Version 2 – August 2020

________________________________________________________

Who we are?

ACCIS was established in Dublin in 1990, to bring together European consumer credit reference agencies. Our address is: ACCIS SECRETARIAT, p/a Interel Association Management, Rue du Luxembourg 22-24, 1000 Belgium. Email: secretariat@accis.eu. As we are not required to have a data protection officer, any enquiries about our use of your personal data should be addressed to the contact details above.

________________________________________________________

How we use your information?

To fulfil its purpose and deliver value to its members, ACCIS collects and processes certain information about individuals. This includes member contacts, suppliers, business contacts, event participants and other people the association has a relationship with or may need to contact.

We are committed to handle the personal data of such in compliance with applicable data protection laws, including, as of 25 May 2018, the General Data Protection Regulation (“GDPR”).

________________________________________________________

What personal data do we collect?

ACCIS may collect the following categories of personal data to the extent necessary to achieve the purposes of the association:

• Contact data, such as email address, telephone number, postal address;
• Identification data, such as first name, name, pictures, photographs;
• Personal information, such as age, date of birth, gender, marital status, citizenship;
• Financial data, such as bank account details;

In most instances, we collect personal data directly from you, as data subjects, but we may sometimes obtain personal data from third parties (such as the data subject’s referee or from a public authority).

In addition, ACCIS uses cookies to optimize its website. Functional cookies are necessary for the proper function of our website, therefore can´t be disabled. As you use our website, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. Please refer to the independent cookie policy section for details.

________________________________________________________

When do we collect personal data?

We collect the information outlined above from various sources. We collect information when you respond to one of our e-mail notices through our website, or when you fill out an online form. Further examples of ways in which we collect the information include:

• when you participate in one of our surveys or committees;
• when you attend one of our conferences;
• when you provide us with your business card;
• when you write to us; or
• when you provide us with information orally.

Please note that submitting personal information is not required to use our website, except to access the portions of the site that are protected by a password.

________________________________________________________

Why do we process personal data and on what legal grounds?

As part of its general mission, ACCIS processes personal data for the following purposes:

• For membership administration and support: ACCIS has legitimate interests in the processing of personal data of the contact persons at ACCIS’ member organisations for the purpose of administering the membership and offering membership services. ACCIS is also bound by Belgian Company Law obligations with respect to the organisation of general assemblies and boards of directors (i.e. Management Board) meetings.

• For contract management purposes: ACCIS has legitimate interests in the processing of personal data of member representatives to collect membership fees, as well as those of representatives and contact persons of entities and associations with which ACCIS conducts business (e.g. with respect to services agreements, consultancy agreements, research agreements, procurement agreements).

• For public relations purposes: ACCIS processes contact details of relevant stakeholders in policy and public affairs for the purpose of advocating on behalf of the Consumer Credit Information Suppliers Industry.

• For organising events and conferences: ACCIS processes identification details of individuals who register to participate in events and conferences organised by ACCIS for the purpose of managing the registration and participation in such events.

• For website administration purposes: ACCIS processes identification data from individuals who register themselves on the ACCIS websites and give their express consent to receive newsletters or information from ACCIS.

________________________________________________________

How long do we keep personal data?

ACCIS will only keep personal data for the time that is strictly necessary to achieve the purpose(s) for which it was collected, e.g. for the duration of a contractual relationship or of a project, and for a period thereafter if so required by applicable law or if in the primary interests of the data subjects.

________________________________________________________

How do we secure your data?

We endeavour to protect all personal data in accordance with data protection laws. We ensure that appropriate security measures are taken against unlawful or unauthorised use of your personal information, and against the accidental loss of, or damage to, such information.

With regards to online information security, the registration processes on the ACCIS website may involve you giving a password and account designation. You are responsible for maintaining the confidentiality of the password and account and are fully responsible for all activities that occur under your password or account. You agree to (a) immediately notify ACCIS of any unauthorised use of your password or account and any other breach of security, and (b) ensure that you exit from your account at the end of each session. We cannot and will not be liable for any loss or damage arising from your failure to comply with this obligation.

________________________________________________________

Do we disclose your data?

The information you provide to us will be stored on safe servers located in the European Union, or in locations expressly covered by GDPR-compliant agreements (e.g. by the EU-US privacy shield) by us or our GDPR compliant data processors.

We will not transfer your data to third parties without your permission or unless indicated in this privacy policy or agreed by you as part of a specific data processing activity. If we enter into a venture to outsource any of our functions, your information may however be disclosed to our new business partners, in which case we will ensure that any such data processors adhere to at least the same obligations concerning data protection and security as undertaken by us.

________________________________________________________

Your rights as a data subject

By law, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate. If we have asked for your consent to process your personal data, you may withdraw that consent at any time.

·         If we are processing your personal data for reasons of consent or to fulfil a contract, you can ask us to give you a copy of the information in a machine-readable format so that you can transfer it to another provider;

·         If we are processing your personal data for reasons of consent or legitimate interest, you can request that your data be erased;

·         You have the right to ask us to stop using your information for a period if you believe we are not doing so lawfully;

·         Finally, in some circumstances you can ask us not to reach decisions affecting you using automated processing or profiling.

To submit a request regarding your personal data by contracting ACCIS, as data controller, at the following address: secretariat@accis.eu. Please note that we may require prove of identity in order to process your request.

Individuals will not be charged for subject access requests, except if the requests are manifestly unfounded or excessive (e.g. repetitive). In such case, we may charge a reasonable fee or refuse to act on the request.

________________________________________________________

Your right to complain

If you have a complaint about our use of your information, we would prefer you to contact us directly via secretariat@accis.eu in the first instance so that we can address your complaint. However, you can also contact the Belgian Data Protection Authority via their website https://www.privacycommission.be/en or write to them at: Commission for the Protection of Privacy

Rue de la Presse 35, 1000 Brussels.

________________________________________________________

Updates to this privacy policy

We regularly review and, if appropriate, update this privacy policy from time to time, and as our services and use of personal data evolves. If we want to make use of your personal data in a way that we haven’t previously identified, we will contact you to provide information about this and, if necessary, to ask for your consent.

We will update the version number and date of this document each time it is changed.