Pracsis privacy policy 2019

Pracsis SPRL is a company specialised in public relations and communication strategy registered in Belgium under the number 0454.596.240.
Any personal data Pracsis collects and uses online or offline in connection with its services regarding EU residents, in its offices in Belgium,Vietnam, or anywhere else, is processed in conformity with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation–GDPR)

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG

SCOPE
This privacy policy applies to the content we collect or use for webpages, mobile applications, online services and electronic mail owned, operated and controlled by us. It applies as well to any personal data we may collect or process offline at events, in publications, in the recruitment of candidates and in the management of our accounting department.
Our partners and subcontractors are subject to the same obligations of the GDPR. Pracsis takes measures to ensure that its partners and subcontractors apply the GDPR.
This privacy policy does not apply to all personal data we collect and process regarding current, former or future employees.

1. WHAT TYPES OF PERSONAL DATA DO WE COLLECT?
As a public relations and communication company specialised in the organization of events, publications and web development, and as a private company receiving job applications and working with partners, subcontractors and suppliers, we collect and process the following personal data (fully or partially): title, first name, last name, function, organization, e-mail address, telephone and mobile phone numbers, fax number, nationality and country of residence.
During the events we organise, we may take pictures, web stream or record videos. Participants, speakers, internal or external staff members and clients attending or contributing to these events are requested to give their authorisation before we proceed with the publication of pictures or video or the transmission of web streams.


When organising events we may also collect dates of birth and ID numbers. Additional information such as travel arrangements, food preferences, need for special assistance, and license plate numbers may also be collected. Bank account details are sometimes collected for our accounting department.
We may also collect individuals’ Twitter and Linkedin accounts—an optional choice on some registration forms—for networking reasons.
When publishing articles and editing event agendas or brochures, we may collect professional or personal data, such as CVs and biographies of speakers, moderators, and editors. CVs are also collected from potential partners or subcontractors for tendering reasons. For recruiting job candidates we usually receive CVs that include personal data like private e-mail and postal addresses, private telephone and mobile numbers, and personal interests.
When operating a web site for a client, or for our own company, we frequently use analytic tools that collect data like IP addresses, geographic location, pages accessed on the website in question, the number of hits, the type of browsers used, and the origin of connection.

2. FOR WHAT PURPOSES DO WE COLLECT PERSONAL DATA?
First, the purpose of processing personal data is for the organization and management of registration of participants to events that we organize on behalf of our clients. The data are used for participant lists, to prepare registration letters and badges for an event, for granting access to venues, for the management of contact lists, for informing people about future activities related to events that people registered to, and for networking reasons. Travel arrangements, food preferences and special need requirements are collected to provide adequate support before, during and after events. For some venues, ID numbers and dates of birth are requested for security reasons. Personal data are also collected to send newsletters and news alerts.

Events are photographed and video recorded for communication purposes. Events are web streamed to make them accessible to larger, worldwide audiences, while reducing our carbon footprint. For networking reasons, Twitter and Linkedin accounts are collected from those who choose this option on event registration forms. Bank account details and billing information in general are collected for invoicing or reimbursement by our accounting department.
Biographies or CVs serve to inform attendees of the level and profile of speakers, moderators and editors. Processing personal data from job candidates is necessary for the recruitment of future employees and helps us analyse which candidates best fit our needs. Regarding actual or potential partners, subcontractors and suppliers, we process personal data for communication, invoicing, correspondence, procurement, tendering, and hiring purposes.
We use analytics tools for the websites that we operate to measure our outreach and improve our services.

3. HOW DO WE COLLECT PERSONAL DATA?
We collect personal data through online/offline registration forms and surveys.
CVs or biographies are sent to us by potential employees, partners, subcontractors, suppliers, moderators, editors and speakers at our request or at our clients’ request. Personal data are also collected through analytic tools in the websites we own, produce or operate.

4. UNAMBIGUOUS, FREE AND INFORMED CONSENT
The data we process is the data that we collect with the unambiguous, free and informed consent of their owners.
a. Unambiguous consent
The processing of the personal data is necessary for the performance of one of the purposes we mentioned above (see point 2). The consent is related to a well-defined processing operation.
b. Free consent
The data subject gives freely its consent as he may refuse it.
c. Informed consent
The data subject knows who will be processing the data, what kind of data will be processed, how it will be used and its purpose, how long we keep the data, if it is transferred to other parties or not, and that it is their right to withdraw consent at anytime.

5. Who has access to your information and to whom is it disclosed?
The following people have access to your information:
• Our clients, mainly EU institutions.
• The venue managers (including security services)
• Staff at Pracsis who process the data electronically to prepare registration letters and badges for an event; to send newsletters and news alerts; to analyse website statistics in order to measure our outreach.
• Partners and subcontractors • Our HR and accounting department and end users, managers and managing director.
All these parties listed above are linked by a legal contract or agreement, which includes a specific confidentiality clause and/or are subject to the GDPR.

International transfer of personal data
If we transfer personal data to partners or subcontractors located in countries outside the EEA in the context of a contract requiring transfer of such personal data, we ensure that the legal contract signed with our partners or subcontractors stipulates that any personal data they may receive from us is processed by them in conformity with the GDPR.

6. How do we protect and safeguard your information?
We use reasonable organizational, technical and administrative measures to protect personal information under our control. The data collected online or offline by PRACSIS are stored on a secured dedicated server or physically secured in our offices.
For the data transferred internationally to countries located outside the EEA, please see point 5.

7. How can you verify, modify or delete your information?
Individuals have the right to access their personal data, to correct any inaccurate or incomplete personal data or to request deletion of any of their data. If you have any queries regarding your personal data, please send a message to: gdpr@pracsis.be.

8. How long do we keep your data?
To allow the management of lists of contacts informing you of future activities related to events or newsletters that you registered for, or to contact you in case there is a vacancy, we keep your data for a maximum period of 36 months or until you ask us for your data to be removed and deleted from our server.
We keep the data of our partners, subcontractors and suppliers for as long as is necessary to stay in contact or as required by law for tax-related reasons.

9. Updates to this privacy policy
We may change this Privacy Policy. Any changes to this Privacy Policy will become effective as soon as we post the revised Privacy Policy on this website. Your use of the site following these changes means that you accept the revised Privacy Policy. We will not reduce your rights under this Privacy Policy without your explicit consent.

10. Contact Information
Should you have any questions or requests concerning the information submitted, or if you would you like us to delete your data, please send an email to the following contact mailbox: gdpr@pracsis.be