Innoviris sets great store by the protection of privacy and personal data. That is why we make every effort to process your personal data in line with your rights.
We collect and process your personal data in accordance with the applicable legal provisions, i.e. the Act of 30 July 2018 on the protection of individuals with regard to the processing of personal data and the General Data Protection Regulation (GDPR).
Innoviris is committed not only to process your personal data in a lawful, honest and transparent manner, but also to provide you with clear and comprehensive information about the way in which these data are processed, in accordance with current legislation.
What are personal data?
Personal Data are all the information about an identified or identifiable natural entity.
An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Various data that at first sight appear to be anonymous, but whose aggregation makes it possible to identify a particular person, also constitute personal data.
What type of personal data do we collect?
Innoviris collects various types of personal data in the context of the services and activities offered. These data shall only be processed to the extent of what is strictly necessary to achieve the objective pursued. These include, in particular:
- Your identification data (name, e-mail address, postal address, telephone number, date of birth, ...)
- Your bank details (IBAN, BIC/SWIFT, ...)
- Your invoicing data
- Your access to our web server, browser type
- All the information you provide to us
Who is the controller?
Innoviris is the controller of your personal data.
Our full details are:
Chaussée de Charleroi, 112
CBE No: 0870532933
How do we collect your data?
Most of the data that you provide directly to us is collected through (non-exhaustive list):
- Our online forms (e.g. contact form, Irisbox)
- Our surveys
- The grant application forms, the project calls, ...
- Your registrations for our events, the newsletter
- Our agreements
Why do we use these data?
In accordance with the GDPR, Innoviris collects and processes your data on the basis of the following statutory grounds:
- Within the framework of the tasks of general interest assigned to Innoviris by the Order of 26 June 2003 establishing Innoviris:
- The Council for Science Policy
- Scientific research for economic purposes
- Scientific research for non-economic purposes
- Science policy communication
- The representation of the Brussels-Capital Region:
- International relations
- Information and statistics
- In the context of contractual relations
- In the context of agreed communication, such as the newsletter and event-based communication
- In the context of legal obligations (accounting, social secretariat, etc.)
- In the context of our legitimate interests under the condition set out in recital 47 of the GDPR
Who has access to your data?
Moreover, in order to prevent unauthorised access to, or alteration of, data as much as possible, staff members shall have access only to personal data which are necessary for the performance of their duties.
Partners of Innoviris
Innoviris may share your personal data with partners (usually other government agencies) with whom it cooperates in the performance of its public interest tasks or on the basis of your consent.
Subcontractors and external service providers of Innoviris
In order to carry out certain tasks, Innoviris makes use of the services of external service providers who may process your personal data.
When your personal data are disclosed to subcontractors (e.g. jury) who process these on behalf of Innoviris, Innoviris will ensure that contractual provisions are drawn up, in particular to ensure that these subcontractors:
- have taken appropriate security measures to protect you against your personal data being processed in an unauthorised or unlawful manner and against accidental loss, destruction or damage to your personal data.
Innoviris may need to disclose some of your personal data in order to comply with the law or to respond to government requests.
These are requests from judicial authorities (courts, police forces, etc.), administrative courts (Court of Auditors, Council of State) or certain administrative bodies (Ministerial Guardianship Cabinet, etc.).
Do we pass on your data outside Europe?
Innoviris will not pass on your personal data to countries outside the European Union or to third countries for which the European Commission has not taken an adequacy decision.
How do we protect your data?
We maintain a strict confidentiality policy and take all appropriate measures to ensure that our servers, as much as possible, prevent any unauthorised leakage, destruction, loss, disclosure, use, access or alteration of your data.
If any of the above infringements should nevertheless occur, Innoviris commits to taking all the necessary steps to reduce the damage to a minimum and Articles 33 and 34 of the GDPR will apply.
What is the retention period for the processed data?
We will retain your personal data for the time necessary to achieve the objectives pursued and in accordance with our statutory obligations. The retention period may, therefore, vary accordingly. For example, we are obliged to retain your invoicing data for 7 years to comply with accounting and tax obligations. In addition, when you sign an agreement with the Brussels-Capital Region to obtain funding, we keep your contractual details for legal purposes until 10 years after the end of your contract to keep certain documents as evidence in the event of litigation.
What are your rights as a party involved?
Innoviris wants to ensure that you are fully aware of all your data protection rights.
Each user enjoys the rights under Articles 15 to 22 of the GDPR:
Right of inspection - You have the right to ask Innoviris for a free copy of your personal data which will be processed. We may, however, charge a reasonable fee based on administration costs for any additional copies requested.
Right of rectification - You have the right to ask Innoviris to correct any information which you deem incorrect. You also have the right to ask us to complete any information you deem incomplete.
Right to data erasure ("right to forgetfulness") - You have the right to ask Innoviris to remove your personal data under certain conditions.
Right to restrict processing - You have the right to request Innoviris to restrict the processing of your personal data, subject to certain conditions.
Right of objection - You have the right, under certain conditions, to object to your personal data being processed if this procedure is based on the public interest or a legitimate interest.
Right to transferability of data - You have the right to request that Innoviris transfers your personal data to another organisation, or directly to you, under certain conditions.
Privacy policies of other referenced websites
Changes to this policy
How can you contact us?
DPO - INNOVIRIS
Chaussée de Charleroi, 112
Any requests are usually answered within a month.
How can I contact the Data Protection Authority (DPA)?
If you wish to file a complaint or if you feel that Innoviris has not responded properly to your questions, please contact the Belgian Data Protection Authority (https://www.dataprotectionauthority.be/).
Data Protection Authority
Rue de la Presse 35, B-1000 Brussels