1. The importance of data protection

VITO sets great store by ensuring that the data that it processes are granted the correct level of protection, especially personal data. VITO would like to use this privacy statement to strategically lay down the ways in which data are protected, the responsibilities that are assigned in this regard and the priorities that VITO has determined concerning data protection.

 

In particular, VITO takes all reasonable measures to ensure that the data of website users and the personal data that they make available are protected against:

  • loss: data are no longer available;
  • leaks: data falling into the wrong hands;
  • errors: data are not correct; for example, obsolete or incomplete;
  • not accessible: data are not accessible when required;
  • wrongful access: viewed by persons who are not authorised to do so;
  • the inability to establish who viewed, amended or deleted the data;
  • processing that is not in line with legislation, guidelines and standards.

2. Scope of the data protection policy

This privacy statement applies to the entire lifespan of information within VITO websites, from obtaining information to final deletion of information within the organisation.

This policy applies across VITO:

  • The head office and VITO's other registered offices;
  • All VITO employees, and external parties who work within VITO on a fixed or non-fixed contract;
  • All company resources and information processing systems that VITO manages and systems that external employees manage for the purpose of information processing for VITO such as databases, information irrespective of the carrier, networks, data centres, etc.;
  • All processing activities, both as a controller and processor.

Additional guidelines or procedures can be established for specific areas or processes within VITO that provide a detailed explanation of the measures that are being taken in order to achieve the desired level of data protection.

As ICT suppliers play an important role in setting up the ICT environment for processing data, the privacy statement also stipulates the policy principles for this.

3. Policy objectives for data protection

VITO, both in its role as a controller and processor:

  • Is transparent regarding the personal data that it processes and the processing purpose, both to those involved, the clients and the supervisors. The communication is honest, easily accessible and comprehensible. The transparency principle also applies when personal data are being exchanged.
     
  • Only processes the data that are relevant to the execution of its tasks. Each task where personal data are processed is justifiable. This is also evaluated in the event of a new processing purpose, if necessary based on a data protection impact assessment.
     
  • Only processes the personal data that are strictly necessary to carry out its activities. As a result, identifying factors that form part of the personal data will be kept to a minimum.
     
  • Assesses the integrity of personal data during the entire processing cycle.
     
  • Does not store data for longer than is necessary. The necessity is checked against statutory obligations and the rights and freedoms of those affected.
     
  • Prevents infringements that ensue as a result of processing personal data. Information security, data protection by design and privacy-friendly standard settings are useful resources here. If an infringement occurs, reporting is carried out in this regard in line with relevant legislation in this area.
     
  • Is able to implement all of the valid rights of anyone affected, such as the right to access, copy and even delete data.
     
  • Actively checks that the rights and freedoms of the person affected are safeguarded when processing personal data for a particular purpose.
     
  • Processes data in line with the rights and freedoms that apply in the European Economic Area and checks that these apply when data is exchanged outside the EEA.
     
  • Can demonstrate that it complies with all policy objectives, in accordance with the statutory provisions. This accountability is monitored by means of internal supervision and control and can be achieved in accordance with the legally applicable principles.

4. Which personal data do we collect?

We collect various types of personal data:

  • Personal data that you provide us with via web forms: for example, your name, email address and telephone number when you use our contact form;
  • Personal data that we obtain as a result of you using the websites:

‚ÄčLog file information: we keep the following data in server logs, amongst other data:

  1. IP address;
  2. Browser information;
  3. The external web page from which you visited us;
  4. The pages that you have visited on our websites;
  5. The time at which the pages were visited and how long they were visited for.

Device details: we can keep track of which device you use to visit our websites;

Cookies: we use cookies to identify our visitors and we need to do so in order to obtain visitor statistics. For more   information regarding cookies, please refer to our cookie policy.

5. What do we use the personal data for?

We use the personal data that we collect in order to provide the correct service and to maintain, protect and improve it. Your personal data are only retained for as long as this is required to fulfil the objective for which we have collected these.

We can use your personal data to inform you and communicate with you:

  • Primarily to give feedback when you have submitted a question via the contact form;
  • When issuing our newsletters and magazines if you have subscribed to these.

We only share your personal data:

  • With your consent: we only share your personal data with companies other than VITO providing that you have consented to this. Be aware that when you click on a social media button, the privacy policy of this provider applies;
  • For legal reasons: it may be the case that we need to share your personal data in order to comply with a statutory obligation;
  • With parties that process personal data for us: these parties may only process personal data by order of VITO. Processing of this type is laid down in a processing agreement concluded between VITO and this party.

6. Your rights

You can ask us (free of charge):

  • Which data we have about you;
  • What the aim is of specific processing;
  • Who processes your personal data.

You have the right (free of charge):

  • To have a copy of your personal data that we process for a particular purpose;
  • To submit a request that your data be deleted;
  • To ask us to no longer process your personal data (if you have a valid and legal reason for this).

VITO will never process personal data relating to political or religious preferences or beliefs, race, or any other data relating to your health or sexuality.

7. Contact information

If you have any further questions regarding the processing of personal data. If you would like to submit a request to amend, view, delete or report a databreach of your data. Please fill out the privacy contact form.
We kindly request proof of identity and we will process your request within 30 days of receipt of your email.