PRIVACY POLICY
SIA Internal Rules - 31st May 2022
Annex 6: Data Protection - Chapter 6.2. Privacy Policy
This Privacy Policy sets out how we collect, use, process and disclose your personal data when you:
> use our website (www.secureidentityalliance.org);
> use our social media;
> enter into an agreement with us or communicate with us in that context;
> register for or participate in our events; and
> communicate with us by email, phone or any other digital communication channel.
“We” in this Privacy Policy refers to: Secure Identity Alliance asbl [Company N° 0785 731 573 – Address: Boulevard Auguste Reyers 80, 1030 Schaerbeek, Belgium]. We are responsible for the collection and use of your personal data in the manner explained in this Privacy Policy. If you have any questions, please contact us by e-mail:
We can change this privacy policy on our own initiative at any time. If material changes to this privacy policy may affect the processing of your personal data, we will communicate these changes to you in a way that we normally communicate with you (e.g. via e-mail or via a message on our website).
6.2.1 Which personal data do we process and why?
We will only process your personal data for a specific purpose and to the extent permitted by law. We further explain below in which cases we collect and use your personal data. If we do not receive your personal data directly from you, we will also inform you of this below.
6.2.1.1 When you use our website or social media
When you use our website or use our contact form or other digital communication channel, we collect and use the following personal data.
What personal data? |
Why? |
Legal basis? |
Technical information (e.g. server log files) about your visit and the device you use. We cannot identify you on the basis of this information, but third parties may be able to identify you (e.g. you internet service provider). |
In order to ensure the most fault-free operation of our website and to detect and prevent malware, illegal content and conduct and other forms of potential abuse. |
Our legitimate interest in keeping our online presence safe |
Identity and contact details provided by you and the content of the message and the technical details of the message itself (e.g. date and time) . |
To enable communication between you and us |
Our legitimate interest in being able to respond to requests, questions, or comments or to contact you proactively for questions of any kind. |
Your email address. |
To send you our newsletter or other electronic communication. |
Your consent unless you are an existing customer whom we wish to keep informed of our products or services. |
6.2.1.2. When you conclude an agreement with us
When you or your employer is one of our service providers, or when you make use of or take part in providing our services (e.g. by participating in a Working group), we collect and use the following personal data.
What personal data? |
Why? |
Legal basis? |
Identity information, contact details and business or professional information provided by you in the context of the agreement |
To fulfil our contractual obligations, and if you are a customer, to provide our services, and to communicate with you in this context. |
If you are our customer or supplier as an individual, we rely on the necessity of processing your personal data for the performance of the contract we have with you. However, when you act on behalf of a company or other legal entity, we rely on our legitimate interest in being able to contract with customers and suppliers |
Identity and contact details provided by you within the framework of the agreement and, if applicable, your company and invoicing details. |
To carry out our normal business administration (e.g. invoicing and relationship management). |
Our legitimate interest in managing our business activities in a responsible and professional manner. |
6.2.1.3. When you participate in one of our events
When you register for or participate in our events, we collect and use the following personal data.
What personal data? |
Why? |
Legal basis? |
Identity and contact details provided to you us in connection with, where applicable, your registration and participation in our events. |
To process your registration and prepare, organize and secure our events. |
Our agreement with you by your acceptance of the applicable terms and conditions. |
Photos taken during an event on which you are clearly recognizable. |
To capture and share ambience images of the event (e.g. on our website). |
Your consent. |
6.2.1.4. When you communicate with us
When you communicate with us via telephone, email, or any other digital communication channel, we collect and use the following personal data.
What personal data? |
Why? |
Legal basis? |
Identity and contact details provided by you to us, the content of the communication, the technical details of the communication itself (e.g. date and time) and, if applicable, the device you used. |
To enable communication between you and us (e.g., when you use our contact form or contact us via telephone or email). |
Our legitimate interest in being able to respond to requests, questions or comments or to contact you proactively for questions of any kind. |
6.2.1.5. In other cases
For all personal data that we collect in the above circumstances, we would like to make it clear that we will also process your personal data in the following cases.
What personal data? |
Why? |
Legal basis? |
Above-mentioned personal data. |
To comply with our legal obligations or to comply with any reasonable request from competent police authorities, judicial authorities, government institutions or bodies, including competent data protection authorities. |
Our legal obligation. |
Above-mentioned personal data. |
To prevent, detect and combat fraud or other illegal or unauthorized activities. |
Our legal obligation. |
Above-mentioned personal data. |
To defend ourselves in legal proceedings. |
Our legitimate interest in entering into business transactions. |
Above-mentioned personal data. |
To inform a third party in the context of a possible merger with, acquisition of/by or demerger by that third party, even if that third party is located outside the EU. |
Our legitimate interest in using your personal data in these proceedings. |
If you are a director of SIA, we will process your identity and contact details, including your place and date of birth, address details and national registration number. |
These data are necessary for registration in the CBE. |
Our legal obligation. |
6.2.2. With whom do we share your personal data?
In principle, we do not share your personal data with anyone other than the persons who work for us, as well as with the suppliers who help us process your personal data. Anyone who has access to your personal data will always be bound by strict legal or contractual obligations to keep your personal data safe and confidential. This means that only the following categories of recipients will receive your personal data:
> You;
> Your employer or business partners, but only when this is necessary for the purposes mentioned above (e.g. when your employer is our supplier or customer);
> Our employees, members of the Board, individuals of the Working group, or any individual acting under the authority of us;
> Our suppliers; and
> Government or judicial authorities to the extent that we are obliged to share your personal data with them (e.g. tax authorities, police, or judicial authorities).
We do not transfer your personal data outside the European Economic Area (EEA) (the European Economic Area consists of the EU, Liechtenstein, Norway, and Iceland). We will only transfer your personal data outside the EEA if you or your employer, as a customer or supplier, have offices outside the EEA with which we need to communicate. If a transfer were to take place, we will take sufficient safeguards to protect your personal data during the transfer (e.g. by entering into an agreement based on standard data protection clauses approved by the European Commission).
6.2.3. How long do we keep your personal data and how do we keep your personal data secure?
6.2.3.1. Data retention
Your personal data will only be processed for as long as necessary to achieve the purposes described above or, when we have asked you for your consent, until you withdraw your consent. In this article we provide you with the information you need to evaluate how long we will keep your personal data identifiable.
As a general rule, we will de-identify your personal data when it is no longer needed for the purposes described above or when the retention period, as explained in, has expired. However, we cannot delete your personal data if there is a legal or regulatory obligation or a court or administrative order preventing us from doing so.
We retain all personal data collected through our website for as long as necessary to protect the legitimate interests stated above or to perform our agreement with you or your employer.
All personal data we collect through our social media we retain as long as necessary to protect the legitimate interests stated above.
We will retain all personal data collected in connection with our events for as long as necessary to protect the legitimate interests stated above or until you withdraw your consent. If you wish to object to a published photo of you during an event, please let us know.
All personal data we collect through our interactions with you through social media, telephone, email, or other digital communication channels will be retained for as long as necessary to communicate with you, but also to maintain a historical record of our communications. This allows us to return to previous communications when you come back to us.
6.2.3.2. Security
The security and confidentiality of the personal data we process is very important to us. That is why we have taken measures to ensure that all personal data processed is kept secure. These measures include technical and organizational measures to protect our infrastructure, processes, systems, and applications.
6.2.4. Your rights and questions
You have certain rights related to the processing of your personal data: the right of access, rectification, erasure, and data portability as well as the right to object to or restrict the processing of your personal data and to withdraw your consent. More information about these rights and how to exercise them, can be found on our website. To exercise one of your rights, you can submit a written request to
Should you have any further questions about the processing of your personal data, please do not hesitate to contact our data protection manager. You can contact our data protection manager by e-mail: