(Last updated 21 June 2021)
Regulation (EU) 2016/679 (known as the “General Data Protection Regulation” or “GDPR”) establishes a regime of protection of personal data. European Union member states have also adopted laws in this area. The GDPR, supplemented by applicable national laws, provides a frame of reference for the processing of personal data by the Training Institute for Psychology & Health (“TIPH”).
General notions about personal data
A number of key terms are used in this policy:
- “Personal data” means any information relating to an identified or identifiable natural person.
- “Processing” means any operation performed on personal data, such as collection, consultation, alteration or storage.
- “Controller” means the person that determines the purposes and means of the processing.
- “Processor” or “subcontractor” means the person that processes personal data on behalf of a controller.
- “Purpose of processing” means the reason for which personal data are processed.
- “Means of processing” means the methods and tools used to perform the processing.
- “Data subject” means the person to whom the personal data relate.
- “Sensitive data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership and genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Why does TIPH process your personal data?
Here is a list of the main purposes for which TIPH processes your personal data:
- Commercial and professional management, including activities such as:
- Organizing meetings;
- Sending newsletters; and
- Professional correspondence.
- Professional monitoring, including activities linked to searching for information such as:
- Technological monitoring;
- Strategic monitoring;
- Searching for business partners; and
- Searching for customers.
- Website management, including activities such as:
- Administration and maintenance of TIPH’s website; and
- Verification of the legality of the use of the services.
- Online referencing of TIPH certified professionals (only at their explicit and written request)
If TIPH decides to process personal data for a purpose other than that for which it was initially collected, it will inform you of this new purpose.
What categories of personal data does TIPH collect?
The categories of personal data that TIPH may collect include:
- Personal information, such as your name, phone numbers, email addresses and nationality.
- Information about your professional life, such as your business title, your institution or employer’s name and information about your education and qualifications.
- Information of a technical nature, such as identifiers used for security purposes, records of traffic on TIPH’s website, including connection data.
- User-generated content, i.e. the content produced by the user as part of their TIPH training (e.g. answers to quizzes and assessments) and comments you may write about the quality of the training received at TIPH.
Is all processing allowed?
The GDPR does not allow all processing. In general, only processing that meets at least one of the conditions in the following list is allowed. We refer to this as the legal basis.
- The data subject has given consent to the processing.
- Processing is necessary for the performance of a contract to which the data subject is a party.
- Processing is necessary for compliance with a legal obligation to which the controller is subject.
- Processing is necessary to protect the vital interests of the data subject.
- Processing is necessary for the performance of a task carried out in the public interest.
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
When TIPH bases the processing on its legitimate interests, it will point them out to you when your personal data are collected.
The GDPR prohibits the processing of sensitive data except in special cases that are specifically regulated. Indeed, these data are, by nature, particularly sensitive from the point of view of fundamental rights and freedoms and require specific protection since the context in which they are processed could create significant risks for these freedoms and rights.
Other laws or regulations may also impose limits on the processing of certain types of personal data. For example, TIBP will never use your name or image without your explicit consent.
Who are the recipients of your personal data?
TIPH ensures that your personal data are only accessible to people with an identified need to know them, by implementing access control measures.
The number of TIPH people who can access your personal data depends on the nature of the data. Some personal data may be viewed by anyone working at TIPH (for example, publicly available data about you). Access to most of your personal data is limited to certain employees, insofar as this access is necessary for the performance of their work (for example, to produce invitation letters, to consult your quizzes or evaluations if you request coaching, to organize the referencing of professionals who request it, ...).
In addition, TIPH may send your personal data to the following recipients:
1. Authorized third-party companies: TIPH may share your personal data with third entities that process personal data on behalf of TIPH, provide services to TIPH (e.g. your email address may be communicated to our web marketer in the context of his missions for the TIPH). In all cases, TIPH ensures that there is an identified need to transfer your personal data.
Outside entities include, for example:
- Telecommunications and internet service providers;
- Website analytics service providers;
- E-mail marketing service providers;
- Web hosting service providers;
- Webinar and videoconference streaming providers;
- Video platform providers; and
- Web development and web marketing service providers.
When TIPH uses a subcontractor, it enters into a contract with it to protect your personal data and in particular to prohibit any processing that has not been decided by TIPH.
2. Public authorities and bodies exercising a public-interest mission: TIPH may be required by law to disclose your personal data to certain authorities or other third parties, for example, the police or other entity law-enforcement authorities acting within the scope of their duties.
International transfers of personal data
TIPH may sometimes transfer your personal data to countries outside the European Union. Some of these countries are recognized by the Commission of the European Union as ensuring an adequate level of protection of personal data, through an adequacy decision. When TIPH transfers your personal data to a country that has not been the subject of an adequacy decision, it implements appropriate safeguards to provide adequate protection to your personal data. These safeguards may take the form of standard contractual clauses for the protection of personal data approved by the European Commission.
How long are your personal data stored?
TIPH only keeps your personal data for the time necessary for the purposes for which they are processed. In most cases, the personal data will be kept during the period of your commercial relationship with TIPH, if applicable, then archived for the legally required period. They may also be kept if necessary for periods in accordance with industry standards or the recommendations of the competent data-protection supervisory authorities.
What are your rights?
Regarding the processing of your personal data, you have the following rights:
- Right of access: you have the right to request access to your personal data processed by TIPH.
- Right to rectification and erasure: You have the right to request the rectification and deletion of your personal data processed by TIPH. You can help keep your personal data up-to-date by informing TIPH if they change.
- Right to restriction: you have the right to ask TIPH to restrict the processing of your personal data, meaning that your personal data held by TIPH are marked to limit their future processing.
- Right to object: you have the right to object to TIPH’s processing your personal data on grounds relating to your particular situation.
- Data portability: when TIPH processes your data on the basis of your consent or a contract with you and by automated means, you have the right to receive the personal data you have provided to TIPH in a structured, commonly used and machine-readable format and forward them to another controller and the right to have them forwarded directly by TIPH when technically possible.
- Right to withdrawal of consent: when processing is based on your consent, you have the right at any time to withdraw that consent, without the withdrawal’s having retroactive effect.
- Right to lodge a complaint with a supervisory authority: if you consider that the processing constitutes a violation of the GDPR, you have the right to lodge a complaint with a supervisory authority. In Belgium, the competent supervisory authority is the Data Protection Authority (APD).
If you intend to lodge a complaint with a supervisory authority, TIPH would appreciate your first informing the controller of your comments, questions or complaints (see section “How to contact us” below).
TIPH only asks you for the personal data necessary to carry out the missions you have entrusted to it.
How to contact us
You can access your data, ask questions about the management of personal data within TIPH, obtain a copy of the safeguards mentioned above and exercise most of your rights described above by contacting TIPH at email@example.com or by mail at the following address:
Training Institute for Psychology & Health
Route de Gembloux 72
Before processing your request, TIPH may need to identify you, for example by asking you for proof of identity. TIPH will respond to your request as soon as possible and in any case within one month, but this period can be extended by two months, in view of the complexity or the number of requests.
Controller of your personal data
The identity and contact details of the controller are as follows:
Training Institute for Psychology & Health
Legal form: limited liability company
Registered office: Route de Gembloux 72, B-5310 Eghezée, Belgium
Company number: 0727.441.602