Privacy policy

This document lays down the privacy policy of

ACEA (Association des Constructeurs Européens d’Automobiles)
85, avenue des Nerviens, B-1040 Brussels
Tel: +32 2 732 55 50
www.acea.be

It sets out how we process data and explains your rights and how to exercise them.

For any questions regarding this policy, please contact privacy@acea-gdpr.be.

It is our policy to respond as soon as possible and at the latest within 30 days to any request you send us in relation to our privacy policy or how we process your data.

How we process data

  • Data categories

The data we process are limited to: name, first name, job title, company, address, telephone, email unless you have provided us with additional information.

  • Data collection

We collect your data either directly from you, from the website of your organisation or from a private database (Dods Group PLC).

  • Processing purpose and legal basis
  1. Members:
    If you are a member of one of our working groups, we use your data only to inform you about the EU policy issues that are relevant for the working group(s) that you are a member of. We consider such processing to be in the legitimate interest of ACEA as it enables us to provide you with the services that your company requests from us through its membership of our association.
     
  2. Non-members:
    If you are not a member of ACEA, we use your data only to inform you about our position on EU policy issues, invite you to our events and send you our press releases. We consider such processing to be in the legitimate interest of ACEA as a trade association whose mission it is in a representative democracy with a free press to represent the European automobile manufacturers at EU level and to act as an interface between our member companies and the EU institutions, the media and other companies and associations that try to influence EU decision-making. We believe our legitimate interest outweighs your right to the protection of your personal data since we process your data only to contact you in your professional capacity and to send you only information that is relevant for your professional activity.
  • Data sharing

By using Office 365 software for data storage, we share your data with Microsoft Corporation. This company processes your data on servers located in the European Union.  

If you are a member of one of our working groups, we share your data with the other members of the group(s) that you are a member of.

We do not share or sell your data to anyone else in any other way.

  • Data transfer outside the EU

We transfer your data to The Rocket Science Group LLC to the extent that we use MailChimp to send you our newsletters or press releases. This company processes your data on servers located in the United States.

The Rocket Science Group LLC adheres to the EU/US Privacy Shield. This mechanism guarantees that your data that this company processes in the United States are protected as adequately as if they were processed in the European Union:

https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active

  • Automated decision-making

We do not use automated-decision making when we process your data.

  • Data storage period

We store your data as long as they are current.

We will send you a notice once a year to verify whether your data are still accurate.

We instruct our staff to inform our database managers whenever they become aware of any changes in your professional situation so that we can update or remove your data as appropriate.

  • Security

We do our utmost to protect your data against destruction, loss, alteration or unauthorised disclosure.

In terms of organisational measures, we have limited the access to your personal data to specifically appointed employees who have been trained to handle such data properly. To prevent anyone else from accessing your personal data, these employees use Microsoft’s Identity and Access Management solutions to access our devices, apps and cloud services.

In terms of technical measures, we use Microsoft Intelligent Security Graph (ISG) to protect, detect, and respond to security incidents. For example, malware gets detected by Office 365 Advanced Threat Protection, shares that information with services like Windows Defender ATP and Advanced Threat Analytics, that collectively protect our user identities, apps and data, devices, and infrastructure against advanced persistent threats.

  • Amendments

We will send you a notice whenever we make substantive changes to our privacy policy that materially affect your rights, for example if we would collect additional data or if we would use your data for additional purposes.

Your rights and how to exercise them

  • Right to access

You have the right to access your data that we process. To do so, please send an email to privacy@acea-gdpr.be

  • Right to rectification

You have the right to ask us to correct your data. To do so, please send an email to privacy@acea-gdpr.be

  • Right to erasure

You have the right to ask us to erase your data. To do so, please send an email to privacy@acea-gdpr.be

  • Right to restrict data processing

You have the right to ask us to restrict the processing of your data where:

  • You contest the accuracy of your data, for a period enabling us to verify their accuracy
  • Our processing is unlawful and you prefer to restrict the use we make or our data rather than ask for their erasure
  • We no longer need to process your data but you need the data for the establishment, exercise or defence of legal claims
  • You object to the processing of your data, for a period enabling us to verify whether our legitimate interest for processing your data overrides your rights

To do so, please send an email to privacy@acea-gdpr.be

  • Right to object

Where we process your data on the basis of our legitimate interest, you have the right to object to this processing. To do so, please send an email to privacy@acea-gdpr.be

  • Right to withdraw consent

Where you have given us your explicit consent to process your data, you can withdraw your consent at any time. To do so, please send an email to privacy@acea-gdpr.be

  • Right to data portability

You have the right to ask us to provide you with your data that we process in an electronic format so that you use the data or transmit it to another data controller. To do so, please send an email to privacy@acea-gdpr.be

  • Right to lodge a complaint

You have the right to lodge a complaint about how we process your data with the Belgian data protection authority: Commissie voor de bescherming van de persoonlijke levenssfeer/ Commission de la protection de la vie privée, Drukpersstraat/ Rue de la Presse, 35, B – 1000 Brussel/Bruxelles, commission@privacycommission.be