Privacy Policy

Last updated: 14/04/2020

1. Data Protection Controller

According to Article 4(7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), the data protection controller is:
Victim Support Europe
Rue Froissart 123-133
1040 Brussels
Belgium
Victim Support Europe (we or us) is the leading European umbrella organisation advocating on behalf of all victims of crime. We process personal data in compliance with the GDPR. We strongly believe that data subjects have the right to control the use of their personal information, and that their privacy must be respected. This privacy and cookie policy is made as a part of information obligation under GDPR. We reserve the right to modify our Privacy Policy, which will be uploaded to our website. We advise you to review it to check any material changes.

2. What data we collect

We attempt to strictly limit the collection and processing of personal data, however, we do collect personal data for a variety of purposes, including recruitment (of staff and volunteers), human resources management, auditing purposes, procurement of services, research purposes, campaigns, fundraising (donations), signing up at our events, administration of our website, responding to any communication, query or request for information, to comply with our legal and regulatory obligations, or other purposes that would contribute to our work and performance of our activities. When you browse and use our website, all personal data collected through your browser’s cookies supports our mission that is described at our webpage.
For these purposes, we collect various types of personal data that may relate to:

  • Employees
  • Volunteers
  • Contractors/Consultants
  • Applicants
  • Members
  • Supporters
  • Website users
  • Individuals who contact us directly or who register to our events
  • Research subjects

We only process personal data when we have a legal basis for doing so. For example, we collect personal data on the basis of the consent of a Data Subject to use the data in a certain way and/or on the basis of our legitimate interest to promote rights and services for people affected by crime and to inform about our campaigns, events or publications. In the latter case we assess whether the processing is necessary for the identified purpose and conduct a balancing test to ensure that our legitimate interest is not overridden by the interests, rights and freedoms of the data subjects. Personal data may however be collected also in order to take steps prior to entering into a contract or for the performance of a contract (for example, in case of recruitment, procurement of services or consultancy) or to comply with legal requirements. The latter may be the case when are required to disclose or otherwise process personal data in the context of a regulatory audit.
We may collect the following data:

  • Full name
  • Email address
  • Country
  • Address
  • Phone number
  • Company name
  • IP address
  • Date of birth
  • Areas of interest
  • Employment history and CVs
  • Financial information
  • Cookie session data

Exact sets of data collected depend on individual cases. For example, if a data subject contacts us by e-mail or our contact form, the e-mail address and the full name, will be stored by us. If a data subject signs up to our newsletter by registering online, we store the e-mail address and the IP address.  We may also contact a data subject by phone or by post in relation to our activities.
We process any data that data subjects send to us for recruitment purposes in relation to any vacancies we advertise on the basis of data subjects’ consent and/or our legitimate interest in choosing the ideal candidate. In the recruitment process, we may collect other additional data on the basis of our legal obligations or on the basis of public interest (such as for immigration purposes). We may also collect the information orally, during an interview.
We also collect any data that data subjects provide us for the purposes of referrals to the relevant victims’ support services. In that case, we may collect and process information that would help us to provide and intermediate support to the relevant data subjects.
We also collect personal data relating to donations. We have Paypal account to administer on-line donations. The data subject’s account information may stay active with PayPal for legal and audit purposes, in accordance with PayPal’s privacy policy.

3. How we process data

The personal data collected will be stored in secure servers which are operated by trusted service providers (Microsoft, Google, MailChimp). Trusted services providers also administer our incoming and outgoing messages. We use reasonable administrative, technical, personnel and physical measures to safeguard personal information in its possession against loss, theft and unauthorised use or modification. For example, we ensure that the data is encrypted in transit and storage.
The access to all personal data stored in our systems is restricted and subject to confidentiality commitment. To log into our systems, one needs a personal username and password which is only reserved to our employees and server administrators. The access rights are determined on the basis of the employees’ duties.
Transmission of information via the internet is not completely secure. Please note that any unencrypted e-mails sent to us are not protected against unauthorised access during transmission. However, once we receive information from data subjects, we use procedures and security features to prevent any unauthorised access.
We do not undertake profiling.

4. Rights of data subjects

Data subjects have the right to access, request a copy of their personal information, erasure, restriction of processing, the right to file objections to processing and the right to data portability. Data subjects have also the right to request any inaccuracies in their personal information be corrected. Data subjects have the right to revoke their consent to data processing at any time.
If a data subject objects to data processing, we cease processing the personal data unless we have a compelling legitimate interest to process personal data that would outweigh the interests or rights of the data subject.

5. Data storage and retention

We ensure that the period for which the personal data is stored is limited to a strict minimum, for as long as necessary.
Communication received through info@victimsupporteurope.eu is reviewed by one staff member, sent onwards when necessary to other staff members, and deleted as quickly as possible. The same applies to Information received by post that is collected by one staff member, reviewed, and sent onwards when necessary to other staff members. These items are destroyed as soon as possible.
We store personal data of data subjects received when data subjects sign up to our newsletter for two years, after which we will ask the data subjects again for their consent to continue to receive information from us. Data subjects can opt out from any future e-mail from us and other communication by clicking the button “Unsubscribe”. For the fundraising (donation) purposes, we retain personal data for the duration of the contractual relationship and up to two years following the end of the contractual relationship. For the research purposes, we retain personal data for the period of maximum of three years. For the recruitment purposes, we retain personal data for the period of maximum of two years following the end of the application period, unless the data subject opts out of this data retention period.
Financial information, including information about all donations, may be help for up to six years for legal purposes, i.e. in accordance with financial auditing requirements.
After the period of data retention, limited personal data can be anonymised and retained for the statistical purposes. The remaining personal data collected is erased or discarded.

6. Data transfer

We do not transfer personal data to third parties unless we are legally obliged to do so or a data subject consents to such data transfer. Our authorised third-party service providers and partners will only receive personal data of data subjects if this is necessary for delivery of our work output or for execution of any kind of relationship we have with data subjects. This also means that limited number of our staff working with these third-parties may access and otherwise process your personal data in connection with their job responsibilities or contractual obligations. The third-party service providers and partners may follow their own privacy policy, however, we only partner with such providers that comply with the respective legal obligations. We review their privacy and security policies.
Personal data of a data subject who contacts us for the purposes of referral to a national victims’ support organisation are usually transferred on the basis of the consent of the data subject.
We may transfer personal data outside the European Union or the European Economic Area. We take appropriate steps to ensure that data remains within jurisdictions with adequate protections for personal data and ensure that recipients of personal data from us are bound to duties of confidentiality, where relevant or appropriate. Where this is not possible, we rely on data minimisation, the authorisation of companies with privacy and security policies and seek to ensure that there are adequate safeguards in place for protecting transferred data, for example Standard Contractual Clauses.

7. Privacy Officer

Data subjects may reach our privacy officer at info@victimsupporteurope.eu or at the VSE postal address. Data subjects have the right to raise a complaint on how we have handled their personal data by contacting our data protection officer who will investigate the matter.
Complaints may be lodged also with the Belgian Data Protection Authority.

8. Cookies

We use cookies to allow us to personalise customers’ visits to our website, keep track of their preferences and learn about the way they use the website, i.e. for statistical and analytical purposes. However, we honour do not track requests. We use cookies:

  • to provide certain basic features of the website;
  • to enhance the functionality of the website;
  • to help improve the performance of our website.

We require data subjects to accept or decline certain cookies by accepting or declining our Cookie Consent Notice when first accessing our website. Data subjects can accept or decline the following cookies:

  • necessary cookies;
  • preferred cookies;
  • statistics cookies;
  • marketing cookies.

By accepting and using our websites a data subject consents to our use of cookies as updated from time to time. Data subjects may access our Cookie Consent Notice to decline cookies at any time subsequently.
Additionally, data subjects may delete and block all cookies from any website, within their web browser settings if necessary. Restricting or deleting cookies will impact on the functionality of the website.
We use Google Analytics to generate web analytics and for tracking how the website is used, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. For example, we use the statistics to know how many visitors per day visit site, how much traffic we are sending outbound, which items on our site are being downloaded, items not found, the types of operating systems being used, the types of browsers being used or the time of day the website is used most. This information may be reported to our Board. The information generated by the cookie will be forwarded to Google servers in the U.S. for statistical analysis purposes only. Google Analytics cookies can be disabled by downloading and enabling Google Analytics Opt-out Browser Add-on.
We embed videos from our official YouTube channel using a privacy-enhanced mode. YouTube will not store personally – identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode.
We have also included a number of features, which allow our users to share some of content via Facebook and Twitter. This does not set a cookie by itself, but if one is present it will read it. Another service we use is provided through MailChimp, which helps us to design email newsletters, share them on social networks and integrate with our other services. We do not have direct access to those cookies and the use of those third-party cookies is governed solely by the respective service provider’s privacy policy.
The cookies are stored for a period of two years unless data subjects clear their cache and the cookies themselves. For more information on cookies, please visit aboutcookies.org.

9. Changes and modifications

We review our privacy policy regularly and when we do we will upload the updated version to our website. You can revise the version date located at the end of the Privacy Policy.

10. Contact us

Please feel free to contact Victim Support Europe via info@victimsupporteurope.eu.