Privacy Policy

VITO consists of various shared services and units, each processing certain categories of personal data. This generally concerns personal data that we receive directly from you, for example, when you visit our website vito.be or other websites managed by VITO, when you participate in an event organized by VITO, or when you use an application, whether or not through our website.

Personal data is also processed in the context of providing services and scientific research. Additionally, VITO processes your (business) contact details to use in their CRM system and to send you marketing information and newsletters.

This privacy statement aims to inform you as complete as possible and to explain how and why VITO, as the data controller, collects, uses, and stores your personal data, as well as to inform you about the rights you have and how you can exercise these rights.

VITO collects ordinary, special, and criminal personal data.

For each processing activity, it is indicated why this processing is necessary.

All personal data is always processed based on a legal basis mentioned in Article 6 of the GDPR. Special and criminal data are only processed if there is a legal exception and a legal basis.

For the processing of personal data, VITO uses one of the following legal bases depending on the intended processing:

• Consent of the data subject;
• Necessity to perform a contract;
• Legal obligation to carry out the processing;
• Legitimate interest.

For each processing activity, we only use the personal data that is relevant and necessary for the intended purpose of the processing.

Your personal data is retained as long as necessary to achieve the purpose(s), to comply with contractual and legal requirements, and to establish, exercise, or defend our legal rights. Based on these requirements, a retention period has been determined for each category.

For more information regarding cookies, we kindly refer you to our cookie policy.

In the context of collaborations with government agencies where the transfer of personal data takes place, protocols have been established. These documents are subsequently made available on our website. The following protocols have been concluded:

• VITO - AAPD: read the document (in Dutch)
• VITO - VLABEL: read the document (in Dutch)
• VITO - STATBEL: read the document (in Dutch)
• VITO - VLAIO: read the document (in Dutch) - addendum 1
• VITO - Federal Planning Bureau: read the document (in Dutch)

1. Right to Information
   As a data subject, you have the right to information. Through this privacy statement, we try to provide you with information about which data we process, what we do with this data, on what legal basis we process this data, and to whom we transfer this data.
2. Right of Access
   You have the right to request access to the data we hold and process about you. You may request a copy. Access to certain data will only be possible on-site, and in consultation with our DPO, a place and time will be agreed upon.
3. Right to Rectification
   You always have the right to have your data corrected if there are errors in it.
4. Right to Erasure
   You can request that your personal data be erased if there is no longer a valid reason to process it.
   This right is not absolute and can only be enforced when:
   The personal data is no longer necessary to fulfill the intended purpose;
   The personal data was obtained without explicit consent and is therefore being processed unlawfully;
   There is a legal obligation to erase the data;
   The consent to processing is withdrawn;
   Personal data provided when you were a minor can be erased at any time.
5. Right to Restriction
   Restriction means that your personal data, except for storage, may only be processed with your consent for the establishment, exercise, or defense of legal claims, to protect the rights of another natural or legal person, or for reasons of public interest.

   In general, you can exercise your right to restrict the processing of personal data when it is unclear whether and when your personal data should be erased. You can then request that your data not be processed until everything is adjusted, but also that your data be kept and not used further.

6. Right to Object
   If we process your personal data based on a legitimate interest or a task of public interest, you can object to the processing of your personal data, and we will weigh the legitimate grounds on which we base the processing against your interests, rights, and freedoms. While this assessment is being made, we will suspend the processing.
   In the case of objection to direct marketing, we will automatically stop processing your personal data for this purpose.
7. Right to Data Portability
   You may request that your data be transferred from VITO to another organization.
8. Right Not to Be Subject to Automated Decision-Making
   You may request that VITO stop using your data unless there are compelling reasons to do so.

You can find the full data protection policy of VITO here. It provides further explanation of the data protection policy within the organization, the processing principles applied, the register of processing activities, and further details on the previous points.