Privacy policy

Data controller

The data controller for this process is the European Association for the Education of Adults (EAEA). The European Association for the Education of Adults (EAEA) is the voice of non-formal adult education in Europe. EAEA is a European NGO based in Brussels, with 120 member organisations in 43 countries and represents more than 60 million learners Europe-wide.

Legal base for collecting your personal data

We process personal data on the following legal bases.

Legal obligations – for activities required for compliance with applicable national legislation (Belgian law) and European legislation (EU Regulation 2016/679, GDPR), as well as with the specific legal and regulatory under the action programme of a specific action or project.

Consent – for activities such as organization of surveys and interviews, completing of questionnaires and dissemination of project’s results, also based on ethical guidelines provided by the European Commission.

Contractual obligations – for activities such as reporting to the European Commission and complying with project’s publicity obligations.

What types of data do we collect?

We only collect the data that are necessary for the smooth implementation of our project and activities.
● contact details (name/surname, e-mail address, address, phone number)
● professional information (job title, organization, field of expertise);
● demographics (e.g., age, gender, nationality);
● information about knowledge and opinions (for surveys, interviews and studies);
● videos and photos (from people that attend our events);
● dietary and accessibility requirements (if relevant, only for events).

Children

We do not knowingly collect, use, or disclose information from children under the age of 16. If we learn that we have collected the personal information of a child under 16 we will take steps to delete the information as soon as possible. Please immediately contact us if you become aware that a child under 16 has provided us with personal information.

How do we collect your personal data?

We collect personal data both directly and indirectly.

We obtain personal data directly from individuals in a variety of ways, including but not limited to the following cases:
● registration to attend meetings and events we host and during attendance at such events
● subscribing to our newsletters, through our website, or registering to our online courses and training, through our learning platform;
● a contract or a cooperation agreement with an individual;
● participation in an interview or survey organized by us.

We obtain personal data indirectly about individuals from a variety of sources, including:
● our partners;
● our members;
● our networks and contacts;
● public and open data sources such as public registers, news articles and internet searches;
● social and professional networking sites.

What do we do with your personal data?

We process your personal data with the following purposes, including but not limited to:
● Dissemination and communication of our activities through different channels;
● Sending invitations and providing access to participants in events and training;
● Conducting research and studies (e.g., interviews, surveys);
● Processing online requests or queries, including responding to communications from individuals, from emails, website and social media sites;
● Managing and maintaining our information systems and websites and their security;
● Complying with contractual, legal, and regulatory obligations.

How do we secure your personal data?

We regularly conduct risk assessment processes to identify any risks related to collection, processing and storing of personal data. Based on the results, we define and apply both technical and organizational measures to mitigate the risks, including but not limited to:
• Data protection guidelines for our staff;
• Confidentiality agreement included in the working regulations for staff and in the contracts for suppliers;
• Back-up process, antimalware protection and access control mechanisms to the services where we store the data;
• Appointment of a responsible contact person for data protection in the Administration and Finance coordinator.

Do we share personal data with third parties?

We do not sell your data or share them with any organisation for commercial and marketing purposes.

We may share personal data with trusted third parties that work for us or provide us their services, for our projects and activities, or in the cases prescribed by the law or by contractual provisions. These third parties are contractually bound to safeguard the data we entrust to them.

• Digital services providers (cloud-based software services such as Microsoft SharePoint and Google for storage; SurveyMonkey and Google for collecting data; Matomo for website analytics; Mailchimp for newsletters distribution)
• Our professional advisers, including lawyers, external evaluators, auditors, and insurers;
• Law enforcement or other government and regulatory agencies or other third parties as required by, and in accordance with applicable law or regulation;
• The European Commission according to our relevant contractual obligations.

Do we transfer your personal data outside the European Economic Area?

We do not own servers located outside the European Economic Area (EEA). However, some of our cloud services providers may have servers both inside and outside the EEA. We always check that such providers comply with the GDPR requirements.

How long do we keep your personal data?

We keep your personal data only for the time needed to carry out the activities and provide the services related to the purpose of collection, and as well as to comply with applicable laws, regulations, and contractual obligations to which we are subject.

Please note that we have an obligation to retain data concerning projects funded with support from the European Commission for up to five years after the payment of the project balance (unless further retention is requested by auditors).

After the expiry of the retention period, and unless further legitimate grounds for retention arise, we will dispose of personal data in a secure manner.

Third party tools and content (for websites)

Our websites may contain links to third-party sites. We are not responsible for the data protection policies or content of these sites and we disclaim any liability for any loss or damage that may be caused by the use of these links. If you have any questions about the privacy practices or content of another site, you should contact the responsible organisation.

We may also provide social media features that allow you to share information and interact on external social media sites. The use of these social media features may result in the collection or sharing of information of personal data and, therefore, we recommend to check the privacy policies of these social media sites before using these features.

Do we use cookies?

Our websites and learning platform use cookies. Where cookies are used, a statement will be sent to your browser explaining the use of cookies.

What are your rights?

You have the following rights regarding our processing of your personal data:
● Right to withdraw consent – You can withdraw consent that you have previously given to one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent.
● Right of access – You can ask us to verify whether we are processing personal data about you and, if so, to have access to a copy of such data.
● Right to rectification and erasure – You can ask us to correct our records if you believe they contain incorrect or incomplete information about you or ask us to erase your personal data after you withdraw your consent to processing or when we no longer need it for the purpose it was originally collected.
● Right to restriction of processing – You can ask us to temporarily restrict our processing of your personal data if you contest the accuracy of your personal data, prefer to restrict its use rather than having us erase it, or need us to preserve it for you to establish, exercise or defend a legal claim. A temporary restriction may apply while verifying whether we have overriding legitimate grounds to process it. You can ask us to inform you before we lift that temporary processing restriction.
● Right to data portability – In some circumstances, where you have provided personal data to us, you can ask us to transmit that personal data (in a structured, commonly used, and machine- readable format) directly to another entity.
● Right to object – You can object to our use of your personal data for direct marketing purposes, including profiling or where processing has taken the form of automated decision-making. However, we may need to keep some minimal information (e.g., e-mail address) to comply with your request to cease marketing to you.
● Right to make a complaint to your local Data Protection Authority (DPA) – You can file a complaint regarding any concerns you may have about our data handling practices

How to contact us

The EAEA Administration and Finance coordinator is responsible for data protection matters.

You can contact us
● by email to eaea-office@eaea.org
● by telephone to +32 2 893 2522
● at our office Rue de l’Industrie 10, 1000, Brussels.

We will examine your request based on the relevant requirements of the laws and regulations and we will answer within 30 days after receiving your request. We will ask from you some kind of identification (e.g., photocopy of your identity card or passport) to avoid non-authorized reveal of your personal data.

If, for reasons of complexity of the request or a multitude of requests, we are unable to respond promptly, we will notify you within 30 days of any delay.

Making an official complaint

If you feel that we have infringed your data protection rights, you may file an official complaint to the data protection authority in your country of residence or the Belgian Data Protection Authorithy at the following address:

Belgian Data Protection Authority
Rue de la Presse 35
B-1000 Bruxelles

Changes to this policy

This Privacy Policy is valid from 12/07/2024 and replaces any other previous version that we have published in the past. We reserve the right to revise this Policy at any time and the updated version will be shared and published. If there are critical changes in this policy, we will notify you.