Scope of this policy
Cosmetics Europe – The Personal Care Association AISBL, Avenue Herrmann-Debroux, 40/4, 1160 Brussels, Belgium, registered under number 0538183318 (hereinafter referred to as “Cosmetics Europe” or “we”) collects and processes certain information about individuals. These individuals, also knowns as “data subjects” can include members, suppliers, business contacts, participants to events, employees and other people the association has a relationship with or may need to contact.
Cosmetics Europe is committed to handle personal data in compliance with applicable data protection laws, including as of 25 May 2018, the General Data Protection Regulation (“GDPR”).
¹ Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
What personal data do we collect?
Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identify of that natural person.
Cosmetics Europe may collect the following categories of personal data to the extent necessary to achieve the purposes outlined in this policy:
- Identification data, such as first name, last name, IP address, identifiers related to your devices obtained through cookies;
- Contact data, such as email address, telephone number, postal address;
- Personal characteristics, such as age, date of birth, gender, marital status, citizenship;
- Financial data, such as bank account details;
- Education and profession and employment data, such as university, specialisation, function, past employers;
- Images and audio recordings, such as photographs, pictures, videos and audio recordings taken at events and through the video surveillance system at our premises; and
- In some circumstances, we also collect and process special categories of data, such as health data, memberships or political affiliation.
In most instances, we collect personal data directly from the data subjects, but we may sometimes obtain personal data from third parties (such as the data subject’s employer or from a public authority).
Why we process personal data and on what basis?
Cosmetics Europe processes personal data of candidates who apply for job positions at Cosmetics Europe for the purpose of recruitment activities, based either on the candidates’ consent or on the necessity to conclude a contract with candidates that have been selected.
Cosmetics Europe also has a legitimate interest in the processing of personal data to the extent strictly necessary for the purposes of ensuring network and information security.
As part of its general mission, Cosmetics Europe processes personal data for the following purposes:
- For general membership administration: Cosmetics Europe has legitimate interests in the processing of personal data of the contact persons at Cosmetics Europe’s members for the purpose of administering the membership and collecting membership fees. Cosmetics Europe is also bound by Belgian Company Law obligations with respect to the organisation of general assemblies and board of directors meetings and processes personal data to the extent necessary to comply with its legal obligations.
- For contract management purposes: Cosmetics Europe processes personal data of representatives and contact persons of entities and associations with which Cosmetics Europe contracts (e.g. with respect to consortium agreements, services agreements, consultancy agreements, research agreements, procurement agreements) to the extent necessary for the performance of these contracts or in order to take steps at the request of the data subject prior to entering into a contract, as well as for its legitimate interests in managing its contractual relationships.
- For public relations purposes: Cosmetics Europe processes contact details of Members of Parliament, Officials from the European Commission and from EU Member States, academics, professors and lobbyists in European affairs for the purposes of carrying out its advocacy activities.
- For organising events and conferences: Cosmetics Europe processes identification details of individuals who attend or otherwise participate in events and conferences organised by Cosmetics Europe for the purpose of managing the registration and participation to such events based on the necessity for Cosmetics Europe to meet its obligations as organiser of the events under the general terms and conditions that are expressly accepted by the individuals. Furthermore, Cosmetics Europe processes personal data of event and conference visitors and participants for its legitimate interests in operating and securing online event platforms, technical troubleshooting, data analysis, maintaining statistics and carrying out surveys, as well as to improve the event and conference organization and for its own and event sponsors’ marketing purposes. Where required by applicable law, Cosmetics Europe will obtain the data subjects’ consent for certain processing of their personal data.
- For websites and newsletter/blog administration purposes: Cosmetics Europe processes identification data relating to individuals who register themselves on the Cosmetics Europe websites and give their express consent to receive newsletters or information from Cosmetics Europe or to participate to Cosmetics Europe’s blog, to send such communications and manage their participation in the blog.
- For ensuring the protection of Cosmetics Europe’s operations, offices and assets: Cosmetics Europe has legitimate interests in processing personal data to ensure the safety and security of our operations, offices and assets, including the processing of images recorded through camera systems installed at Cosmetics Europe’s offices (24 hours per day, 7 hours a week).
How long do we keep personal data?
Cosmetics Europe will only keep personal data for the time that is strictly necessary to achieve the purpose(s) for which they were collected, which generally means for the duration of a contractual relationship or of a project, and for a period of time thereafter if so required by applicable law or if in the primary interests of the data subjects. The images recorded through Cosmetics Europe’s camera surveillance system will be retained no longer than one month, except in case of (suspicion of) intrusion, break-in or theft in which cases images may be retained for a longer period strictly necessary to achieve the purpose for which they have been collected.
How we share personal data?
We share personal data with Cosmetics Europe’s personnel on a need-to-know basis, including members of the legal, compliance, public affairs/communication and IT departments. In addition, we share your personal data with our vendors to perform certain services on our behalf based on our instructions, such as for payment processing, analytics, advisory and consultancy support, IT support, web and database hosting, communication and marketing campaigns, event organization and related technology. We do not authorize our service providers to use or disclose the personal data except as necessary to perform services on our behalf or comply with legal requirements. We may also share personal data with event sponsors and speakers to enable them to organize conference sessions and follow-up with conference visitors and participants. We will obtain data subjects’ consent for the disclosure of their personal data where required by applicable law.
In addition, Cosmetics Europe may disclose personal data (1) if we are required to do so by law or legal process (such as a court order or subpoena); (2) in response to requests by government agencies, such as law enforcement authorities; (3) to establish, exercise or defend our legal rights; (4) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss; (5) in connection with an investigation of suspected or actual illegal activity; or (6) otherwise with the data subject’s consent.
Please contact Cosmetics Europe as specified in the “What are your rights as data subjects and how to exercise them?” section below if you would like more information about the third parties with whom we share personal data.
Do we transfer personal data?
Cosmetics Europe does not transfer personal data outside of the European Economic Area (EEA), unless adequate protective measures are in place, including as appropriate, by executing data transfer agreements based on the European Commission’s Standard Contractual Clauses or by selecting service providers or partners who implemented Binding Corporate Rules under Article 46 of the GDPR, or by relying on a derogation for specific situations under Article 49 of the GDPR. You may obtain further information with respect to data transfers and, subject to applicable law, obtain a copy of the safeguards we have put in place by contacting us as specified in the “What are your rights as data subjects and how to exercise them?” section below.
What are your rights as data subjects and how to exercise them?
As data subject, you have the following rights with respect to personal data we hold about you, subject to applicable legal restrictions:
- Right of access to your personal data;
- Right to rectification of incorrect or incomplete personal data;
- Right to erasure of your personal data;
- Right to restriction of processing of your personal data;
- Right to data portability, i.e., the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and to transmit those data to another controller;
- Right to object to all or part of the processing, when legally allowed;
- Right not to be subject to automated individual decision-making, including profiling within the limits set out by the law;
- Right to withdraw consent at any time when we process your personal data based on your consent;
- Right to lodge a complaint with a supervisory authority in the EU.
If you wish to exercise any of these rights or if you are not satisfied about how we protect your privacy, you should address your request by email together with a copy of your ID (which we will only use to verify your identity), to Cosmetics Europe, as data controller at the following address: firstname.lastname@example.org.
Individuals will not be charged for subject access requests, except if the requests are manifestly unfounded or excessive (e.g. repetitive). In such case, Cosmetics Europe may charge a reasonable fee or refuse to act on the request.
Cosmetics Europe will aim at responding to data subject requests without undue delay and in any event within 1 month of receipt of the request.