Subject of this Privacy Policy

Innoviris sets great store by the protection of privacy and personal data. That is why we make every effort to process your personal data in line with your rights.

We collect and process your personal data in accordance with the applicable legal provisions, i.e. the Act of 30 July 2018 on the protection of individuals with regard to the processing of personal data and the General Data Protection Regulation (GDPR).

The purpose of this Privacy Policy is to inform you about the way in which Innoviris processes your personal data in general.

Innoviris is committed not only to process your personal data in a lawful, honest and transparent manner, but also to provide you with clear and comprehensive information about the way in which these data are processed, in accordance with current legislation.

We reserve the right to introduce changes to the present privacy policy at any time. Any substantial changes will always be clearly communicated to you. It is, however, recommended to consult this page regularly.
 

What are personal data?

Personal Data are all the information about an identified or identifiable natural entity.

An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Various data that at first sight appear to be anonymous, but whose aggregation makes it possible to identify a particular person, also constitute personal data.
 

What type of personal data do we collect?

Innoviris collects various types of personal data in the context of the services and activities offered. These data shall only be processed to the extent of what is strictly necessary to achieve the objective pursued. These include, in particular:

  • Your identification data (name, e-mail address, postal address, telephone number, date of birth, ...)
  • Your bank details (IBAN, BIC/SWIFT, ...)
  • Your invoicing data
  • Your access to our web server, browser type
  • All the information you provide to us
     

Who is the controller?

Innoviris is the controller of your personal data.

Our full details are:

INNOVIRIS

Chaussée de Charleroi, 110

B-1060 Brussels

CBE No: 0870532933

How do we collect your data?

Most of the data that you provide directly to us is collected through (non-exhaustive list):

  • Our online forms (e.g. contact form, Irisbox)
  • Our surveys
  • The grant application forms, the project calls, ...
  • Your registrations for our events, the newsletter
  • Our agreements

 

When you visit our website, we use cookies to recognise the user and provide a personalised user experience, and to remember your technical choices (e.g. language). For more information about our use of cookies, please refer to our Cookie Policy.
 

Why do we use these data?

In accordance with the GDPR, Innoviris collects and processes your data on the basis of the following statutory grounds:

  1. Within the framework of the tasks of general interest assigned to Innoviris by the Order of 26 June 2003 establishing Innoviris:
  • The Council for Science Policy
  • Scientific research for economic purposes
  • Scientific research for non-economic purposes
  • Science policy communication
  • The representation of the Brussels-Capital Region:
  • International relations
  • Information and statistics
  1. In the context of contractual relations
  2. In the context of agreed communication, such as the newsletter and event-based communication
  3. In the context of legal obligations (accounting, social secretariat, etc.)
  4. In the context of our legitimate interests under the condition set out in recital 47 of the GDPR
     

Who has access to your data?

Staff members

Staff members may exchange your personal data in order to carry out the tasks entrusted to them. Internal measures are taken to ensure that your personal data are processed in accordance with this Privacy Policy.

Moreover, in order to prevent unauthorised access to, or alteration of, data as much as possible, staff members shall have access only to personal data which are necessary for the performance of their duties.

 

Partners of Innoviris

Innoviris may share your personal data with partners (usually other government agencies) with whom it cooperates in the performance of its public interest tasks or on the basis of your consent.

 

Subcontractors and external service providers of Innoviris

In order to carry out certain tasks, Innoviris makes use of the services of external service providers who may process your personal data.

When your personal data are disclosed to subcontractors (e.g. jury) who process these on behalf of Innoviris, Innoviris will ensure that contractual provisions are drawn up, in particular to ensure that these subcontractors:

  • do not use your personal data for purposes other than those indicated by Innoviris and that they are processed in accordance with the purposes described in this Privacy Policy, and;
  • have taken appropriate security measures to protect you against your personal data being processed in an unauthorised or unlawful manner and against accidental loss, destruction or damage to your personal data.

 

Government agencies

Innoviris may need to disclose some of your personal data in order to comply with the law or to respond to government requests.

These are requests from judicial authorities (courts, police forces, etc.), administrative courts (Court of Auditors, Council of State) or certain administrative bodies (Ministerial Guardianship Cabinet, etc.).

 

Do we pass on your data outside Europe?

Innoviris will not pass on your personal data to countries outside the European Union or to third countries for which the European Commission has not taken an adequacy decision.

For more information: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions

 

How do we protect your data?

We maintain a strict confidentiality policy and take all appropriate measures to ensure that our servers, as much as possible, prevent any unauthorised leakage, destruction, loss, disclosure, use, access or alteration of your data.

If any of the above infringements should nevertheless occur, Innoviris commits to taking all the necessary steps to reduce the damage to a minimum and Articles 33 and 34 of the GDPR will apply.

What is the retention period for the processed data?

We will retain your personal data for the time necessary to achieve the objectives pursued and in accordance with our statutory obligations. The retention period may, therefore, vary accordingly. For example, we are obliged to retain your invoicing data for 7 years to comply with accounting and tax obligations. In addition, when you sign an agreement with the Brussels-Capital Region to obtain funding, we keep your contractual details for legal purposes until 10 years after the end of your contract to keep certain documents as evidence in the event of litigation.
 

What are your rights as a party involved?

Innoviris wants to ensure that you are fully aware of all your data protection rights.

Each user enjoys the rights under Articles 15 to 22 of the GDPR:

Right of inspection - You have the right to ask Innoviris for a free copy of your personal data which will be processed. We may, however, charge a reasonable fee based on administration costs for any additional copies requested.

Right of rectification - You have the right to ask Innoviris to correct any information which you deem incorrect. You also have the right to ask us to complete any information you deem incomplete.

Right to data erasure ("right to forgetfulness") - You have the right to ask Innoviris to remove your personal data under certain conditions.

Right to restrict processing - You have the right to request Innoviris to restrict the processing of your personal data, subject to certain conditions.

Right of objection - You have the right, under certain conditions, to object to your personal data being processed if this procedure is based on the public interest or a legitimate interest.

Right to transferability of data - You have the right to request that Innoviris transfers your personal data to another organisation, or directly to you, under certain conditions.

Privacy policies of other referenced websites

The Innoviris website contains links to other websites. Our Privacy Policy only applies to our site and Innoviris' own processing operations. This is why, if you click on a link to another website, you are required to read their privacy policy.

Changes to this policy

Innoviris regularly reviews its Privacy Policy and posts any updates on this web page.

 

How can you contact us?

If you have any questions about this Privacy Policy, the information we hold about you or if you wish to exercise any of your rights under Articles 15 to 22 GDPR, please do not hesitate to contact us.

E-mail: dpo@innoviris.brussels

By post:

DPO - INNOVIRIS

Chaussée de Charleroi, 110

B-1060 Brussels

Any requests are usually answered within a month.
 

How can I contact the Data Protection Authority (DPA)?

If you wish to file a complaint or if you feel that Innoviris has not responded properly to your questions, please contact the Belgian Data Protection Authority (https://www.dataprotectionauthority.be/).

Data Protection Authority

Rue de la Presse 35, B-1000 Brussels

     +32 (0)2 274 48 00

     +32 (0)2 274 48 35

     contact@apd-gba.be

 

Brussels, City of Innovators

With the support of Innoviris, their skills, their innovative ideas and their enthusiasm boost evolution in the Brussels-Capital Region. Meet the innovators that shape the future of Brussels.
© 2020 Brussels-Capital Region. All rights reserved.