This Privacy Statement governs the processing of personal data by SEAS AR RISK VZW, having its registered offices at 1210 Brussels, Rue de la Charité 22, registered with the KBO under number 0884.771.444, e-mail , tel. (+32) 02 329 01 18, website https://seas-at-risk.org/ (hereinafter ‘SAR’).
Unless otherwise stated, SAR is the controller of the personal data we collect and to which this Privacy Statement applies.
This Privacy Statement frames compliance with the General Data Protection Regulation of 24 May 2016 on the protection of privacy in the processing of personal data and the Law of 30 July 2018 on the protection of natural persons concerning the processing of personal data, and explains what personal data we collect and how we use it. Please read this Privacy Statement carefully, as it contains essential information about how your personal data is processed.
We respect your privacy and your rights to control your personal data.
As the data controller, we process data that you voluntarily provide to us when requesting information, browsing the website, making a request via the website, attending an event or in the context of our operations (committee) or (membership)activities.
More specifically, we may process the following personal data: first name, last name, nationality, e-mail address, address, phone number, payment information.
If you participate in certain events, pictures and footage may be taken of you, which may also be used by SAR in its online or offline communications.
We also automatically collect data on the use, access to or interaction with our website using cookies (such as Google Analytics) and similar technologies in order – among other things – to monitor the functioning of the website, or to detect fraud or security breaches, through IP addresses and browser data.
Finally, we may receive information about you from other sources, including third parties, such as partners with which we jointly organize events or activities (such as OceanWeek) or conduct marketing activities (such as Google). We may also receive information about you from social media platforms such as LinkedIn, Twitter, and META when you interact with us on those platforms. We protect information we receive from third parties in the same manner as described in this Privacy Statement.
Security and storage
We take the processing of your personal data extremely seriously and try to provide the necessary technical and organisational measures to protect it and help prevent theft, misuse and unauthorised access to or transmission, modification and destruction of your data.
We regularly check our systems for possible security risks and attacks. However, we cannot guarantee the security of any data you send. If a breach should occur, it will be responded to promptly, and the parties involved will be notified. However, SAR cannot be held liable for direct, indirect, or consequential damages, nor for loss of profit caused by a third party’s incorrect or unlawful use of the personal data.
The personal data collected is stored and processed in Belgium, at our registered office, on an external server at our registered office or with external service providers. Some personal data collected is stored and processed by tools that have servers outside the European Economic Area. If the data is with external service providers, with servers outside the European Economic Area, SAR assumes that an equivalent level of protection to that in the European Union is used for the processing of this data.
For this purpose, to the extent necessary, appropriate safeguards such as the standard contractual clauses with additional safeguards and the adequacy decisions may be used when transferring your personal data to countries outside the European Economic Area.
Third party access and transfer
We grant access to our employees or appointees on a self-employed or non-self-employed basis to process your personal data. However, we guarantee a similar level of protection through contractual obligations with these employees and appointees that are similar to this Privacy Statement.
The personal data you provide will not be sold to, nor shared with third parties, except in the context of the performance of the contract and the assignment entrusted to us and in the context of our cooperation with external suppliers (including practical tools) who perform services for us such as processing billing and payment data, e-mail communication, administration, accounting, website management, systems management, legal services, external technical service providers, IT companies and communication agencies.
Even then, however, we share your personal information only insofar as necessary, and only with service providers working on our behalf for the purposes described in this Privacy Statement. In that case, your personal data will be shared with these partners, but only to perform services on behalf of and under the instructions of SAR.
Please be aware that if you transfer to us (directly or indirectly) third-party personal data, for example through SAR’s website, you yourself are responsible for ensuring that you already have a legal basis under which you may process that third-party personal data. This may be the case, for example, if you have a contract with that third party and the processing of the data is necessary for the performance of this contract (Article 6.1.b GDPR). The foregoing also implies that you are acting as a data controller for these third party personal data and that you accept the corresponding obligations and liability.
In addition, and only to the extent required by law or strictly necessary to perform our activities or protect our rights or the rights of third parties affiliated with us or our members, we provide your personal data to law enforcement agencies, investigative organisations, our affiliates or in legal proceedings, including (judicial) reorganisation, bankruptcy or transfer. Where appropriate, we will always try to inform you in advance, to the extent possible and relevant, of any transfer.
Finally, SAR’s website uses marketing or advertising plug-ins. Your personal data may be collected and transmitted to these third parties by placing these plug-ins. Under Article 26 of the General Data Protection Regulation of 24 May 2016 regarding the protection of private life in the processing of personal data, SAR is a joint data controller with these third parties. For the rights and obligations of each data controller, please refer to the respective privacy statements of LinkedIn (Microsoft), Facebook, Instagram (META), and Twitter available at:
Privacy YouTube: https://policies.google.com/privacy
- a. Membership and events management, supplier management, staff administration, management administration (MGMT committee) and contact with subcontractors
The personal data collected in our capacity as data controller is used for our activities, projects and event, management and processing of your request or inquiry for information or within the framework of a cooperation (implementation, invoicing, payment…).
Other personal data is processed for our management administration (MGMT committee), membership management, staff administration, contact with subcontractors and supplier management.
- b. Direct Marketing (Newsletter)
The personal data is also used for our newsletter, to invite you to events (public and private) and activities, to send you information about project, and for research and surveys related to our activities and projects. Depending on the type of communication, we may contact you via email, letter or our social media channels.
- c. Website and cookies
The personal data is also used to guarantee your access to the website and ensure the website’s correct functionality by informing you about updates, new functionalities, etc.
In addition, the data collected may also be used to create a profile via cookies and by collecting and analysing information about pages you browse on the website and how you use the website in general. This analysis will then be used to ensure that a correct approach is used and to avoid errors.
- d. Security, dispute resolution and compliance legislation
Finally, we aim to provide the necessary security and safety and the data may also be used in settling disputes and complying with legislation.
The personal data collected is processed based on Article 6.1.a (consent), Article 6.1.b (necessary for the performance of a contract), Article 6.1.c (necessary to comply with legal obligation incumbent on the controller) and Article 6.1.f (legitimate interests) of the General Data Protection Regulation, for example to schedule an appointment, to perform our services, to sell our products, to provide you with technical or commercial information or for administrative, fraud detection or legal purposes.
Taking into account the processing purposes as described above, the processing of personal data intended for:
- Membership and events management, supplier management, staff administration and contact with subcontractors are conducted on the basis of Article 6.1.b GDPR (necessary for the performance of the contract). You are not obliged to transfer to SAR the personal data necessary for the performance of the contract. However, in the absence of this, SAR will be unable to perform.
- Direct marketing is conducted under Article 6.1.a (consent) and under Article 1.f (legitimate interests). You will always have the option to opt out of this.
- Website and cookies come under Article 6.1.a (consent) and under Article 1.f (legitimate interests). To the extent that such processing is based on consent, you may provide such consent by checking the check box at the bottom of the website.
- Management administration (MGMT committee), security, dispute resolution, and compliance with legislation are conducted under Article 6.1.c (necessary to comply with legal obligation incumbent on controller) and pursuant to Article 1.f (legitimate interests) to exercise our right of defense.
If your data is processed based on consent, this Privacy Statement and the opt-in system ensure that you can give your consent freely, explicitly, unambiguously, actively and in an informed manner.
Depending on the processing purpose, personal data processed in our capacity as controller will be kept for as long as necessary and no longer than ten years to meet our legal and accounting obligations.
The data processed for direct marketing and for preferences and advertising purposes on the website will be kept for no longer than two years.
After this period, we will permanently delete the data.
User rights and complaints
As a data subject, you have the right at any time to inspect and access the personal data processed by us as the data controller, to obtain a copy of such data, and to correct or have corrected the data if it is incorrect or incomplete, to have the data transferred, to restrict its processing or to have it deleted.
We do not use data that has been processed exclusively by automated means (such as profiling) unless you have given your express consent.
In addition, since the processing of personal data is partly based on Article 6.1.a GDPR (consent), you have the right to withdraw your consent at any time. However, please note that you will no longer receive relevant information if you do not consent to our processing certain personal data.
You can exercise the above rights by informing us by email at . You may withdraw your consent to the advertisements, promotions and marketing sent to you by email using the link at the bottom of each such email you receive.
If you still have a question or complaint, you can always contact us by email at .
Modification of Privacy Statement
If necessary, we may modify or update this Privacy Statement to reflect changes to the website and feedback from our users. If there are significant changes in how we use or process your personal data, we will notify you by posting a notice of the changes before they take effect or sending you a notice directly. We encourage you to re-read this statement regularly for more information on how we use and protect your information.
Brussels, December 2023