Who is the controller?
The Institute of Internal Auditors – Belgium is the voice of internal audit in Belgium. Our role is to enhance better governance through the promotion of the professional practice of internal auditing.
Our members come from a variety of industry sectors.
About your privacy
Your privacy is important to us and we protect your personal data in accordance with applicable data protection legislation and more specifically with the General Data Protection Regulation 2016/679 (“GDPR”) and the Belgian Law on the protection of individuals with regard to the processing of personal data of 30 July 2018 (the “Framework Act”).
What is personal data?
Personal data is information relating to an identified or identifiable natural person.
This consists of a broad range of information such as name, address, identifiers, e-mail, phone number, certifications, etc. It includes online identifiers such as IP addresses and cookie identifiers.
When is this regulation applicable?
This privacy regulation is applicable when you visit our websites, contact our employees, or register for an event. By visiting our websites, contacting our employees, or registering for an event, you consent for us to collect your personal data and use it as described in this privacy regulation.
If you use our websites unlawfully, we reserve the right to process your data. This is the case, for example, if you violate the conditions of use or property rights or threaten the security of our websites or service provision.
What principles do we apply to the processing of personal data?
For all processing of personal data, we apply data quality principles. Personal data will be:
- processed fairly and lawfully;
- collected for specific, explicit and legitimate purposes and not processed in a manner incompatible with those purposes;
- adequate, relevant and not excessive;
- accurate and, where necessary, up to date;
- kept in an identifiable form for no longer than necessary; and
- kept secure.
From whom do we collect personal data?
In the context of our mission, we collect personal data relating to:
- our members or their representatives in general, our members’ organizations, the members of our board, the members of our committees;
- subscribers to newsletters, news alerts or policy updates;
- attendees at our events, including speakers or potential speakers;
- persons who give us their business card at meetings or events;
- stakeholders with whom we engage within the framework of our mission.
How do we collect personal data?
We may collect information about you in various ways:
- directly from you;
- from our members if they designate you as their representative or as a member of one of our committees;
- when you visit our website https://www.iiabelgium.org or interact with us through our social media accounts;
- when you fill in (web)forms to attend events, receive newsletters, publications, policy updates, etc.;
- when you respond to online surveys and polls;
- when you hand over your business card.
- from the administrator of your group membership (if any)
What personal data do we collect?
We may collect the following information about you:
- personal identification data: name, address, telephone number, email address or other contact details; attained degree, industry sector, internal audit experience, non-IIA attained certification
- electronic identification data: surfing behaviour and tracking results of our e-mailings (we track whether you have received, opened or clicked on our e-mails);
- financial transactions: payment overviews, proof of payment, amounts paid or due, etc.
- personal characteristics: areas of expertise, elements of evaluation of (potential) speakers, etc.;
- lifestyle and areas of interest: dietary requirements;
- social contacts: Information on business partners and other contacts;
- employment and functions exercised: current functions and/or previous functions, participation to working committees, information about your position with one of our members, etc;
- photos and videos: photos and videos made at events, meetings, etc.
For what purposes do we use your personal data?
We use your personal data for the following purposes:
- member administration and member communication;
- supplier administration;
- public relations purposes;
- information-sharing purposes via electronic mailings (if you subscribed to them);
- management and analysis of our website(s) and social media channels research and statistical purposes;
For member administration and member communication, we process certain personal data of members’ representatives as required for the proper execution of our mission.
For information-sharing purposes via electronic mailings, we base the processing of your data as per the consent you have provided us with. You may update your preferences at any time or unsubscribe via the link available in all mailings.
In all other cases, the processing of personal data is based on our legitimate interests to analyze website statistics, to improve the content and quality of our website and to conduct research and surveys.
With whom do we share your personal data?
We may share your personal data with processors i.e. third parties, such as partner organizations with whom we organize events and service providers we use (e.g. IT service providers). The personal data may only be used by the processors for the above mentioned purposes.
Where relevant, contractual safeguards are implemented to ensure the protection of your personal data when disclosing your personal data to a third party.
Your personal data will never be rented or sold to third parties for commercial purposes. Neither will we transfer any personal data outside the European Economic Area, except for the IIA Global, our parent professional organization, with whom we signed “Standard Contractual Clauses”.
How long do we keep your personal data?
Your personal data will not be stored for longer than necessary in relation to the purposes for which we process them (we refer to the purposes as listed above). Afterwards they might still be found in our back-ups or archives, but they will no longer be actively processed in a file.
More specifically, we apply the following retention guidelines:
- the personal data that are collected via website cookies will be stored for the storage period of the cookie, as indicated below;
- the personal data that are collected from attendees of our events are archived and no longer used after the event has taken place (unless you have indicated the wish to be informed of our future events or activities). As soon as we note that your contact details are no longer accurate or active, or whenever you decide to use your right to unsubscribe, we will no longer keep your personal data for these purposes;
- any personal data used for information-sharing purposes will be retained for as long as we are sending you relevant mailings/newsletters. As soon as we note that your contact details are no longer accurate or active, or whenever you decide to use your right to unsubscribe, we will no longer keep your personal data for these purposes;
- personal data used for member administration are retained for as long as these data are relevant for the execution of our mission; and personal data used for the purposes of statistics or research are anonymised as soon as possible.
- Only where we are legally obliged to, or where it is necessary for defending our interests in the context of judicial proceedings (e.g. in case of a dispute), we will store the personal data for longer periods. More information on our retention periods is available upon simple request.
How do we protect your personal data?
We have implemented administrative, technical and organizational measures to ensure a level of security appropriate to the specific risks that we have identified. We thereby strive to protect your personal data (to the extent reasonably possible) against destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed.
We seek to ensure that we keep your personal data accurate and up to date. In view thereof, we kindly request you to inform us of any changes to your personal data (such as a change in your contact details).
What are your rights and how can you exercise them?
You have the legal right under articles 15-22 of the GDPR Law:
To access your personal data;
- rectify, complete or update your data;
- erase your personal data (‘right to be forgotten’);
- restrict processing of your personal data;
- object to the processing of your personal data (i.e. your right to unsubscribe from newsletters and event invitations);
- receive your personal data in a structured, commonly used and machine-readable format and to (have) transmit(ted) your personal data to another organization.
To read more about these rights, please visit the website of the Belgian Data Protection Authority. The initial request is free, though a charge can be made for subsequent requests.
You can exercise these rights by contacting us at email@example.com. A proof of identity may be required.
You also have the right to lodge a complaint with your Data Protection Authority. The Belgian Data Protection Authority can be reached at this link.
Update of the Privacy Charter
IIA Belgium reserves the right to modify its privacy charter to comply with legislation or its practices. You are invited to consult the charter for any updates.