1. Introduction

In this privacy statement we explain what data we process of you in case we have, wish to have, or have had a business relationship with you. We also tell you why and for how long we process your data and what your rights are with regard to all processing. In addition, we provide information on, amongst other things, the parties we collaborate with and on our security policy.

We find it important our provision of services is reliable and transparent. We therefore handle your personal data discretely and diligently and we make sure that the processing of your data is compliant with the applicable legislation and regulations.

2. Data Controller regarding the processing of personal data

Data Controller is FEFPEB established on Reitseplein 1 (5037AA) in Tilburg (in the following: ‘FEFPEB’).

3. The personal data we process

Depending on your relationship with our organisation and the purpose for which we process data, we process personal data including, though not limited to, the following data:

a) First and last name
b) Gender
c) Date of birth
d) Place of birth
e) Address information
f) Phone number
g) E-mail address
h) Job information
i) Information on participation in our events

4. With what purpose and on what basis we process personal data

We process your personal data in the context of the customary activities of an association and more specifically for purposes such as the following:

a. The maintaining of a members’/participants’ administration
b. The processing and execution of assignments
c. The organisation of events
d. The sending of newsletters or mailings
e. The collection of membership fee/contributions
f. The sending of information to members, participants and/or contributors
g. The disclosure of information on data subjects and activities of the foundation/association on the own website
h. The handling of complaints and disputes
i. To (let) conduct audits
j. Other activities whether or not regarding internal administration
k. The monitoring of website visits
The grounds for processing are those as intended in article 6 of AVG/GDPR (permission, agreement, legal obligation, or legitimate interest).

Explanation legitimate interest in processing of personal data

Processing of personal data for the sending of publications
FEFPEB has as his purpose, as stated by the articles of foundation ‘To safequard and promote wooden pallets and packaging and timber as the preferred raw material for pallets and packaging and to improve the competitiveness of the industry’. In that context, FEFPEB is an interest group in the field of determination and defending of wooden pallets and packaging and FEFPEB carries out lobbying activities as an advocate. A part of these roles is the provision of information. FEFPEB regularly distributes publications. It thereby regards matters like newsletters, reports, press statements, and other publications. These are sent by regular mail and/or e-mail to stakeholders, such as persons active in the media, national authorities, employees’ and employers’ organisations. These persons have in common that they receive publications from FEFPEB on account of their job, at the mail/e-mail address of their organisation. For the distribution of the publications, FEFPEB processes personal data. Grounds for the processing of personal data is the legitimate interest as intended in article 6 section 1 sub f AVG. The legitimate interest consists in the fact, amongst others, that contact with stakeholders and businesses which are active in the sector is crucial for the collection and sharing of knowledge and points of view, which is essential for the promotion of the interests of the members as intended in the articles of foundation. An appeal to legitimate interest requires the weighing of the legitimate interest of FEFPEB against the interests/rights/freedoms of the data subjects. In that context, it is relevant that the breach of the privacy of the data subjects is insignificant. This regards personal data which has a business character. FEFPEB therefore believes that there are no interests/rights/freedoms for the data subjects which outweigh the legitimate interest of FEFPEB.

5. Automatic decision-making

We do not make decisions based on automated processing on matters which may have a (significant) impact on people. This regards decisions which are taken by computer programs or systems, without a person (for example one of our collaborators) being involved.

6. For how long we keep personal data

We generally do not keep your personal data any longer than is necessary for the purposes for which we have collected your data. The retention period may differ from case to case. An example is when we are obliged to keep a number of documents for a minimum term for fiscal or administrative purposes. In those cases, we will only keep that data which is necessary to comply with our legal obligations. After the legal retention periods we will remove your data or anonymise it. In case your registration is terminated, your personal data is removed no later than two years after.

7. Sharing of personal data with third parties

We do not share your personal data with third parties, unless it takes place in the context of the implementation of an agreement with you and to comply with possible legal obligations. To the extent these third parties must be considered data processor, we have concluded a processor agreement with those third parties in which the protection, non-disclosure, and your rights are stipulated. We remain responsible for this processing.

Sharing of information outside the EEA (if applicable)
Your data can in certain cases be transmitted to receivers in countries outside the EEA. The main rule is that this is only permitted if a country offers an appropriate level of security. If there is not an appropriate level of security in a country outside the EEA, we will take care of appropriate safeguards so that your data will be protected as well as possible. An example of this is the use of model contracts which have been approved by the European Commission.

8. Cookies, or comparable techniques, we use

We make use of cookies on our website. Cookies are tiny text files which are stored upon the first visit to the website in the browser of your computer, tablet, or smartphone.

We use the following cookies:
a. cookies with a purely technical functionality. These make sure that the website functions properly and that, e.g., your preferential settings are saved. These cookies are also used to have the website function well and to be able to optimise it.
b. Analysis functionality

You can unsubscribe for cookies by changing the settings on your internet browser in such a way that it will no longer store any cookies. In addition, you can also remove all information stored previously through the settings on your browser.

9. Your rights (perusal, modification, removal, etc.)

It is explained in the following what your rights are with regard to the processing of your data.

a) Right of perusal
You have the right of perusal of your own data. This also includes the question what the purposes of the processing are, to what parties they are provided, and what the retention terms are.

b) Right of rectification
You can ask us to rectify your data directly. You also have the right to complete incomplete data, for example by sending an e-mail to us.

c) ‘Right to be forgotten’
You have the ‘right to be forgotten’. Upon request, we will always remove your data without any unreasonable delays. We may not always, however, remove all your data. Sometimes, for example, the processing is necessary to comply with legal obligations or to file, exercise, or substantiate claims.

d) Right to limitation of processing
In principle you have the right to have the processing of your data limited, for example if you hold your data to be incorrect or unnecessary.

e) Notification of rectification, removal, or limitation
Unless it is impossible, or it requires a disproportionate effort, we will inform the receivers of your data of every rectification, removal, or limitation of the processing.

f) Right to the transferability of your data
You have the right to the transferability of data. This means that you can submit a request to receive your data. Subsequently you can store this data for personal reuse. You only have this right with regard to data which you have provided to us yourself and on condition the processing is based on your consent or on an agreement to which you are a party.

g) Withdrawal permission
If the processing of data is based on consent, you have the right to withdraw your permission at any moment. The processing of your data prior to the withdrawal, however, does remain legitimate.

h) Right to object
You have the right on account of reasons related to your specific situation to object to the processing of your data. After your objection we will in principle discontinue the processing of your data, unless there are weightier, mandatory legitimate grounds for the processing of your personal data.

i) Complaint filed with the data protection agency AP or lawsuit.
If you believe that the processing of your data violates legislation, you can contact our Privacy Manager, but you also have the right to submit a complaint with the data protection agency ‘Autoriteit Persoonsgegevens’ (AP) or to file a lawsuit.

j) Limitations of your rights
Sometimes we can limit your rights, for example in the context of the prevention, investigation, detection, and prosecution of criminal actions, such as fraud.

You can address all requests to us through make sure that a request was made by you, we ask you to attach a copy of your ID to your request. Cross out your picture, the MRZ (machine readable zone, the bar with numbers at the bottom of the passport), passport number and ‘Burgerservicenummer’ (BSN – social security number) in this copy. This to protect your privacy.

Costs and terms
Upon the exercise of the above rights, FEFPEB will not, barring abuse (unfounded and/or excessive requests), apply any charges to data subjects. FEFPEB will in principle respond to requests within one month. If it takes more time to respond to a request, FEFPEB will accordingly inform data subject within one month. It may be due to the complexity of the request that the response term will extend to a maximum of three months.

Assessment of requests
Every request will be assessed by FEFPEB separately on the basis of the specific facts and circumstances. Circumstances may pertain which cause FEFPEB to be unable to comply with a request, for example if the data belongs to the data subject or if it is processed on grounds of a legal obligation or legitimate interest. If FEFPEB is unable to comply with a request, they will communicate this in a substantiated manner to the data subject.

10. How we protect personal data

We take the protection of your data seriously and we take appropriate measures to prevent abuse, loss, unauthorised access, undesired publication and unauthorised modification. If you have the impression that your data is not properly protected or if there are indications of abuse, please contact us.

11 Modifications

We can modify this statement in case developments constitute reasons for doing so, for example in the event of new forms of processing. You can find the most recent privacy statement on our website. We advise you to regularly review this privacy statement, so that you will remain informed of changes.

October 2018