Scope of this policy
Cosmetics Europe – The Personal Care Association AISBL, Avenue Herrmann-Debroux, 40/4, 1160 Brussels, Belgium, registered under number 0538183318 (hereinafter referred to as “Cosmetics Europe” or “we”) collects and processes certain information about individuals.
These individuals, also knowns as “data subjects” can include members, suppliers, business contacts, participants to events, employees and other people the association has a relationship with or may need to contact.
Cosmetics Europe is committed to handle personal data in compliance with applicable data protection laws, including as of 25 May 2018, the General Data Protection Regulation (“GDPR”)¹ . In particular, Cosmetics Europe commits to only collect and process personal data that is: processed fairly, in a transparent way and based on valid legal grounds; obtained for specific lawful purposes; adequate, relevant and not excessive; accurate and kept up to date; not held for longer than necessary; protected in appropriate ways and not transferred outside of the European Economic Area, unless adequate protective measures are in place.
Cosmetics Europe is also committed to protect all personal data it processes and has to that end deployed adequate organisational and technical measures, including encryption and data classification, to prevent data breaches.
¹ Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
What personal data do we collect?
Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identify of that natural person.
Cosmetics Europe may collect the following categories of personal data to the extent necessary to achieve the purposes outlined in this policy:
o Identification data, such as first name, name, pictures, IP address, cookies, photographs;
o Contact data, such as email address, telephone number, postal address;
o Personal information, such as age, date of birth, gender, marital status, citizenship;
o Financial data, such as bank account details;
o Education and profession and employment data, such as university, specialisation, function, past employers;
o In some circumstances, we also collect and process special categories of data, such as health data, memberships or political affiliation.
In most instances, we collect personal data directly from the data subjects, but we may sometimes obtain personal data from third parties (such as the data subject’s employer or from a public authority).
Why we process personal data and on what basis?
When Cosmetics Europe processes personal data of its staff, it does so for the purposes of managing and administering, monitoring and supervising its personnel, based on legal obligations under the Belgian Law on Employment Contracts of 3 July 1978 and/or on the necessity to perform its obligations as employer under the employment contracts signed with its employees or under the consultancy contracts signed with its consultants.
Cosmetics Europe also processes personal data of candidates who apply for job positions at Cosmetics Europe for the purpose of recruitment activities, based either on the candidates’ consent or on the necessity to conclude a contract with candidates that have been selected.
Cosmetics Europe also has a legitimate interest in the processing of personal data to the extent strictly necessary for the purposes of ensuring network and information security.
As part of its general mission, Cosmetics Europe processes personal data for the following purposes:
o For general membership administration: Cosmetics Europe has legitimate interests in the processing of personal data of the contact persons at Cosmetics Europe’s members for the purpose of administering the membership and collecting membership fees. Cosmetics Europe is also bound by Belgian Company Law obligations with respect to the organisation of general assemblies and board of directors meetings.
o For contract management purposes: Cosmetics Europe has legitimate interests in the processing of personal data of representatives and contact persons of entities and associations with which Cosmetics Europe contracts (e.g. with respect to consortium agreements, services agreements, consultancy agreements, research agreements, procurement agreements).
o For public relations purposes: Cosmetics Europe processes contact details of Members of Parliament, Officials from the European Commission and from EU Member States, Academics, professors and lobbyists in European affairs for the purposes of carrying out its advocacy activities.
o For organising events and conferences: Cosmetics Europe processes identification details of individuals who register online to participate to events and conferences organised by Cosmetics Europe for the purpose of managing the registration and participation to such events based on the necessity for Cosmetics Europe to meet its obligations as organiser of the events under the general terms and conditions that are expressly accepted by the individuals and/or based on consent for certain personal data.
o For websites administration purposes: Cosmetics Europe processes identification data from individuals who register themselves on the Cosmetics Europe websites and give their express consent to receive newsletters or information from Cosmetics Europe or to participate to Cosmetics Europe’s blog.
How long do we keep personal data?
Cosmetics Europe will only keep personal data for the time that is strictly necessary to achieve the purpose(s) for which they were collected, e.g. for the duration of a contractual relationship or of a project, and for a period of time thereafter if so required by applicable law or if in the primary interests of the data subjects.
Do we transfer personal data?
Cosmetics Europe does not transfer personal data outside of the European Economic Area (EEA), unless adequate protective measures are in place.
What are your rights as data subjects and how to exercise them?
As data subject, you have the following rights with respect to personal data we hold about you, subject to applicable legal restrictions:
o Right of access to your personal data;
o Right to rectification of incorrect or incomplete personal data;
o Right to erasure of your personal data;
o Right to restriction of processing of your personal data;
o Right to data portability, i.e., the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and to transmit those data to another controller;
o Right to object to all or part of the processing, when legally allowed;
o Right not to be subject to automated individual decision-making, including profiling within the limits set out by the law;
o Right to withdraw consent at any time when we process your personal data based on your consent;
o Right to lodge a complaint with a supervisory authority in the EU.
If you wish to exercise any of these rights or if you are not satisfied about how we protect your privacy, you should address your request by email together with a copy of your ID (which we will only use to verify your identity), to Cosmetics Europe, as data controller at the following address: firstname.lastname@example.org.
Individuals will not be charged for subject access requests, except if the requests are manifestly unfounded or excessive (e.g. repetitive). In such case, Cosmetics Europe may charge a reasonable fee or refuse to act on the request.