Privacy Policy

 

This Policy is established by:

 

Association des Parents d'Élèves de l'École européenne de Bruxelles I - Uccle Section Services asbl

 

Address: 46 avenue du vert chasseur, 1180 Uccle,

 

e-mail: coordination@apeee-bxl1-services.be

 

It is registered under ECB number 0836 959 154.

Hereinafter, the “APEEE Service” or “we”, “our”.

 

We pay particular attention to the protection of personal data (hereinafter referred to as data) and to the privacy of all persons who come into contact with us. We act in full transparency in accordance with national and international provisions on the subject, in particular the Regulation (EU) 2016/679 of the European Parliament, of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data repealing Directive 95/46/EC (hereinafter referred to as the “General Data Protection Regulation” or “GDPR”).

 

This policy describes the measures taken to manage the processing of your personal data when using our services including our website: https://services.uccleparents.org  (hereafter referred to as the website) and your rights as a user of our services.

 

It can be modified at any time in order, in particular, to comply with any regulatory, jurisprudential or technological developments. We invite you to consult it regularly.

 

Finally, for our website we refer you to the cookie policy by following this link: https://services.uccleparents.org 

 

You can respond to any of the process described below by contacting us.

 

 

 

1. Who are we

APEEE Services offers a number of services to families who are members of the European School Parents' Association:

  • Organize a number of services such as canteen, cafeteria, transport, extracurricular activities, locker rental, daycare and study;
  • To ensure sufficient information to the members of the Association of Parents of Pupils of the European School of Brussels I - Ukkel on the decisions or deliberations of the Association;
  • Promote connections and, where appropriate, direct collaboration with other associations with the same purpose.

 

2. Who is this Policy for?

This policy is intended for all natural persons, whose data we process such as parents of students and/or students who use our services, browse our website, wish to register on our website to one of our services, or send us a request.

 

We also process data from people who voluntarily provide it to us, such as prospective parents of students.

 

This policy is also addressed to all natural persons who have the role of contact at one of our suppliers or any company (company, public authorities, professional federation of employers or workers, school, university...), with whom we have had, maintain or wish to maintain cooperation. This includes people working for the European School, and non-profit organisations working with us.

 

We inform you that your data will be used in accordance with this data protection statement.

 

3. Why do we process your data?

We collect and process your personal data for various reasons based on a legal basis determined by the GDPR (for example, compliance with a legal obligation to which we are subject or the performance of a contract concluded with you).

The table below sets out the purposes and legal basis for the use of your personal data.

Process

Purpose of use

Legal basis for the processing

Management of our services and activities

We process personal data in order to provide our services in accordance with our statutes.

E.g.: transportation services, canteen, locker management, extracurricular activities and daycare.

With regards to student data, they will allow the updating of students' classes and the use of pictures to prepare student transport cards, thus allowing the proper performance of services.    

This processing is necessary to fulfill our commitments made with you, in accordance with Article 6.1.b) of the GDPR.

This processing is necessary to fulfill our legal obligations under Article 6.1.c) of the GDPR.

 

 

Management of elections and our bodies

 

We process your personal data to ensure the management of our ASBL, organize our board, and GA, as well as the elections of our bodies, including the sharing of data with the Belgian Official Publications Monitor.

This processing is necessary for our legal obligations under Article 6.1.c) of the GDPR

This processing is necessary to fulfill our legal obligations under Article 6.1.c) of the GDPR.

Managing our communication

 

We process personal data to provide you with information about our services.

We may use your data to fulfil our legitimate interests or those of third parties, without prejudice to your interests or fundamental rights, to offer and promote all services and/or share with you informative messages that correspond to what you can reasonably expect from us in the context of our existing or possible relationship in the future. 

We may process your data, in accordance with the provisions of Article 6§2, f), on the basis of our legitimate interest, provided that we have weighed that interest against your interests or fundamental rights or freedoms by examining your “reasonable expectations”.

You may object to this processing by contacting us.

 

 

Management of pre-contractual relationships

We process your personal data in order to respond to requests and/or questions that you send us (in particular via the contact form on our website), or if you send us your CV to apply for our services.

In accordance with Article 6.1.b) of the GDPR, this process is necessary for pre-contractual measures.

 

Management of our litigation

 

We may use your data to fulfill our legitimate interests or those of third parties, when defending our interests (or those of third parties) in court in the context of our existing or possible future relationship.

 

We also have a legitimate interest in processing personal data in order to defend our interests in particular but not exclusively in the context of a challenge or legal action on the basis of Article 6.1.f) of the GDPR.

We may also have to process sensitive data in this context, in accordance with the provisions of Article 9 §2, f)

Management of our suppliers

 

We process personal data in order to fulfil our contractual obligations to you or your company.

The execution of our commitments with you in accordance with Article 6.1.b) GDPR).

 

 

 

Unless there is a legal exception, you may object to processing based on our legitimate interest or on your consent at any time, by contacting us.

 

4. What data is collected and processed?

We only collect personal data that is adequate, relevant and limited to what is strictly necessary for the purposes for which it is processed.

 

Depending on the purpose, data collection is carried out differently.

 

Below, we detail the personal data we collect about you, as well as the methods for collecting it.

 

Process

Data collected and processed

Methods of collection

Management of our services and activities

Personal identification data (name, first name, address, telephone number.)

Electronic identification data (IP address, email address, encrypted password.)

Personal family characteristics (marital status, childcare)

Financial data (account number).

Student’s personal identification data (name, first name, address, identification number assigned by the school)

Family data of the pupil.

Personal characteristics of the student (date of birth, site, cycle, section, class level, class)

Picture of the student

Directly from you, through our website. (online registration)

Management of elections and our bodies

 

Personal identification data (name, first name, address, telephone number.)
Electronic identification data (IP address, email address, encrypted password, etc.)

Personal characteristics (sex, date of birth, country, NR number, EU ID)

Pictures

Copy of the ID card.

Quality of parent representing the class

Directly from you. You made them publicly available

 

 

 

 

 

From APEEE Bxl I , AISBL 

Managing our communication

 

Personal identification data (surname, first name.)

Electronic identification data (e-mail address.)

Directly from you.

Management of pre-contractual relationships
 

Personal identification data (surname, first name, address, telephone number, order number.)
Electronic identification data (IP address, e-mail address.)

Family data (names and surnames of children, marital status)

Personal characteristics (age, sex, date of birth, country, language)

Work-related characteristics (occupation, diploma, career, etc.)
 

Directly from you.

You made them publicly available.

 

 

Management of our litigation

 

Personal identification data (name, first name, address, telephone number, order number, etc.)

Electronic identification data (IP address, email address, encrypted password, etc.)

Personal characteristics (age, sex, date of birth, country, language)
Financial data (account number, open claims, etc.) only if you subscribe to a paid service.

Pictures.

Health data and any data necessary to defend our interests in court.

Directly from you.

 You made them publicly available.

 

Management of our suppliers

 

Personal identification data (name, first name, address, telephone number, order number, etc.)

Electronic identification data (IP address, email address, encrypted password, etc.)

Financial data (account number, open claims, etc.).

Directly from you.

You made them publicly available.

 

 

5. Is your data disclosed or shared with third parties?

 

The data listed above are accessible to members of our team, or to collaborators, if necessary, to our lawyers or any technical advisor, to banking or insurance organizations to the strict extent necessary.

Your data is also transferred between the European School and our services, on the basis of your consent.

We may also transmit your data:

  1. at the request of a judicial, administrative or auxiliary legal authority; or
  2. in good faith, considering that such action is required to comply with any applicable law or regulation;
  3. to protect and defend our rights or those of other users of our services.

We may also have to grant access to certain data to our co-contractors, who are referred to as "subcontractors" in the strict meaning of the data protection legislation, to the extent strictly necessary to achieve our purposes, such as the operation of computer-based applications or management systems.

In all circumstances, we guarantee the protection of your data by agreements ensuring confidentiality.

 

Category of service providers

Location

Providers of email solutions

In Europe

Providers of postal solutions 

In Europe

IT solution providers and maintenance of infrastructure and systems

In Europe

Hosting/Cloud service providers

In Europe

Lawyer and legal service provider

In Europe

Social Secretariat

In Europe

Accountant and financial service provider

In Europe

Communication tools

In Europe

Other organizations

In Europe

Banks

In Europe

 

6. Do we transfer your data outside the European Union?

 

We do not transfer data outside the European Union. If we need to transfer data to a country outside the Union, such transfers will only be allowed if and only if:

  • The European Commission has issued a decision granting an adequate level of protection and equivalent to that provided by European legislation, personal data will be transferred on this basis.
  • The transfer is covered by an adequate measure granting a level of protection equivalent to that provided by European legislation, such as the Commission’s Standard Clauses or any other agreement in accordance with Article 46 of the GDPR, consent.

 

7. How long does your data last?

 

The retention period varies according to the purposes of the processing of your data. This period is limited by taking into account any retention obligations imposed on us by law. Below you will find a list of purposes and retention periods.

 

Process

Duration

Management of our services and activities

The retention period shall be 15 years from the end of the membership to APEEE Services or the termination of the activity or service in question, in response to the request of the Commission in the context of the financing of activities.

Management of elections and our bodies

The data retention period is 5 years from the closing of the liquidation of our non-profit association.

(Art. 2:143, 3:103, and 9:3 of the Code of Societies and Associations)

Managing our communication

Retention period is 5 years from last use for legitimate communication purposes

Managing Pre-contractual Relationships You

The shelf life is 3 years from our last contacts

Management of our litigation

The data retention period is 5 years from the judicial notification of the final decision

Management of our suppliers

The data retention period is 10 years from the last day of the year when your data is integrated into our accounting system

(Art. III.86 and III.88 of the Code of Economic Law and Art. 8 of the RA implementing Articles III.82 to III.95 of the Code of Economic Law)

 

8. How do we protect your privacy?

In order to guarantee the data collected on the website an optimum level of security, we implement the appropriate technical and organisational measures (encryption technology and security measures to protect and prevent the loss, misuse or alteration of information collected on websites). We take into account the state of knowledge, implementation costs and the nature, scope, context and purposes of the processing and the risks to your rights and freedoms.

In all circumstances, we ensure an adequate level of technical and organizational security of your data, to protect you from any data leakage, including loss, destruction, public disclosure, unauthorized access or misuse. However, and if you become aware of a data leak or suspect one, we ask that you report it to us immediately by contacting us.

 

9. What are your rights and how do you exercise them?

Unless a legal provision in force in Belgium does not allow this, including the GDPR, under the regulations you have the following rights:

  • The right of access including the right to know whether we process your data;
  • The right to a copy of the data processed;
  • The right to rectification of the data processed;
  • The right to object to the processing of your data, in particular if you wish to withdraw your consent, or for processing based on our legitimate interest;
  • The right to limit the processing of processed data;
      • If you dispute the accuracy of this data. Pending the assessment of the interests involved before the exercise of the right to object to the processing of some of your personal data.
      • If the processing of your personal data is illegitimate, but you do not wish to exercise your right to erasure of the data.
      • If we no longer need your personal data, but you need it in a legal action.
  • The right to erasure of processed data. However, this right is not absolute and we will not be able to act on it if a legal obligation obliges us to process your data.
  • The right to the portability of the processed data, namely to retrieve or transfer to a third party that you designate, your personal data that we process, for your personal use, and this in the format in which we store them.
  • The right to lodge a complaint with the Data Protection Authority:

www.autoriteprotectiondata.be/

Rue de la Presse, 35 to 1000 Brussels

Tel.: +32 (0)2 274 48 00

Fax: +32 (0)2 274 48 35

Email: contact@apd-gba.be 

 

You can also lodge a complaint with the court of first instance.

For further information on possible complaints and remedies, you are invited to consult the following address of the Data Protection Authority:

 

https://www.autoriteprotectiondonnees.be/citoyen/agir/introduire-une-plainte

 

If you need more information about your rights you can contact us.

 

We will act on your request as soon as possible and at the latest within one month of receipt of your request, we will inform you of the action we have decided.

 

Depending on the difficulty of your request or the number of requests we receive from others, this period may be extended by two months. In this case, we will notify you of this extension within one month of receipt of your form.

 

In all circumstances, when providing this information, we are always obliged to take into account the rights and freedoms of others.

If you wish to respond to any of the practices described in this Policy, or if you wish to exercise your rights, you may contact: privacy@apeee-bxl1-services.org 

 

We inform you that we have also appointed a Data Protection Officer (or DPO), who is at your disposal at the same email address.

or by mail to the following address:

 

AISBL APEEE Association des parents d'élèves de l'école européenne de Bruxelles 1-Uccle,

Address: 46 avenue du vert chasseur, 1180 Uccle.

 

10. We use cookies on our websites.

A cookie is a code in the form of a file stored on your computer. Cookies help to improve our website, facilitate your browsing or to analyse audiences.

 

To learn more about our cookie and tracking policy, please visit our website under the “Cookies Policy” tab.

 

11. What is the applicable law and jurisdiction?

This Policy is governed by Belgian law.

 

Any dispute relating to the interpretation or execution of this Policy shall be subject to Belgian law and shall fall within the exclusive jurisdiction of the French-speaking courts of the judicial district of Brussels.

 

12. Beware of updating this policy!

This Policy may be updated at any time and without notice of change. We advise you to and invite you to consult it regularly.

 

Last updated September 21, 2020.