Privacy Policy
We attach great importance to the security and confidentiality of your personal data. This privacy policy informs you about the processing of your personal data and was last updated on 1 September 2020.
We also use cookies on our website. For more information, we kindly refer you to our cookie policy.
1. SCOPE
1.1. We process your personal data when you:
- use our website (www.efpa-eu.org) or the contact form; and
- communicate with us by email, phone or any other digital communication channel.
1.2. This privacy policy may be amended as set forth in article 9.
2. WHO ARE WE?
2.1. “We” in this privacy policy refers to European Financial Planning Association AISBL:
| Name: | European Financial Planning Association AISBL |
| Address: | BluePoint Brussels, Boulevard Auguste Reyers 80 B-1030 Brussels, Belgium |
| Company number: | BE 0600.853.533, RPR Brussels |
| E-mail: | info@efpa-eu.org |
| Telephone: | +39 342 3812699 |
2.2. We are responsible for the collection and use of your personal data in the manner explained in this privacy policy. If you have any questions about this, please contact us by e-mail (privacy@efpa-eu.org).
2.3. In certain circumstances, third parties may (also) be responsible for the processing of your personal data for example, if you click on a link and leave our website. In that case, we recommend that you consult the privacy policies of these third parties.
3. WHICH PERSONAL DATA DO WE PROCESS AND WHY?
We will only process your personal data for a specific purpose and to the extent permitted by law. We further explain below in which cases we collect and use your personal data. If we do not receive your personal data directly from you, we will also inform you of this below.
3.1. WHEN YOU USE OUR WEBSITE OR USE THE CONTACT FORM
3.1.1. When you use our website (www.efpa-eu.org) or use our contact form or other digital communication channel, we collect and use the following personal data.
| What personal data? | Why? | Legal basis? |
| Technical information (e.g. server log files) about your visit and the device you use. We cannot identify you on the basis of this information, but third parties may be able to identify you (e.g. you internet service provider). | In order to ensure the most fault-free operation of our website and to detect and prevent malware, illegal content and conduct and other forms of potential abuse. | Our legitimate interest in keeping our online presence safe. |
| Information about your browsing behavior, how you use our website and the device that you use. We cannot identify you on the basis of this information, but third parties may be able to identify you. We collect this information through cookies or similar technologies. For more information about this, please refer to our cookie policy. | In order to improve the content of and general experience on our website and to develop new products or services. | Our legitimate interest in providing our visitors with an interesting online experience. |
| Identity and contact details provided by you and the content of the message and the technical details of the message itself (e.g. date and time). | To enable communication between you and us. | Our legitimate interest in being able to respond to requests, questions or comments or to contact you proactively for questions of any kind. |
3.2. WHEN YOU ARE A CERTIFICATE HOLDER
3.2.1. When you are a financial adviser certified by us or one of our local organizations, we collect and use the following personal data.
| What personal data? | Why? | Legal basis? |
| Identity and contact details provided by you to us and your certification details. | To provide our services. | Our legitimate interest in being able to provide our services and to comply with the arrangements that we have with our local organizations. |
| Basic identity and contact details. | To publish on our public website so that interested parties are able to contact you. | Our legitimate interest in informing the public about the identity of reliable financial advisors certified by us or a local organization we work with. If you are a certificate holder, you can always object to the publication of your details. |
3.3. WHEN YOU COMMUNICATE WITH US
3.3.1. When you communicate with us via telephone, email or any other digital communication channel, we collect and use the following personal data.
| What personal data? | Why? | Legal basis? |
| Identity and contact details provided by you to us, the content of the communication, the technical details of the communication itself (e.g. date and time) and, if applicable, the device you used. | To enable communication between you and us (e.g., when you use our contact form or contact us via telephone or email). | Our legitimate interest in being able to respond to requests, questions or comments or to contact you proactively for questions of any kind. |
3.4. IN ALL OF THE ABOVE CASES
3.4.1. For all personal data that we collect in the above circumstances, we would like to make it clear that we will also process your personal data in the following cases.
| What personal data? | Why? | Legal basis? |
| Above-mentioned personal data. | To comply with our legal obligations or to comply with any reasonable request from competent police authorities, judicial authorities, government institutions or bodies, including competent data protection authorities. | Our legal obligation. |
| Above-mentioned personal data. | To prevent, detect and combat fraud or other illegal or unauthorized activities. | Our legal obligation. |
| Above-mentioned personal data. | To defend us in legal proceedings. | Our legitimate interest in using your personal data in these proceedings. |
| Above-mentioned personal data. | To inform a third party in the context of a possible merger with, acquisition of/by or demerger by that third party, even if that third party is located outside the EU. | Our legitimate interest in entering into business transactions. |
4. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
4.1. In principle, we do not share your personal data with anyone other than the persons who work for us, as well as with the suppliers who help us process your personal data. Anyone who has access to your personal data will always be bound by strict legal or contractual obligations to keep your personal data safe and confidential. This means that only the following categories of recipients will receive your personal data:
- You;
- Your employer or business partners, but only when this is necessary for the purposes mentioned above (e.g. when your employer is our supplier or customer);
- Our employees and suppliers; and
- Government or judicial authorities to the extent that we are obliged to share your personal data with them (e.g. tax authorities, police or judicial authorities).
4.2. We do not transfer your personal data outside the European Economic Area (EEA) (the European Economic Area consists of the EU, Liechtenstein, Norway and Iceland). We will only transfer your personal data outside the EEA if you or your employer, as a customer or supplier, have offices outside the EEA with which we need to communicate, or if we need to share your personal data with a technical service provider. If a transfer were to take place, we will take sufficient safeguards to protect your personal data during the transfer (e.g. by entering into an agreement based on standard data protection clauses approved by the European Commission).
5. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
5.1. Your personal data will only be processed for as long as necessary to achieve the purposes described above or, when we have asked you for your consent, until you withdraw your consent. In this article we provide you with the information you need to evaluate how long we will keep your personal data identifiable.
5.2. As a general rule, we will de-identify your personal data when it is no longer needed for the purposes described above or when the retention period, as explained in this article 6, has expired. However, we cannot delete your personal data if there is a legal or regulatory obligation or a court or administrative order preventing us from doing so.
5.3. We retain all personal data collected through our website for as long as necessary to protect the legitimate interests stated in article 4.1. We retain technical information such as our server log files until 6 months after your visit to our website, after which it will be deleted or de-identified. Messages that you send us via the contact form will be retained as long as necessary to handle and follow up your question, request, comment, or other input. We also keep an archive of so-called tickets we received via the contact form. We will remove or de-identify tickets we have closed no later than 5 years after closure. We do not retain information about your browsing behavior (e.g. user ID) longer than 26 months after your visit to our website, after which it will be deleted or de-identified.
5.4. All personal data we collect through our interactions with you through telephone, email or other digital communication channels will be retained for as long as necessary to communicate with you, but also to maintain a historical record of our communications. This allows us to return to previous communications when you come back to us with new questions, requests, comments or other input.
6. HOW DO WE KEEP YOUR PERSONAL DATA SECURE?
6.1. The security and confidentiality of the personal data we process is very important to us. That is why we have taken measures to ensure that all personal data processed is kept secure. These measures include technical and organizational measures to protect our infrastructure, systems, applications and processes. We’ve also taken other measures, such as taking internal policy measures, limiting the processing to the personal data necessary for the fulfillment of the purposes and minimizing the processing of personal data.
7. YOUR RIGHTS REGARDING YOUR PERSONAL DATA
7.1. You have certain rights related to the processing of your personal data: the right of access, rectification, erasure, and data portability as well as the right to object to or limit the processing of your personal data and to withdraw your consent. More information about these rights and how to exercise them, can be found on our website (www.efpa-eu.org). To exercise one of your rights, you can submit a written request to privacy@efpa-eu.org stating the right to which your request relates. If you are still dissatisfied, you have the right to contact the competent data protection authority, i.e. the Belgian supervisory authority (www.gegevensbeschermingsautoriteit.be).
8. CHANGES TO THIS PRIVACY POLICY
8.1. We reserve the right to change this privacy policy on our own initiative. If material changes to this privacy policy may affect the processing of your personal data, we will communicate these changes to you in a way that we normally communicate with you (e.g. via e-mail or via a message at our website).
8.2. We invite you to view the latest version of this privacy policy online. Our online the privacy policy lists the date on which the privacy policy was last amended.
9. HOW CAN YOU CONTACT US?
9.1. Should you have any further questions about the processing of your personal data, please do not hesitate to contact our privacy manager. You can contact our privacy manager by e-mail: privacy@efpa-eu.org.