Privacy Policy

The privacy policy is essential to us!

Preamble

Solvay Consulting Club values your private life and enforces a data protection policy in conformity with its legal obligations. We thereby inform you of the way we will process your personal data and ensure that this data processing meets your best interests.
Please note that the terms contained in this Privacy Policy must be understood in their gender-neutral meaning

ARTICLE 1. PARTIES AND PURPOSE OF THE PRIVACY POLICY

                   1.1         Generalities

The Data controller is Solvay Brussels School Student Consulting Club (hereinafter referred to as “SCC” or the “Data controller”), an A.S.B.L./vzw (non-profit organisation), having its registered office at Avenue Franklin Roosevelt 50, 1050 Brussels, Belgium, registered with the Crossroads Bank for Enterprises under the company number BE 0508.880.113.
SCC is the publisher of a Website hosted at [.] (hereinafter referred to as the “Website”).
The term “User”, also used in the plural, hereinafter refers to any user, either natural or legal person, whether they are registered or not on the Website, that visits the Website or its content, that inserts personal data on the Website, that downloads documents, that registers via any form available on the Website, that fills in any paper form, that becomes a member, that subscribes or that contracts with the Data controller.
The User can contact the Data controller via e-mail/mail at the following address/addresses: [Info@solvayconsultingclub.com].

                  1.2        Purpose of the PrivacyPolicy

SCC draws up this Privacy Policy, the purpose of which is to inform the User of the Website or any other User whose personal data is processed by SCC, of the way in which their personal data are collected and processed by SCC.
The Users will necessarily need to carefully read the Privacy Policy and consent to it expressly by ticking the appropriate box(es) on the Website or any other medium, in accordance with Article 5 of this Privacy Policy.

                  1.3        Measures

The Data controller - and/or its service providers acting in its name and on its behalf - determines all the technical, legal, and organisational means and purposes of the Users' personal data processing.

To this end, SCC undertakes to take all necessary measures to ensure that personal data are processed in accordance with the Act of 30th July 2018 on the protection of individuals with regard to the processing of personal data (hereinafter, the “Act”) and the EU Regulation of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the “GDPR”).

                  1.4        Designation of a processor

SCC is free to designate any natural or legal person who processes personal data at its request and on its behalf (hereinafter referred to as the “Processor”).
The Data controller undertakes to select a Processor offering sufficient guarantees as to the implementation of appropriate technical and organisational security measures so that the processing meets the requirements of the GDPR and the Act while ensuring the protection of the rights of the User.
If applicable, the processing by a Processor is governed by a contract or another legal act which binds the Processor to the Data controller, defines the subject matter and duration of the processing, the nature and purpose of the processing, the type of personal data and the categories of data subjects, and the obligations and rights of the Data controller. This document also mentions the obligations of the Processor contained in Article 28(3) of the GDPR and Article 53, paragraph 3, subparagraph 2 of the Act.

ARTICLE 2. PROCESSING OF PERSONAL DATA

                  2.1        Purpose of the PrivacyPolicy

Users communicate personal data to SCC. The personal data likely to be processed are referred to in Article 4 of this Privacy Policy. The processing of such data by SCC in its capacity as the Data controller, and/or by service providers acting in the name and on behalf of SCC, will comply with the Act and the GDPR.

                 2.2        Means for processing of personal data

The personal data will be processed by SCC, according to the purposes enumerated in Article 3, via:

● An automated procedure;
● A subscription form to the Newsletter;
● The use of cookies;
● The sending of surveys or questionnaires;
● The sharing of free content;
● Communication with members of the Data controller's team;
● [.].
The Data controller also collects non-personal data provided indirectly by Users. This data is anonymous in that it does not allow Users to be identified directly or indirectly. It may therefore be used, for example, to carry out anonymous statistical studies, to improve the Website and the products and services offered or the advertisement of the Data controller. Non-personal data may not be used in this way if it can be combined with other personal data in such a way that the User can be identified. For the rest, this data and the use made of it are assessed in the light of the "Cookie Policy", available at the following URL address: [https://www.solvayconsultingclub.com/privacy-policy].

ARTICLE 3. PURPOSES OF PROCESSING PERSONAL DATA

In accordance with Article 13(1), point (c) of the GDPR, the purposes of processing personal data are disclosed to the User and are the following:

● To ensure control over the performance of the services offered;
● To ensure the performance of the services offered and contained on the Website;
● To answer the User's questions;
● To carry out marketing activities and promotional information after prior consent from the User and until such consent is revoked, such as sending promotions on the products and services of the Data controller;
● To compile statistics in order to improve the Website, the services offered and SCC's internal operating organisation;
● To improve the quality of the Website and the products and/or services offered by the Data controller;
● To enable better identification of the User's interests;
● To recruit members;
● To enable the User to exercise his/her rights under Article 8;
● [.].

ARTICLE 4. PERSONAL DATA LIKELY TO BE PROCESSED

In accordance with Article 5, the User consents, when visiting and using the Website or otherwise communicating data to the Data controller, to the Data controller collecting and processing the following personal data, in accordance with the terms and principles described in this Privacy Policy:

● Information disclosed by the Users to SCC for contractual purposes and to enable the proper performance of reciprocal obligations, i.e. surname, first name, address, IBAN number and bank details, [.]; and more generally, any information voluntarily disclosed by the User;
● Information disclosed by the Users by filling in forms or by contacting SCC by telephone, e-mail or other means, such as the User's name, address, e-mail address and telephone number;
● [.].
With respect to each User's visit to the Website, the information automatically collected is:

● IP address, browser type and model, time zone, operating system;
● Information concerning the pages consulted by the User on the Website, in particular the URL, browsing time, etc.;
● [.].

ARTICLE 4. PERSONAL DATA LIKELY TO BE PROCESSED

In accordance with Article 5, the User consents, when visiting and using the Website or otherwise communicating data to the Data controller, to the Data controller collecting and processing the following personal data, in accordance with the terms and principles described in this Privacy Policy:

● Information disclosed by the Users to SCC for contractual purposes and to enable the proper performance of reciprocal obligations, i.e. surname, first name, address, IBAN number and bank details, [.]; and more generally, any information voluntarily disclosed by the User;
● Information disclosed by the Users by filling in forms or by contacting SCC by telephone, e-mail or other means, such as the User's name, address, e-mail address and telephone number;
● [.].
With respect to each User's visit to the Website, the information automatically collected is:

● IP address, browser type and model, time zone, operating system;
● Information concerning the pages consulted by the User on the Website, in particular the URL, browsing time, etc.;
● [.].

ARTICLE 5. CONSENT

The User's consent to the processing of their personal data is the legal ground for the processing of such data.

                5.1       Acknowledgement and affirmative act of consent

The User declares that they are aware of and has freely given their specific, informed and unambiguous consent to the processing of personal data relating to them. This consent relates to the content of this Privacy Policy.
Consent is given by an affirmative act by which the User ticks a box referring to the Privacy Policy in a hypertext link. This consent is an indispensable condition to perform certain operations on the Website and/or to allow the User to enter into a contractual relationship with SCC. Any binding contract between SCC and a User concerning the services and goods offered on the Website is subject to the User's acceptance of the Privacy Policy.

                5.2     Consent to data processing

The User consents to the processing and collecting of their personal data by the Data controller in accordance with the terms and principles set forth in this Privacy Policy, of the personal data that the User discloses on the Website and/or in the course of the services offered by SCC, in accordance with the purposes set forth in Article 3 of this Privacy Policy.

                5.3      Withdrawal of consent

The User holds the right to withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. This right is exercised in accordance with Article 8.8 of this Privacy Policy.

ARTICLE 6. DURATION OF DATA PROCESSING

In accordance with Article 13(2), point (a), of the GDPR, the Data controller shall provide the User with information regarding the period for which the personal data will be stored.
In the present case and in accordance with Article 5(1), point (e), the Data controller retains the personal data only for the time reasonably necessary to enable the fulfilment of the purposes for which they are processed. The personal data will be stored at most during [.] months after the end of the contractual relationship between the User and the Data controller.

ARTICLE 7. RECIPIENT OF THE DATA AND DISCLOSURE TO THIRD PARTIES

                7.1     Transmission of personal data to third parties

Personal data may be transmitted to members and/or collaborators of SCC who, located in Belgium or in the European Union, collaborate with the Data controller in the context of the marketing of products or the provision of services. They act under the direct authority of SCC and are in particular responsible for collecting, processing or outsourcing this data.
In all cases, the recipients of the data and those to whom this data has been disclosed shall comply with the content of this Charter. SCC guarantees that they will process this data solely for the purposes set out in Article 3 of the Charter, in a discreet and secure manner.

                7.2     Transmission of personal data for marketing purposes

In the event that data is disclosed to third parties for direct marketing purposes, the User will be informed prior to the disclosure so that they can express their consent to the use of their personal data.

                7.2     Transmission of personal data for legal purposes

Finally, SCC may be required to disclose personal data by law, in the context of legal proceedings or at the request of public authorities.

ARTICLE 8. USERS’ RIGHTS

                 8.1       Right of access

In accordance with Article 15 of the GDPR, SCC guarantees the User’s right of access to their personal data. The User has the right to obtain access to said personal data and the following information:

● The purposes of the processing;
● The categories of the personal data concerned;
● The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
● Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
● The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the User;
● The right to lodge a complaint;
● Where the personal data are not collected from the User, any available information as to their source.
If the User exercises their right of access, the Data controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the User, the Data controller may charge a reasonable fee based on administrative costs.
Where the User makes the request by electronic means (by e-mail, for example), and unless otherwise requested by the User, the information shall be provided in a commonly used electronic form.
The User will be sent a copy of their data no later than one month after receipt of the request.

                 8.2       Right to rectification

In accordance with Article 16 of the GDPR, the User shall have the right to obtain from the Data controller, without undue delay, the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the User shall have the right to have incomplete personal data completed.
The User makes the necessary changes themself unless they cannot be made independently, in which case a request may be made to SCC by e-mail to the address given above.
In accordance with Article 19 of the GDPR, the Data controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The Data controller shall inform the User about those recipients if the User requests it.

                 8.3       Right to erasure

The User shall have the right to obtain from the Data controller the erasure of personal data concerning them without undue delay and the Data controller shall have the obligation to erase personal data without undue delay where one of the grounds listed in Article 17 of the GDPR applies.
Those grounds apply when:

● The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
● The User withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing;
● The User objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the User objects to the processing pursuant to Article 21(2) of the GDPR;
● The personal data have been unlawfully processed;
● The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data controller is subject; or
● The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
Where the Data controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the Data controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the User has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:

● For exercising the right of freedom of expression and information;
● For compliance with a legal obligation that requires processing by Union or Member State law to which the Data controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data controller;
● For reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) of the GDPR;
● For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
● For the establishment, exercise or defence of legal claims.
In accordance with Article 19 of the GDPR, the Data controller notifies each recipient to whom the personal data have been communicated of any deletion of personal data unless such communication is impossible or requires disproportionate effort. The Data controller shall provide the User with information on these recipients if the User requests it.

                 8.4       Right to restriction of processing

The User shall have the right to obtain from the Data controller restriction of processing where one of the grounds listed in Article 18 of the GDPR applies.
Those grounds apply when:

● The accuracy of the personal data is contested by the User, for a period enabling the Data controller to verify the accuracy of the personal data;
● The processing is unlawful and the User opposes the erasure of the personal data and requests the restriction of their use instead;
● The Data controller no longer needs the personal data for the purposes of the processing, but they are required by the User for the establishment, exercise or defence of legal claims; or
● The User has objected to processing pursuant to Article 21(1) of the GDPR pending the verification of whether the legitimate grounds of the Data controller override those of the User.
In accordance with Article 19 of the GDPR, the Data controller shall communicate restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The Data controller shall inform the User about those recipients if the User requests it.

                 8.5       Right to data portability

In accordance with Article 20 of the GDPR, the User shall have the right to receive the personal data concerning them, which they have provided to SCC, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Data controller without hindrance from the SCC to which the personal data have been provided, within the grounds listed in Article 20(1), points (a) and (b) of the GDPR:

● The processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR; and
● The processing is carried out by automated means.
In exercising their right to data portability pursuant to the prior paragraph, the User shall have the right to have the personal data transmitted directly from one Data controller to another, where technically feasible.
The exercise of the right to data portability shall be without prejudice to the right to erasure referred to in Article 8.3 of this Privacy Policy. That right shall not apply to processing necessary for the performance of a task carried out in the public interest.
The right to data portability shall not adversely affect the rights and freedoms of others.

                 8.6       Right to object and automated individual decision-making

The User shall have the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them by SCC. In accordance with Article 21 of the GDPR, SCC shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the User or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the User shall have the right to object at any time to the processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the User objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

                 8.7       Right to lodge a complaint

The User shall have the right to lodge a complaint concerning the processing of personal data by SCC with the competent Data Protection Authority in Belgium. More information can be found on the following website: https://www.dataprotectionauthority.be/citizen.
Complaints can be submitted to the following addresses:
Data Protection Authority
35 Rue de la Presse
1000 Brussels
Phone: + 32 2 274 48 00
Fax: + 32 2 274 48 35
E-mail: contact@apd-gba.be
The User may also lodge a complaint with the court of first instance of their place of residence.

                 8.8       Procedures for exercising rights

At any time, the User may exercise their rights by sending an e-mail to [.] or a letter by post addressed to [.], attaching to their request the following information:

● Their name and surname;
● When their data was processed;
● The data concerned by the right they wish to exercise;
● The right they wish to exercise;
● [...].
Where the Data controller may reasonably doubt the identity of the User submitting such a request, it reserves the right to request that any additional information necessary to prove its identity be attached to the request.

ARTICLE 9. COOKIES

The Website uses cookies to distinguish Users of the Website. This makes it possible to provide Users with a better browsing experience and to improve the Website and its content. The purposes and methods of cookies are set out in the “Cookie Policy” document, which can be found at the following URL address: [https://www.solvayconsultingclub.com/cookie-policy].

ARTICLE 10.LIMITATION OF LIABILITY OF THE DATA CONTROLLER

                 10.1        Links to other sites

The Website may contain links to other websites owned by third parties unrelated to SCC. SCC is not responsible for the content of these sites or their compliance with the laws and regulations.

                 10.2        Consent of minors

The holder of parental authority must give his/her express consent for a minor under the age of 13 to disclose information and/or personal data on the Website.
In accordance with Article 8(2) of the GDPR, the Data controller shall make reasonable efforts to verify that consent is given or authorised by the holder of parental responsibility over the child, taking into consideration available technology.
The Data controller, therefore, undertakes an obligation of best endeavours and cannot be held responsible for the collection and processing of information and personal data from minors under the age of 13 whose consent is not effectively covered by that of their legal parents due - in particular - to incorrect data entered by minors concerning their age. Under no circumstances will personal data be processed by the Data controller if the User specifies that they are under 13 years of age.

                 10.3        Loss, alteration and theft of data

SCC is not responsible for the loss, alteration or theft of personal data caused in particular by the presence of viruses or following computer attacks in compliance with Article 11 of this Privacy Policy.

ARTICLE 11. SECURITY

The Data controller shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the data processing and collection. These security measures depend on the cost of implementing them, taking into account the nature, context and purposes of the personal data processing.
The Data controller uses standard encryption technologies within the IT sector when transferring or collecting data on the Website.

ARTICLE 12. AMENDMENTS TO THE PRIVACY POLICY

SCC reserves the right to amend this Privacy Policy, in particular in order to comply with legal obligations. The User is therefore invited to consult the Privacy Policy on a regular basis in order to take note of any changes and adaptations. Any such modification will be posted on the Website and sent by email for the purposes of enforceability. The amendments shall be enforceable within 15 days of their notification.  

ARTICLE 13. APPLICABLE LAW AND JURISDICTION

                 13.1        Applicable law

The provisions of this Privacy Policy are governed and interpreted in accordance with Belgian law.

                 13.2        Amicable settlement

The parties to this Privacy Policy will endeavour, in good faith, to settle amicably any dispute arising from or related to this document. Thus, any disagreement, whatever its nature, will first be notified by the User to the Data controller at the following e-mail address [.] or by registered post to the following postal address [.].

                 13.3        Jurisdiction

The jurisdiction of the Courts and Tribunals to hear any dispute arising from or related to this document shall be determined in accordance with the Belgian Judicial Code.