Privacy Policy ErfgoedApp

ErfgoedApp is a product of FARO. Flemish support center for cultural heritage vzw

I. INTRODUCTION

This privacy policy explains how FARO, Flemish support center for cultural heritage handles the personal data of its customers, users (natural persons) and all other natural persons in contact with FARO (hereinafter referred to as 'you'). Personal data means any form of information that allows you to identify yourself directly or indirectly as a natural person.

FARO attaches great importance to the protection of your personal data and fully respects your privacy. FARO therefore handles and protects your personal data in a lawful, proper and transparent manner. When processing your personal data, FARO evidently complies with the law, i.e. as of May 25, 2018, the European Data Protection Regulation No. 2016/679 of April 27, 2016 (better known as the General Data Protection Regulation or the "GDPR") or any other legislative act amending it.

More information on the protection of personal data can be obtained from the Belgian Privacy Commission, called the Data Protection Authority as of May 25, 2018.

We invite you to read this statement carefully so that you know and understand FARO's policy in this area. This statement is updated on a regular basis. The most recent version of the statement is available on our website. We will notify you through the usual communication channels if any significant changes are made.

II. WHO IS THE CONTROLLER ?

FARO, Vlaams steunpunt voor cultreel erfgoed vzw (BE0893.863.017), Grasmarkt 105 bus 44, 1000 Brussels, [email protected], Tel. +32 (0)2 213 10 60, is the controller of your data processing.

FARO is the one who is accountable to the Data Protection Authority for the processing of your personal data. FARO determines the purposes for which your personal data are processed as well as the means used and the processing characteristics.

FARO may use specialized service providers to process your personal data on behalf of FARO and according to FARO's instructions in accordance with this Privacy Policy. Only the personal data strictly necessary will be transmitted to these service providers (hereinafter referred to as FARO's "processors").

III. WHAT CATEGORIES OF PERSONAL DATA DOES FARO PROCESS ?

The categories of personal data that FARO may process are listed below. Other data may also be processed if necessary or useful for the continuation of the contractual relationship with FARO.

This indicates the context in which FARO obtains or processes these data. This table should be read together with the description of the purposes for which FARO processes the data.

Category	Examples	Context
Id.	Name, first name, title of address, address, place and date of birth, nationality, fixed or mobile telephone number and e-mail address, national registration number	This data is provided by you.
Billing information	Account number	This data is provided by you.
Professional data	Job title, name of the organization you work for, professional areas of interest.	This data is provided by you.
Images	Photo or camera footage	These images may be taken when you participate in our activities.

FARO does not process data that reveals your racial or ethnic origin, or your political opinions, religious or philosophical beliefs, trade union membership, health or life data or data about your sexual orientation, or genetic or biometric data.

FARO will only process national register numbers of persons who enter into a contractual relationship with us on behalf of actual associations, specifically as customers of the lending service (https://www.uitleendiensterfgoed.be).

The ErfgoedApp does not collect any personal data; use of the app is completely anonymous.

The ErfgoedApp request permission to use the camera, location, bluetooth. This is only for the proper operation of the app. Location we use only briefly for the operation of the map and locating to give you information at heritage on location. We also use your location to sort the tours according to where you are.

The ErfgoedApp measures which tours and content has been accessed by the app, we store this data as statistics for the use of the app and to feed back to the creators of tours. These statistics cannot be linked to individuals and are therefore anonymous.

We use bluetooth for our heritage beacons to give you more information in an exhibit based on where you are. The location cannot be linked to a person, so usage is anonymous.

IV. FOR WHAT PURPOSES DOES FARO PROCESS YOUR PERSONAL DATA ?

FARO collects and processes your personal data only for the purposes described below. FARO ensures that only necessary and relevant data are processed for a particular purpose. FARO processes your data in the situations permitted by law, specifically:

to perform a contract with you or to take certain actions at your request prior to the conclusion of this contract.
for the protection of the legitimate interests of FARO, balancing those interests with your fundamental rights and freedoms.
in specific cases, with your consent, as a result of a specific and unambiguous request, preceded by clear and comprehensible information; you may withdraw this consent at any time in accordance with the law.
to fulfill legal obligations or, to the extent permitted by us, to comply with any reasonable request from competent police forces, judicial authorities, government agencies or bodies, including competent data protection authorities.

1. CONTRACTUAL RELATIONSHIPS BETWEEN FARO AND YOU AS A CUSTOMER

Before concluding contracts, FARO sometimes needs to obtain and process certain data, in particular to respond to your request, or to assist you in providing information and in concluding the contract.

In the context of ongoing contracts or the management of contracts, FARO needs to process some data, in particular to comply with administrative and accounting obligations. In this context, your data may be sent internally within FARO to various departments or employees, including employees who are not necessarily directly responsible for the relationship with you or for the performance of a particular contract.

Specifically, FARO processes your data, for example, when you purchase products and publications from FARO, when you register for our (training) activities, when you reserve a meeting room with FARO, when you subscribe to our magazine, when you borrow a publication from our library, or when you borrow other materials from FARO. FARO may process your personal data for other additional purposes as part of its relationship with you and the performance of contracts.

2. LEGITIMATE INTERESTS OF FARO

FARO also processes your data for the fulfilment of its legitimate interests. In doing so, FARO strives to strike a fair balance between the need to process data and respect for your rights and freedoms, including the protection of privacy. Personal data is processed for, inter alia:

Personalizing FARO's services and communications.
improving the quality of FARO's services provided to you by:
Evaluation and improvement of processes, including campaigns and sales, through statistical analysis, satisfaction surveys and various other research methods.
improvement of existing (or under development) products, based on surveys, statistics, tests and customer feedback via social networks (e.g., Twitter, Facebook) linked to FARO.
Monitoring and evaluation of FARO's activities, including the number of visits to FARO's Web site, the nature of the (consulting) questions asked, etc.
preparing studies and statistics, using anonymization and pseudonymization of data subjects.
the training of our staff through the use of practical examples for illustration, using anonymization and pseudonymization of data subjects.
The use of cookies to improve the ease of use for visitors to our websites. Learn more about our cookie policy: https://faro.be/cookiesbeleid.
the preservation of evidence, among other things, in the context of establishing, exercising, defending and preserving the rights of FARO or all persons it represents, for example, for collection proceedings or litigation.

3. FARO'S SPECIFIC LEGITIMATE INTEREST: CONVENTIONAL DIRECT MARKETING

FARO carries out customer segmentation - in particular according to your needs - in order to offer you, for example, services that better match your professional interests. To this end, FARO can, among other things:

analyze your search or browsing behavior across different channels (emails, websites, mobile apps) and derive your preferences in order to personalize certain information and communications for you. Specifically, we use Google Analytics and Google Tag Manager and tracking pixels in our newsletters so that we can track the extent to which our newsletters are read. FARO does not use social media 'share buttons' on our websites, which can be used by these social media to track your browsing behavior. However, we may occasionally use social media plug-ins or 'widgets' on our websites, which can be used by these social media to track your surfing behavior.
customize the advertisements or messages on the web pages to match the interest you have demonstrated through your browsing behavior on our websites or social networks, or through your attendance at an activity or other event where FARO was present (e.g., a trade show).
simplify form filling by already filling in certain fields with already known data and asking you to verify the accuracy of this data and update it if necessary.

4. YOUR CONSENT TO THE PROCESSING AND SENDING OF ELECTRONIC MESSAGES (ELECTRONIC DIRECT MARKETING)

FARO may process your personal electronic contact information (e.g., your e-mail address) to send you named electronic messages and invitations to:

keeping you generally informed of our range of activities, events, services and products via newsletters, emails, social media channels, etc. However, FARO will not use your mobile phone number for direct marketing purposes.
Based on your professional fields of interest related to cultural heritage, to be able to inform you in a more targeted way about activities and professional developments that may be of particular interest to you, through the channels mentioned above.
Inform and involve you as a donor to our organization.

By accepting this privacy policy, you consent to the processing of your personal data for electronic direct marketing purposes and the sending of electronic messages. FARO will not use your mobile phone number for direct marketing purposes.

For some newsletters, we may use third-party mail services, specifically Sparkpost. By signing up for these newsletters as a subscriber, you acknowledge that your email address will be transferred to these third-party mailing services for processing in accordance with the privacy policies and terms of these third-party mailing services.

5. LEGAL OBLIGATION

Within the framework of the fight against the Coronavirus and in accordance with the decisions of the National Security Council, FARO may transmit your contact information (specifically, your name, e-mail address or/and your phone number) that FARO processes from you as a participant in our activities to the competent government agencies in charge of contact tracing.

V. TO WHOM DOES FARO TRANSFER YOUR PERSONAL DATA?

FARO treats your personal data with the utmost care and shares your data only to offer you the best services in the performance of its mission. FARO may send your data to organizations with which it is directly or indirectly affiliated.

In some cases, FARO is required by law to share your information with third parties, including:

government agencies or regulatory authorities when there is a legal obligation to transfer information;
judicial investigative bodies at their express request.

FARO may also transfer your information to specific service providers to assist with:

Design and maintenance of computer equipment and Internet applications or hosting services;
Providing communication services, including online and social networking providers;
preparing reports and statistics, printing documents and designing products or services;
organizing events and managing customer communications.

In the above cases, FARO will ensure that third parties only have limited access to the personal data necessary to perform the required specific tasks. FARO will also ensure that third parties undertake to use and use the personal data in a secure and confidential manner in accordance with FARO's instructions and its data protection policy.

FARO only stores your personal data on servers within the European Economic Area (EEA) or within a country or company considered secure by the European Union in accordance with the Privacy Shield Framework.

VI. HOW LONG WILL YOUR PERSONAL DATA BE KEPT ?

FARO will not retain your personal data longer than necessary to fulfill the purposes for which the data are collected.

This period is linked to FARO's legal and tax obligations, as well as the legal need to keep your data beyond the retention period for evidence or to respond to requests for information from the competent authority, being 10 years in the context of FARO's contractual liability.

Outside of this period, your personal data will be deleted or anonymized.

VII. HOW ARE YOUR PERSONAL DATA PROTECTED ?

FARO maintains strict standards to protect the personal data under its control from unauthorized or unlawful processing and from accidental loss, destruction or damage.

FARO therefore takes measures of a technical and organizational nature, such as encryption, antivirus firewalls, access controls, strict selection of employees and suppliers, to prevent and detect inappropriate access, loss or disclosure of your personal data.

In particular, all persons who may access your data on behalf of FARO are informed of the importance of protecting personal data and are aware of its confidential nature. FARO maintains a password policy on its CRM and database systems and backs up personal data in order to recover it in case of physical or technical incidents.

In the unlikely and unfortunate event that your personal data under FARO's control is compromised by an information security breach, FARO will act promptly to identify the cause of such breach and take action through appropriate measures. If necessary, FARO will notify you of such incident in accordance with applicable law.

VIII. WHAT ARE YOUR RIGHTS WHEN PROCESSING YOUR PERSONAL DATA ?

1. RIGHT OF ACCESS, CORRECTION, RESTRICTION, ERASURE, TRANSFERABILITY OF DATA AND OBJECTION

For the purposes stated above, you have:

A right to access your personal data with FARO. This means that you may ask FARO whether it processes your personal data, for what purposes the data are processed, what categories of data are processed, and to whom they are disclosed.
A right of correction if you determine that your personal data is inaccurate or incomplete.
A right to limitation if, for example, you dispute the accuracy of your personal data and for a period that allows FARO to verify it.
a right to erasure of your personal data. When your contract with FARO has come to an end, you may ask FARO to delete your personal data if it is no longer necessary for the purposes for which it was collected. You also have the possibility to request the erasure of personal data processed by FARO on the basis of your consent at any time, unless FARO has another legal basis or a legitimate interest according to law for the processing. In any case, FARO may keep such personal data if required for evidentiary purposes in the context of legal proceedings.
A right to portability of data you have provided to FARO if your personal data are processed on the basis of a contract or on the basis of your consent to the sending of electronic communications and such personal data are processed through automated processes. Under this right, you may ask FARO to transfer your personal data to yourself or directly to another data controller, to the extent technically feasible for FARO.
A right to object to the processing of your data for the purposes stated. However, FARO may continue to process personal data in certain cases if there are compelling legitimate grounds for the processing, or if there are grounds relating to the establishment, exercise or support of a legal claim.

You may exercise your rights by sending a written request that is dated, signed and with a copy of your ID enclosed, by mail to FARO, Grasmarkt 105 bus 44, 1000 Brussels, or by email to [email protected].

2. RIGHT TO OPPOSE THE SENDING OF ELECTRONIC MESSAGES (DIRECT MARKETING)

Previously, your consent was requested to process and use your electronic contact information for direct marketing promotions or electronic newsletters. Thus, this applies particularly to communications to your e-mail address. FARO will not use your cell phone number for direct marketing purposes.

You have the right to object to the processing of your personal data for electronic direct marketing and to oppose the future receipt of such communications. You may make this known to us in the following ways:

by sending a signed letter by mail with a copy of your identity card enclosed, to FARO, Grasmarkt 105 bus 44, 1000 Brussels;
by sending a (scan of the) signed letter and your ID card to [email protected];
by clicking a link or button at the bottom of an e-mailing or electronic newsletter sent to you by FARO, to unsubscribe ("unsubscribe") or unsubscribe from this mailing or newsletter so that you no longer receive it.

However, exercising the right to object will not prevent FARO from contacting you for any other purpose, including a legal obligation or performance of a contract, in accordance with this statement.

3. RIGHT TO USE YOUR IMAGE

If you participate in FARO activities, it is possible that you may be depicted in a photo or in video footage. You agree that we may use those images on our websites, or in our newsletters, social media channels and in our publications, e.g., the magazine. If you believe that your image is being used by FARO without your permission, you may notify us by sending a written, dated and signed request by mail to FARO, Grasmarkt 105 bus 44, 1000 Brussels or by email to [email protected]. We will then remove this image if possible.

4. RIGHT TO FILE A COMPLAINT

If you have complaints regarding the processing of your personal data, you may contact us by mail to FARO, Grasmarkt 105 bus 44, 1000 Brussels, or by e-mail to [email protected].

You may also file a complaint with the Belgian Data Protection Authority, by mail at Rue du Printing Press 15, 1000 Brussels, or by e-mail to [email protected], or to the Flemish Supervisory Commission.