Privacy policy

Article 1. Legal provisions

Your personal data is processed by CHU UCL Namur in accordance with EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/48/EC (hereinafter: the ‘GDPR’), and its implementing laws and orders.

The CHU UCL Namur processes your personal data for one of the following reasons:

  • The agreement between us and you if you have registered directly and personally for the event;
  • The consent that you provided to your employer or your school; or the execution of the employment contract with your employer or the contract with your school in connection with a course at your school.

Article 2. To which data processing operations do the rules of this conference apply?

The personal data you provide when you register for an event are processed by the controller, the Centre Hospitalier Universitaire Dinant Godinne Sainte-Elisabeth — UCL — Namur (hereinafter ‘CHU UCL Namur’), whose registered office is located at 5530 Yvoir, avenue Dr G. Thérasse 1, Belgium.

Article 3. Which personal data are processed?

We process the following data about you:

Surname, first name, postal address, e-mail address, telephone number, department, position, institution, professional interests, training assessment, year of birth if applicable, INAMI number if applicable, NISS number if applicable.

The CHU UCL Namur takes all necessary measures to protect the confidentiality of your personal data, and to protect against any unauthorised access, misuse, modification or deletion thereof.

Article 4. For what purposes is your personal data processed?

Your personal data is collected either directly from you, or through your employer or school and may be processed for the following purposes:

  • Management of personal files: :
    • to establish and maintain databases — in particular, identification data — relating to any individual who has registered for one of our events;
    • to inform participants about the organisation of future activities of this type.
  • Logistical and organisational management.
  • Statistical purposes.

Your personal data is processed exclusively by administrative employees of the CHU UCL Namur dedicated to the management of the above-mentioned activities. The controller may transfer your personal data to the following recipients:

  • external consultant for the purpose of organising the activity and delivering their knowledge in a manner appropriate to the categories of people enrolled;
  • the competent authorities, if the data controller is required to transfer certain categories of data.

 

Article 5. Who is the controller of your personal data?

CHU UCL Namur is legally responsible for processing your personal data.

CHU UCL Namur employs subcontractors for decentralised data processing. These subcontractors are subject to the obligation of confidentiality and act on instructions from CHU UCL Namur on behalf of CHU UCL Namur.

CHU UCL Namur does not transfer your data to third parties located outside the European Union.

CHU UCL Namur undertakes to implement a policy and appropriate security measures for data protection.

Article 6. Who manages your personal data?

Your personal data is processed by duly authorised administrative staff within the CHU UCL Namur (HR department training unit, scientific support unit, line managers).

Article 7. Why do you need to provide this personal data?

The personal data that the CHU UCL Namur requests from you are needed to enable the training course/conference to take place. Failure to provide this data will result in non-registration for the training course/conference, since CHU UCL Namur will be unable to organise the event.

Article 8. How are your personal data secured?

All necessary measures are taken to improve the accuracy and completeness of the recorded data. Similarly, necessary technical and organisational measures are taken to secure patient files against loss or damage to data, and against unauthorised access, alteration or disclosure of data, such as, in particular: pseudonymisation and procedures for testing, evaluating and monitoring the effectiveness of security measures. Computer programs are equipped with  prior access control and a list of access identification data is kept afterwards.

Intrusion tests are carried out on a regular basis to check the security level of our information system.

The main security methods used are as follows:

– Backup on magnetic media (disks or tapes) stored in a building outside the computer rooms.

– Storage in a secure archiving system.

– Storage in SAN (Storage Area Network) or NAS (Network Attached Storage) replicated between two remote rooms.

In addition, measures are taken to physically secure the premises where the stored data is located (identified and protected premises, limited access, devices to prevent physical hazards such as fire, water damage, etc.).

Article 9. How long are your personal data kept?

CHU UCL Namur keeps the personal data collected in connection with your registration for ten years. Your personal data is stored in a CHU UCL Namur database. CHU UCL Namur is the sole owner of this database and of the infrastructure on which it is hosted.

Article 8. How are your personal data secured?

All necessary measures are taken to improve the accuracy and completeness of the recorded data. Similarly, necessary technical and organisational measures are taken to secure patient files against loss or damage to data, and against unauthorised access, alteration or disclosure of data, such as, in particular: pseudonymisation and procedures for testing, evaluating and monitoring the effectiveness of security measures. Computer programs are equipped with  prior access control and a list of access identification data is kept afterwards.

Intrusion tests are carried out on a regular basis to check the security level of our information system.

The main security methods used are as follows:

  • Backup on magnetic media (disks or tapes) stored in a building outside the computer rooms.
  • Storage in a secure archiving system.
  • Storage in SAN (Storage Area Network) or NAS (Network Attached Storage) replicated between two remote rooms.

In addition, measures are taken to physically secure the premises where the stored data is located (identified and protected premises, limited access, devices to prevent physical hazards such as fire, water damage, etc.).

Article 9. How long are your personal data kept?

CHU UCL Namur keeps the personal data collected in connection with your registration for ten years. Your personal data is stored in a CHU UCL Namur database. CHU UCL Namur is the sole owner of this database and of the infrastructure on which it is hosted.

Article 10. What are your rights regarding your personal data?

As a data subject, you may exercise the following rights under certain conditions:

  • Ask to correct and, if necessary, complete your personal data if they are inaccurate or incomplete;
  • Ask to have your personal data deleted in some circumstances;
  • Ask to restrict the processing of your personal data in some circumstances;
  • Object, on grounds relating to your particular situation, to the processing of your personal data according to the legitimate interests of the data controller. The CHU UCL Namur no longer processes personal data unless it can demonstrate that there are compelling legitimate grounds for the processing which override your interests and rights;
  • Object to the processing of your personal data for direct marketing purposes, including profiling for direct marketing purposes;
  • Ask to receive the personal data that you have provided to CHU UCL Namur in a structured, commonly used and machine-readable format; ask to transfer such data to another controller where (i) the processing of your personal data is based on your consent or for the purposes of the performance of a contract and (ii) the processing is carried out by automated means; and ask to have your personal data transferred directly from one controller to another, where technically possible;
  • You may withdraw your consent at any time, without prejudice to processing carried out lawfully prior to the withdrawal of consent, where the processing of your personal data is based on your consent.

You may contact CHU UCL Namur to exercise your rights by postal mail or by e-mail; please send a copy of both sides of your identity card/identity papers to the following address: CHU UCL Namur — for the attention of the Data Protection Officer — avenue Dr G. Thérasse 1 — 5530 Yvoir, Belgium, or to: dpo@chuuclnamur.uclouvain.be

CHU UCL Namur will process requests within the time limits provided for by law. Unless your request is clearly unfounded or excessive, no payment will be required for the processing of your request(s).

If you believe that CHU UCL Namur is not complying with the relevant regulations, you are invited to contact CHU UCL Namur as a matter of priority.

You can also lodge a complaint with the Personal Data Protection Authority at the following address: https://www.autoriteprotectiondonnees.be

You may also file a complaint with the Court of First Instance of your place of residence.

Article 11. How are potential data breaches handled?

Any person noticing a violation, leak or loss of personal data must inform the CHU UCL Namur through the intermediary of its Data Protection Officer as quickly as possible, providing as much information as possible.

CHU UCL Namur will then take the necessary steps:

  • Investigate, evaluate and follow-up the incident.
  • Take measures to remedy the data leak; prevent or mitigate the effects of the incident.
  • Notify the Data Protection Authority if applicable.
  • Communicate with data subjects where appropriate.
  • Take all necessary measures to prevent future incidents.

Article 12. Any other questions?

We invite you to contact the Data Protection Officer (DPO) of the CHU UCL Namur at the following address:

dpo@chuuclnamur.uclouvain.b