EPCA Privacy Policy

(Last updated: 22 November 2018)

  1. General statement

The European Petrochemical Association, a nonprofit (AISBL) incorporated under Belgian law, registered with the Belgian Commercial Register (BCE) under n°0408.299.922, with registered address at 270 avenue de Tervueren, 1150 Brussels, Belgium, and with email address dataprotection@epca.eu (hereafter referred to as “EPCA” or "we"), acting as a data processing controller, is committed to protecting the privacy of the individuals we encounter in conducting our business.

“Personal Data” is information that identifies- and relates to you. Personal Data includes, but is not limited to, your name, home and business mailing addresses, telephone number, email address, credit card or other billing information, certain data about your professional activities, and other information that you submit to us.

This Privacy Policy describes how we handle Personal Data that we collect both through this website (www.epca.eu) and through other means (for example, from your registration forms, telephone calls, e-mails and other communications with us).

By accessing and using this website, receiving EPCA’s services, registering to an EPCA event, registering with the EPCA network or otherwise providing Personal Data to EPCA, you become a member of our network and acknowledge that you understand the terms of this privacy statement and the processing and transfer of Personal Data in accordance with this Privacy Policy. 

  1. Personal Data that we collect

Personal Data collected about you may include:

  • General identification and contact information

Your title; first name; last name; job title; e-mail and telephone details; company; address of the company; tax identification number of the company.

  • For meeting registration purposes

Your spouse/companion first and last name.
Following information is requested (not disclosed to third parties) only if a VISA is needed:
Your title; first name; last name; nationality; place of birth; date of birth.
Your passport number; place of issue; date of issue; date of expiry.

  • Financial information

Credit card information: Holder's name; number; expiry. (data is encrypted)

The data that we collect and process are originating from different sources:

  • Data that you provided us with during any interaction with our website and/or our services, including by registering to one of our events
  • Data that your employer or collaborators have provided us
  • Data that is publicly available on the internet
  • Data provided by our partners or other members of the EPCA
  1. How and for which purposes we use your personal data

We may use your Personal Data to:

  1. Communicate with you and others as part of our business activities.
  2. Allow you to communicate and exchange information with other members of our network.
  3. Introduce you to other members of our network.
  4. Allow you to participate actively in our network, including discussions, seminars, meetings and other events. Some of these activities have additional terms and conditions, which could contain additional information about how we use and disclose your Personal Data, so we suggest that you read these carefully.
  5. Send you important information regarding changes to our policies, terms and conditions, this website and other administrative information.
  6. Make decisions about whether to provide you services.
    These processing of your data are necessary for the performance of your contract with us (including your membership to EPCA) or in order to take steps at your request prior to entering into a contract (article 6.1.b GDPR). It would be impossible for EPCA to provide you with our services without such processing.
  7. Provide improved quality, including by monitoring the use of our website, and by monitoring the efficiency of our emailing campaigns.
  8. Personalize your experience on this website by presenting information tailored to you.
  9. Manage our infrastructure and business operations, and comply with internal policies and procedures, including those relating to auditing; finance and accounting; billing and collections; IT systems; data and website hosting; business continuity; and records, document and print management.
  10. Send you mail and emails in relation with our activities or other information that can be of interest for our members; you have the right to oppose to the sending of such emails to you, by using the “unsubscribe” link included in our emails. 
  11. Resolve complaints,
    This is necessary for our legitimate interests and more particularly we have a legitimate interest to improve our services quality (including personalizing the experience on our website to allow a more user-friendly use of the website and informing you on a more tailored way), to inform our members about EPCA’s activities and to use internal policies for running our activities (article 6.1.f GDPR).
  12. Comply with applicable laws and regulatory obligations (including laws outside your country of residence), such as those relating to handling of requests for data access or correction, to anti-money laundering and anti-terrorism; comply with legal process; and respond to requests from public and governmental authorities (including those outside your country of residence). This may be necessary to comply with legal obligations (article 6.1.c GDPR).

Should we have to further process the Personal Data for other purposes than those set forth in the present section, we will provide you with information on that other purpose and with any relevant further information prior to any such further processing.

  1. Transfers and sharing of Personal Data

EPCA may make Personal Data available to:

  • Other members of our network

The EPCA website is indeed used to keep contact and to generate interactions with the members of our network. (Meeting attendance list if accepted by the delegate)

  • Service providers

External third-party service providers, such as accommodation service providers (when provided by the delegate).

Due to the global nature of our business, for the purposes set out above we may give access to business contact details to parties located in other countries even outside the European Economic Area (including the United States and other countries that have a different data protection regime than is found in the country where you are based and which have not been validated by the European Commission as countries offering the same level of protection for your Personal Data). In that case, the transfer will be done only if (i) the third-party service provider has entered into an agreement with EPCA that is in accordance with the Standard Contractual Clauses established by the European Commission or, (ii) the third-party service provider is part to a specific program such as the US Privacy Shield program, (iii) the provision of the services requested from EPCA (e.g. hotel registration as part of the registration to an EPCA event) require such data transfer.

  • Use of social media and video

Our Website contains social media buttons, allowing the user to share content with third parties. When using such buttons, some of your information (e.g. browser information, IP address) may be automatically accessed by the social media operator. EPCA does not control which information is accessed by the social media and how that information is processed by such operators. Please see the privacy policies of these social media to check how they will use your information.

Also, our website contains audiovisual material (video) that can be played. When playing such video, the website operator hosting the video (such as YouTube, Vimeo, etc.) may collect and process some of your personal data. EPCA is not responsible for the processing of your information (e.g. browser information, IP address) by these third parties websites. Please see the privacy policy of these websites to check how they will use your personal information.

  1. Security

EPCA will take appropriate technical, physical, legal and organizational measures, which are consistent with applicable privacy and data security laws. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any Personal Data you might have with us has been compromised), please immediately notify us. (See the “Who to Contact About Your Personal Data” section below.)

When EPCA provides Personal Data to a service provider, the service provider will be selected carefully and required to use appropriate measures to protect the confidentiality and security of the Personal Data.

  1. Retention of Personal Data

EPCA takes reasonable steps to ensure that the Personal Data we process is reliable for its intended use, and as accurate and complete as is necessary to carry out the purposes described in this Privacy Policy. EPCA will retain Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

One of our purposes when processing your Personal Data is to gather information on the members of our network and to keep our network alive and active. When becoming a member of our network, your data will therefore be kept until you decide to unsubscribe to our services and accordingly to quit being part of our network

  1. Personal Data of other individuals

If you provide Personal Data to EPCA regarding other individuals, you agree: (a) to inform the individual about the content of this Privacy Policy; and (b) to obtain any legally-required consent for the collection, use, disclosure, and transfer (including cross-border transfer) of Personal Data about the individual in accordance with this Privacy Policy.

  1. Your rights as a data subject

Data protection laws grant you some rights on certain grounds and conditions, including the rights to access, correct, object to the use of, or request deletion or suppression of Personal Data, as well as to ask a restriction of processing. You also have a right to data portability and a right to withdraw your consent at any time, being understood that such a withdrawal will not affect the lawfulness of the processing that was based on such consent. Please contact us as set out in the “Who to Contact About Your Personal Data” section below with any requests or if you have any questions or concerns about how we process Personal Data. Please note that some Personal Data may be exempt from some of the above rights in accordance with local privacy and data protection laws or any other law.

  1. Other information we collect through the Website

“Other Information” is any information that does not reveal your specific identity, such as:

  • Browser information;
  • Information collected through cookies (please refer to our EPCA cookies policy available on this website);
  • Demographic information and other information provided by you; and
  • Aggregated information

Please note that we may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. If we are required to treat Other Information as Personal Data under applicable law, then, we may use and disclose Other Information for all the purposes for which we use and disclose Personal Data.

  1. Changes to This Privacy Policy

We review this Privacy Policy regularly and reserve the right to make changes at any time to take account of changes in our business and legal requirements. We will place updates on our website.

Please take a look at the “LAST UPDATED” date at the top of this Privacy Policy to see when it was last revised.

  1. Who to contact about your Personal Data

If you have any questions about our use of your Personal Data you can send an e-mail to this address: dataprotection@epca.eu, or write to:

EPCA – The European Petrochemical Association A.I.S.B.L./I.V.Z.W.
Avenue de Tervueren 270
1150 Brussels

  1. Complaints

If you are not happy with our processing of your Personal Data and if you feel that contacting us could not solve the issue, the applicable data protection law provides you with a right to lodge a complaint with the competent supervisory authority.