CHARTER ON THE PROTECTION OF YOUR PERSONAL DATA

Your privacy is important to WEP.

Why does A Charter on the Protection of Your Personal Data exist?

WEP (hereinafter “WEP” or “we”) considers your privacy a priority. Consequently, we commit to treating the personal data of our participants, clients, potential clients and online users (hereinafter “you”) with the greatest care and to provide the best possible protection for such data in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regards to the processing of personal data, and on the free movement of such data (hereinafter “GDPR”) and the national law applicable in this field.

This charter provides information about:

  • the personal data that we collect about you and why we do so;
  • the terms of use of your personal data;
  • your rights in regard to your personal data and the ways in which you can exercise these rights.

Most recent modification: 14 June 2018; see previous version(s), archived:

► Explanatory glossary of the main legal terms used in this charter
► Explanatory glossary of the other terms used in this charter 

Table of contents

1. Who is responsible for the use of your data in the context of your relationship with our services?

2. Why do we collect your personal data and on what bases?

3. What personal data do we collect about you?

4. With whom do we share your personal data?

5. How long do we keep your personal data? 

6. What rights do you have in regards to your personal data and how can you exercise these rights?

7. Is your personal data transferred abroad?

8. Would you like to contact us regarding this Charter on the Protection of Your Personal Data and/or would you like to lodge a complaint with a data protection authority? 

9. How can you find out if this Charter on the Protection of Your Personal Data has been modified?

1. Who is responsible for the use of your data in the context of your relationship with our services?

The Joint Data Controllers for the processing of your personal data described in this charter are WEP International and WEP Belgium having their registered offices respectively at Rue Neck 24, 1081 Brussels (WEP International is registered with the ECB under No. 0476.725.504) and Avenue de Jette 26, 1081 Brussels (WEP Belgium is registered with the ECB under No. 0435.130.419). This charter reflects the agreement between them to facilitate the exertion of your rights. Any question or request concerning the processing of your data may be addressed to the following email address: dataprotection@wep.org. You may exercise your rights with respect to and against each of the joint controllers.

2. Why do we collect your personal data and on what bases?

We collect personal data about you for various reasons.

WEP collects and uses your personal data to be able to work efficiently and offer you the best possible experience with its services.

Moreover, please note that we can only collect and use your personal data if its use is based on one of the legal grounds defined by the GDPR (e.g., your consent or the implementation of a contract, which is completed with you).

The table below more specifically lists the purposes for which WEP uses your personal data and the corresponding legal basis.

Purposes for which your personal data is collected Legal basis for the processing of your personal data

1/ Management of pre-contractual relations with potential clients

We process your personal data in order to respond to your requests concerning your participation in an information session, your request to receive our information brochure on the various programs offered by WEP, your participation in an online language test to determine your level, and your various questions sent by email (including via the contact form on our site), by post or via online chat.

WEP's legitimate interest in processing potential clients’ personal data in order to meet the requests and expectations expressed by them (Article 6.1.f. of the GDPR)

2/ Marketing to our clients and prospects, i.e.:

  • Sending newsletters about the various programs organised by WEP;
  • Sending personalised email reminders following actions taken by a prospect;
  • Sending applications for participation in evaluation questionnaires
 WEP has a legitimate interest in processing its clients’ personal data (in particular that which is obtained directly in the context of participation in one of our programs) in order to inform them of other programs and activities it organises. Pursuant to Article XII.13(1) of the Code of Economic Law and the Royal Decree of 4 April 2003, WEP processes personal data relating to electronic contact details of prospects after obtaining prior consent to inform them of other programs and activities it organises.

3/ Organisation of competitions

The data of participants in a competition is processed by WEP in order to ensure the successful execution of the competition, in particular, to contact the winners and award them their prizes effectively and quickly in the event of a win.

 The execution of a contract concluded with you (Article 6.1.b. of the GDPR), in this case, a contract for participation in a competition
4/ The publication of your testimonials Your consent (Article 6.1.a. of the GDPR)
5/ Issue of press releases WEP's legitimate interest in processing journalists' personal data for the purpose of sending and publishing press releases (Article 6.1.f. of the GDPR)

6/ Registration/pre-registration

The registration process is a prerequisite to your participation in one of our programs. We process your personal data in order to process your request.

 Implementation of a pre-contractual measure (Article 6.1.b. of the GDPR)

7/ Orientation and selection interviews

For certain programs, we hold orientation and/or selection interviews in which we collect your personal data to ensure that the chosen program suits you and corresponds to your expectations. We also make sure that your profile matches the conditions of participation in the chosen program.

 Implementation of a pre-contractual measure (Article 6.1.b. of the GDPR)

8/ Organisation of your program

We process your personal data in order to ensure the correct management of your stay and the successful completion of the program to which you have subscribed (whether you decide to study at a secondary school or university, do a language study program or a family immersion program without a course, do volunteer work, find an au-pair job, do a World Tour, or go on a group trip).

The implementation of a contract concluded with you (Article 6.1.b. of the GDPR), in this case, a contract for participation in a program

Your express consent to the processing of your sensitive data within the scope of Article 9 of the GDPR, e.g., your health data, your religious beliefs, your political opinions, sexual orientation, etc. (Article 6.1.a. and 9.2.a of the GDPR)

9/ Follow-up and assistance

We process your personal data to ensure your follow-up and provide you with help and assistance if necessary during your program.

The implementation of a contract concluded with you (Article 6.1.b. of the GDPR), in this case, a contract for participation in a program

Your express consent to the processing of your health data and data revealing your religious beliefs (Articles 6.1.a and 9.2.a. of the GDPR)

10/ Recruitment of host families

When you submit an application to become a host family, we process your personal data in order to assess your application. 

The implementation of a pre-contractual measure (Article 6.1.b. of the GDPR)

Your express consent to the processing of your health data and data revealing your religious beliefs (Articles 6.1.a. and 9.2.a of the GDPR)

11/ Management of relations with host families

Once designated as a host family, we will process your personal data in order to manage the relationship between you, the student and us.

The implementation of a contract concluded with you (Article 6.1.b. of the GDPR)

Your express consent to the processing of your health data and data revealing your religious beliefs (Articles 6.1.a. and 9.2.a. of the GDPR)
12/ Assessment of our services  The legitimate interest of WEP to process its clients’ personal data in order to measure their degree of satisfaction with the goal of improving the services offered (Article 6.1.f. of the GDPR)

13/ Statistics

“Statistical purposes” means any practice of collecting and processing of personal data, which is necessary for statistical surveys or the production of statistical results.

These statistical results may also be used for various purposes, including improving our programs and projects.

“Statistical purposes” implies that the result of processing for statistical purposes does not allow any identification of those persons whose information has been used

 The legitimate interest of WEP in processing its clients’ personal data in order to improve the services offered and to have a better understanding of its target audiences (Article 6.1.f. of the GDPR)
14/ Dispute management

WEP's legitimate interest in processing personal data for the purpose of defending its interests, in particular, but not exclusively for the purpose of contesting or taking legal action (Article 6.1.f. of the GDPR)

3. What personal data do we collect about you? 

Please note that we may collect and use your personal data only if this use is founded on a legal basis determined by the GDPR (e.g., your consent or the implementation of a contract concluded with you).

The table below precisely lists the purposes for which your personal data is used by WEP and the corresponding legal basis.

The purpose for collection Personal data collected Direct or indirect collection of your personal data
1/ Management of pre-contractual relations with potential clients
  • Personal identification data (surname, first name, postal address, email address, telephone number, language)
  • For this purpose, data is collected directly from you
2/ Marketing
  • Personal identification data (surname, first name, postal address, email address, telephone number)
  • Electronic identification data (IP address, cookies, connection records)
  • Demographic characteristics (age, gender, date of birth, your country, your language)
  • For this purpose, data is collected directly from you or indirectly via a third party to whom you have given permission to transmit your data to WEP
3/ Organisation of competitions
  • Personal identification data (surname, first name, postal address, email address, telephone number)
  • For this purpose, data is collected directly from you
4/ Publication of your testimonials 
  • Personal identification data (first name)
  • Data contained in your testimonial (the type of program, destination, duration, period, etc.)
  • For this purpose, data is collected directly from you
5/ Issue of press releases
  • Personal identification data (surname, first name, company, position, fax, postal address – optional, email address, telephone number)
  • For this purpose, data is collected directly from you or obtained via the website of the company for which you work
6/ Registration
  • Personal identification data (surname, first name, postal address, email address, telephone number)
  • Demographic characteristics (age, gender, date of birth, your country, your language)
  • Data relating to the choice of program
  • Other personal data (parents' profession, etc.)
  • Sensitive data within the scope of Article 9 of the GDPR, the legal protection of which is reinforced, i.e. health data (data relating to the existence of allergies, medical treatment/follow-up, special diet, etc.)
  • For this purpose, data is collected directly from you
7/ Orientation and selection interviews, etc.
  • Personal identification data (surname, first name, postal address, email address, telephone number)
  • Psychological data
  • Free fields and comment fields
  • For this purpose, data is collected directly from you
8/ Organisation of your program
  • Personal identification data (surname, first name, postal address, email address, telephone number)
  • Demographic characteristics (age, gender, date of birth, your country, your language)
  • Data relating to the chosen program (departure/arrival/return date, type of program, accommodation)
  • Sensitive data within the scope of Article 9 of the GDPR, the legal protection of which is reinforced, i.e. health data (data relating to the existence of allergies, medical treatment/follow-up, special diet, etc.)
  • For this purpose, data is collected directly from you
9/ Follow-up and assistance
  • Personal identification data (surname, first name, postal address, email address, telephone number)
  • Demographic characteristics (age, gender, date of birth, your country, your language)
  • Data relating to the chosen program (departure/arrival/return date, type of program, accommodation)
  • Sensitive data within the scope of Article 9 of the GDPR, the legal protection of which is reinforced, i.e. health data (data relating to the existence of allergies, medical treatment/follow-up, special diet, etc.)
  • For this purpose, data is collected directly from you or received from our partners
10/ Recruitment of host families (in Belgium)
  • Personal identification data (surname, first name, postal address, email address, telephone number)
  • Data relating to morality
  • Demographic characteristics (age, gender, date of birth, your country, your language)
  • Data contained in the questionnaire and the letter introducing your family, which is communicated to the student who will be staying or is staying with you (motivations, description of your home, family members, a typical day, etc.)
  • Hobbies/profession
  • Data relating to household pets, if applicable
  • Basic house rules (curfew, responsibilities and tasks, expectations, etc.)
  • Your sensitive data within the scope of Article 9 of the GDPR (e.g., your health data, your religious beliefs, your political opinions, sexual orientation, etc.)
  • Photos showing your family, your friends, your home, the student’s room and your activities to introduce your home to the student
  
11/ Management of relations with the host families
  • Personal identification data (surname, first name, postal address, email address, telephone number)
  • Data relating to morality
  • Demographic characteristics (age, gender, date of birth, your country, your language)
  • Data contained in the questionnaire and the letter introducing your family, which is communicated to the student who will be staying or is staying with you (motivations, description of your home, family members, a typical day, etc.)
  • Hobbies/profession
  • Sensitive data within the scope of Article 9 of the GDPR, the legal protection of which is reinforced, i.e. health data (data relating to the existence of allergies, medical treatment/follow-up, special diet, etc.)
  • Data relating to household pets, if applicable
  • Basic house rules (curfew, responsibilities and tasks, expectations, etc.)
  • Your sensitive data within the scope of Article 9 of the GDPR (e.g., your health data, your religious beliefs, your political opinions, sexual orientation, etc.)
  • Photos showing your family, your friends, your home, the student’s room and your activities to introduce your home to the student
  
12/ Evaluation
  • Personal identification data (surname, first name, postal address, email address, telephone number)
  • Data relating to the chosen program (departure/arrival/return date, type of program, accommodation)
  • For this purpose, data is collected directly from you

13/ Statistics 

“Statistical purposes” means any practice of collecting and processing of personal data, which is necessary for statistical surveys or the production of statistical results.

These statistical results may also be used for various purposes, including improving our programs and projects.

“Statistical purposes” implies that the result of processing for statistical purposes does not allow any identification of those persons whose information has been used
  • Personal identification data
  • Demographic characteristics
  • Data relating to the chosen program
  • Data relating to household pets, if applicable
  • For this purpose, data is collected directly from you
14/ Dispute management
  • Personal identification data (surname, first name, postal address, email address, telephone number)
  • Demographic characteristics (age, gender, date of birth, your country, your language)
  • Data relating to the chosen program (departure/arrival/return date, type of program, accommodation)
  • Your sensitive data within the scope of Article 9 of the GDPR (e.g., your health data, your religious beliefs, your political opinions, sexual orientation, etc.)
  • Data relating to morality
  • Data relating to household pets, if applicable
  • Basic house rules (curfew, responsibilities and tasks, expectations, etc. 
  • For this purpose, data is collected directly from you or collected from our partners

4. With whom do we share your personal data?

In the context of our activities, we may share your personal data. It goes without saying that should this be the case, we will ensure optimal protection of your personal data.

► Sharing your personal data with our service providers/partners and/or subcontractors

Our service providers, partners and/or subcontractors can access your personal data for the processing operations they perform. Below, you will find the list of subcontractors with whom we share your data, their location and the reason why we share the information in question with them.

Service providers, partners and/or subcontractors that are involved in the sharing of your personal data Location of service providers, partners and/or subcontractors Reason for sharing your personal data
Expert IT Belgium
  • Website publisher and developer
  • Infrastructure systems and application maintenance
Media&More Italy
  • Platform used under the framework of school programs
Online.net France
  • Website hosting
Deluxe Small Business Sales

USA

This company is located outside the EEA. 
Click here for more information.

  • Email marketing (VerticalResponse)
Zendesk, Inc.

USA 

This company is located outside the EEA. 
Click here for more information.

  • Online chat (Zopim)
Formstack

USA 

This company is located outside the EEA. 
Click here for more information.

  • Form solution
Altissia Belgium
  • Language testing platform
Facebook Lead

USA 

This company is located outside the EEA. 
Click here for more information.

  • Form advertisements
Local rep/psychologist Belgium
  • WEP uses local psychologists or representatives to conduct orientation and selection interviews (see point 2).
Our partners

In the EU or outside the EU*

*The partner varies according to the choice of program and destination; its contact details will be included in the travel document sent prior to the participant's departure.
  • WEP has partners who can assist us in co-organising or facilitating our activity in the management of the various programs.

 

With government bodies, in response to legal requests, including requirements regarding national security or the application of the law

In the context of a transaction, such as a merger, a takeover, a consolidation or a sale of assets, it may be that we have to share your personal data with the buyers or sellers.

4. (ARTicle) Do we capitalise on your personal data? 

We do not share your data with commercial partners who may want to propose products or services to you. 

5. How long do we keep your personal data?

WEP has laid down precise rules on the storage period for your personal data. The storage period varies depending on different objectives and has to take into account any legal obligations to keep some of your data.

Click here for more information

6. What rights do you have with regards to your personal data and how can you exercise these rights? 

We aim to inform you as clearly as we can about your rights with regards to your personal data. We aim to ensure that you can easily exercise these rights.

Please find below a summary of your rights and a description of the way in which you can exercise them.

► Right of access

You can ask us to grant you access to all the following information with concerning:

  • The categories of personal data that we collect about you;
  • The reasons why we use this data;
  • The categories of people with whom we share or will share your personal data and in particular those who are located outside Europe;
  • The periods for which your personal data will be kept in our systems;
  • Your right to ask us to correct or delete your personal data or to limit the use that we make of your personal data and your right to object to this use;
  • Your right to lodge a complaint with a European data protection body;
  • Information about the source, when we have not collected your personal data directly from you;
  • The way in which your personal data is protected when it is transferred to countries outside Europe.

• How to exercise your right to access 

For this, you simply have to contact us by email at dataprotection@wep.org, indicating "right to access: personal data" in the subject line and attaching a copy of the front of your identity card and a brief description of the data you wish to access. Unless you indicate otherwise, you will receive the requested data free of charge in an electronic format within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request.

If you are unable to consult your data by email, you can also send us your request by post to the following address: Rue Neck 24, 1081 Brussels, Belgium.

Written requests must be signed and accompanied by a copy of the front of your identity card. The request must specify the address to which the reply must be sent. In that case, a reply will be sent to you within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request or if WEP receives an excessively large number of requests.

► Right of correction

You may ask WEP to correct and/or update your personal data.

• How to exercise your right to have data corrected

For this, you simply have to send an email to dataprotection@wep.org providing your surname and first name, indicating "right to correction: personal data" in the subject line and attaching a copy of the front of your identity card.

Do not forget to state the reason for your email in the text itself (e.g., the correction of inaccurate data and the information to be corrected, and if necessary, proof of the correct information, if you have it).

You can also exercise this right by sending a letter to the following address: Rue Neck 24, 1081 Brussels, Belgium. Your written request must be signed and accompanied by a copy of the front of your identity card. The request must specify the address to which the reply must be sent. In that case, a reply will be sent to you within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request or if WEP receives an excessively large number of requests.

► The right to have data deleted

If you find yourself in one of the following situations, contact us at any time to ask us to delete the personal data that we process about you: 

  • Your personal data is no longer necessary for the reasons for which they were collected or processed in a different way;
  • You have withdrawn the consent on which the processing of your personal data by WEP is based;
  • Because you believe, for a specific reason, that further processing would adversely affect your privacy and could cause excessive damage;
  • You no longer wish to receive commercial offers from us;
  • Your personal data is not processed in accordance with the GDPR and the applicable national law;
  • Your personal data has to be deleted to fulfil a legal obligation laid down in the law of the European Union or the national law to which WEP is subject;
  • Your personal data was collected in the context of an offer from a website directed at children

• How to exercise your right to have data deleted

For this, you simply have to send an email to dataprotection@wep.org providing your surname and first name, indicating "right to have data deleted" in the subject line and attaching a copy of the front of your identity card. Do not forget to state the reason for your email in the text itself (e.g., the deletion of your data when you have withdrawn your consent on which processing is based).

You can also exercise this right by sending a letter to the following address: Rue Neck 24, 1081 Brussels, Belgium.

Your written request must be signed and accompanied by a copy of the front of your identity card. The request must specify the address to which the reply must be sent. In that case, a reply will be sent to you within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request or if WEP receives an excessively large number of requests.

However, we may be unable to respond to your request to exercise your right to be forgotten. It is important to remember that this right is not absolute. We have to ensure that this right is balanced against other important rights and values, such as freedom of expression, compliance with a legal requirement to which we are subject or important reasons of public interest.

► The right to be forgotten 

Our website may contain personal data that concerns you. If you do not wish for this data to appear on the website, you can ask us to remove it if you are in one of the following situations:

  • Your personal data is no longer necessary for the reasons for which they were collected or processed in a different way;
  • You have withdrawn the consent on which the processing of your personal data by WEP is based;
  • Because you believe, for a specific reason, that further processing would adversely affect your privacy and could cause excessive damage;
  • You no longer wish to receive commercial offers from us;
  • Your personal data are not processed in accordance with the GDPR and the national law applicable to WEP;
  • Your personal data have to be deleted to fulfil a legal obligation laid down in the law of the European Union or the national law to which WEP is subject;
  • Your personal data was collected in the context of an offer from a website directed at children

• How to exercise your right to be forgotten 

To have certain information concerning you removed from our website, you simply have to send an email to dataprotection@wep.org providing your surname and first name, indicating "right to be forgotten: personal data" in the subject line and attaching a copy of the front of your identity card. Do not forget to give the reason for your request in the text of your email, for example, a brief explanation and the precise address (URL) of the page in question. You can also exercise this right by sending a letter to the following address: Rue Neck 24, 1081 Brussels, Belgium.

Your written request must be signed and accompanied by a copy of the front of your identity card. The request must specify the address to which the reply must be sent. In that case, a reply will be sent to you within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request or if WEP receives an excessively large number of requests.

However, we may be unable to respond to your request to exercise your right to be forgotten. It is important to remember that this right is not absolute. We have to ensure that this right is balanced against other important rights and values, such as freedom of expression, compliance with a legal requirement to which we are subject or important reasons of public interest.

► The right to object

  • You can object to the use of your personal data for the following purposes: commercial requests and more specifically, advertisements. 
  • You have the right to object to our processing of your personal data because you believe, for a specific reason, that further processing would adversely affect your privacy and could cause excessive damage.

You cannot, under any circumstances, prevent us from processing your data:

  • If the processing is necessary to conclude or fulfil your contract;
  • If the processing is required by a law or legal provision. This is the case in particular when you move to a different commune;
  • If the processing is necessary to be able to establish, exercise or assert your rights before the courts.

• How to exercise your right to object

For this, you simply have to send an email to dataprotection@wep.org providing your surname and first name, indicating "right to object: personal data" in the subject line and attaching a copy of the front of your identity card.

It is important to indicate the reasons for your request to object.

You can also exercise this right by sending a letter to the following address: Rue Neck 24, 1081 Brussels, Belgium. Your written request must be signed and accompanied by a copy of the front of your identity card. The request must specify the address to which the reply must be sent.

In that case, a reply will be sent to you within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request or if WEP receives an excessively large number of requests.

However, we may not be able to respond to your request. In that case, we will of course reply to you as clearly as possible. In addition, any emails or information letters that may be sent to you will include a link, which you can click so that you no longer receive any promotional information from us.

► The right to the transferability of data

This right offers you the possibility of controlling your personal data more easily and more specifically by yourself:

  • Retrieving your personal data processed by us for your personal use and, for example, storing it on a device or in a personal cloud;
  • Transferring your personal data from us to another company; either doing this yourself or having it done directly by us, on condition that such a transfer is “technically possible”.

This right relates to data provided actively and knowingly to create your online account (e.g., email address, username, age) and data collected by WEP.

Conversely, the personal data derived, calculated or put together from the information provided by you, such as the result of an assessment of your health, are excluded from the right of transferability of data because they were created by WEP.

• How to exercise your right to the transferability of data

For this, you simply have to send an email to dataprotection@wep.org giving your surname and first name, indicating "right to the transferability of data: personal data" in the subject line and attaching a copy of the front of your identity card. Do not forget to specify the respective files and the type of request (return of data and/or transfer to a new service provider) in your email.

You can also exercise this right by sending a letter to the following address: Rue Neck 24, 1081 Brussels, Belgium.

Your written request must be signed and accompanied by a copy of the front of your identity card. The request must specify the address to which the reply must be sent. In that case, a reply will be sent to you within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request or if WEP receives an excessively large number of requests.

However, you should know that WEP has the right to refuse your request for the transferability of data. This right only applies to personal data that was collected on the basis of your consent or the performance of a contract concluded with you (to find out more specifically about the personal data that may be the subject of the right to the transferability of data, click on the purposes and bases section). Moreover, this right may infringe the rights and freedoms of third parties, whose data may form part of the data, which would be transferred further to the request for transferability.

► The right to limit processing

You have the right to ask us to limit the processing of your data, that is to say the marking (e.g., a temporary move of your data to another processing system or a lock on your data making it inaccessible) of your registered personal data in order to limit future processing. You can call upon this right when:

  • The accuracy of the data in question is disputed;
  • Your personal data is not processed in accordance with the GDPR and the applicable national law
  • The data is no longer necessary to achieve the original purposes but cannot yet be removed for legal reasons (in particular, for the ascertainment, the execution or defence of your rights in court);
  • The decision regarding your request is in progress.

In case of processing limitations, your personal data will no longer be subject to any treatment without your prior consent with the exception of its storage.

Your personal data may nevertheless still be processed for the purpose of ascertaining, exercising or defending legal rights, or for the protection of the rights of another legal or natural person, or for important reasons of public interest in the Union or the Member State.

In case of limitation of the treatment of some of your personal data, we will keep you informed about the timing when the measures will be lifted.

• How to call upon your right to limitation 

In order to do this, simply send us an email to dataprotection@wep.org indicating your surname, first name and in the subject, “right to limitation: personal data”, as well as a copy of the front of your identity card. Do not forget to mention the reason for your request in the body of your email.

You can also exercise this right by sending us a letter to the following address: Rue Neck 24, 1081 Brussels, Belgium.

Your written request must be signed and accompanied by a copy of the front of your identity card. The request must specify the address to which the reply must be sent. In that case, a reply will be sent to you within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request or if WEP receives an excessively large number of requests..

7. Is your personal data transferred abroad? 

► Data transfer within Europe 

Some data is transferred in Europe for the purpose of certain processing operations (see point 4.1).

Within the European Economic Area (28 EU members states - Germany, Austria, Belgium, Bulgaria, Cyprus, Croatia, Denmark, Spain, Estonia, Finland, France, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Czech Republic, Romania, United Kingdom, Slovenia, Slovakia, Sweden - Iceland, Norway and Liechtenstein), personal data will benefit from the same level of protection.

► Data transfer outside Europe

You should be aware that the protection of privacy and the rules allowing authorities to access your personal data in these countries are not necessarily equivalent to those in Europe.

In order to ensure a high standard of data protection and privacy, we only use or assign service providers, partners and subcontractors with sufficient technical and legal guarantees.

The table below details the transfer of your personal data outside Europe.

Recipient Categories Company Name Location of the Company Reason for the Transfer Legal Safeguards Applicable to the Transfer
Sub-contractor Deluxe Small Business Sales USA Email marketing

Deluxe Small Business Sales, Inc. is committed to and respects the Privacy Shield principles. This is a self-certification mechanism for companies established in the United States that has been recognised by the European Commission as providing a legal guarantee for personal data transfer by a European entity to companies established in the United States. For more information about Privacy Shield, click here
Sub-contractor Zendesk, Inc. USA Online chat (Zopim) Zendesk, Inc. is committed to and respects the Privacy Shield principles. This is a self-certification mechanism for companies established in the United States that has been recognised by the European Commission as providing a legal guarantee for personal data transfer by a European entity to companies established in the United States. For more information about Privacy Shield, click here
Sub-contractor Formstack USA Form solution Formstack is committed to and respects the Privacy Shield principles. This is a self-certification mechanism for companies established in the United States that has been recognised by the European Commission as providing a legal guarantee for personal data transfer by a European entity to companies established in the United States. For more information about Privacy Shield, click here
Sub-contractor Facebook Lead USA Form advertisements Facebook is committed to and respects the Privacy Shield principles. This is a self-certification mechanism for companies established in the United States that has been recognised by the European Commission as providing a legal guarantee for personal data transfer by a European entity to companies established in the United States. For more information about Privacy Shield, click here
Partners The partner varies according to the choice of the program and destination. Its contact details will be included in the travel document sent before the participant's departure. Outside the EU Local partners who are involved in co-organising or facilitating our activity in the organisation of our programs

We transfer and/or grant access to your personal data to a partner located in a non-EEA country only if:

(1) It is located in a country, which ensures an adequate level of protection under an adequacy decision taken by the European Commission;

(2) Appropriate safeguards have been implemented in accordance with the GDPR;

(3) The transfer is necessary for the performance of a contract concluded with you or the implementation of pre-contractual measures taken at your request; or

(4) You have explicitly consented to this. For more information and/or a copy of the guarantees in place, simply send us an email to dataprotection@wep.org indicating your surname, first name and in the subject, "transfers outside the EU: personal data". Also, remember to specify in the body of your email the exact information you wish to obtain.

 

8. Would you like to contact us regarding this Charter on the Protection of Your Personal Data and/or would you like to lodge a complaint with a data protection authority?

► Do you have a question or a suggestion about this Charter on the Protection of Your Personal Data?

Do not hesitate to pass your question or suggestion on to us by using this email address: dataprotection@wep.org, or by sending a letter to Rue Neck 24, 1081 Brussels, Belgium. It will be our pleasure to read and respond to your message or letter as soon as possible.

► Do you think we do not protect your personal data sufficiently?

If you believe that WEP is not processing your personal data in accordance with the GDPR and the applicable national law by using this email address: dataprotection@wep.org or by sending a letter to Rue Neck 24, 1081 Brussels, Belgium. In any case, you have the right to lodge a complaint with:

  • the data protection authority of the European country in which you are normally a resident; or
  • the data protection authority of the European country in which you work; or
  • the data protection authority of the European country in which the infringement of the GDPR was committed.

► Lodging a complaint with the Belgian Data Protection Authority

  • By post: Belgian Data Protection Authority, Rue de la Presse 35, 1000 Brussels, Belgium
  • By email: contact@apd-gba.be

9. How can you find out if this Charter on the Protection of Your Personal Data has been modified? 

This Charter on the Protection of Your Personal Data may be modified at any time, in particular, to take account of any legal or statutory changes and the development of our services. Any major changes that may be made will be announced via our website or by email, as far as possible at 30 thirty days before they come into force.

When we publish modifications to this charter, we will adapt the "most recent update" date at the top of the confidentiality policy and describe the modifications on the page entitled "History of Modifications". We advise you to consult this charter regularly to find out how WEP protects your personal data.