Privacy

In the following, we inform you in accordance with Art. 13 GDPR about the way we process your personal data via the website www.europeanavmalliance.org (“website”) and about the rights to which you are entitled concerning your personal data.

Personal data is any information relating to an identified or identifiable natural person.

1. Controller

The controller pursuant to Art. 4 para. 7 GDPR is the European AVM Alliance AISBL (“EAA”), represented by the Chairperson, Rond Point Schuman 6, Box 5, 1040 Brussels, Belgium, e-mail: contact@europeanavmalliance.org (“we”).

2. Visiting the Website

a) Browser Data and Server Log Files

Each time you visit the website, the following data is automatically processed, which may relate to you as a user (“browser data”):

  • your IP address
  • type and version of your browser
  • your operating system
  • date and time of your visit
  • accessed URL
  • protocol and version of your access
  • website from which your system accessed our website (referrer)
  • website that is accessed by your system from our website
  • HTTP status code of the access
  • amount of data transferred
  • keywords of the search engine

The processing of browser data is technically necessary. It is carried out for the purpose and in our interest to properly display our website to you and to ensure its stability and security. The legal basis for the data processing is Art. 6 para. 1 lit. f GDPR.

We store the browser data in so-called server log files for the purpose and in our interest of troubleshooting for a period of seven days. Browser data is not stored together with other data relating to you. Browser data whose further storage is required for the evidential purposes in case of potentially illegal conduct is exempt from deletion until final clarification of the respective incident. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR.

For the provision of the website, we use the services of the Agentur Fipps e.K. as website administrator, located in Solmstr. 41, 10961 Berlin, Germany with whom we have concluded a data processing agreement pursuant to Art. 28 para. 3 GDPR. The website administrator in turn uses the website hoster hosting.de GmbH, located in Franzstr. 51 in 52064 Aachen, Germany as sub processor (Art. 28 para. 2, 3 lit. d) and 4 GDPR). We remain the controller.

b) Technically Necessary Cookies

Cookies are text files that are stored on the browser or by the browser on the user's computer. In order to identify the connection and ensure the stability of the website, the session cookie PHPSESSID is set. This is technically necessary to display the website. This cookie is deleted when you close your browser. The legal basis for the data processing is Art. 129 des Loi relative aux communications électroniques in conjunction with Art. 5 para. 3 (2) of Directive 2002/58/EC.

c) Cookies for the Statistical Analysis of our Website

We use the following statistical cookies from Google Analytics:

  • The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. This cookie is stored for two years.
  • Installed by Google Analytics, the _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit. This cookie is stored for one day.
  • The variation of the _gat cookie set by Google Analytics and Google Tag Manager allows us to track visitor behaviour and measure site performance. This cookie is stored for 30 minutes.
(1) Scope and purpose of processing

Google Analytics is a web analytics service provided by Google LLC (“Google”). Google Analytics uses the above-mentioned statistical cookies that enable us to analyse your use of our websites. The information collected by means of these statistical cookies is generally transferred to a Google server in the USA and stored there.

Google Analytics has IP address anonymization enabled by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other states of the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your website visit, your user behaviour is recorded in the form of “events”. Events can be:

  • Page views,
  • First visit to the website,
  • Start of session,
  • Your “click path”, interaction with the website,
  • Scrolls (whenever a user scrolls to the bottom of the page (90%)),
  • Clicks on external links,
  • Internal search queries,
  • Interaction with videos,
  • File downloads,
  • Seen / clicked ads,
  • Language setting,
  • Your approximate location (region),
  • Your IP address (in shortened form),
  • Technical information about your browser and your end user devices (e.g., language setting, screen resolution),
  • Your internet service provider,
  • The referrer URL (via which website/advertising medium you came to this website).

On our behalf, Google will use this information to evaluate the usage of the website and to compile reports on the website activity. We use these reports provided by Google Analytics to analyse and improve the performance of our website.

(2) Recipients

Recipients of the data are:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor under Art. 28 DSGVO)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities may access the data stored by Google.

(3) Third country data transfers

The parent company of Google Ireland, Google LLC, is based in California, USA. An adequacy decision by the European Commission for data transfers to the USA does not exist. Therefore, we have concluded standard contractual clauses with Google to comply with Art. 46 para. 1 and 2 lit. c) GDPR. We will gladly provide you with a copy of the standard contractual clauses upon request.

A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country without an adequate level of data protection. You do not have the same rights there as within the European Economic Area. You may not be entitled to any legal remedies against access by authorities.

(4) Storage period

The data sent by us and linked to cookies is automatically deleted after two months. Data whose retention period has been reached is automatically deleted once a month.

(5) Legal basis

The legal basis for this data processing is your consent.

3. Your Data Subject Rights

You have the following rights to the extent permitted by law under the GDPR with respect to your personal data:

  • Right to access,
  • Right to rectification,
  • Right to erasure,
  • Right to restriction,
  • Right to object,
  • Right to withdraw consent,
  • Right to data portability.

If we process your personal data on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR), you may object to the processing by contacting us (e.g. by E Mail, contact details above). The cases in which we base the processing on our legitimate interests can be found in this privacy policy (please see above No. ‎3). If you exercise your right to object, we kindly ask you to explain to us the reasons why we should not process your personal data as we have done before. In the event of your objection, we will examine the merits of the case and either discontinue the processing, adapt it, or demonstrate our compelling legitimate grounds based on which we will continue the processing.

You also have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data. The competent supervisory authority for us is:

Autorité de protection des données / Gegevensbeschermingsautoriteit
Rue de la Presse 35 / Drukpersstraat 35
1000 Bruxelles
dataprotectionauthority.be
contact@apd-gba.be
+32 2 274 48 00