ACEA (Association des Constructeurs Européens d’Automobiles)
85, avenue des Nerviens, B-1040 Brussels
Tel: +32 2 732 55 50
It sets out how we process data and explains your rights and how to exercise them.
For any questions regarding this policy, please contact [email protected].
How we process data
The data we process are limited to: name, first name, job title, company, address, telephone, email unless you have provided us with additional information.
We collect your data either directly from you, from the website of your organisation or from a private database (Dods Group PLC)
Processing purpose and legal basis
If you are a member of one of our working groups, we use your data only to inform you about the EU policy issues that are relevant for the working group(s) that you are a member of. We consider such processing to be necessary for the performance of your company’s membership agreement with ACEA.
If you are not a member of ACEA, we use your data only to inform you about our position on EU policy issues, invite you to our events and send you our press releases. We consider such processing to be in the legitimate interest of ACEA as a trade association whose mission it is in a representative democracy with a free press to represent the European automobile manufacturers at EU level and to act as an interface between our member companies and the EU institutions, the media and other companies and associations that try to influence EU decision-making. We believe our legitimate interest outweighs your right to the protection of your personal data since we process your data only to contact you in your professional capacity and to send you only information that is relevant for your professional activity.
By using Office 365 software for data storage, we share your data with Microsoft Corporation. This company processes your data on servers located in the European Union.
If you are a member of one of our working groups, we share your data with the other members of the group(s) that you are a member of.
We may also disclose your data comply with a reasonable request from competent law enforcements agents, judicial authorities and governmental agencies or bodies including competent data protection authorities.
We do not share your data with any third party in any other way.
Data transfer outside the EU
We transfer your data to The Rocket Science Group LLC to the extent that we use MailChimp to send you our newsletters or press releases. This company processes your data on servers located in the United States.
The Rocket Science Group LLC adheres to the EU/US Privacy Shield. This mechanism guarantees that your data that this company processes in the United States are protected as adequately as if they were processed in the European Union:
We do not use automated-decision making when we process your data.
Data storage period
We store your data as long as they are current.
We will send you a notice once a year to verify whether your data are still accurate.
We instruct our staff to inform our database managers whenever they become aware of any changes in your professional situation so that we can update or remove your data as appropriate.
We do our utmost to protect your data against destruction, loss, alteration or unauthorised disclosure.
In terms of organisational measures, we have limited the access to your personal data to specifically appointed employees who have been trained to handle such data properly. To prevent anyone else from accessing your personal data, these employees use Microsoft’s Identity and Access Management solutions to access our devices, apps and cloud services.
In terms of technical measures, we use Microsoft Intelligent Security Graph (ISG) to protect, detect, and respond to security incidents. For example, malware gets detected by Office 365 Advanced Threat Protection, shares that information with services like Windows Defender ATP and Advanced Threat Analytics, that collectively protect our user identities, apps and data, devices, and infrastructure against advanced persistent threats.
Your rights and how to exercise them
Right to access
You have the right to access your data that we process. To do so, please send an email to [email protected]
Right to rectification
You have the right to ask us to correct your data. To do so, please send an email to [email protected]
Right to erasure
You have the right to ask us to erase your data. To do so, please send an email to [email protected]
Right to restrict data processing
You have the right to ask us to restrict the processing of your data where:
- You contest the accuracy of your data, for a period enabling us to verify their accuracy
- Our processing is unlawful and you prefer to restrict the use we make or our data rather than ask for their erasure
- We no longer need to process your data but you need the data for the establishment, exercise or defence of legal claims
- You object to the processing of your data, for a period enabling us to verify whether our legitimate interest for processing your data overrides your rights
To do so, please send an email to [email protected]
Right to object
Where we process your data on the basis of our legitimate interest, you have the right to object to this processing. To do so, please send an email to [email protected]
Right to withdraw consent
Where you have given us your explicit consent to process your data, you can withdraw your consent at any time. To do so, please send an email to [email protected]
Right to data portability
You have the right to ask us to provide you with your data that we process in an electronic format so that you use the data or transmit it to another data controller. To do so, please send an email to [email protected]
Right to lodge a complaint
You have the right to lodge a complaint about how we process your data with the Belgian data protection authority: Commissie voor de bescherming van de persoonlijke levenssfeer/ Commission de la protection de la vie privée, Drukpersstraat/ Rue de la Presse, 35, B – 1000 Brussel/Bruxelles, [email protected]