1. The Controller
The Controller that is responsible for collecting and processing your personal data when you use the Websites is:
GS1 in Europe AISBL
Rue Royale 76, mailbox 1
“Controller” means GS1 in Europe AISBL, also referred to as “we”, “us”, and “our”.
“processor” means a natural or legal person that processes personal data on behalf of or pursuant to GS1 in Europe instructions.
“processing” refers to the ways your personal data is (among other things) collected, stored, used, disclosed, and erased.
“personal data” means any information relating to an identified or identifiable natural person (a “Data Subject”). Examples of such personal data includes your name, email address, photograph, professional title, business phone number, and any other personal information you provide to us that is capable of identifying you.
3. Collecting Personal Data
The GS1 in Europe Websites, including the services available on them, collect personal data that enables us to provide secure Website access and our services to you. When you interact with the Websites (i.e. to register your details and/or login), your personal data is collected for registration and security purposes. Personal data is collected as input by you and from third party processing services that collect personal data via our Websites (such as event registrations).
Personal Data is only collected when necessary to provide secure Website access and/or services to you, and is limited to the relevant types of personal data actually required.
4. Purposes of Processing & Legal Basis
The personal data GS1 in Europe collects via its Websites allow us to provide secure access to our Websites and to respond to your questions.
This type of processing is done with your consent, which you may give when submitting your details via the electronic contact form, and otherwise for GS1’s legitimate interest of improving the Websites, our services and responding to your queries.
Our Websites, and the services they provide, may require users to register their personal data (for example name, email address, and password) and user consent is requested at the time of registration.
This type of processing is done on the legal basis of your consent and otherwise, where consent is not legally required, for GS1 in Europe’s legitimate interest of ensuring the security of our services and the people that access and use them. Where a user has entered into a contract with GS1 in Europe (for example that relates to a service), then it may be necessary for us to process personal data in order to fulfil our obligations to perform the contract.
Marketing & Organisation Communication
Personal data may be processed for the purpose of sending email communications about GS1 in Europe news and events. Personal data is also processed as our services reasonably require, to communicate updates, troubleshoot issues with the service, and to respond to and resolve user queries about the service. Processing personal data for marketing and organisational communication purposes is done on the legal basis of user consent and otherwise, for GS1 in Europe’s legitimate interests of marketing its news and events to interested members and users. Processing personal data to communicate with users about services they use is done pursuant to GS1 in Europe’s legitimate interest of providing ongoing services and related service support to its users.
Social Media Integration & Plugins
GS1 in Europe integrates content from its YouTube channel, Twitter and LinkedIn accounts (“social media platform(s)”) to its Websites. These social media platforms can, if buttons are included on our Websites, automatically download information technology content. The pages viewed by a user can then automatically send data to these social media platforms. Through this technical process, the social media platform may receive personally identifiable information, such as an IP address and browsing habits, to optimise user-directed advertising. This information is stored by the social media platforms in the United States of America and may be shared with third parties where appropriate. If the user is logged in to a social media platform with their profile, the social media platform recognises the user at each activity. Personal data such as the IP address of the person concerned, clicks on pages, access time, access location, the frequency of visits, links of origin, follow-on links and data on the length of stay on the website are sent. The social media platforms may, if buttons are included on our Websites, monitor user activity.
GS1 in Europe Websites embed content and uses social plugins ("plugins") from social media platforms. If you visit a page of our Websites that contains such plugin, your browser connects directly to the servers of the social media platform. The content of the plugin is transmitted by the social media platform directly to your browser and integrated into the webpage. By integrating the plugin, the social media provider receives the information that your browser has accessed the corresponding page of our Website. This also applies if you do not have a profile or are currently not logged in to the respective social media platform. This information (including your IP address) is transmitted by your browser directly to a server of the social media platform (possibly in the US) and stored at that location. If you are logged in to one of the social media platforms, the provider can directly allocate the visit to our Website to your profile in the respective social media platform. If you interact with the plugins (for example by clicking the "Like" or "Share" buttons), the corresponding information is also transmitted directly to a social media platform server and stored at that location. The information may also be posted on the social media platform and displayed to your contacts. This type of processing is necessary for the optimal marketing of our services, which is a legitimate interest of GS1 in Europe.
If you do not want social media platforms to assign the data collected via our Websites directly to your profile in the corresponding social media platform, you must log out of the corresponding service before you visit our Websites. You can prevent the plugins from being loaded, even with add-ons for your browser, using the script blocker "NoScript" (http://noscript.net/).
GS1 in Europe must comply with its legal obligations (for example as directed by regulatory authorities or under a Court order) and in such circumstances, it may be necessary for us to process personal data for these reasons.
Cookies are small files stored on your computer when you access our Website. They have various functions including: allowing you to navigate smoothly between pages on the Website, remembering your preferences and improving the overall experience of the Website.
You can enable or disable cookies by modifying the settings in your browser. You can find out how to do this and obtain more information on cookies at: www.allaboutcookies.org.
6. Data Storage
7. Data Transfers & Recipients
Disclosure to Third Parties
If required by law, GS1 in Europe may disclose personal data upon request of a public authority and upon receipt of a Court order, or similar, to disclose personal data.
8. Protection of Personal Data
All information collected via the Websites and services are saved and stored in secure operating environments and is only accessible by authorised personnel. The Website is monitored regularly to ensure that it is secure and data is not being accessed or used improperly. The Website is protected by appropriate security measures to safeguard, prevent loss, unlawful use and unauthorised access to personal data to the maximum reasonable extent.
9. Your Rights
Accessing your Personal Data
When you request access to your personal data, and such request is reasonable and proportionate, GS1 in Europe will provide such service free of charge, however if your request requires disproportionate technical or administrative effort GS1 in Europe may charge a fee.
If you request access to your personal data, GS1 in Europe may request verification of your identity to ensure to the fullest extent possible that personal data is not unlawfully disclosed – failure to adequately validate your identity may result in GS1’s refusal to allow access to requested personal data.
You are responsible for maintaining the accuracy of your personal data by contacting GS1 in Europe to notify us of any changes to or errors in your personal data. You have the right to access your personal data stored by the Websites and services to update, amend and rectify your personal data record.
You have the right to have your personal data erased, noting that without the retention of your personal data, access to the Websites and services may be limited.
You also have the right to withdraw your consent to your data being processed at any time, without affecting the lawful processing of your personal data before such withdrawal.
You have the right to object, in whole or in part, to your personal data being collected and processed pursuant to GS1 in Europe legitimate interests. In such case, we will no longer process personal data - except where the compelling legitimate grounds to continue the processing override the interests, rights and freedoms of the user, or to establish, exercise or defend legal claims.
Personal Data Portability
Users have the right to request and receive their personal data in a structured way as well as the right to have their personal data transmitted to another processor, where technically feasible and not adversely affecting the rights and freedoms of others.
If you have a complaint about the way GS1 in Europe handles or processes your personal data, you may lodge a complaint with the relevant supervisory authority, which for GS1 in Europe is the Data Protection Authority (Belgium). At first instance, we recommend that you direct any concerns or complaints to firstname.lastname@example.org.