Online Privacy Statement
- Introduction and purpose of the privacy statement
Alfapass attaches great importance to privacy and careful handling of the personal data of the users and holders of an Alfapass account (hereinafter also referred to as ‘Users’). In this privacy statement, Alfapass wishes to explain in a clear, transparent, simple and correct way how Alfapass handles the personal data it collects and processes from the Users, regardless whether Alfapass collects these data directly or through a third party. The privacy statement also explains for which purposes Alfapass processes the personal data of Users, which categories of personal data are processed, which rights the Users enjoy regarding their personal data and how they can exercise their rights.
Alfapass kindly asks you to read this privacy statement carefully so that you are sufficiently informed about your rights and how to exercise them.
- Alfapass and its activities
Alfapass is an organization engaged in investment, production and issue of ID cards specifically for ports and other logistics players. For this purpose, Alfapass has a central database managed by Alfapass with information about the Users. Terminals and other organizations that use the services of Alfapass are required to take the necessary measures themselves to enable correct access control to the terminal or organization. To this end, personal data of Users are exchanged between Alfapass and relevant terminals and organizations.
You can contact Alfapass by phone on +32 3 303 28 28 or by email at firstname.lastname@example.org
- What personal data is collected and processed by Alfapass?
By visiting the website, contacting and/or using the services of Alfapass, Alfapass may or may not – necessarily – collect and process personal data.
Depending on the relationship with Alfapass, the following data may be collected and processed:
- When visiting the website: the visitor’s IP address is temporarily recognized and (not individually) used for analysis and optimization of the website, the website also uses some cookies;
- When contacting Alfapass: the contact details (telephone number, email address, … ) of the person directly contacting Alfapass are temporarily processed, as well as any identification details (name, Alfapass account number, …) that the person communicates to Alfapass during this contact;
- When applying for an Alfapass account: the surname, first name, job title and telephone number of the representative of the applicant for an Alfapass account can be collected and processed;
- When using an Alfapass account: of the Users, their surname, first name, date of birth, address, telephone number, nationality, gender, ID card or passport number, employer, employee number, Alfapass account number, colour photograph, biometric template, subgroups and times and location of use of the Alfapass account can be collected and processed.
- Why does Alfapass collect and process personal data?
Alfapass collects and processes the personal data of Users and other persons mentioned above for the following purposes:
- To correctly answer inquiries from persons when they contact Alfapass, Alfapass has a legitimate interest in processing personal data;
- To improve the functioning of Alfapass’ services, processes and applications, Alfapass has a legitimate interest in processing personal data;
- To perform the services provided by Alfapass, as agreed upon in one or more agreement(s), Alfapass processes personal data in pursuance of the relevant agreement(s);
- To follow instructions from the police and/or judicial authorities when they oblige Alfapass to process data, i.e. under a legal obligation.
- Who does Alfapass share personal data with?
5.1 Internally – Alfapass
Alfapass takes the necessary measures to ensure that access to personal data, including that of Users, within the organization is limited to those employees who actually need access as part of their job.
5.2 Externally – third parties
Alfapass transfers personal data to the following categories of third parties:
- Terminals and/or organizations that use the services of Alfapass and to whom, in order to make access control possible in practice, personal data are provided in a secure manner;
- Organizations and/or persons to whom Alfapass has outsourced certain services and/or functions, such as suppliers of IT systems, software, IT support, destruction of confidential documents, etc;
- Organizations and/or persons that are an integral part of the Alfapass operation, such as external consultants and employees;
- Organizations that provide technology services such as Google (cookies).
- How long does Alfapass keep personal data?
As a general principle, Alfapass does not retain the collected and processed personal data longer than is strictly necessary to achieve the purposes for which the data are collected. In addition, Alfapass will delete any personal data, without undue delay, when persons so request.
Users’ personal data relating to the services provided by Alfapass, and more specifically the Alfapass account, will be retained for the entire period that the Alfapass account is active, this concerns a period of three (3) years. The data is then stored for up to two (2) years after the cancellation or expiry of the of the AlfaPass account.
At the end of the applicable retention period, the personal data will be definitively deleted.
- Rights relating to personal data
With regard to his or her personal data, Users (or other persons mentioned above) always have the right to:
- Submit a request to Alfapass for access to his/her personal data:
Alfapass will confirm whether or not personal data will be processed. In the event that personal data are processed, Users may request a copy of such personal data. If more than one copy is requested, Alfapass may charge a fee for this.
- Submit a request to Alfapass for rectification of his/her personal data:
If the personal information in the possession of Alfapass is inaccurate or incomplete, the Users may request to rectify or supplement it. If the Users so desire, Alfapass may inform them which third parties have received the inaccurate and/or incomplete information in the past.
- Submit a request to Alfapass for restriction of the processing of his/her personal data:
Users may request Alfapass to stop processing all or part of their personal data in certain situations. If the Users so desire, Alfapass may inform them which third parties have received the information in the past.
- Submit a request to Alfapass for complete deletion of his/her personal data:
Users may request Alfapass to remove their personal data completely. However, this is limited to those situations where these personal data are no longer necessary for Alfapass to provide its services. If the Users so desire, Alfapass may inform them which third parties have received the information in the past.
- Submit a request to Alfapass for objection to the processing of his/her personal data:
Users have the right to object to the processing of their personal data by Alfapass, where Alfapass processes these data for a legitimate interest, in which case the Users must demonstrate that their right takes precedence over the legitimate interest of Alfapass, or in situations where Alfapass processes these data for marketing purposes.
- Submit a request to Alfapass for portability of his/her personal data:
Users may ask Alfapass, depending on the circumstances, to transfer personal data that Users have provided to Alfapass to a third party of their choice or to use it elsewhere. The transferred personal data will be drawn up and transmitted by Alfapass in a structured, commonly used and machine-readable format.
- Submit a request to Alfapass for withdrawal of permission to process his/her personal data:
In those situations where the processing of personal data by Alfapass is based on the consent obtained, Users may revoke this consent at any time. As soon as Users have withdrawn their consent, Alfapass will no longer process these personal data.
- Submit a complaint to the Data Protection Authority:
If Users disagree with the processing of their personal data by Alfapass and they do not agree with the response and/or solution provided by Alfapass, they may file a complaint with the Data Protection Authority.
All requests for the exercise of the above rights must be submitted to Alfapass by contacting Alfapass in the manner as mentioned in Article 2 of this privacy statement.
- Security of personal data
Alfapass makes every effort to prevent abuse, loss, unauthorized access and other undesirable actions relating to the personal data of Users. To this end, Alfapass shall take the necessary and appropriate technical and organizational measures to ensure that the processing operations comply with the requirements of national and European law. In this way, Alfapass also ensures the protection of the rights of Users. Alfapass ensures that these measures are regularly monitored and adjusted where necessary.
- Exchange of data outside the EEA
Alfapass does not transfer personal data to individuals or organizations if this results in the personal data in question leaving the EEA. All IT infrastructure used by Alfapass is also located within the EEA.
- Amendments to the privacy statement
Alfapass may change this privacy statement from time to time. All updates and changes will take effect immediately after their publication. Alfapass therefore encourages Users to consult this privacy statement at regular intervals, so that they are always aware of any changes that may affect them.