Last updated: 14/04/2020
According to Article 4(7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), the data protection controller is:
Victim Support Europe
Rue Froissart 123-133
We attempt to strictly limit the collection and processing of personal data, however, we do collect personal data for a variety of purposes, including recruitment (of staff and volunteers), human resources management, auditing purposes, procurement of services, research purposes, campaigns, fundraising (donations), signing up at our events, administration of our website, responding to any communication, query or request for information, to comply with our legal and regulatory obligations, or other purposes that would contribute to our work and performance of our activities. When you browse and use our website, all personal data collected through your browser’s cookies supports our mission that is described at our webpage.
For these purposes, we collect various types of personal data that may relate to:
- Website users
- Individuals who contact us directly or who register to our events
- Research subjects
We only process personal data when we have a legal basis for doing so. For example, we collect personal data on the basis of the consent of a Data Subject to use the data in a certain way and/or on the basis of our legitimate interest to promote rights and services for people affected by crime and to inform about our campaigns, events or publications. In the latter case we assess whether the processing is necessary for the identified purpose and conduct a balancing test to ensure that our legitimate interest is not overridden by the interests, rights and freedoms of the data subjects. Personal data may however be collected also in order to take steps prior to entering into a contract or for the performance of a contract (for example, in case of recruitment, procurement of services or consultancy) or to comply with legal requirements. The latter may be the case when are required to disclose or otherwise process personal data in the context of a regulatory audit.
We may collect the following data:
- Full name
- Email address
- Phone number
- Company name
- IP address
- Date of birth
- Areas of interest
- Employment history and CVs
- Financial information
- Cookie session data
Exact sets of data collected depend on individual cases. For example, if a data subject contacts us by e-mail or our contact form, the e-mail address and the full name, will be stored by us. If a data subject signs up to our newsletter by registering online, we store the e-mail address and the IP address. We may also contact a data subject by phone or by post in relation to our activities.
We process any data that data subjects send to us for recruitment purposes in relation to any vacancies we advertise on the basis of data subjects’ consent and/or our legitimate interest in choosing the ideal candidate. In the recruitment process, we may collect other additional data on the basis of our legal obligations or on the basis of public interest (such as for immigration purposes). We may also collect the information orally, during an interview.
We also collect any data that data subjects provide us for the purposes of referrals to the relevant victims’ support services. In that case, we may collect and process information that would help us to provide and intermediate support to the relevant data subjects.
The personal data collected will be stored in secure servers which are operated by trusted service providers (Microsoft, Google, MailChimp). Trusted services providers also administer our incoming and outgoing messages. We use reasonable administrative, technical, personnel and physical measures to safeguard personal information in its possession against loss, theft and unauthorised use or modification. For example, we ensure that the data is encrypted in transit and storage.
The access to all personal data stored in our systems is restricted and subject to confidentiality commitment. To log into our systems, one needs a personal username and password which is only reserved to our employees and server administrators. The access rights are determined on the basis of the employees’ duties.
Transmission of information via the internet is not completely secure. Please note that any unencrypted e-mails sent to us are not protected against unauthorised access during transmission. However, once we receive information from data subjects, we use procedures and security features to prevent any unauthorised access.
We do not undertake profiling.
Data subjects have the right to access, request a copy of their personal information, erasure, restriction of processing, the right to file objections to processing and the right to data portability. Data subjects have also the right to request any inaccuracies in their personal information be corrected. Data subjects have the right to revoke their consent to data processing at any time.
If a data subject objects to data processing, we cease processing the personal data unless we have a compelling legitimate interest to process personal data that would outweigh the interests or rights of the data subject.
We ensure that the period for which the personal data is stored is limited to a strict minimum, for as long as necessary.
Communication received through firstname.lastname@example.org is reviewed by one staff member, sent onwards when necessary to other staff members, and deleted as quickly as possible. The same applies to Information received by post that is collected by one staff member, reviewed, and sent onwards when necessary to other staff members. These items are destroyed as soon as possible.
We store personal data of data subjects received when data subjects sign up to our newsletter for two years, after which we will ask the data subjects again for their consent to continue to receive information from us. Data subjects can opt out from any future e-mail from us and other communication by clicking the button “Unsubscribe”. For the fundraising (donation) purposes, we retain personal data for the duration of the contractual relationship and up to two years following the end of the contractual relationship. For the research purposes, we retain personal data for the period of maximum of three years. For the recruitment purposes, we retain personal data for the period of maximum of two years following the end of the application period, unless the data subject opts out of this data retention period.
Financial information, including information about all donations, may be help for up to six years for legal purposes, i.e. in accordance with financial auditing requirements.
After the period of data retention, limited personal data can be anonymised and retained for the statistical purposes. The remaining personal data collected is erased or discarded.
Personal data of a data subject who contacts us for the purposes of referral to a national victims’ support organisation are usually transferred on the basis of the consent of the data subject.
We may transfer personal data outside the European Union or the European Economic Area. We take appropriate steps to ensure that data remains within jurisdictions with adequate protections for personal data and ensure that recipients of personal data from us are bound to duties of confidentiality, where relevant or appropriate. Where this is not possible, we rely on data minimisation, the authorisation of companies with privacy and security policies and seek to ensure that there are adequate safeguards in place for protecting transferred data, for example Standard Contractual Clauses.
Data subjects may reach our privacy officer at email@example.com or at the VSE postal address. Data subjects have the right to raise a complaint on how we have handled their personal data by contacting our data protection officer who will investigate the matter.
Complaints may be lodged also with the Belgian Data Protection Authority.
- to provide certain basic features of the website;
- to enhance the functionality of the website;
- to help improve the performance of our website.
We require data subjects to accept or decline certain cookies by accepting or declining our Cookie Consent Notice when first accessing our website. Data subjects can accept or decline the following cookies:
- necessary cookies;
- preferred cookies;
- statistics cookies;
- marketing cookies.
Additionally, data subjects may delete and block all cookies from any website, within their web browser settings if necessary. Restricting or deleting cookies will impact on the functionality of the website.
We use Google Analytics to generate web analytics and for tracking how the website is used, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. For example, we use the statistics to know how many visitors per day visit site, how much traffic we are sending outbound, which items on our site are being downloaded, items not found, the types of operating systems being used, the types of browsers being used or the time of day the website is used most. This information may be reported to our Board. The information generated by the cookie will be forwarded to Google servers in the U.S. for statistical analysis purposes only. Google Analytics cookies can be disabled by downloading and enabling Google Analytics Opt-out Browser Add-on.
We embed videos from our official YouTube channel using a privacy-enhanced mode. YouTube will not store personally – identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode.
The cookies are stored for a period of two years unless data subjects clear their cache and the cookies themselves. For more information on cookies, please visit aboutcookies.org.