Privacy Charter

This Policy is established by:

Meurice Research and Development (R&D) ASBL

Address: Avenue Emile Gryson, 1
Building 10
B-1070 Brussels

Email:
pribant@meurice.org

 

It is registered under BCE number: 0454.194.778.

Hereinafter identified as “Meurice R&D” or “we”, “us”.

We are particularly attentive to the protection of personal data (hereinafter referred to as data) and the respect for the privacy of all individuals who come into contact with us. We act with full transparency, in accordance with national and international provisions on the matter, notably Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “General Data Protection Regulation” or “GDPR”).

This information document concerning the protection of personal data describes how we process your data and the rights you can exercise over the data concerning you as a data subject.

It may be modified at any time, particularly to comply with any regulatory, jurisprudential, or technological developments. We invite you to consult it regularly.

Finally, for our website, we refer you to the cookie policy by following this link: www.meurice.org/politiquedescookies

You can respond to any of the practices described below by contacting us.

 

• Why do we process your data?

We collect and process your personal data for various reasons, based on a legal basis determined by the GDPR (for example, compliance with a legal obligation to which we are subject or the performance of a contract concluded with you).

The table below sets out the purposes and legal basis for the use of your personal data.

Processing	Purpose of Use	Legal Basis for Processing
Management of Our Members’ Data	We process your personal data to carry out operations related to the management of our members’ data.	We process your data in accordance with the provisions of Article 6.1.c) based on our legal obligation.
Management of Pre-contractual Relations	We process your personal data to respond to requests and/or questions you send us, or if you send us your CV to apply for a position with us.	We process your data in accordance with the provisions of Article 6.1.b) of the GDPR, based on pre-contractual measures.
Data Management for Studies and Research	We process your data in our agri-food department, as part of studies tailored to various business issues. In the context of the research conducted, your data is anonymized/pseudonymized.	We process your data in accordance with the provisions of Article 6.1.f), based on our legitimate interest, stated here as we have weighed this interest against your interests or fundamental freedoms and rights by examining your “reasonable expectations”. We process your health data in accordance with Article 9.2.j) of the GDPR, namely for scientific research purposes.
Management of Collaborations with External Companies and Organizations	We process the data of contact persons from external companies and organizations with which we collaborate. We process the data of participants in studies conducted by our external collaborators.	We process your data in accordance with the provisions of Article 6.1.b) of the GDPR, based on contractual measures. We process your health data in accordance with Article 9.2.j) of the GDPR, namely for scientific research purposes.
Data Management for Awarding Prizes and Subsidies	We process data of non-member students of the ASBL for the purpose of awarding prizes or travel subsidies.	We process your data in accordance with the provisions of Article 6.1.a) of the GDPR, based on your consent.
Management of Meurice R&D Bodies (Board of Directors)	We process the data of directors to ensure compliance with the obligations set out in the Code of Companies and Associations and to conform to the statutes.	We process your data in accordance with the provisions of Article 6.1.c) based on our legal obligation.
Management of Suppliers and Customers	We process your data to fulfill our contractual obligations towards you or your company.	We process your data in accordance with the provisions of Article 6.1.b) of the GDPR, based on contractual measures.
Website Management	We process the data of members who have an account on our website.	We process your data in accordance with the provisions of Article 6.1.a) based on your consent.
Communication Management	We process personal data to communicate information related to our services to you. It is in our legitimate and commercial interest to offer and promote all services and/or share informative messages with you that correspond to what you can reasonably expect from us in the context of our existing or potential future relationship.	We process your data, in accordance with the provisions of Article 6.2.f), based on our legitimate interest, as we have weighed this interest against your interests or fundamental freedoms and rights by examining your “reasonable expectations”. You can object to this processing by contacting us.
Litigation Management	We may use your data to serve our legitimate interest or that of third parties, in the defense of our interests (or those of third parties) in legal proceedings within the context of our existing or potential future relationship.	We also have a legitimate interest in processing personal data for the defense of our interests, including but not limited to, in the context of disputes or legal actions based on Article 6.1.f) of the GDPR. We may also process sensitive data in this context, in accordance with the provisions of Article 9.2.f).

Unless legally excepted, you may, at any time, object to processing based on legitimate interest or your consent by contacting us.

 

• What data is collected and processed?

We only collect personal data that is adequate, relevant, and limited to what is strictly necessary for the purposes for which it is processed. Depending on the purposes, data collection is carried out differently.

Below, we detail the personal data we collect about you, the reason for its collection, and the methods of collection.

Processing	Data Collected and Processed	Methods of Collection
Management of Our Members’ Data	Personal identification data (name, first name, address, phone number, company number) Electronic identification data (email address, login)	Directly from you You made them public
Management of Pre-contractual Relations	Personal identification data (name, first name, address, phone number) Electronic identification data (email address) Family data (children’s names and first names, marital status) Personal characteristics (age, gender, date of birth, your country, your language) Professional characteristics (profession, diploma, career, etc.)	Directly from you You made them public
Data Management for Studies and Research	Anonymized/pseudonymized personal identification data (name, first name, phone, email address, gender, date of birth, your country, your language) Health data Professional characteristics Lifestyle habits Account number of voluntary participants	Directly from you
Management of Collaborations with External Companies and Organizations	Personal identification data of the contact person (name, first name, address, phone number) Electronic identification data (email address) Personal identification data of study participants will be anonymized/pseudonymized after collection Health data of study participants Lifestyle habits of study participants	Directly from you Through our external collaborators
Management of Meurice R&D Bodies (Board of Directors)	Personal identification data (name, first name, address, date of birth, national registry number, phone number)	Directly from you
Management of Suppliers and Customers	Personal identification data (name, first name, address, phone number, VAT number) Electronic identification data (email address) Financial data (account number)	Directly from you From the Crossroads Bank for Enterprises
Website Management	Electronic identification data (email address, login)	Directly from you
Management of Our Communication	Personal identification data (name, first name, address, phone number) Electronic identification data (email address, Facebook and Messenger username)	Directly from you You made them publicly accessible
Management of Our Litigation	Personal identification data (name, first name, address, phone number, VAT number) Electronic identification data (email address) Personal characteristics (age, gender, date of birth, your country, your language) All data necessary to ensure the defense of our interests in court	Directly from you You made them public

 

Health data, processed for “Data Management from Studies” and “Management of Collaborations with External Companies and Organizations”, will only be accessible to researchers from the agri-food department team. They are bound by the confidentiality of this data.

 

• Is your data disclosed or shared with third parties?

The data listed above is accessible to staff members, collaborators, and any person acting under the authority of Meurice R&D. Where applicable, your data is communicated to our lawyers or any technical advisors, to banking or insurance organizations, to the strict extent necessary.

 

We may also transmit your data:

1. upon request from a judicial or administrative legal authority or judicial assistant; or
2. in good faith, considering that this action is required to comply with any applicable law or regulation; or
3. to protect and defend our rights or those of other users of our services.

We may also grant access to certain data to our co-contractors, referred to as “sub-processors” within the meaning of the legislation, to the extent strictly necessary for the achievement of our purposes, such as the operation of applications or computerized management systems.

In all circumstances, we ensure the protection of your data through agreements guaranteeing confidentiality.

 

The service providers with whom we may share customer data are as follows:

Type of Service Provider	Location
Email sending solution providers	In Europe
Postal sending solution providers	In Europe
IT solution and infrastructure/system maintenance providers	In Europe
Hosting / Cloud Service	In Europe
Social Networks	In Europe
Lawyers and legal service providers	In Europe
Accountants and financial service providers	In Europe
Banks	In Europe

 

For security reasons, the list of sub-processors, their areas of activity, the purpose pursued, and, where applicable, the country in which the data is processed and hosted are not available on our site but can be provided upon the first request of the data subjects as soon as possible. You can send us an email at the following address:
pribant@meurice.org.

 

• Do we transfer your data outside the European Union?

We do not transfer data outside the European Union. If we were to transfer data to a country outside the Union, such transfers would only be authorized if and only if:

The European Commission has issued a decision that establishes that this country ensures an adequate level of data protection, i.e., equivalent to that provided by European legislation. Personal data will be transferred on this basis. The transfer is covered by appropriate safeguards providing a level of data protection equivalent to that provided by European legislation, such as the Commission’s standard contractual clauses, a Code of Conduct, a certification, binding corporate rules, or consent.

In the absence of an adequacy decision or appropriate safeguards, a transfer or set of transfers of personal data to a third country remains possible if such transfer is necessary for the establishment, exercise, or defense of legal claims.

 

• What is the retention period for your data?

The retention period varies depending on the purposes of your data processing. This period is limited, taking into account any retention obligations imposed on us by law.

Below you will find the list of purposes and retention periods.

 

Processing activities	Duration
Management of our members’ data	Your data is retained for 3 years after the expiry of your membership term.
Management of pre-contractual relations	The retention period is a maximum of 3 years from our last contact.
Data management for studies and research	The retention period is a maximum of 3 years from our last contact.
Management of collaborations with external companies and organizations	The retention period is a maximum of 3 years from our last contact.
Management of Meurice R&D bodies (AG-CA)	The retention period is 3 years from the loss of administrator status.
Management of suppliers and customers	The retention period is 10 years from the year in which you were accounted for.
Website management	Your data is retained until you decide to delete your account. However, if you have not logged in for 3 years, we will delete your account.
Management of our communication	The retention period is 3 years from the end of the commercial relationship or data collection.
Management of our litigation	The case file is deleted as soon as the judgment becomes final. The judgment is retained for 7 years from the year in which any payment made was recorded, for accounting purposes.

 

• How do we protect your privacy?

In all circumstances, we ensure an adequate level of technical and organizational security for your data, to protect you from any data breach, including loss, destruction, public disclosure, unauthorized access, or any misuse. However, if you become aware of or suspect a data breach, we ask you to report it to us immediately by contacting us.

For security reasons, the list of technical and organizational security measures implemented is not available on our site but can be provided upon the first request of the data subjects.

 

• What are your rights and how to exercise them?

Except where a legal provision in force in Belgium does not permit it, including the GDPR, you have the following rights under the regulations:

• The right of access, including the right to know if we process your data;
• The right to obtain a copy of the processed data;
• The right to rectification of processed data;
• The right to object to the processing of your data, particularly if you wish to withdraw your consent or if your data is processed based on our legitimate interest;
• The right to restrict the processing of processed data;
  • If you dispute the accuracy of this data. Pending the assessment of the interests involved before exercising the right to object to the processing of some of your personal data.
  • If the processing of your personal data is unlawful, but you nevertheless do not wish to exercise your right to erasure of the data.
  • If we no longer need your personal data, but you require it for legal proceedings.
• The right to erasure of processed data. However, this right is not absolute, and we will not be able to comply if a legal obligation compels us to process your data.
• The right to data portability of processed data, namely to retrieve or transfer your personal data that we process, for your personal use, to a third party you designate, and in the format in which we store it.
• The right to lodge a complaint with the Data Protection Authority:

 

www.autoriteprotectiondonnees.be/

Rue de la Presse, 35, 1000 Brussels

Tel.: +32 (0)2 274 48 00

Fax: +32 (0)2 274 48 35

Email:
contact@apd-gba.be

You may also lodge a complaint with the Court of First Instance.

For further information on possible complaints and remedies, you are invited to consult the following address of the Data Protection Authority:

 

https://www.autoriteprotectiondonnees.be/citoyen/agir/introduire-une-plainte

 

Please note that in accordance with Article 89, §2 of the GDPR and Title 4 of the law of July 30, 2018, relating to the protection of natural persons with regard to the processing of personal data, your rights of access, rectification, erasure, restriction, and objection may be limited if they risk making impossible or seriously hindering the achievement of research purposes and if these derogations are necessary to achieve these purposes.

If you require further information on your rights, please contact us.

We will respond to your request as soon as possible and, at the latest, within one month of receiving your request, we will inform you of the actions we have taken.

Depending on the complexity of your request or the number of requests we receive from other individuals, this period may be extended by two months. In this case, we will notify you of this extension within one month of receiving your request.

In all circumstances, when communicating this information, we are always obliged to take into account the rights and freedoms of other individuals.

You can exercise your rights by sending an email to the following address:
pribant@meurice.org
or by postal mail to the following address: Avenue Emile Gryson, 1

Building 10, 1070 Brussels.

We ask our clients to attach to their request the documents or information necessary to prove their identity; otherwise, we may contact them to request proof of identity, such as a copy of their identity card, in order to properly address their request.

Finally, when a request to exercise a right is manifestly unfounded or excessive, particularly due to its repetitive nature, it may be refused or subject to the payment of reasonable fees that take into account the administrative costs incurred to provide the information, make communications, or take the requested measures.

 

• What is the applicable law and competent jurisdiction?

This Policy is governed by Belgian law.

Any dispute relating to the interpretation or execution of this Policy shall be subject to Belgian law and fall within the exclusive jurisdiction of the courts of the judicial district of Brussels.

 

• Do we use trackers?

We use cookies on our websites.

A cookie is a code in the form of a file stored on your computer. During a subsequent visit to our website, these cookies can then be recognized. Cookies help us improve our site or facilitate your navigation.

To learn more about our Cookie Policy, please consult our website, under the “Cookies Policy” tab.

 

• Please note the update to this policy!

This Policy may be updated at any time and without notice of modification. We advise and invite you to consult it regularly.

Last updated on August 6, 2021.