website where we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookies policy for further details including details regarding the consequences if we are not able to use these technologies.
4.3. Using third party or publicly available sources, where we may receive personal data about you from:
Your employer or organisation for whom you work where that organisation is a client, supplier, commercial partner or other company with whom we have a business or contractual relationship. The terms of our contract with your employer or organisation may require us to process your personal data in order to comply with our obligations under that contract or to exercise our rights under it.
5. HOW WE USE YOUR PERSONAL DATA
We process your personal data for the following purposes:
PROCESSING FOR THE PURPOSE OF PROVIDING EDUCATION
When you (would like to) participate in a Art of Chocolate programme, we (will) ask you to provide us with the following personal data in order to be able to deliver the programme:
We store your personal data such as your name, function and email in our databases for enabling communication with participants and creating nameplates and programme certificates.
We store your identification data (e.g. name, email), professional details (e.g. employer, function), personal details (e.g. gender, nationality), academic curriculum (e.g. curriculum vitae, motivation letter) and financial data (e.g. identification and bank account numbers) in our databases in order to register you for a short term management programme or event.
PROCESSING FOR THE PURPOSE OF CUSTOMER MANAGEMENT
When visiting our website, downloading a brochure, requesting information or to keep you posted, we store your electronic identification data (e.g. IP addresses, cookies) subject to your consent. Please see our cookies policy for further details.
PROCESSING FOR THE PURPOSE OF ADMINISTERING FINANCE
For the purpose of following up payment of registration fees by students, we will process the students’ identification data (e.g. name, e-mail) and financial data (e.g. payment status, payment agreement and method).
PROCESSING FOR THE PURPOSE OF ENSURING SAFETY AND SECURITY
We store your electronic identification data (e.g. username, password, IP address) for the purpose of ensuring safety and security.
PROCESSING FOR THE PURPOSE OF PROMOTING OUR BRANDS AND SERVICES
We use your identification data (e.g. name, email) to deliver marketing and event communications to you across various platforms, such as email, telephone, text messaging, direct mail, and online. If we send you a marketing email, it will include instructions on how to manage your subscription preferences and how to unsubscribe of receiving these emails in the future. Please see further Marketing below.
PROCESSING FOR THE PURPOSE OF COMPLYING WITH LEGAL OBLIGATIONS
For the purpose of preparing and awarding a degree, we are legally obliged to transmit your personal data concerning graduation to the Flemish Government.
6. LAWFUL BASIS FOR PROCESSING
We only process personal information where we have a lawful basis for doing so, such as the following:
Consent: This is where you have given us explicit permission to process personal data for a given purpose. For example, if you complete one of our webforms, we would ask for your consent if we wanted to use your personal data for any other purpose. You have the right to withdraw this consent at any time. You can – at any time - manage your subscription preferences or unsubscribe from our mailings.
Legitimate business purposes: This is where we have a legitimate interest, as a business, to process personal information. For example, where you have followed a programme about chocolate, it is in our legitimate interests as a business to send you information on another programme about chocolate. We take due care to balance our interests against your right to privacy.
Contractual necessity: This is where we have to process personal information to meet our contractual obligations. For example, if you subscribe for a Masters programme, we would need to process your identification data to fulfil your subscription.
Legal obligation: This is where we have to process personal information in order to comply with the law. For example, we process and retain customer invoice information to comply with financial regulations.
As described above, we process your personal data for direct marketing purposes on the basis of your consent or our legitimate interests as a business. From time to time we may tailor and personalise marketing communications that we send to you, for example, by notifying you of services, events or newsletters that apply to your interests, industry sector, employer or job role. If you do not wish to receive marketing communications from us, you can opt-out at any time by using the unsubscribe link inside the email (to unsubscribe from marketing emails), by sending an email to email@example.com or by managing your subscription preferences to change your profile settings.
8. WITH WHOM WE SHARE YOUR PERSONAL DATA
Art of Chocolate will not exchange personal data with third parties for financial gain. Personal data that allows for a third party to trace an individual person will only be supplied to a third party
when this is required by law;
when this is necessary for the fulfilment of a contract with you;
or when you have given your explicit, informed consent to the transfer of the data.
Art of Chocolate can instruct third parties to perform services for it, in which case Art of Chocolate will draw up an agreement in which it lays down the duties of the service provider with regard to the processing of personal data (a so-called "data processor agreement”). In this contract it is stipulated that the third party will handle any disclosed personal data confidentially, carefully, and in compliance with privacy legislation. Aside from the situations that have been specifically mentioned above, Art of Chocolate will not disclose personal data to third parties, unless required to do so by law.
When we share your personal data with third parties that are controllers of that information, they may disclose or transfer it to other organisations in accordance with their data protection policies. This does not affect any of your data subject rights as detailed below. In particular, where you ask us to rectify, erase or restrict the processing of your information, we take reasonable steps to pass this request on to any such third parties with whom we have shared your personal data.
9. TRANSFER OF YOUR DATA TO OTHER COUNTRIES
When we transfer personal data from the European Economic Area to other countries in which applicable laws do not offer the same level of data privacy protection as in Belgium, we take measures to provide an appropriate level of data privacy protection. In other words, your rights and protections remain with your data.
10. SECURING YOUR PERSONAL DATA
Art of Chocolate guarantees that the processing of your personal data takes place in an adequate, correct and safe manner. If you wish, you will be informed in a transparent manner about the processing procedures and the appropriate technical and organizational security measures taken to protect the personal data we are processing against accidental loss or damage and unauthorised access, use, disclosure, alteration or destruction and to ensure the confidentiality, security, integrity and availability of personal data.
11. HOW LONG WE WILL KEEP YOUR DATA
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
The length of time we retain your personal data is determined by a number of factors including the purpose for which we use that information and our obligations under other laws. We determine the period of retention of your personal data based on the following criteria:
Retention in case of queries. We will retain your personal data in case of queries from you, including on behalf of an organisation for whom you work.
Retention in case of claims. We will retain certain of your personal data for the period in which you or a third party might bring claims against us.
Retention in accordance with legal and regulatory requirements. We will carefully consider whether we need to retain your personal data after the period described above in case of a legal or regulatory requirement.
The exceptions to the above are where:
you exercise your right to require us to retain your personal data for a period longer than our stated retention period (see further Restriction of processing below);
you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further Request deletion below);
we bring or defend a legal claim or other proceedings during the period we retain your personal data, in which case we will retain your personal data until those proceedings have concluded and no further appeals are possible; or
in limited cases, existing or future law or a court or regulator requires us to keep your personal data for a longer or shorter period.
When we no longer need your personal data, we securely delete or destroy it.
12. YOUR RIGHTS REGARDING YOUR PERSONAL DATA
The European Union’s General Data Protection Regulation and other applicable data protection laws provide you with rights over your personal data.
Art of Chocolate respects your right to access and control your information, and we will respond to requests for information and, where applicable, will correct, amend, or delete your personal data. Please remember, that on occasions your personal data may have been shared with you by your employer or by other organisations, such as educational institutions or research centres to which you belong, if they use our services and products.
If you have any requests related to your personal data, please contact us using this email address: firstname.lastname@example.org.
If you wish to exercise any of your rights listed below, please contact us by email at email@example.com. Except in rare cases, we will respond to you within 1 month after we have received this information or, where no such information is required, after we have received full details of your request.
Information regarding processing: You have the right to be informed about why, how and by whom your personal data is processed (which is what this policy sets out to do).
Access to personal data: If you request access to a copy the personal data we hold about you, we will gladly comply, subject to any relevant legal requirements and exemptions, including completing our identity verification procedures. Before providing data to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data.
Request correction: You have the right to correct or amend your personal data if it is inaccurate or requires updating.
Request deletion: You have the right to request deletion of your personal data; however, this is not always possible due to legal requirements and other obligations and factors.
Object to processing: If you object to the processing of your personal data, or if you have provided your consent to processing and you later choose to withdraw it, we will respect your choice in accordance with our legal obligations. In relation to Marketing preferences: You can opt out of email marketing, you can use the unsubscribe link found in the email communication you receive from us or manage your subscription preferences. Please see further Marketing here above. Please see also information related to controlling cookies, which is located in our cookies policy.
Restriction of processing: You can ask us to suspend the processing of your personal data if you want us to establish the accuracy of the information; where our use of the information is unlawful but you do not want us to erase it; where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; and you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request personal data transfer (‘data portability’): We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time: You have the right to withdraw your personal data where we are relying on consent to process it. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
Making a complaint: If you are not satisfied with how Art of Chocolate manages your personal data, you have the right to make a complaint to the Data Protection Authority in Belgium. The contact details for the Data Protection Authority, the data protection regulator in Belgium, are available on the Data Protection Authority’s website.
Where your personal data has or is being used in a way that you believe does not comply with data, however, we encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have.
14. HOW TO CONTACT US
If you would like to exercise any of your rights in relation to your personal data, please write to this email address: firstname.lastname@example.org.
Art of Chocolate SPRL/BVBA is incorporated in Belgium under company registration number 0696845624 and has its registered office address at 1050 Brussels (Belgium), Av. Louise 523.