This privacy statement contains information on the personal data that EReg holds on data subjects (e.g. of representatives of EReg Members) and how EReg deals with this personal data, the rights data subjects have based on the General Data Protection Regulation (GDPR 2016/679/EU) and how these rights can be exercised.
EReg is an Association (AISBL) based upon voluntary cooperation between national registration authorities in Europe. As of 25 April 2012, EReg is incorporated as an international non-profit making association (Association Internationale Sans But Lucratif, AISBL) under Belgium Law. In order to carry out the tasks of the Association, EReg holds and processes a limited amount of personal data. EReg respects the privacy of all data subjects and makes sure that the personal data that it processes will be handled carefully and securely. Based on the GDPR, EReg Association is the controller and therefore responsible for handling personal data in accordance with the requirements of the GDPR.
The purpose and legal ground for data processing
EReg processes personal data for the purpose of maintaining a well-functioning association. This includes the sharing of knowledge, experiences and good practices and the promotion of effective and efficient data exchange. The lawfulness of processing for EReg is based on Article 6.1(f) GDPR, namely: processing is necessary for the purpose of the legitimate interests pursued by the controller of by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Categories of personal data processed by EReg
EReg Association holds a limited amount of personal data of representatives of its members. Examples of personal data held by EReg are:
Name, surname and date of birth information
Contact information, such as e-mail address
Photos of representatives of EReg members or photos taken at meetings such as the EReg General Meeting & Annual Conference
Also, EReg holds similar categories of personal data of representatives of organisations that EReg maintains relations with, such as the EU institutions and other stakeholders such as umbrella organisations.
Categories of recipients of the personal data
This data is shared within the EReg Association (between EReg members) and may be disclosed to stakeholders such as the European Commission, or umbrella organisations. Furthermore, personal data is disclosed to partners of EReg based on the signed alliance agreements between EReg and these partners. However, in almost all of the cases this is publicly available information (Topic Group reports and factsheets) and includes only contact information of the organisation of a certain EReg Member.
Information systems used by EReg and retention policy
Personal data is stored in the following ways. EReg makes use of the EReg website. On the private part (secured via login/password) information is stored regarding different EReg meetings and activities. In these documents, personal data of representatives can be found. This includes official contact information of representatives (name and office e-mail address). The EReg website is secured via a security certificate (SSL) which ensures that information on the website is always transferred via a secured connection. In the coming months, EReg Secretariat will look into the security requirements of the website in relation to the level that is required by the GDPR. EReg Secretariat is currently carried out by RDW/the Netherlands. The information is stored at the RDW office and thus part of the information security policy of RDW. Lastly, there is a paper archive in Brussels that is securely locked.
EReg holds the personal data of its Members for the period that they are EReg Member. When Members decide to leave the EReg Association, information is stored for another 5 years to make sure that it is possible to invite these organisations to lustrum meetings. Upon request, personal data can be deleted immediately after leaving the Association.
Some personal data, relevant to maintaining the Association, is stored for a longer period of time. Since the Secretariat and Chairman functions at EReg can be carried out by different organisations, some personal data related to the continuity of the Association needs to be stored for a longer period of time. This includes for example information of the General Meeting & Annual Conference. This information needs to be transferred to following Secretariats and Chairmen. This will be decided by the Secretariat and Chairman of EReg.
EReg Membership and personal data rights of EReg Members
Part of becoming an EReg Member means that certain information, including personal data, will be processed by EReg. As is described above, the EReg Secretariat will handle this information carefully and systems are in place to secure this information. The Memorandum of Understanding will be adjusted according to the requirements of the GDPR, so that future EReg Members are explicitly informed about the processing of personal data.
The GDPR also stipulates the rights that data subjects have. Data subjects have the right of access, to rectification, to erasure, to restriction of processing and the right to object to processing their personal data. If a data subject wishes to carry out any of these rights, it can contact the EReg Association:
Rue Froissart 95
EReg will make sure that an answer is provided within 30 days.