1. Statement of intent
In everything it does, ENIL is committed to respecting the legal obligations and rules set out in the EU General Data Protection Regulation (GDPR). GDPR is available at: https://www.eugdpr.org.
Specifically, ENIL will ensure the following:
- That personal data is used only for the purpose for which it was provided. The purposes for which ENIL collects data and the types of data it collects are set out in this Privacy
- That only such personal data is collected that is strictly necessary for the purposes set out in this Privacy
- That we ask for explicit permission of each individual to use and store their data, and in case there are changes to how we intend to use the
- That we take the necessary technical and organisational measures to guarantee the safety and protection of personal
- That we do not pass on any personal data to a third party, unless this is strictly necessary to achieve the purpose for which the data was
European Network on Independent Living Brussels Office NGO
Phone number : +322 893 25 83
2. Reasons for processing personal data
Individuals’ personal data may be processed by ENIL for the following purposes and based on the following legal bases (in brackets):
- To enable the work of ENIL as a network of organisational and individual members, by maintaining a governance structure, enlisting members and maintaining membership lists (i.e. unmistakable consent);
- To enable participation in events and activities that ENIL organises, and if necessary, to reimburse costs incurred while attending such events or activities (i.e. execution of an agreement);
- To disseminate Newsletters, members’ mailings, press releases and invitations (i.e. justified importance);
- To communicate and share information using the social media (i.e. unmistakable consent);
- To collect views on issues ENIL works on, through organising surveys (i.e. unmistakable consent);
- To apply for funding or a subsidy, and to report to funders (i.e. legal obligation);
- To collect donations from the public (i.e. unmistakable consent);
- To employ staff and to host volunteers (i.e. legal obligation).
To achieve the purposes listed above, ENIL may ask individuals to provide the following data:
- Personal contact details: name and surname, postal address, mobile and/or phone number, email address;
- Officially issued identification details: ID card or passport number, expiry date, place of issue, national tax registry number;
- Personal information: gender, date of birth, place of birth, nationality, family status, disability status, dietary requirements, access needs, emergency contact (name and phone number), the use of Personal Assistance, bank account details (account number, bank name and address);
- Membership of an organisation: name of the organisation, contact person, e-mail, number of members, whether the organisation is managed by disabled persons, organisation’s constitution and statues.
3. Sharing data with a third party
The data provided to ENIL can only be shared with a third party when this is strictly necessary.
We will make use of the services of a third party in the following cases:
- Enlisting new members and Newsletter subscribers (via ENIL’s website, maintained by Bozooart and hosted by Avalon);
- Distribution of ENIL Newsletters, members’ mailings, press releases, statements or invitations to events (via MailChimp);
- E-mail correspondence (via Microsoft Office 365)
- Hosting webinars (via GoToWebinar);
- Carrying out surveys (via Google Docs or SurveyMonkey);
- Disseminating information (via Facebook, Twitter or YouTube);
- Collecting donations (via PayPal);
- Collecting statistics about visits to our website (via Google Analytics);
- Organising events (when required for security or administrative purposes, for example by the European Parliament, European Commission or the Council of Europe);
- Employing staff (social secretariat administration, payroll companies);
- Registration requirements (Le Moniteur belge).
Beyond the situations described above, ENIL will not share personal data with another party, unless it has the legal obligation and/or authorisation to do so. An example of this may be that the police asks ENIL to share data in the framework of an investigation. In this case, ENIL has an obligation to cooperate and thus share the requested data.
ENIL may also share personal data with third parties if given written permission to do so. Each individual has the right to withdraw this permission at any time. This will not affect the processing of data before the withdrawal of the permission.
ENIL will not share personal data with parties located outside the European Union (EU).
ENIL will only collect and process personal data of minors (below the age of 16) following the written permission from a parent or legal guardian to do so.
5. Length of data storage
ENIL will store personal data no longer than required for achieving the purpose for which it was collected or the period required by law.
Personal data will be stored no longer than a maximum of 5 years after its last active use for the purpose for which it was collected.
6. Security of the data
ENIL has taken the appropriate technical and organisational measures to protect personal data from unlawful use. The measures taken by ENIL include:
- The use of login and password security on all the systems used by the
- The use of pseudonyms and encryption of personal data when
- Regular back-ups of personal data, in order to be able to restore them after physical or technical
- Regular testing and evaluation of the organisation’s
- Obligatory training for all new personnel in the organisation’s personal data protection systems and the Privacy
7. Individual rights relating to personal data
Individuals can also object against the processing of their personal data (or part of it) by any particular member of ENIL staff. You have the right to ask ENIL to send a copy of your personal data the organisation has collected, or you can ask ENIL to send your personal data directly to a third party of your choice. In such situations, ENIL will ask you to prove your identity before fulfilling the request.
Complaints about the processing of personal data can be made directly to ENIL. Individuals may also file a complaint with the Belgian Privacy Commission, the responsible authority for non-profit organisations located in Belgium.
Adopted by the ENIL Board on 18 May 2018