Privacy policy

The Importance of Data Protection

Vlaamse Instelling voor Technologisch onderzoek (VITO) places great importance on properly protecting the data it processes, especially personal data. In this privacy statement, VITO wants to explain how personal data is processed and protected and what rights you have as a data subject.

Scope of This Privacy Statement

VITO consists of various shared services and units, each processing certain categories of personal data. This generally concerns personal data that we receive directly from you, for example, when you visit our website vito.be or other websites managed by VITO, when you participate in an event organized by VITO, or when you use an application, whether or not through our website.

Personal data is also processed in the context of providing services and scientific research. Additionally, VITO processes your (business) contact details to use in their CRM system and to send you marketing information and newsletters.

This privacy statement aims to inform you as complete as possible and to explain how and why VITO, as the data controller, collects, uses, and stores your personal data, as well as to inform you about the rights you have and how you can exercise these rights.

VITO aims to inform data subjects in a clear and transparent manner about how their personal data are processed. If specific processing activities are not explicitly included in this privacy statement, VITO will provide additional information at the time the personal data are collected.

Data Controller

As the data controller, VITO processes your personal data as specified in this privacy statement. This means that VITO determines the purposes and means of processing this data and is the point of contact not only for you but also for the supervisory authority for any questions regarding the use and processing of your personal data. As a unique point of contact within VITO for all your questions and comments regarding the protection and processing of personal data by VITO, we have appointed a Data Protection Officer (DPO). You can reach the DPO at the following address and email address:

VITO
Data Protection Officer
Boeretang 200
2400 Mol
Assist-dpo@vito.be

Nature, Purpose, Legal Basis, and Retention Period

VITO collects ordinary, special, and criminal personal data.

For each processing activity, it is indicated why this processing is necessary.

All personal data is always processed based on a legal basis mentioned in Article 6 of the GDPR. Special and criminal data are only processed if there is a legal exception and a legal basis.

For the processing of personal data, VITO uses one of the following legal bases depending on the intended processing:

Consent of the data subject;
Necessity to perform a contract;
Legal obligation to carry out the processing;
Legitimate interest.

For each processing activity, we only use the personal data that is relevant and necessary for the intended purpose of the processing. For each processing activity, VITO determines in advance the specific purpose of the processing and the corresponding legal basis. The applicable legal basis may differ depending on the category of data subjects and the nature of the processing. VITO processes personal data only when and to the extent that one of the legal bases set out in Article 6 of the GDPR applies. For special categories of personal data and criminal data, a specific statutory exception is always applied in accordance with Articles 9 and 10 of the GDPR.

Your personal data is retained as long as necessary to achieve the purpose(s), to comply with contractual and legal requirements, and to establish, exercise, or defend our legal rights. Based on these requirements, a retention period has been determined for each category.

Depending on the nature of its relationship with VITO, the organisation processes personal data from various categories of data subjects. Below, we explain which types of personal data are processed and for what purposes for each category.

Website visitors

VITO processes personal data of visitors to its websites, including vito.be and other websites managed by VITO.
- Categories of personal data
  - Technical identification data (such as IP address), device data, browser data, usage and log data.
- Purposes of processing
  - Technical and functional management of the website, security, statistical analyses, and improving the user experience.
- Legal basis
  - Legitimate interest and, for non-essential cookies and similar technologies, consent.

Event participants

When you participate in an event or training session organised by VITO, we process your personal data.
- Categories of personal data
  - Identification and contact details, professional details (organisation, job title), attendance and registration details.
- Purposes of processing
  - Organisation and administration of events, communication about practical arrangements, and follow-up.
- Legal basis
  - Performance of a contract and legitimate interest.

Job applicants

VITO processes personal data of individuals applying for a position at VITO, whether unsolicited or in response to a vacancy.
- Categories of personal data
  - Identification and contact details, CV data (education, work experience), motivation letters, selection and evaluation data, and, where legally required, other relevant personal data.
- Purposes of processing
  - Organising and carrying out recruitment and selection procedures and assessing the suitability of candidates.
- Legal basis
  - Performance of pre-contractual measures, legal obligations and, where applicable, consent (for example, inclusion in a talent pool).

Business contacts (B2B context)

VITO processes personal data of professional contacts at customers, suppliers, partners, and other business relations.
- Categories of personal data
  - Identification and contact details, professional details (job title, organisation), communication details.
- Purposes of processing
  - Management of contractual relationships, cooperation, supplier and customer management, invoicing, and administration.
- Legal basis
  - Performance of a contract and legitimate interest.

Research participants and individuals involved in scientific research

As part of its research activities, VITO processes personal data of research participants and other individuals concerned.
- Categories of personal data
  - Identification data (possibly pseudonymised), research and measurement data, and, if necessary, special categories of personal data.
- Purposes of processing
  - Conducting scientific research and innovation activities.
- Legal basis
  - Task carried out in the public interest, consent, and/or applicable legal exemptions for research as provided in the GDPR.

For more information regarding cookies, we kindly refer you to our cookie policy.

Data Transfers

Depending on the purpose of the processing, your personal data may be disclosed to the following categories of recipients:

Authorised staff members and departments within VITO, insofar as necessary for the performance of their duties.
Public authorities, supervisory bodies, and judicial authorities, where VITO is legally obliged to do so.
External service providers and suppliers acting as processors on behalf of VITO (such as IT service providers, cloud providers, HR and CRM systems).
Cooperation and research partners, insofar as necessary for the execution of projects and always in accordance with applicable regulations.

VITO concludes a data processing agreement with all external processors in accordance with Article 28 of the GDPR.

If VITO transfers personal data to recipients located in countries outside the European Economic Area, this is done only in accordance with the GDPR. Such transfers will take place only to countries for which the European Commission has adopted an adequacy decision, or subject to appropriate safeguards such as the Standard Contractual Clauses approved by the European Commission.

If VITO transfers your personal data to countries outside the European Economic Area (EEA), VITO will take the necessary protective measures in accordance with the GDPR.

Protocols

In the context of collaborations with government agencies where the transfer of personal data takes place, protocols have been established. These documents are subsequently made available on our website. The following protocols have been concluded:

VITO - AAPD: read the document (in Dutch)
VITO - VLABEL: read the document (in Dutch)
VITO - STATBEL: read the document (in Dutch)
VITO - VLAIO: read the document (in Dutch) - addendum
VITO - Federal Planning Bureau: read the document (in Dutch)

Information Security

VITO is committed to ensuring the confidentiality and security of personal data. We have taken several technical and organizational measures to protect personal data, among other things, from loss, unauthorized alteration, unauthorized access, and unauthorized processing.

Your Rights

Right to Information
As a data subject, you have the right to information. Through this privacy statement, we try to provide you with information about which data we process, what we do with this data, on what legal basis we process this data, and to whom we transfer this data.
Right of Access
You have the right to request access to the data we hold and process about you. You may request a copy. Access to certain data will only be possible on-site, and in consultation with our DPO, a place and time will be agreed upon.
Right to Rectification
You always have the right to have your data corrected if there are errors in it.
Right to Erasure
You can request that your personal data be erased if there is no longer a valid reason to process it.
- The personal data is no longer necessary to fulfill the intended purpose;
- The personal data was obtained without explicit consent and is therefore being processed unlawfully;
- There is a legal obligation to erase the data;
- The consent to processing is withdrawn;
- Personal data provided when you were a minor can be erased at any time.
Right to Restriction
Restriction means that your personal data, except for storage, may only be processed with your consent for the establishment, exercise, or defense of legal claims, to protect the rights of another natural or legal person, or for reasons of public interest.
Right to Object
If we process your personal data based on a legitimate interest or a task of public interest, you can object to the processing of your personal data, and we will weigh the legitimate grounds on which we base the processing against your interests, rights, and freedoms. While this assessment is being made, we will suspend the processing.
Right to Data Portability
You may request that your data be transferred from VITO to another organization.
Right Not to Be Subject to Automated Decision-Making
You may request that VITO stop using your data unless there are compelling reasons to do so.

This right is not absolute and can only be enforced when:

In general, you can exercise your right to restrict the processing of personal data when it is unclear whether and when your personal data should be erased. You can then request that your data not be processed until everything is adjusted, but also that your data be kept and not used further.

In the case of objection to direct marketing, we will automatically stop processing your personal data for this purpose.

How to Exercise Your Rights

To exercise your rights, you can fill in the "Request Form for Exercising Data Subject Rights" (Download Word | PDF) and send it to us by letter or email at the following address:

VITO
Data Protection Officer
Boeretang 200
2400 Mol
Assist-dpo@vito.be

Depending on the subject of the request and to prevent us from sharing personal data with the wrong people through fraudulent requests, we may need to verify your identity. To this end, we may ask you to send us a copy of your passport or identity card with proof of your full name, date, and place of birth; the other parts can be made unreadable. The copy must be detailed enough to identify you. After handling your request, we will delete this copy unless otherwise required by law.

For on-site access, you will also need to identify yourself.

If you believe that the processing of your personal data violates privacy legislation, you also have the right to file a complaint with the “Vlaamse Toezichtscommissie” or the “Gegevensbeschermingsautoriteit”:

The complaint procedure with the “Vlaamse Toezichtscommissie” can be found at the following link: https://overheid.vlaanderen.be/klachtenprocedure-vtc. A part of the procedure involves filling in a complaint form, which can be found at the aforementioned link.

The complaint procedure with the “Gegevensbeschermingsautoriteit” can be found at the following link: https://www.gegevensbeschermingsautoriteit.be/burger/acties/klacht-indienen. A part of the procedure involves filling in a complaint form, which can be found at the aforementioned link.

Data Protection Policy

You can find the full data protection policy of VITO here (in Dutch). It provides further explanation of the data protection policy within the organization, the processing principles applied, the register of processing activities, and further details on the previous points.

Changes to This Privacy Statement

VITO may change or update this privacy statement to reflect changes in our practices regarding the processing of personal data or changes in applicable legislation. We will post the updated version on our website. We therefore invite you to regularly consult the online version of this privacy statement.

VITO and your organisation

Impact for your business, in three areas

In the spotlight

Get more profit out of water

Support for policy makers

How VITO supports policymakers

Application in the spotlight

System Dynamics models: crucial to long-term decision-making

Research and innovation

Research focus on three impact areas

Security & Defence: towards a safer and more resilient future