This privacy statement describes which data about you is collected by us within the specific Howest Yet context, for what purpose this data is used and with whom and under what conditions this data may be shared with third parties. We also explain how we store your data and how we protect your data against misuse and what rights you have with regard to your personal data.
We collect and process personal data of data subjects. By data subjects we mean:
Users of the app: people who have decided to participate in an environmental analysis of a public space
Other stakeholders present at those locations
Visitors to our website(s)
If you have any questions about our privacy policy, you can contact our privacy contact person. You can find the contact details in the “Contact” section of this document.
Contact
The responsible of this processing of personal data is Howest, with its head office at Marksesteenweg 58, 8500 Kortrijk and telephone number +32 56 241290. Our other addresses and telephone numbers can be found on our website https://www.howest.be. If you have any questions about this privacy statement, you can always contact us..
The best way to reach Howest's Data Protection Officer is by email: privacy@howest.be.
Which personal data do we process and for what purpose?
Howest ensures that the processing of personal data is limited to the intended objective(s). Howest processes personal data in order to achieve these.
Howest Yet products and services
This is about collecting, sharing and publishing ideas about the use of a public space. The purpose of this sharing is to maximize the public interest of optimal and pleasant use of public spaces.
A publication is content posted by a user on the YET platform. This publication includes but is not limited to: a photo, an edited photo, the user's information, the date and a query analysis.
The legal grounds for the processing in this category are an agreement between Howest Yet and the users.
User analysis
This concerns the collection of data regarding users, frequency and type of users with the aim of further optimizing Howest Yet services..
Special categories of personal data
Within GDPR (General Data Protection Regulation, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016), Articles 9 and 10 define some special categories of personal data as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, health, sex life or sexual orientation, criminal convictions and offences.
Howest Yet does not process this data in principle. At certain locations it is possible that such sensitive data can be derived. Howest Yet will in any case not perform any profiling based on this data.
Automated decision-making
Howest Yet does not under any circumstances use automated individual decision-making (including profiling) within the meaning of GDPR article 22.
Who has access to this personal data?
Access control
Howest is the controller. This means that we determine which data we collect and for what purpose. In legal terms, we determine the purpose of the processing. But that does not mean that every employee of Howest or Howest Yet simply has access to everything. Your personal data only goes to the services and employees who need them for their work.
For some services (e.g. IT, social secretariat, marketing, catering) we work together with specialized partners. These partners can have access to your data during these interventions but always act according to our guidelines laid down in a contract that guarantees that they use the same high privacy standards. They cannot use the personal data for any other purpose.
Transfers of personal data
We exchange personal data with a number of governments and organisations that have an influence or interest in a certain location or group of locations. However, we never simply provide your personal data to others. We only do this if there is a legitimate reason for doing so.
The data is stored in Google Firebase. https://firebase.google.com/support/privacy
Social media messages are posted on the respective platforms (this includes Facebook, Twitter, LinkedIn, Flikr, YouTube, Instagram, Snapchat, Eventbrite). In order to optimize these social media messages, there is cooperation with an external party that further processes these posts. This external party is a processor on behalf of Howest and uses this data only within its assignment with Howest.
Howest Yet uses Office 365 and Google Drive. Some of the personal data (including email) are stored within these platforms. Howest has contracts with all these parties that offer the appropriate guarantees in terms of data protection and information security.
The recipients mentioned may be located outside the European Economic Area (EEA). In this case, the protection of your data is ensured by the fact that they are located in countries that have an adequacy decision by the European Commission, or by the conclusion of appropriate contractual provisions with these recipients.
The legal bases for these transfers are legal obligations, necessary for the agreement or legitimate interest.
The security and retention periods of personal data
Howest Yet stores the publications in principle for an indefinite period because such information can always be relevant for the optimization of the use of public spaces. The user always has the possibility to remove his publications.
Information security is a necessary condition for the protection of personal data. Howest therefore ensures appropriate technical and organizational measures to guarantee the confidentiality, integrity and availability of personal data, and to protect them against any form of loss or unlawful processing.
Howest has developed an information security and privacy policy, based on the internationally recognized standard for information security ISO/IEC 27001 and consisting of more general and more practical guidelines. This policy is supplemented and updated on a regular basis. In addition, based on risk analyses, checks and audits are performed on selected applications or processing.
Rights of data subjects in the context of the processing of personal data
What rights do you have in the context of the processing of personal data?
Depending on the purpose and legal basis on which Howest processes personal data, the individuals concerned may exercise the following rights:
The right to ask which personal data is processed and, if this data has not been provided directly to Howest, to request information about the source of this data;
The right to request that data be corrected if it is inaccurate;
The right to request to be ‘forgotten’ if a number of conditions are met;
The right to request the provision of certain data that the data subject can transfer to another organization;
The right to object to the processing of personal data in the context of fully automated processing, against legitimate interest and against marketing;
The right to restriction of data processing may be invoked if the processing is not lawful, or pending a decision on the right to rectification or the right to object.
How can you exercise these rights as a data subject?
To exercise these rights, you can contact us to exercise your rights, accompanied by a motivation for your request. To obtain certainty about the validity of a request or the identity of an applicant, Howest may request additional information. Howest reserves the right not to comply with a request, provided it has motivated reasons. This is, for example, when a request is manifestly unfounded or excessive.
To exercise these rights, but also for further questions about the various rights and obligations in the field of data protection, or if you believe that your personal data is being processed wrongfully and/or incorrectly by Howest, you can contact the Data Protection Officer of Howest via privacy@howest.be.
Other contact details can be found in the “Contact” section.
If you believe that a request or complaint has not been sufficiently followed up, you can, depending on the context, contact the Flemish Supervisory Commission or the Federal Data Protection Authority:
Data Protection Authority
Drukpersstraat 35, 1000 Brussel
Tel +32 (0)2 274 48 00
Website: https://www.gegevensbeschermingsautoriteit.be
Different rules, different privacy statements
This document does not contain all applicable rules regarding the processing of personal data. For general processing, the Howest privacy statement https://www.howest.be/en/privacy-and-copyrights also applies.
Due to the specific nature of Howest Yet, which is completely separate from the operation of Howest, there is a specific privacy statement.
Changes to the privacy statement
Our services are constantly changing. This privacy statement may be updated from time to time to reflect changes in the way we operate or in the law. You can therefore check this each time you provide us with personal information. The date of the most recent revisions will always be stated in the title of this privacy statement.
If we make material changes to the Privacy Statement, for example changes that affect the way we intend to use your personal information, we will communicate this to you in a more direct manner (including, for certain services, email notification of changes to the Privacy Statement).