1.1 The website available on insert hyper link (hereafter: the “Website”) is operated by and is property of DUG BE vzw, BTW BE 845.314.913, head offices at Hellegat 33 9041 Oostakker (hereafter: “DUG BE VZW”; “we” or “us”).
1.3. We are responsible for the processing of your personal data. As the controller, we take all necessary technological and organizational measures to ensure that the processing is in accordance with the Regulation (EU) 2016/679 from 27 April 2016 (hereafter: “GDPR”) The appointees and employees of DUG BE VZW who have access to your personal data as well as the processors we use, are equally obliged to comply with GDPR.
2. Who are we and how can you contact us?
Legal form: VZW (Belgian non-profit organisation)
Company name: DUG BE VZW
Trade name: DUG BE VZW
Registered office: Hellegat 33 9041 Oostakker
3. How can you contact our Data Protection Officer?
E-mail us at firstname.lastname@example.org
4. What are the purposes for which we process your personal data?
4.1. DUG BE VZW processes your personal data for the following purposes:
4.2. Your personal data shall not be used for direct marketing - specify.
4.3. The processing of your personal data shall not be the subject of automated individual decisions/profiling - specify.
5. What is the legal basis for processing your personal data?
5.1. We process your personal data if:
Legal ground(s) determine: permission, implementation agreement, legal obligation, vital interests, general interests, legitimate interests.
6. What personal data do we process?
The personal data provided when purchasing tickets, including any preferences, are processed by the organisation.
7. Who else receives and/or processes your personal data (besides DUG BE VZW )?
The information entered while ordering tickets is visible by our bookkeeper.
8. Do we pass on your personal data to (companies or entities) non-EU countries?
9. Where and for how long do we store your personal data?
9.1. Your personal data shall be stored on a secure server.
9.2. We shall not store your personal data longer than is necessary to achieve the purposes stated in article 4. Once the purpose has been achieved, in principle, we shall delete your personal data and, in any case, no longer than fill in expiry date.
10. What are your rights?
10.1. You have the right to request that we:
- Inspect your personal data;
- Correct or delete your personal data;
Restriction of processing which concerns you.
10.2. You have the right to object to the processing of your personal data. You can object at any time and free of charge to the processing of your personal data for direct marketing.
10.3. You have the right to transfer your personal data to another controller.
10.4. If data processing is based on your consent, you have the right to withdraw your consent at any time. Withdrawal of your consent is not retroactive and shall not affect the lawfulness of processing based on consent before its withdrawal.
10.5. You have the right to enter a complaint via the national data protection authorities (provide a hyperlink to the NDPA website).
10.6. Exercising the aforementioned rights depends on the requirements and conditions stated in the GDPR.
10.7. To exercise the aforementioned rights, you can simply send a request to DUG BE VZW on e-mail address whereby you should sufficiently identify yourself.
11. What are our obligations?
11.1. We take all appropriate security measures in order to protect your personal data. This includes (but is not limited to) the necessary measures regarding access control, encryption, physical and operational security, especially with regards to the DUG BE VZW's Website and servers.
11.2. We keep a processing register whereby your personal data (category of) processing is also documented.
11.3. We work in collaboration with the national data protection authorities (upon request).
11.4. When necessary and/or mandatory, we shall immediately report infringements regarding your personal data (including unlawful processing, loss, unavailability, destruction damage or its unauthorized disclosure) to the national data protection authorities within 72 hours of discovering the infringement.
Should this infringement result in a high risk to your rights, and under the terms and conditions as stated in the GDPR, we shall also report it to you.
11.5. Should we use certain new technologies or applications for processing your personal data, which may entail a high risk regarding your data protection, we shall implement, under the terms and conditions of the GDPR, the “Data Protection Impact Assessment” (DPIA) and, if required, we shall consult the national data protection authorities in advance.
Questions? Contact us via e-mail: email@example.com.