The University of Namur regularly organizes institutional, academic and scientific events, where appropriate through its faculties, centers and research institutes. In this context, the University is required to use personal data of participants and speakers for the management of the promotion, organization and evaluation of the event.
Contexte
L'Université de Namur organise régulièrement des évènements institutionnels, académiques et scientifiques, le cas échéant au travers de ses facultés, centres et instituts de recherches. Dans ce contexte, l'Université est amenée à utiliser des données à caractère personnel de participants et intervenants pour la gestion de la promotion, de l'organisation et de l'évaluation de l'évènement.
Categories of personal data processed and purposes of use
For the purposes of managing the events it organizes, the University of Namur processes data in the following categories:
- General identification data [category grouping the following type of data: surname, first name, postal address, e-mail addresses, copy of identity card, passport photograph, telephone number ...]
- Professional data [category grouping the following type of data: data relating to profession or professional activities, position in an entity outside the University, professional affiliations...]
- Affiliation data [category grouping the following type of data: data relating to affiliation with charitable or voluntary organizations, student circles, clubs, associations, unions, organizations, groupings ..]
- Data relating to professional experience and skills [category grouping the following type of data: CV, language skills, previous experience, references ...]
- Registration data [category grouping the following type of data: registration date, purpose of registration ...]
- Expense reimbursement data [date and purpose of expenses, receipts ...]
- Data relating to participation in an activity [category grouping the following type of data: attendance, purpose of activity ...]
- Data relating to the retention of evidence of authorization or consent [category grouping the following type of data: dates of authorization, purpose ...]
- Data relating to a certificate of attendance or participation [category grouping the following type of data: dates of authorization, purpose ...]
- Data relating to the taking of sound, photographs or videos [category grouping the following type of data excluding video surveillance images and passport photo: recordings, metadata associated with recordings ... ]
- Payment data [category grouping the following type of data: data relating to a transaction, amount, date of payment, debtor, creditor, purpose of transaction ...]
- Banking and financial data of natural persons [category grouping the following type of data: bank account number, IBAN code, VAT details ...]
These data are used to:
- Manage information on the description and running of the event
- Manage event registrations
- Manage the participation of speakers (speakers, moderators ...)
- Manage invoicing and payments related to event participation
- Manage any out-of-pocket expenses
- Manage communication concerning participants and presentation materials
- Manage physical access to the event (including parking)
- Manage remote computer access to the event
- Manage the issue of participation certificates
- Manage promotion of the event
Basis of lawfulness of data processing
- Where the contract is concluded with the data subject: the activity is necessary for the performance of a contract with the person whose data is processed or for the performance of measures taken for the conclusion of a contract at the request of that person (Article 6, 1, b) of the RGPD)
- Where the contract is concluded with a legal entity: the activity is carried out on the basis of a legitimate interest of the University (Article 6, 1, f) of the RGPD). This legitimate interest consists in enabling the performance of a contract concluded with a person other than the person whose data is processed
In addition:
- Contact data may be reused to send communications concerning other events organized by the University of Namur. This is in the legitimate interest of the University to be able to promote activities organized at the University
- Images taken during the event may be published in the University newsletter, on the University website, or on a University social network account. Depending on the type of images and their context, the basis for this use is the legitimate interest of the University of Namur in being able to inform the public about the activities it organizes as part of its teaching, research and community service missions, or the consent of the persons concerned.
- Participant data is in some cases shared with a partner associated with the event for the purposes of fulfilling part of the contractual obligations (for example, when a purchase of work is subscribed to at the same time as registration for an activity).
Categories of people concerned
The categories of people whose data are processed for the purposes of the activity are as follows:
- Members of a mailing list
- Participants in an event
- External stakeholders linked to teaching and training (for example, members of a research institute, another higher education institution...)
- Orators
- Prize or award winners
Data sources
The data included in the processing activity comes from the following source(s):
- The person himself provided it
- The data is generated by an activity of the person
Data recipients
Data are processed solely by University individuals and departments for the purposes of carrying out the activity. Internal data recipients mainly belong to the following category:
- Staff of the University's administrative services
- Staff of faculties and departments
- Staff of institutes and research centers
- Staff of IT support services
External data recipients belong to the following categories:
- External contractors involved or whose services are requested in the organization of the event
- Other participants (in case of submission of participant lists)
Treatment features
The retention period is determined according to the following criterion(s):
- The need to retain data for operational requirements of the event organization.
- Contact data included in mailing lists are deleted from the list when the data subject objects to the processing or withdraws a consent given for such processing.
When information or images are published on social networks in the context of promoting UNamur's activities, such data may be transferred outside the territory of the European Economic Area.
This transfer takes place under cover of the following grounds or guarantees:
- The transfer takes place to an organization that undertakes to implement measures that comply with the requirements of the European Commission to ensure an adequate level of protection (these guarantees and mechanisms are described in their own data protection policy accessible on their websites).
- When publication is carried out on the basis of the consent of the data subject, the circumstance of the fact that this publication involves a transfer of data outside the European Economic Area is the subject of a request for consent as well.
Rights of persons concerned
The rights of data subjects are described on www.unamur.be/fr/vie-privee. In particular, they have the right to withdraw their consent if processing takes place on this basis, and the right to object to the use of data for prospecting communications. The first contact person for this purpose is the event organizer.