Déclaration de confidentialité – Symbiose Innovation

Privacy Policy

Introduction

Symbiose Innovation is committed to respecting privacy and places great importance on the confidentiality of the data it processes, as well as on compliance with privacy protection laws.

This privacy statement is based on the applicable legal provisions, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the “GDPR”), as well as the Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data.

Who is the data controller for the processing of personal data?

Symbiose Innovation, a non-profit association (ASBL), registered under company number 1002.660.888 and having its registered office at Rue de Laeken 93A, 1000 Brussels, is the data controller for the processing of personal data.

What personal data are processed via the platform?

When you register on the Symbiose Innovation platform, a certain amount of personal information concerning you is collected.

Accordingly, the categories of personal data that may be processed are as follows:

Personal identification data (surname, first name, email address and/or telephone number);
Data collected through cookies (cookie preferences, website language preferences, location from which the website is accessed, etc.);
Health-related data (health status, research data, diagnoses, etc.);
Professional and employment data (current position, professional experience, skills, job-related training, etc.);
Education and training data (educational institutions attended);
Affiliation with professional organizations (details regarding associations, positions held);
Specific needs;
Security data (password);
Publications (articles, reports);
Platform interactions (subscriptions, identities of connections).

These data are processed in accordance with this privacy statement and in compliance with the provisions of the GDPR.

À quelles fins et sur quelle base juridique traitons-nous vos données à caractère personnel ?

Processing Activities and Purposes

Your personal data are collected and processed via the Symbiose Innovation platform for the following purposes:

To create and validate your profile on the platform;
To provide you with recommendations of expert profiles, solutions, and organizations;
To create and publish the collaborations carried out by you;
To contact you further following a meeting request submitted via the platform;
To respond to a message submitted via the contact form;
To enhance your browsing experience on the platform;
To ensure the security of the platform;
To manage the cookies used on the platform;
To manage the platform’s back office operations;
To contact you with a view to improving the services offered on the platform.

They will be processed only by the project managers of Symbiose Innovation and its subcontractors, solely for the purposes specified above.

Under all circumstances, Symbiose Innovation undertakes to collect and process your personal data obtained through its platform only to the extent strictly necessary for the fulfillment of one of the purposes set out in this statement.

Legal Basis

Your personal data are processed in accordance with the legal basis stipulating that the processing is necessary for the performance of a contract to which you are a party, or for taking steps at your request prior to entering into a contract (Article 6(1)(b) of the GDPR).

Within the framework of the contractual relationship, it is foreseen that Symbiose Innovation processes certain special categories of personal data (commonly referred to as “sensitive data”). The processing of such data is subject to strict limitations, and Symbiose Innovation only does so to the extent that you, as the data subject, have given your explicit consent at the time of registration on the platform.

How long is your data retained?

In general, Symbiose Innovation retains your personal data only for as long as necessary to achieve the purposes pursued for the execution of the contract and/or the pre-contractual phase.

If your user journey does not go beyond the pre-contractual phase (profile validation), your data are not retained thereafter.

To whom might your data be disclosed?

Within the scope of the aforementioned data processing activities, Symbiose Innovation may disclose the data included in your profile to the following recipients:

Yourself;
Other platform members;
Symbiose Innovation’s IT service providers;
The artificial intelligence tool “Meilisearch”;
Any subcontractors or partners directly involved in the request.

No personal data are disclosed to third parties outside the recipients mentioned above or beyond the legal framework specified.

In any case, Symbiose Innovation will not disclose your data to third parties for direct marketing purposes.

Symbiose Innovation does not transfer data outside the European Union or the European Economic Area. However, Symbiose Innovation draws your attention to the fact that personal data may be accessed by another platform user from the country in which that user is located.

Are you required to provide your data?

To fully benefit from the services offered by the platform, you are required to provide the personal data indicated. When the platform requires your explicit consent to process the special category of personal data represented by health data, you have the option to refuse. However, doing so will result in limited access to the platform’s features.

Simply to browse the website related to the platform, you are not required to provide any specific information.

Do we use any automated decision-making processes?

Automated decisions are defined as decisions concerning individuals that are made solely on the basis of automated data processing and that have legal consequences or significantly affect the data subjects.

In any case, no “automated decision,” as defined above, will be made in the context of the activities related to the Symbiose Innovation platform.

What are your rights, and how can you exercise them?

The GDPR grants a number of rights to data subjects, namely:

Right of access The right of access is the right to obtain, upon request, information about the personal data we hold about you.

Right to rectification : this is the right to request the correction, without undue delay, of any personal data that is inaccurate. If you find that personal data is incomplete, you also have the right to request that it be completed.

Right to be forgotten : In certain cases, you have the right to request the erasure of your personal data. This applies, in particular, if:
- The personal data are no longer necessary in relation to the purposes for which they were collected or processed by the data controller;
- The personal data have been unlawfully processed;
- The user, as the data subject, objects to the processing, but only in certain specific cases. The right to erasure does not apply in all situations.

Right to restriction of processing : in certain cases, you have the right to obtain from the data controller the restriction of the processing of your personal data, in accordance with applicable data protection legislation.

Right to data portability : where applicable, you also have the right to receive your personal data in a structured, commonly used, and machine-readable format, under the conditions provided by applicable data protection legislation. In all cases, the right to erasure of data remains applicable.

Right to object : you have the right to object, at any time, for reasons relating to your particular situation, to the processing of your personal data. In such a case, we must cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

Furthermore, you have the right to withdraw your consent at any time with regard to the specific use of health data. In such a case, you will continue to have access to the platform’s services in a limited capacity.

You may submit your requests to exercise your rights by email to the following address: contact@symbioseinnovation.ca or by regular mail to the following address:

Symbiose Innovation ASBL

Rue de Laeken 93A,

1000 Brussels

Belgium

What measures are implemented to secure your data?

Symbiose Innovation has implemented a number of technical and organizational security procedures, which are regularly reviewed and updated, to prevent the destruction, loss, falsification, or alteration of data, unauthorized access, accidental disclosure to third parties, and to ensure the security and proper use of the information collected for the purposes of the relevant processing.

To whom can you address your questions and/or complaints?

If you believe that Symbiose Innovation has failed to meet any of its legal obligations, you are invited to contact them by sending an email to the following address: contact@symbioseinnovation.ca or by regular mail to the following address:

Symbiose Innovation ASBL

Rue de Laeken 93A,

1000 Brussels

Belgium

Symbiose will make every effort to ensure that your inquiry is addressed promptly.

If our response does not satisfy you, you have the right to lodge a complaint with the supervisory authority of the country in which you reside, work, or where the alleged violation occurred.

For Belgium, the supervisory authority is the Data Protection Authority (DPA).

Autorité de Protection des Données

Rue de la Presse 35

1000 Brussels

Tél. : +32 (0)2 274 48 00

Fax : +32 (0)2 275 48 35

E-mail : contact@apd-gba.be

URL : https://www.autoriteprotectiondonnees.be

To file a complaint with the DPA, specific forms are available on the DPA’s website (https://www.autoriteprotectiondonnees.be). These forms can be submitted either by mail to Rue de la Presse 35, 1000 Brussels, or directly via the DPA’s website (https://autoriteprotectiondonnees.be).