This Cefic privacy policy provides details about the personal data the European Chemical Industry Council, which includes any of its Sector Groups, (hereinafter, “Cefic”, “we” or the “Association”) collects from you as either the individual representative of its members (“Member individuals”), either as one of its Partner’s individual representatives (“Partner individuals”) or as being a non-Member (together “you”).
Members of Cefic consist of its Corporate Members, Business Members, Member Federations and Associate Federations. Cefic’s Partners consist of Partner Associations, Partner Companies and Associate Companies. Membership or Partnership is open to legal entities incorporated in accordance with the laws and practices of their country of origin. Natural persons are not eligible for Membership of or Partnership with the Association. However, as will be set out below, Cefic may process personal data from the Member individuals, Partner individuals or General Public as individuals, in accordance with this Policy.
The aim of this privacy policy is therefore to provide you, as one of these individuals, with transparent and clear information about the data protection practices and policies of Cefic as the data controller. Cefic wants to put you in control of your personal data and to let you understand, in accordance with the applicable legislation, how and why we use your personal data. The concept of personal data is broad and encompasses any type of information related to you, as a directly or indirectly identifiable natural person.
We recommend you read this privacy policy carefully in order to better understand our practices regarding the processing of your data. The protection of your data and privacy is of utmost importance for us at Cefic. We comply with data protection laws, including the European Regulation 2016/679 of 27 April 2016 on the protection of personal data (the "GDPR") and any other applicable national act or regulation regarding the processing of personal data or the protection of privacy.
1. Cefic’s role as a data controller
The data controller responsible for the processing of your data is the European Chemical Industry Council (“Cefic”), having its registered offices at Edmond Van Nieuwenhuyselaan 4, 1160 Oudergem, Belgium.
As a data controller we solely and autonomously determine the purposes and means of the processing of your personal data.
2. What data Cefic collects
We collect and process your personal data only for the purposes set out in this Policy.
In general, Cefic is a not-for-profit making organisation devoted to promote a thriving European Chemical Industry that is broadly recognised to provide sustainable, safe, innovative and resource efficient solutions to foster prosperity, growth and investments in Europe and meet the challenges for future generations. Within this framework, Cefic's main purpose is to serve the Members and the European chemical industry by generating and aggregating scientific knowledge that fosters the purpose of the Association in critical areas and by offering needs-oriented services and expertise to its Members in, amongst others, regulatory, scientific and technical matters. In view of supporting this main purpose, the Association may, in compliance with the antitrust law, promote, defend and represent with particular emphasis on their scientific, technical, pedagogic, environmental, economic, statistical, legal and structural aspects, all matters of common interest to the European chemical industry, in the widest sense, at European and global level, always endeavouring to add value as a collective compared to Member's activities.
It is in this framework of its general purpose and activities that Cefic may process certain personal data of its Member or Partner individuals, or even of any individuals. We describe below the categories of data that we process. The data can be either provided directly by yourself as a representative within a member or partner organisation, or potentially gathered from other sources.
Cefic may, apart from any participation in the governance bodies or other bodies of Cefic, process the following personal data about you as a Member or Partner individual:
- first name, last name
- e-mail address
- address, incl. country
- phone and mobile phone numbers
- passport and ID details
- travel details
- national nongovernmental federation or company; position
- Academic record or qualification/skills; biographical info
- dietary requirements or allergies
Since, in accordance with their respective category of membership, Cefic Members shall have amongst others also the rights to be eligible for a position in the governance bodies or other bodies of the Association, Cefic may also process personal data of the Member individuals as it does for other individuals having a position in these bodies.
Furthermore, as an event participant, Member or Partner individuals may be asked to register and give their first name, last name, e-mail address, address, phone and mobile phone number, passport and ID details, travel details, position and any dietary requirements or allergies.
Cefic may process the following personal data about you as General Public:
- first name, last name
- e-mail address
- address, incl. country
- phone and mobile phone numbers
- passport and ID details
- travel details
- dietary requirements or allergies
- Picture
Furthermore, as an event participant, all individuals may be asked to register and give their first name, last name, e-mail address, address, phone and mobile phone number, passport and ID details, travel details, position and any dietary requirements or allergies, or be photographed during the event.
3. On which legal basis and for what purposes do we process your data?
We always process your personal data on the basis of and within the boundaries of the legal bases as those are laid down under applicable law. We also ensure to limit the processing of your personal data to what is strictly necessary for the achievement and performance of these purposes.
3.1 Your consent
When we process your personal data, beyond the usual interactions with Member individuals, Partner individuals and our institutional communication, we strive to rely on your consent as often as possible, to put you in control of your personal data. Subject to obtaining your prior and specific consent and in accordance with the applicable law, we may process your personal data, such as e-mail address, for instance in order to send you personalised information, newsletters or various publications to which you subscribe. You always have the right to withdraw your consent at any time.
3.2 Performance of our duties
We may also process your personal data where this is necessary for the performance of our legal duties or the performance of our contractual obligation towards you. In such a case, we limit the processing of your personal data to the extent of what is strictly necessary.
(a) Legal obligation
If a Member individual is eligible for a position in a body or governance body of the Association, the Association may process personal data of the Member individuals for the functioning in its governance bodies, such as Board Members administration, management, voting procedures and related, following from the statutes and Title III of the Belgian law of 27 June 1921 on non-profit associations, foundations, European political parties and European political foundations.
Partner individuals’ personal data will not be processed in the context of these activities, unlike what could be the case for Member individuals. Partners do not have the right to participate in the meetings of the General Assembly, of the Board or of the Executive Committee. Partners are not eligible for a position in the governance bodies or other bodies of the Association.
(b) Contract
We process Member individuals and/or Partner individuals personal data for the performance of the contract with Cefic. This information can help Cefic with the administration of certain Member individuals or Partner individuals to allow the Association to perform its tasks and activities or allow for communications for formal meetings. In particular, this information is needed for and facilitates the general administration/registration of Member individuals or Partner individuals.
In the framework of specific working groups or bodies, we may process your personal data as an individual allowed to access the Cefic internal website.
We also process personal data for the purpose of the event registration, namely to ensure the good processing and follow-up of your registration form when organising Cefic’s events. This data is provided directly by Member or Partner individuals participating or registering for an event. We limit the processing of Event Participants’ personal data to what is strictly necessary for the achievement and performance of this purpose.
3.3 Legitimate interests of Cefic
When not strictly necessary for any of the abovementioned reasons, Cefic may also process your personal data for other purposes, falling under the achievement and the realisation of its legitimate interests. In such a case, however, Cefic strives to maintain a fair balance between the need to process your data and the preservation of your rights and freedoms, including the protection of your privacy. Whenever this is the case, Cefic will keep you informed about what type of legitimate interest we are pursuing and provide you with transparent information about the processing operations and your rights.
Against this background, we may process your personal data for the following reasons:
- to contact policymakers, stakeholders and journalists on legislative issues, and communicate the position of Cefic on policy issues;
- to manage the communication and updates to Cefic’s Member or Partner individuals (news, updates, activities) not falling under the abovementioned communications;
- to publish newsletters and website stories;
- to draft and publish Cefic's annual report;
- to manage the membership or partnership relationship and to ensure an effective relationship between the Association and its Members/Partners.
4. With whom and how do we share your data?
Your personal data will never be shared with third parties without your express prior consent. The only exceptions to this apply in the following cases:
4.1 For prosecution reasons
Where required in order to investigate the unlawful use of our services or for the purposes of prosecution, personal data will be disclosed to the relevant law enforcement authorities and, where applicable, to any third-party claimants. However, such a course of action will only take place if there is concrete evidence of unlawful conduct or misuse. In such cases, your data may also be shared if doing so is required for the fulfilment of terms and conditions of use or other agreements. If requested, we are also legally obligated to disclose such data to certain public authorities, such as law enforcement bodies, authorities that penalise offences with financial penalties, and financial authorities.
In these cases, data is disclosed on the basis of our legitimate interest in combating misuse, aiding the prosecution of criminal offences, and aiding the establishment, assertion and enforcement of claims, in line with point (f) of Article 6(1) of the GDPR. If you require further information about the balancing of interests that must be carried out in accordance with point (f) of Article 6(1) of the GDPR, please contact us using the details provided below.
4.2 Processors
We rely on contractually bound third-party companies and external service providers (referred to as “processors”) in order to provide our services. In such cases, personal data will be shared with these processors in order to allow them to continue providing their services. Personal data is also shared with bodies such as the Industry Sector Groups or Programme Councils within Cefic. The processors have been carefully selected by us and are subject to regular audits. The processors are permitted to use the data only for the purposes specified by us. Furthermore, they are contractually obligated to handle your data exclusively in accordance with this privacy policy and in line with the applicable data protection laws.
More specifically, we use the services of the following processors in particular:
- providers for conference organisation ;
- service providers for the distribution of newsletters or the execution of surveys
- service providers for study research, statistics, scientific studies, etc.;
- bodies of Cefic, including but not limited to the Industry Sector Groups (such as Euro Chlor, Petrochemicals, Specialty Chemicals) and Programme Councils (such as Product Stewardship, HSE, Responsible Care & Supply Chain, Industrial Policy, Product Stewardship and Innovation);
- logistics service providers, for the purpose of sending you materials relating to the Association’s activities ;
- payment service providers for the purpose of processing all payments from you to us or vice versa ;
- IT service providers for the provision of hardware and software and for the implementation of maintenance work
- business Development (such as audit authorities).
Data is disclosed to processors on the basis of Article 28(1) of the GDPR or, alternatively, on the basis of our legitimate interests in the economic and technical advantages associated with the use of specialised processors and on the basis of circumstances in which your rights and interests in the protection of your personal data are not overridden (see point (f) of Article 6(1) of the GDPR). If you require further information about the balancing of interests that must be carried out in accordance with point (f) of Article 6(1) of the GDPR, please contact us using the details provided above.
5. What are your rights?
5.1 Access, rectification, erasure, portability and objection rights
For all the purposes defined above, and subject to applicable data protection laws, you have the following rights:
- the right to ask us to provide you with copies of personal data that we hold about you at any time, which include the right to ask us: whether we process your personal data, for what purposes; the categories of data; the recipients to whom the data are shared;
- the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you;
- the right to withdraw your consent where such consent has been given;
- the right to erasure within the limits afforded by data protection legislation;
- the right to oppose to the processing of your personal data, within the limits afforded by data protection legislation;
- the right to data portability within the limits afforded by data protection legislation.
5.2 How to exercise those rights?
You may at any time exercise the abovementioned rights in accordance with data protection regulations, by sending a request with a copy of your ID card (passport or other proof of identity) to [●] or in writing at Edmond Van Nieuwenhuyselaan 4, 1160 Oudergem, Belgium, (or at Rue Belliard 40 b15, 1040 Brussels, as of January 1st, 2019) and subject to complying with our reasonable requests to verify your identity.
5.3 Right to lodge a complaint
You can also lodge a complaint to the Belgian Data Protection Authority either by post at rue de la Presse 35, 1000 Brussels, or by e-mail at This email address is being protected from spambots. You need JavaScript enabled to view it. or by phone at +32 2 274 48 00 or first-line assistance at +32 2 274 48 78.
6. How long do we keep your personal data?
We will not store your personal data beyond the time necessary for the performance of the purposes for which the data is processed. Specifically, we distinguish between a retention period and an archiving period:
- The retention period is the maximum period of use of your personal data for specific purposes:
- the data processed for the execution of the contractual relationship or the performance of a legal duty is kept for the entire duration of the contract, or as long as the legal duty applies, and for the prescription period upon termination of the contract or of the legal obligation;
- the data processed for other purposes may be retained for a longer period during which we will reassess the need to keep this data and pseudonymize the data where it does not affect the realisation of the purposes.
- The archiving period meets our legal obligation as well as the legal need to retain your data beyond the retention period for evidentiary purposes or to respond to requests for information from the competent authorities.
7. How do we protect your personal data?
We take appropriate technical and organisational measures to safeguard and protect your personal data, against unauthorised or unlawful processing and against accidental destruction, loss, access, misuses, damage and any other unlawful forms of processing of the personal data in our possession.
8. How to contact us?
If you have any questions or comments about this privacy policy, if you would like to exercise your rights, or to update the information we have about you or your preferences, please contact us at privacy[@]cefic.be
Last updated: 27th of November 2018