This policy contains, on the one hand, the guidelines that our company applies to the processing of personal data, in accordance with the objectives and obligations arising from the General Data Protection Regulation, namely Regulation (EU) 2016/679 of 27 April 2016 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (AVG in short). We understand by our company: • Mycelia NV with registered office at Veldeken 27, 9850 Deinze, Belgium registered with the register of legal entities in Ghent, under the number 0427.321.424, and with VAT number BE 0427321424. They act as controller of personal data.
Our company confirms that it complies with the applicable legislation, namely the Law of 8 December 1992 on the protection of privacy and its implementing decrees, and the European General Data Protection Regulation of 27 April 2016.
(a) “Personal data” shall mean all information relating to an identified or identifiable natural person (“the data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an online identifier or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Appendix 1 includes which Personal Data the Processor shall process in accordance with this agreement and for which processing purposes.
(b) “Processing” shall mean any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
(c) “Processing controller” means any natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
(d) ‘Processor’ means any natural or legal person who processes personal data on behalf of the Processing Controller.
(e) “Sub Processor”: the subcontractor appointed by the Processor to take on part of the processing process for the Processor.
(f) “personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed, also referred to as ‘data breach’;
(g) “AVG”: General Data Protection Regulation, i.e. Regulation (EU) 2016/679 of 27 April 2016 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
3. Processing of personal data
Below is a list of the personal data our company processes for which purposes and on what basis our company supports the processing. The following personal data is processed in connection with the provision of services to our company’s customers, prospects and suppliers:
• Identification details (name, registered office with history of previous addresses, subscription number, address, account details, telephone and mobile number);
• Contact details (your surname and first name, your telephone number and mobile phone);
• Financial data (bank account number with account information, invoices Education and training information (diplomas, certificates, publications and licences, overview of training institutes, courses and assessments, enrollment fees);
• The above data will be processed in view of the execution of the agreement that you have concluded with our company. The processing of your personal data takes place more concretely in the context of delivery to the agreed location, as well as in the context of invoicing and the follow-up of the payment of the invoice.The processing of personal data by our company in this case is based on our company’s legitimate interest in the proper and effective execution of the agreement. Our company undertakes not to process your personal data for any purpose other than those stated above, unless you have given our company your prior express consent to do so.
Our company assures you that your personal data will not be stored if our company no longer needs your data for the provision of services, or if our company is no longer bound by a legal obligation to retain them. You are not obliged to transfer your personal data to our company. However, you are aware that the refusal to provide our company with certain basic information may make it impossible for our company to provide you with certain services.
4. Storage period
Your personal data that are processed by our company will be kept for a period of 15 years. If your user profile does not show any activity during an uninterrupted period of 15 years, the profile, including all personal data linked to it, will be deleted by our company.
As a data subject whose personal data are processed, you have a number of rights with regard to the processing carried out by our company. To exercise these rights, you should contact the accounting and administration department responsible, which should be contacted at +32 (0)9 228 70 90 or email@example.com. Our company is obliged to respond to this request within a period of one month. Only when you submit your request for the exercise of your rights to the competent accounting and administration department via the aforementioned procedure, will an appropriate response be made within the set period.
You have the following rights:
• Right of access and inspection: You have a right of access to your personal data, as well as the right to consult their use by means of the form provided for this purpose, addressed to the service mentioned above and accompanied by proof of identity, by enclosing a copy of your identity card with your request. You can obtain a free copy of your available personal data at any time upon simple request.
• Right of rectification, erasure and impairment: Except for those personal data that must necessarily be processed within the framework of the agreement or within the framework of the storage pursuant to a legal obligation, you can indicate yourself which personal data may not be processed at all or may only be processed for a limited number of processing operations. In addition, you may request the deletion of those personal data that may not be processed in whole or in part. You may also ask to verify your personal data and, if necessary, to correct it.
• Right of objection, automated decisions and profiling: You may oppose the processing of your personal data at any time if this objection is based on serious and legitimate reasons. If you wish to oppose the use of your personal data for direct marketing purposes, you do not need to state any reasons for this. The processing of personal data by our company does not take place on the basis of automated decisions, in other words not without any human intervention. Our company does not profiling on the basis of the available personal data.
• Right to transferability: Under the conditions set out in the AVG, you have the right to obtain your personal data in a structured, common and machine-readable form. You may ask our company to transfer your data in this way to another Processing Officer.
• Complaints: If you believe that your rights as a data subject are being violated by or during the processing of your personal data, you have the right to submit a complaint to the Supervisor (Commission for the Protection of Privacy, Drukpressstraat 35, 1000 Brussels, e-mail: firstname.lastname@example.org, tel. 32 (0)2 274 48 00, fax +32 (0)2 274 48 35), without prejudice to any other form of administrative or judicial appeal.
6. Transfer to third parties
Our company undertakes not to sell, rent, distribute or in any other way make your personal data available to third parties, unless the communication to the third party takes place within the framework of a legal obligation. In exceptional cases, mandatory legislation requires our company to transfer your personal data to the competent government authorities. The same applies when a court order requires our company to disclose personal data to a number of persons who are authorised by the court order to inspect the personal data in question. However, our company has reservations about the partial or complete reorganization or transfer of the company’s activities. In this case, the business activities will also transfer your personal data to those third parties involved in the transfer and the confidential negotiations prior to the transfer.As far as possible, our company will inform you of the transfer to the aforementioned third parties.
7. Security and Confidentiality
Our company guarantees that the processing of your personal data will be carried out in an adequate, correct and secure manner. If you wish, you will be informed in a transparent manner about the processing procedures and the appropriate technical and organisational measures taken to prevent any loss, falsification or unlawful alteration of, as well as unlawful access to, the personal data.
Our Company reserves the right to alter this policy. If alterations to the policy are made, the Company will take reasonable steps to inform you of such changes before implementing them.
Information recorded by third party servers: