ErfgoedApp is a product of FARO. Flemish Support Centre for Cultural Heritage
I. INTRODUCTION
This privacy policy explains how FARO, Flemish centre for cultural heritage, handles the personal data of its customers, users (natural persons) and all other natural persons who are in contact with FARO (hereinafter referred to as 'you'). Personal data is any form of information that allows you, directly or indirectly, to identify yourself as a natural person.
FARO attaches great importance to protecting your personal data and fully respects your privacy. FARO therefore handles and protects your personal data in a lawful, proper and transparent manner. When processing your personal data, FARO evidently complies with the law, i.e. from 25 May 2018 the European Data Protection Regulation No. 2016/679 of 27 April 2016 (better known as the General Data Protection Regulation or the "GDPR") or any other legislative act that amends it.
More information on the protection of personal data can be obtained from the Belgian Commission for the Protection of Privacy, called the Data Protection Authority from 25 May 2018.
We invite you to read this statement carefully to understand FARO's policy in this area. This statement is updated regularly. The most recent version of the statement is available on our website. We will notify you through our usual communication channels if there are any significant changes.
II. WHO IS THE DATA CONTROLLER?
FARO, Vlaams steunpunt voor cultreel erfgoed vzw (BE0893.863.017), Priemstraat 51, 1000 Brussels, [email protected], Tel. +32 (0)2 213 10 60, is the controller of your data processing.
FARO is the party responsible to the Data Protection Authority for the processing of your personal data. FARO determines the purposes for which your personal data is processed, the means used and the processing characteristics.
FARO may use specialised service providers to process your personal data on FARO's behalf and as instructed by FARO in accordance with this Privacy Policy. Only the personal data which is strictly necessary shall be passed on to these service providers (hereinafter referred to as "FARO's Processors").
III. WHAT CATEGORIES OF PERSONAL DATA DOES FARO PROCESS?
Below is an overview of the categories of personal data that FARO may process. Other data may also be processed if this is necessary or useful for the continuation of the contractual relationship with FARO.
The context in which FARO acquires or processes these data is indicated. This table should be read together with the description of the purposes for which FARO processes the data.
Category | Examples | Context |
Identity data | Surname, first name, title, address, place and date of birth, nationality, fixed or mobile telephone number and e-mail address, national registration number | This data is provided by you. |
Invoicing data | Account number | This data is provided by you. |
Professional data | Job title, name of the organisation you work for, professional fields of interest. | This data is provided by you. |
Visual material | Photo or camera images | These images may be taken when you participate in our activities. |
FARO does not process data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or life data or data revealing your sexual orientation, or genetic or biometric data.
FARO will only process national registration numbers of persons who enter into a contractual relationship with us on behalf of actual associations, in particular as customers of the lending service (https://www.uitleendiensterfgoed.be).
The ErfgoedApp does not collect personal data, the use of the app is completely anonymous.
The ErfgoedApp requests permission to use the camera, location, bluetooth. This is only for the proper functioning of the app. Location we only use briefly for the operation of the map and localization to give you information at heritage on location. We also use your location to sort the tours according to where you are.
The ErfgoedApp measures which tours and content has been accessed by the app, we store this data as statistics for the use of the app and to provide feedback to tour creators. These statistics cannot be linked to individuals and are therefore anonymous.
We use bluetooth for our heritage beacons to give you more information in an exhibit based on where you are. The location cannot be linked to a person, so the use is anonymous.
IV. FOR WHAT PURPOSES DOES FARO PROCESS YOUR PERSONAL DATA?
FARO collects and processes your personal data only for the purposes described below. FARO ensures that only the necessary and relevant data is processed for a given purpose. FARO processes your data in the situations permitted by law, in particular:
- In order to perform a contract with you or to take certain measures at your request prior to the conclusion of this contract.
- for the protection of FARO's legitimate interests, balancing these interests with your fundamental rights and freedoms.
- in specific cases, with your consent, following a specific and unequivocal request preceded by clear and comprehensible information; you may withdraw this consent at any time in accordance with the law.
- to comply with legal obligations or, to the extent permitted by us, with any reasonable request from competent police authorities, judicial authorities, governmental institutions or bodies, including competent data protection authorities.
1. CONTRACTUAL RELATIONS BETWEEN FARO AND YOU AS A CUSTOMER
Before concluding contracts, FARO may need to obtain and process certain data, in particular in order to respond to your request or to assist you in providing information and in concluding the contract.
In the context of ongoing contracts or the management of contracts, FARO needs to process a certain amount of data, in particular in order to comply with administrative and accounting obligations. In this context, your data may be transferred internally within FARO to various departments or employees, including those who are not necessarily directly responsible for the relationship with you or for the performance of a particular contract.
More specifically, FARO processes your data when you purchase products and publications from FARO, when you register for our (training) activities, when you reserve a meeting room at FARO, when you subscribe to our magazine, when you borrow a publication from our library or when you borrow other materials from FARO. FARO may process your personal data for other additional purposes in the context of the relationship with you and the execution of contracts.
2. LEGITIMATE INTERESTS OF FARO
FARO also processes your data for the fulfilment of its legitimate interests. In doing so, FARO strives to strike a fair balance between the need to process data and respect for your rights and freedoms, including the protection of privacy. Personal data is processed for, among other things:
- Personalisation of FARO's services and communications.
- the improvement of the quality of the services provided to you by FARO by:
- Evaluation and improvement of processes, including campaigns and sales, through statistical analysis, satisfaction surveys and various other research methods.
- Improvement of existing products (or those under development), based on surveys, statistics, tests and customer feedback via social networks (e.g. Twitter, Facebook) linked to FARO.
- monitoring and evaluating FARO's activities, including the number of visits to FARO's website, the nature of the (advice) questions asked, etc.
- the preparation of studies and statistics, using anonymisation and pseudonymisation of data subjects.
- the training of our staff through the use of practical examples for illustration, using anonymisation and pseudonymisation of the data subjects.
- The use of cookies to improve the convenience of visitors to our websites. More information about our cookie policy: https://faro.be/cookiesbeleid.
- The preservation of evidence, including in the context of establishing, exercising, defending and preserving the rights of FARO or of any person it represents, for example for the purposes of collection procedures or litigation.
3. SPECIFIC LEGITIMATE INTEREST OF FARO: CONVENTIONAL DIRECT MARKETING
FARO performs customer segmentation - in particular according to your needs - for example, in order to offer you services that are better suited to your professional interests. To this end, FARO can, among other things:
- analyse your search or surfing behaviour through different channels (e-mails, websites, mobile apps) and derive your preferences in order to personalise certain information and communication for you. More specifically, we use Google Analytics and Google Tag Manager, as well as tracking pixels in our newsletters, so that we can monitor to what extent our newsletters are being read. FARO does not use social media 'share buttons' on our websites, which can be used by these social media to track your surfing behaviour. However, we may occasionally use social media plug-ins or 'widgets' on our websites, which may be used by these social media to track your surfing behaviour.
- adapt the advertisements or messages on the web pages so that they correspond to the interest you have shown through your surfing behaviour on our websites or social networks, or through your presence at an activity or other event at which FARO was present (e.g. a trade fair).
- facilitating the filling in of forms by filling in certain fields with already known data and asking you to verify the accuracy of this data and to update it if necessary.
4. YOUR CONSENT TO THE PROCESSING AND SENDING OF ELECTRONIC MESSAGES (ELECTRONIC DIRECT MARKETING)
FARO may process your personal electronic contact data (e.g. your e-mail address) in order to send you electronic messages and invitations by name to:
- Keep you informed in general about our range of activities, events, services and products via newsletters, e-mails, social media channels, etc. However, FARO will not use your mobile phone number for direct marketing purposes.
- to be able to inform you about activities and professional developments that may be of particular interest to you in a more targeted way, based on your professional interests in the field of cultural heritage, through the channels mentioned above.
- to inform and involve you in our work as a donor to our organisation.
By accepting this Privacy Policy, you consent to the processing of your personal data for electronic direct marketing purposes and the sending of electronic messages. FARO will not use your mobile phone number for direct marketing purposes.
For some newsletters we may use external mail services, in particular Sparkpost. By subscribing to these newsletters, you acknowledge that your email address will be transferred to these external mail services for processing in accordance with the privacy policy and conditions of these external mail services.
5. LEGAL OBLIGATION
Within the framework of the fight against the Coronavirus and in accordance with the decisions of the National Security Council, FARO may pass on your contact details (specifically your name, e-mail address and/or your telephone number) which FARO processes about you as a participant in our activities, to the competent government services in charge of contact tracing.
V. TO WHOM DOES FARO TRANSFER YOUR PERSONAL DATA?
FARO treats your personal data with the utmost care and shares your data only in order to offer you the best services in the execution of its assignment. FARO may send your data to organisations with which it is directly or indirectly linked.
In some cases, FARO is required by law to share your data with third parties, including:
- governmental or supervisory authorities where there is a legal obligation to transmit information;
- judicial investigation authorities at their express request.
FARO may also transfer your data to specific service providers to assist with:
- Design and maintenance of computer equipment and internet applications or hosting services;
- the provision of communication services, including online and social networking providers;
- preparing reports and statistics, printing documents and designing products or services;
- The organisation of events and the management of customer communications.
In the aforementioned cases, FARO shall ensure that third parties have only limited access to the personal data necessary to perform the specific tasks required. FARO shall also ensure that third parties undertake to use the personal data in a secure and confidential manner and in accordance with FARO's instructions and its Data Protection Policy.
FARO will only store your personal data on servers located within the European Economic Area (EEA) or in a country or company deemed safe by the European Union in accordance with the Privacy Shield Framework.
VI. HOW LONG WILL YOUR PERSONAL DATA BE KEPT?
FARO will retain your personal data for no longer than is necessary for the purposes for which the data was collected.
This period is linked to FARO's legal and tax obligations, as well as the legal necessity to retain your data beyond the retention period for purposes of proof or to respond to requests for information from the competent authority, i.e. 10 years within the framework of FARO's contractual liability.
Outside this period, your personal data will be deleted or anonymised.
VII. HOW IS YOUR PERSONAL DATA PROTECTED?
FARO maintains strict standards to protect the personal data under its control from unauthorised or unlawful processing and from accidental loss, destruction or damage.
FARO therefore takes technical and organisational measures such as encryption, anti-virus firewalls, access controls, strict selection of employees and suppliers, to prevent and detect unauthorised access, loss or disclosure of your personal data.
In particular, all persons who may learn about your data on behalf of FARO are informed about the importance of protecting personal data and are aware of its confidential nature. FARO maintains a password policy on its CRM and database systems and backs up personal data in order to be able to restore it in case of physical or technical incidents.
In the unlikely and unfortunate event that your personal information under FARO's control is compromised by an information security breach, FARO will act promptly to identify the cause of such breach and take action through appropriate measures. If necessary, FARO will notify you of this incident in accordance with applicable law.
VIII. WHAT ARE YOUR RIGHTS CONCERNING THE PROCESSING OF YOUR PERSONAL DATA ?
1. RIGHT OF ACCESS, RECTIFICATION, RESTRICTION, ERASURE, PORTABILITY OF DATA AND OBJECTION
For the purposes stated above, you:
- A right of access to your personal data at FARO. This means that you can ask FARO whether it processes your personal data, for what purposes such data is processed, what categories of data are processed, and to whom they are communicated.
- a right of correction if you find that your personal data is incorrect or incomplete.
- A right to restriction if, for example, you contest the accuracy of your personal data and for a period that allows FARO to verify this.
- A right to erasure of your personal data. When your contract with FARO has ended, you may ask FARO to delete your personal data if it is no longer necessary for the purposes for which it was collected. You also have the possibility of requesting at any time the erasure of personal data processed by FARO on the basis of your consent, unless FARO has another legal basis or a legitimate interest under the law for the processing. In any case, FARO may retain this personal data if required for purposes of proof in legal proceedings.
- a right to the portability of data which you have provided to FARO, if your personal data are processed on the basis of a contract or on the basis of your consent to the sending of electronic communications and if these personal data are processed with the aid of automated processes. Under this right you may ask FARO to transfer your personal data to yourself or directly to another data processor, insofar as this is technically possible for FARO.
- a right to object to the processing of your data for the purposes specified. However, FARO may, in certain cases, continue to process personal data if there are compelling legitimate grounds for doing so or if grounds exist relating to the establishment, exercise or substantiation of legal claims.
You may exercise your rights by sending a written request, dated, signed and accompanied by a copy of your proof of identity, by post to FARO, Rue de la Priem 51, 1000 Brussels, or by email to [email protected].
2. RIGHT TO OBJECT TO SENDING ELECTRONIC MESSAGES (DIRECT MARKETING)
Previously, your consent was requested to process and use your electronic contact details for direct marketing actions or electronic newsletters. This applies in particular to communications to your e-mail address. FARO will not use your mobile phone number for direct marketing purposes.
You have the right to object to the processing of your personal data for electronic direct marketing and to object to the future receipt of such communications. You can inform us of this in the following ways:
- by sending a signed letter by post with a copy of your identity card enclosed, to FARO, Rue Priem 51, 1000 Brussels;
- by sending a (scan of the) signed letter and your identity card to [email protected];
- By clicking on a link or button at the bottom of an e-mailing or electronic newsletter sent to you by FARO, to unsubscribe from this mailing or newsletter so that you do not receive it again.
However, the exercise of the right to object shall not prevent FARO from contacting you for any other purpose, including a legal obligation or performance of a contract, in accordance with this statement.
3. RIGHT TO USE YOUR IMAGE
If you participate in FARO activities, you may be depicted in a photograph or video footage. You agree that we may use those images on our websites, or in our newsletters, social media channels and in our publications, e.g. the magazine. If you believe that your image is being used by FARO without your consent, you may notify us by sending a written, dated and signed request by mail to FARO, Priemstraat 51, 1000 Brussels or by email to [email protected]. We will then remove this image if possible.
4. RIGHT TO LODGE A COMPLAINT
If you have any complaints regarding the processing of your personal data, you can contact us by mail at FARO, Rue Priem 51, 1000 Brussels, or by email at [email protected].
You may also file a complaint with the Belgian Data Protection Authority, by mail at Rue du Palais 15, 1000 Brussels, or by email to [email protected], or to the Flemish Supervisory Commission.
See also:
cookie policy
general terms and conditions of use of websites and apps
sales and registration conditions