This privacy statement explains the reason for the processing, the way SHAFFE collects, handles and ensures protection of all personal data provided, how that information is used and what rights you may exercise in relation to your data (e.g. the right to access, rectify, or block your personal data). SHAFFE is committed to protecting and respecting your privacy.

1. Why do we process your data?

SHAFFE will process any personal data it would receive in the context of its professional relationship with any third party in full compliance with EU and Belgian applicable legislation, i.e. the Belgian Privacy Act (Act of 8 December on the protection in relation to the processing of personal data) and the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/79).

SHAFFE will only collect personal data which is strictly necessary to achieve the purpose for which the personal data have been collected.

SHAFFE will not keep personal data any longer than is necessary for achieving the purposes for which the personal data have been collected or obtained, except if it is obliged to do so by law and/or professional rules of conduct.

2. Which data do we collect and process?

 The personal data collected and further processed are:

• Name and surname;
• Organisation name and country;
• Company address;
• E-mail address;
• telephone number;
• Postal address

As SHAFFE is the organiser of meetings taking place inside the EU institutions. For security purpose of these EU institutions, SHAFFE also processes information from participants including date of birth, nationality, and ID/passport numbers and their expiry date.

3. How long do we keep your data?

 SHAFFE only keeps the data for the time necessary to fulfil the purpose of collection or further processing. Personal data are kept as long as follow-up actions to the meeting are necessary with regards to the purpose(s) of the processing of personal data as well as for the meeting and its related management.

If data subjects do not agree with this, they may contact the Data Controller(s) by using the contact information as mentioned in Point 7 below.

4. How do we protect your data?

 SHAFFE uses up-to-date IT procedures to keep personal data safe and secure. All data in electronic format (e-mails, documents, uploaded batches of data etc.) are stored on the server of the contractor EASI on the SHAFFE premises. As such, these EASI servers are based in the EU, and EASI is GDPR compliant. The contractor EASI is bound by a specific contractual clause for any processing operations of your data.

5. Who has access to your data and to whom is it disclosed?

a) In the context of meetings organized by SHAFFE AISBL, your data is accessible to:

• SHAFFE Secretariat staff;
• SHAFFE President;
• SHAFFE Vice President 
• SHAFFE Board

b) Staff in the EU institutions have access to your data to organize meetings in their premises. In the context of these meetings your personal data is accessible to:

• Correspondents of a third party who provide the names and personal data of the experts attending to the meeting representing their organisation. This information is needed for access control purpose by security guards to Institutions’ premises. This data will be also visible to the staff of the Service assigned to this specific meeting.
• Experts themselves while attending a meeting together with other experts representing the same invited organisation will be able to see each other’s name and surname.
• Correspondents and experts have access to the name and surname of the meeting assistant/organiser that had invited them to the meeting to allow confirmation of attendance.
• Institutions’ users will have access only to the personal data of the correspondents and experts related to the meeting they have assigned to manage.
• Technical staff or IT service provider at the institutions will have access to the system data to solve eventual technical issues.

c) In case of litigation your data is accessible to:

• IDOC, OLAF, EDPS, Court of Auditors on a case-by-case base.

d) The transfers of personal data to countries outside of EU/EEA is not foreseen.

6. What are your rights and how can you exercise them?

 You are entitled to access your personal data and rectify and/or block it in case the data is inaccurate or incomplete. You have the right to withdraw your consent at any time. You can exercise your rights by contacting the data controller(s), and if necessary the European Data Protection Supervisor using the contact information given at point 7 below.

7. Contact information

 If you have comments or questions, any concerns or a complaint regarding the collection and use of your personal data, please feel free to contact:

SHAFFE Senior Advisor  Philippe Binard at:
philippe@freshfel.org  or per phone +32 (0)2 777 1580

SHAFFE Data Controller Nelli Hajdu at:
shaffe@shaffe.net or per phone: 0032 2777 15 80

European Data Protection Supervisor at:
edps@edps.europa.eu or per phone +32 (0) 22 83 19 00.