The importance of data protection

Vlaamse Instelling voor Technologisch onderzoek (VITO) places great importance on properly protecting the data it processes, especially personal data. In this privacy statement, VITO wants to explain how personal data is processed and protected and what rights you have as a data subject.

Scope of this privacy policy

VITO consists of various shared services and units, each processing certain categories of personal data. This generally concerns personal data that we receive directly from you, for example, when you visit our website vito.be or other websites managed by VITO, when you participate in an event organized by VITO, or when you use an application, whether or not through our website.

Personal data is also processed in the context of providing services and scientific research. Additionally, VITO processes your (business) contact details to use in their CRM system and to send you marketing information and newsletters.

This privacy statement aims to inform you as complete as possible and to explain how and why VITO, as the data controller, collects, uses, and stores your personal data, as well as to inform you about the rights you have and how you can exercise these rights.

Data controller

As the data controller, VITO processes your personal data as specified in this privacy statement. This means that VITO determines the purposes and means of processing this data and is the point of contact not only for you but also for the supervisory authority for any questions regarding the use and processing of your personal data. As a unique point of contact within VITO for all your questions and comments regarding the protection and processing of personal data by VITO, we have appointed a Data Protection Officer (DPO). You can reach the DPO at the following address and email address:

VITO
Data Protection Officer
Boeretang 200
2400 Mol
assist-dpo@vito.be

Nature, Purpose, Legal Basis, and Retention Period

VITO collects ordinary, special, and criminal personal data.

For each processing activity, it is indicated why this processing is necessary.

All personal data is always processed based on a legal basis mentioned in Article 6 of the GDPR. Special and criminal data are only processed if there is a legal exception and a legal basis.

For the processing of personal data, VITO uses one of the following legal bases depending on the intended processing:

  • Consent of the data subject;
  • Necessity to perform a contract;
  • Legal obligation to carry out the processing;
  • Legitimate interest.

For each processing activity, we only use the personal data that is relevant and necessary for the intended purpose of the processing.

Your personal data is retained as long as necessary to achieve the purpose(s), to comply with contractual and legal requirements, and to establish, exercise, or defend our legal rights. Based on these requirements, a retention period has been determined for each category.

For more information regarding cookies, we kindly refer you to our cookie policy.

Data Transfers

To protect your privacy, VITO personnel and employees only have access to your personal data if and to the extent necessary to perform their obligations.

If contractually or legally required, or if required for the public interest, VITO will transfer your data to third parties. Additionally, VITO engages specialized partners in Belgium or abroad to perform certain services or to improve the quality of our performance, and in such cases, the transfer of personal data is necessary.

VITO does not transfer your data to third parties for commercial use.

If VITO transfers your personal data to countries outside the European Economic Area (EEA), VITO will take the necessary protective measures in accordance with the GDPR.

Protocols

In the context of collaborations with government agencies where the transfer of personal data takes place, protocols have been established. These documents are subsequently made available on our website. The following protocols have been concluded:

Information Security

VITO is committed to ensuring the confidentiality and security of personal data. We have taken several technical and organizational measures to protect personal data, among other things, from loss, unauthorized alteration, unauthorized access, and unauthorized processing.

Your rights

  1. Right to Information
    As a data subject, you have the right to information. Through this privacy statement, we try to provide you with information about which data we process, what we do with this data, on what legal basis we process this data, and to whom we transfer this data.
  2. Right of Access
    You have the right to request access to the data we hold and process about you. You may request a copy. Access to certain data will only be possible on-site, and in consultation with our DPO, a place and time will be agreed upon.
  3. Right to Rectification
    You always have the right to have your data corrected if there are errors in it.
  4. Right to Erasure
    You can request that your personal data be erased if there is no longer a valid reason to process it.
    This right is not absolute and can only be enforced when:
    The personal data is no longer necessary to fulfill the intended purpose;
    The personal data was obtained without explicit consent and is therefore being processed unlawfully;
    There is a legal obligation to erase the data;
    The consent to processing is withdrawn;
    Personal data provided when you were a minor can be erased at any time.
  5. Right to Restriction
    Restriction means that your personal data, except for storage, may only be processed with your consent for the establishment, exercise, or defense of legal claims, to protect the rights of another natural or legal person, or for reasons of public interest.

    In general, you can exercise your right to restrict the processing of personal data when it is unclear whether and when your personal data should be erased. You can then request that your data not be processed until everything is adjusted, but also that your data be kept and not used further.

  6. Right to Object
    If we process your personal data based on a legitimate interest or a task of public interest, you can object to the processing of your personal data, and we will weigh the legitimate grounds on which we base the processing against your interests, rights, and freedoms. While this assessment is being made, we will suspend the processing.
    In the case of objection to direct marketing, we will automatically stop processing your personal data for this purpose.
  7. Right to Data Portability
    You may request that your data be transferred from VITO to another organization.
  8. Right Not to Be Subject to Automated Decision-Making
    You may request that VITO stop using your data unless there are compelling reasons to do so.

How to Exercise Your Rights

To exercise your rights, you can fill in the "Request Form for Exercising Data Subject Rights" (Download Word | PDF) and send it to us by letter or email at the following address:

VITO
Data Protection Officer
Boeretang 200
2400 Mol
Assist-dpo@vito.be

Depending on the subject of the request and to prevent us from sharing personal data with the wrong people through fraudulent requests, we may need to verify your identity. To this end, we may ask you to send us a copy of your passport or identity card with proof of your full name, date, and place of birth; the other parts can be made unreadable. The copy must be detailed enough to identify you. After handling your request, we will delete this copy unless otherwise required by law.

For on-site access, you will also need to identify yourself.

If you believe that the processing of your personal data violates privacy legislation, you also have the right to file a complaint with the “Vlaamse Toezichtscommissie” or the “Gegevensbeschermingsautoriteit”:

The complaint procedure with the “Vlaamse Toezichtscommissie” can be found at the following link: https://overheid.vlaanderen.be/klachtenprocedure-vtc. A part of the procedure involves filling in a complaint form, which can be found at the aforementioned link.

The complaint procedure with the “Gegevensbeschermingsautoriteit” can be found at the following link: https://www.gegevensbeschermingsautoriteit.be/burger/acties/klacht-indienen. A part of the procedure involves filling in a complaint form, which can be found at the aforementioned link.

Data Protection Policy

You can find the full data protection policy of VITO here. It provides further explanation of the data protection policy within the organization, the processing principles applied, the register of processing activities, and further details on the previous points.

Changes to This Privacy Statement

VITO may change or update this privacy statement to reflect changes in our practices regarding the processing of personal data or changes in applicable legislation. We will post the updated version on our website. We therefore invite you to regularly consult the online version of this privacy statement.