This policy contains the guidelines that EFAMA applies in processing personal data, in accordance with the objectives and obligations arising from the General Data Protection Regulation, i.e. Regulation (EU) 2016/679 of 27 April 2016 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (‘GDPR’).
EFAMA, with registered office at 47 Rue Montoyer, 1000 Brussels, registered under VAT number BE 0446.651.445 acts as processor of personal data.
EFAMA confirms that it complies with the current legislation, namely the Law of 8 December 1992 on the protection of privacy and its implementing decisions and the European General Data Protection Regulation of 27 April 2016.
(a) “Personal data”: all information about an identified or identifiable natural person (“the data subject”). A natural person is regarded as identifiable if he or she can be identified directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more elements characterising the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. Appendix 1 lists the Personal Data that the Processer will process in accordance with this agreement and the purposes for which the data are processed.
(b) “Processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
(c) “Controller”: a natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data.
(d) “Processor”: a natural or legal person which processes personal data on behalf of the Controller.
(e) “Sub-processor”: the subcontractor appointed by the Processor to carry out part of the processing on behalf of the Controller.
(f) “Personal data breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed, also known as a “data leak” ;
(g) “GDPR”: The General Data Protection Regulation, i.e. Regulation (EU) 2016/679 of 27 April 2016 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
The above data are processed with a view to the execution of the contract (for delivery of services) that you have concluded with EFAMA. The processing of your personal data takes place more specifically in connection with delivery to the agreed location, as well as invoicing and the monitoring of invoice payments.EFAMA justifies the processing of personal data in this case on the basis of the legitimate interest that EFAMA has in the proper and effective execution of the contract.
EFAMA processes the above data with a view to optimising the content and functioning of the website, in accordance with the needs of the visitor.EFAMA justifies this processing of personal data on the basis of the legitimate interest that EFAMA has in offering a readily accessible, understandable, appropriate, comprehensive and relevant website.For more information regarding the use of EFAMA’s website, please refer to the
EFAMA processes the above data with a view to optimising the content and functioning of the website, in accordance with the needs of the visitor.
EFAMA justifies this processing of personal data on the basis of the legitimate interest that EFAMA has in offering a readily accessible, understandable, appropriate, comprehensive and relevant website.
For more information regarding the use of EFAMA’s website, please refer to the
The above data are processed with a view to personalising our invitations for events.EFAMA relies on your express and prior consent for the processing of personal data in this case.
EFAMA undertakes not to process your personal data for any purpose other than the purposes mentioned above, unless you give EFAMA express prior permission to do so. EFAMA guarantees that your personal data will not be retained if EFAMA no longer requires them for the provision of services, or if it is no longer subject to a statutory retention obligation.You are not obliged to transfer your personal data to EFAMA. However, you should be aware that a refusal to provide certain basic data to EFAMA may result in EFAMA being unable to provide you with certain services.
Your personal data are only processed for direct marketing (invitations for events of conferences) purposes if you give EFAMA your explicit consent to this.If you give EFAMA permission to use your data for direct marketing purposes (invitations for events of conferences), these data will be processed to send you marketing materials (invitations for events of conferences) in electronic form.You may oppose the use of your personal data for direct marketing purposes (invitations for events of conferences) free of charge at any time. To do so, simply send a request to the Information Security Team via the email address
Your personal data processed by EFAMA are stored for a period of 10 years.
As a data subject whose personal data are processed, you have a number of rights with regard to the processing operations carried out by EFAMA.
To exercise these rights, you should contact Information Security Team, accessible via the email address
EFAMA is obliged to respond to this request within a period of one month. You will only receive a response within the set period if you send your request for the exercise of your rights to the Information Security Team.
You have the following rights:
You have the right to access your personal data and the right to check how they are being used. You may obtain a free copy of your available personal data at any time by simply making a request to this effect.
Except for those personal data that must be processed in connection with provision of services or in connection with storage because of a legal obligation, you may indicate which personal data may not be processed at all or may only be processed for a limited number of processing operations. In addition, you may request that personal data which you do not wish to be processed in whole or in part, be deleted. You may also ask to check and, if necessary, correct your personal data.
You may oppose the processing of your personal data at any time if your objection is based on serious and legitimate reasons. If you wish to oppose the use of your personal data for direct marketing purposes, you do not have to give any reasons for this.The processing of personal data is not carried out on the basis of automated decisions; in other words it is not carried out without human intervention.EFAMA does not engage profiling on the basis of the available personal data.
You may oppose the processing of your personal data at any time if your objection is based on serious and legitimate reasons. If you wish to oppose the use of your personal data for direct marketing purposes, you do not have to give any reasons for this.
The processing of personal data is not carried out on the basis of automated decisions; in other words it is not carried out without human intervention.
EFAMA does not engage profiling on the basis of the available personal data.
If the processing of your personal data is based on consent you have given, you may withdraw this consent at any time.
Under the conditions stipulated in the GDPR, you have the right to obtain your personal data in a structured, commonly used and machine-readable form. You may ask EFAMA to transfer your data in this way to another Controller.
If you believe that your rights as a data subject are being infringed by or during the processing of your personal data, you have the right to make a complaint to the Data Protection Supervisor (the Commission for the Protection of Privacy, Drukpersstraat 35, 1000 Brussels, email:
firstname.lastname@example.org, tel. +32 (0)2 274 48 00, fax +32 (0)2 274 48 35), without prejudice to any other possibility of initiating a judicial review or seeking a judicial remedy.
EFAMA undertakes not to sell, rent, distribute or otherwise disclose your personal data to third parties, unless the communication is made to the third party under a legal obligation. In exceptional cases, mandatory laws oblige EFAMA to transfer your personal data to the competent government authorities. Likewise, a court order may require EFAMA to communicate personal data to people authorised by the order to inspect the personal data concerned.
EFAMA makes an exception to its non-disclosure undertaking in the event of a partial or complete reorganisation or a transfer of the company’s business operations. In such cases, your personal data will be conveyed along with the business operations to the third parties involved in the transfer and in the confidential negotiations prior to the transfer.As far as possible, EFAMA will inform you of the transfer to the aforementioned third parties.
EFAMA guarantees that the processing of your personal data takes place in an appropriate, correct and secure manner. If you wish, you will be informed in a transparent manner about the processing procedures and the technical and organisational measures taken to prevent any loss, falsification or unlawful alteration of or unlawful access to your personal data.
EFAMA reserves the right to change this policy.If substantial adjustments are made, EFAMA will take all reasonable measures to notify you before the changes take effect.