2.1. Curia is the controller of, and therefore responsible for, personal data: (i) relating to you and/or (ii) regarding other data subjects provided by you or on your behalf (“Personal Data”).
(i) the Belgian Data Protection Act of December 8, 1992 on the protection of privacy in relation to the processing of personal data (as amended, modified and/or completed from time to time) (the “Privacy Act”);
(ii) Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”);
(iii) all other applicable legislation regarding the protection of privacy and the processing of personal data;
(together or separately, the “Privacy Legislation”).
2.3. Curia has the following legal grounds for the processing of Personal Data:
(i) the contract you have entered into with Curia;
(ii) the free, specific, informed and unambiguous consent, from you or through you on behalf of the other data subject concerned, to process Personal Data. Such consent can be given by any means, such as, but not limited to mail, email, an online or offline consent form, a membership form or orally;
(iii) a legal obligation; and/ or
(iv) a legitimate interest of Curia.
(i) execute its activities, as described in article 1.2 (including the performance of agreements entered into);
(ii) provide direct marketing regarding its activities such as updates, newsletters, info brochures, emails, marketing materials, invitations to events such as conferences, exhibitions, launches, seminars and workshops and other information that may be useful to the addressee;
(iii) better understand the needs and preferences of the addressee in order to adjust its services hereto;
(iv) answer any question one might have when contacting Curia e.g. by telephone or by email;
(v) get in touch in the context of a selection and recruitment process;
(vi) comply with applicable legislation.
(together or separately the “Purpose”).
4. Personal data
4.1. Curia can request, collect and process all Personal Data that can be useful for the Purpose, such as: (first, middle, last) name, address, email address, phone number, IP address, job, company name, preferred language, specific areas of law that might be of interest of the addressee, resume and/or all other information one provide us with.
4.2. You guarantee that the Personal Data you have provided to Curia are complete and correct and that you are entitled to transfer these.
5. Transfer of personal data to third parties
5.1. Curia can rely on subcontractors to perform certain processing activities (e.g. mailing campaigns, hosting the Curia website, other ICT-purposes etc.). Curia enters into processing agreements with those third parties that can have access to Personal Data.
5.2. Curia guarantees that it does not transfer Personal Data to other third parties, unless:
(i) there is a legal obligation to transfer Personal Data;
(ii) Curia has a legitimate interest to do so.
6. Your rights
6.1. The Privacy Legislation provides the data subjects with a number of rights in regarding their Personal Data. Everybody has the right, free of charge:
(i) to have access to and receive a copy of his/her Personal Data;
(ii) to have his/her Personal Data corrected in case of errors;
(iii) to have his/her Personal Data erased in case:
a. Personal Data are no longer necessary to achieve the Purpose;
b. he/she withdraws his/her consent and there is no other legal ground for the processing of Personal Data;
c. he/she objects to the processing his/her Personal Data and there is no other legal ground for the processing of his/her Personal Data;
d. his/her Personal Data have been unlawfully processed;
e. there is a legal obligation to erase his/her Personal Data;
(iv) to have the processing of his/her Personal Data restricted;
(v) to request that his/her Personal Data are transferred to a third party;
(vi) to object against the processing of his/her Personal Data, in particular the processing for direct marketing purposes;
(vii) to withdraw his/her consent pursuant to which Curia is allowed to process Personal Data;
(viii) to lodge a complaint with the supervisory authority (Data Protection Authority / Commission for the Protection of Privacy) if he/she is of the opinion that the processing of his/her personal data violates the Privacy Legislation. It can be reached through: Rue de la Presse 35, 1000 Brussels, firstname.lastname@example.org
6.2. In case one wants to exercise any of the above rights, he/she can send a written, dated and signed request, with proof of identity, by ordinary mail to Curia CVOA, Arnould Nobelstraat 40/0102, 3000 Leuven, Belgium or by email to email@example.com. Please note that the Privacy legislation may impose conditions on exercising any of the above rights.
7. Storage and security
Curia stores Personal Data for as long as it is necessary to achieve the Purpose. The Personal Data are stored by Curia, or, if applicable, by its processor of Personal Data.
Curia commits to take (or have) all reasonable measures (taken) to protect the Personal Data through technical safety measures and an appropriate safety policy from destruction, loss, modification or unauthorized processing.
You acknowledge and accept that the transfer and storage of Personal Data is never without risk and consequently, Curia cannot be held liable for the damages that you may suffer as a result of the unlawful use of Personal Data by third parties, other than Curia’s processors.
10. Applicable law and competent court
10.1. You agree that all disputes between you and Curia regarding Personal Data and privacy issues, are exclusively subject to Belgian law, excluding any conflict of law principles.
10.2. Every dispute regarding Personal Data and privacy issues should be submitted to the exclusive jurisdiction of the courts of Leuven, Belgium, excluding any other court.