Effective since: 18 November 2018

The Privacy Policy of the Academic Cooperation Association (ACA)

Effective since: 18 November 2018

1 Warning

1.1 The Academic Cooperation Association (ACA), an AISBL/VZW according to Belgian law seated in Brussels, respects the privacy of its users and member organisations.

1.2 ACA processes the personal data transmitted to it in accordance with the legislation in force, and, in particular, Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data, applicable from 25 May 2018 (hereinafter the “General Data Protection Regulation”).

1.3 Access to the website www.aca-secretariat.be implies the user’s full and unreserved acceptance of this Privacy Policy (hereafter the “policy”), as well as its general terms of use (hereafter the “terms”) and the cookie policy (hereafter the “cookie policy”).

1.4 The user acknowledges having read the information below and authorises ACA to process, in accordance with the provisions of the policy, the personal data that s/he communicates on the website.

1.5 The policy is valid for all pages hosted on the ACA website and for the registrations of the latter. It is not valid for the pages hosted by third parties to which ACA may refer and whose privacy policies may differ. Therefore, ACA be held responsible for any data processed on these websites or by them.

2 Controller

2.1 Simply visiting the website shall take place without having to provide any personal data, such as first name, surname, postal and/or email address, for example.

2.2 As part of the service, the user may be required to provide certain personal data. In this case, the data controller is:

Academic Cooperation Association, AISBL/VZW (ACA)

15, rue d’Egmontstraat

B-1000 Brussels

secretariat(at)aca-secretariat.be

Tel: +32 2 513 22 41

Fax: +32 2 513 1776

Belgian registry number: BE0451.407.415

2.3 Questions relating to the processing of said data should be sent to this address: secretariat@aca-secretariat.be.

3 Data collected

3.1 By using the service and/or completing the registration form on the website, the user allows ACA to record and store, for the purposes mentioned under 4, the following information: data for identifications, such as surname, first name, function, organisation or institution, email address, postal address; invoicing information; communications between the user and ACA.

3.2 Further, the user authorises ACA to record and store the following data for the purposes mentioned under 4:

information voluntarily provided by the user for a purpose specified in the policy, the general terms and conditions (hereafter the “GTC”), the terms, the Cookie Policy, on the website or on any other medium of communication used by ACA;
additional information requested by ACA to the user in order to identify him/her or to prevent him/her from violating any of the provisions of the policy.

3.3 In order to facilitate browsing the website as well as to optimise technical management, the website may use “cookies”. These “cookies” record, in particular:

the user’s browsing preferences;
the date and time of access to the website and other data related to traffic;
the pages visited.

All information relating to “cookies” is included in ACA’s Cookie Policy.

3.4 When the website is accessed by the user, the servers involved automatically record certain data, such as:

the type of domain by means of which the user connects to the Internet;
the IP address assigned to the user (when connected);
the date and time of access to the website and other data related to traffic;
location data or other data relating to the communication;
the pages visited;
the type of browser used;
the operating system and/or platform used;
the search engine as well as the search words used to find the website.

3.5 No nominative data identifying the user is collected through the cookies used and servers involved. This information is kept for statistical purposes only and to improve the website.

4 Purposes of data processing

4.1 The Website collects, stores and uses its users’ data for the following purposes in particular:

to establish, carry out and conduct the contractual relationship with the user;
to analyse, adapt and improve the content of the website;
to allow the user to receive messages;
to facilitate the availability and use of the website;
to personalise the user’s experience on the website;
to respond to requests for information;
to inform users about ACA’s manifold activities such as the provision of news from European higher education (ACA’s newsletter), seminars, conferences and other physical or virtual events, publications, ect.
to inform users about any changes on the website and its features;
for any other legitimate purpose.

5 Rights of the person concerned

5.1 In compliance with the regulations on the processing of personal data, the user has the following rights:

the right to be informed about the purposes of the processing (see above) and the identity of the data controller;
the right of access and verification of data: the user must, at any time, have access to the data that ACA has on him/her or check if s/he is included in the database of ACA. ACA asks the user to make this request by email in order to be able to identify him/her with certainty (Requests to ACA must contain the requester’s first name, surname, organisation, complete address and a copy of ID card). ACA will this way be able to ensure that only the user can access her/his data;
the right of objection: the user may, at any time, object to the use of his/her data by ACA and by its active partners (such as hosts for events) by sending his/her request to ACA by (e)mail;
the right of cancellation and/or modification: the user may, at any time, notify ACA of corrections to the data concerning him/her and, where appropriate and/or request the deletion of his/her personal data;
the right of limitation of processing: the user may obtain a limitation of processing when s/he has objected to the processing, when s/he disputes the accuracy of the data, or when s/he considers that the processing is illegal;
the right of transferability: The User has the right to receive the personal data that s/he has communicated to ACA and may also ask said company to send this data to another data controller.

5.2 The User may, at any time, request access to his/her personal data, verify them, transfer them, and, in some cases, as mentioned above, limit their processing and rectify them, by writing to the following email address secretariat(at)aca-secretariat.be or the postal address: 15, rue d’Egmonstraat, B-1000 Brussels, Belgium.

5.3 The user may also, free of charge, request rectification and, where applicable, the deletion of all his/her personal data from ACA’s database – except such which ACA is legally obliged to keep on record – and object to the use and, where appropriate, request the limitation thereof by sending a written request, accompanied by a copy of his/her identity card or passport, to the data controller under the addresses mentioned in 5.2.

5.4 ACA will take the necessary measures to satisfy such requests as soon as any possible.

6 Duration of data storage

6.1 ACA will keep the personal data of its users for the duration necessary to achieve the objectives pursued (see under 4).

6.2 ACA may also continue to keep personal data concerning the de-registered user, including all correspondence or requests for assistance sent to ACA in order to be in a position to reply to all questions or complaints that may be sent to it, and in order to comply with all applicable laws.

7 Complaint to the supervisory authority

The user is informed that s/he has the right to lodge a complaint with the Belgian Commission for the Protection of Privacy.

8 Security

8.1 ACA has taken the appropriate technical and organisational measures to ensure a level of security commensurate with the risk and that, to the extent possible, the servers hosting the personal data processed prevent:

unauthorised access to or modification of the data;
improper use or disclosure of the data;
unlawful destruction or accidental loss of such data.

8.2 In this respect, employees of ACA who have access to these data are subject to a strict confidentiality obligation. This notwithstanding, ACA may in no way be held liable in the event that the data are stolen or hijacked by a third party despite the security measures adopted.

8.3 Users undertake not to commit acts that may be contrary to this policy, the terms, the cookie policy or, in general, the law. Violations of confidentiality, integrity and availability of information systems and data which are stored, processed or transmitted by these systems, or the attempt to commit one of these violations, shall be punishable by imprisonment of between three months and five years and a fine of between twenty-six euros and two hundred thousand euros, or one of these penalties only.

9 Communication to third parties

9.1 ACA treats personal data as confidential information. It will not communicate them to third parties under any condition other than those specified in the policy, such as to achieve the objectives set out and defined under 4, or under the conditions in which the law requires it to do so.

9.2 ACA may communicate its users’ personal information to third parties to the extent that such information is necessary for the performance of a contract with its users. In such case, these third parties will not communicate this information to other third parties, except in one of the two following situations:

the communication of this information by such third parties to their suppliers or subcontractors to the extent necessary for the performance of the contract;
where such third parties are obliged by the regulations in force to communicate certain information or documents to the competent authorities in the field of combating money laundering, as well as, in general, to any competent public authority.

9.3 The communication of this information to the above-mentioned persons shall, under any circumstances, be limited to what is strictly necessary or required by the applicable regulations.

10 Transfer of data to a non-EU country or company

ACA transfers data to a non-EU country or company only when the country in question provides an adequate level of protection within the meaning of the legislation in force, and, in particular, the Law of 8 December 1992 on protection of privacy and its executive orders, and Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data, applicable from 25 May 2018 (hereafter called the “General Data Protection Regulation”), or within the limits permitted by the legislation in force, for example by ensuring the protection of data by appropriate contractual provisions.

11 Direct marketing

11.1 Personal data will not be used for direct marketing purposes for information or services other than those to which the user has already subscribed.

11.2 Despite of this, the user has the right to object to such use at any time, upon request and free of charge. The user may use the unsubscribe link provided in all ACA emails or simply communicate his/her request by writing to the following address: secretariat@aca-secretarit.be.

12 Minors

12.1 Persons under the age of 18 and persons who do not have full legal capacity are not permitted to use the website. ACA asks them not to provide their personal data.

13 Changes to and updates of the policy

13.1 By informing users via the website or email, ACA may modify and adapt the policy, in particular to comply with any new legislation and/or regulations applicable (such as the General Data Protection Regulation applicable from 25 May 2018), the recommendations of the Belgian Privacy Commission as well as the guidelines, recommendations and best practices of the European Data Protection Board and the decisions of the courts and tribunals on this issue.

14 Validity of the contractual clauses

14.1 Failure of ACA to invoke – at any given time – a provision of this policy, may not be interpreted as a waiver to subsequently make use of its rights under the said provision.

14.2 The invalidity, expiration or the unenforceable nature of all or part of one of the above or below mentioned provisions shall not give rise to the invalidity of the entire policy. Any fully or partially invalid, lapsed or unenforceable provision shall be deemed not to have been written. ACA undertakes to substitute this provision with another which, to the extent possible, fulfils the same objective.

15 Applicable law and competent court

15.1 The validity, interpretation and/or implementation of the policy are subject to Belgian law, to the extent permitted by the provisions of applicable private international law.

15.2 In the event of a dispute relating to the validity, interpretation or implementation of the policy, the courts and tribunals of Brussels have exclusive jurisdiction, to the extent permitted by the provisions of applicable private international law.

15.3 Before taking any step towards the judicial resolution of a dispute, the user and ACA undertake to attempt to resolve it amicably. To this end, they shall first contact each other before resorting, where appropriate, to mediation, arbitration, or any other alternative method of dispute resolution.

16 Final note

16.1 ACA bases its data rationale on the notion of legitimate interest in the sense of the GDPR.

16.2 ACA’s members and users have a legitimate interest to receive ACA products, which help them improve their practice in internationalisation in higher education, ACA’s core business. Among these products are the ACA Newsletter Education Europe, ACA research results in the form of publications, as well as ACA seminars and conferences of interest to them.

16.3 Likewise, ACA, as an association created to promote and to improve internationalisation in tertiary education, has a legitimate interest to be visible. It must have the right to showcase its knowledge, skills and experience to its target audience, the academic community.