IIA Belgium Privacy Charter

Who is the controller?

The Institute of Internal Auditors – Belgium is the voice of internal audit in Belgium. Our role is to enhance better governance through the promotion of the professional practice of internal auditing.
Our members come from a variety of industry sectors.

About your privacy

Your privacy is important to us and we protect your personal data in accordance with applicable data protection legislation and more specifically with the General Data Protection Regulation 2016/679 (“GDPR”) and the Belgian Law on the protection of individuals with regard to the processing of personal data of 30 July 2018 (the “Framework Act”).

What is personal data?

Personal data is information relating to an identified or identifiable natural person.
This consists of a broad range of information such as name, address, identifiers, e-mail, phone number, certifications, etc. It includes online identifiers such as IP addresses and cookie identifiers.

When is this regulation applicable?

This privacy regulation is applicable when you visit our websites, contact our employees, or register for an event. By visiting our websites, contacting our employees, or registering for an event, you consent for us to collect your personal data and use it as described in this privacy regulation.
If you use our websites unlawfully, we reserve the right to process your data. This is the case, for example, if you violate the conditions of use or property rights or threaten the security of our websites or service provision.

What principles do we apply to the processing of personal data?

For all processing of personal data, we apply data quality principles. Personal data will be:

a) processed fairly and lawfully;
b) collected for specific, explicit and legitimate purposes and not processed in a manner incompatible with those purposes;
c) adequate, relevant and not excessive;
d) accurate and, where necessary, up to date;
e) kept in an identifiable form for no longer than necessary; and
f) kept secure.

From whom do we collect personal data?

In the context of our mission, we collect personal data relating to:

  • our members or their representatives in general, our members’ organizations, the members of our board, the members of our committees;
  • subscribers to newsletters, news alerts or policy updates;
  • attendees at our events, including speakers or potential speakers;
  • persons who give us their business card at meetings or events;
  • stakeholders with whom we engage within the framework of our mission.

How do we collect personal data?

We may collect information about you in various ways:

What personal data do we collect?

We may collect the following information about you:

For what purposes do we use your personal data?

We use your personal data for the following purposes:

For member administration and member communication, we process certain personal data of members’ representatives as required for the proper execution of our mission.
For information-sharing purposes via electronic mailings, we base the processing of your data as per the consent you have provided us with. You may update your preferences at any time or unsubscribe via the link available in all mailings.
In all other cases, the processing of personal data is based on our legitimate interests to analyze website statistics, to improve the content and quality of our website and to conduct research and surveys.

With whom do we share your personal data?

We may share your personal data with processors i.e. third parties, such as partner organizations with whom we organize events and service providers we use (e.g. IT service providers). The personal data may only be used by the processors for the above mentioned purposes.
Where relevant, contractual safeguards are implemented to ensure the protection of your personal data when disclosing your personal data to a third party.
Your personal data will never be rented or sold to third parties for commercial purposes. Neither will we transfer any personal data outside the European Economic Area, except for the IIA Global, our parent professional organization, with whom we signed “Standard Contractual Clauses”.

How long do we keep your personal data?

Your personal data will not be stored for longer than necessary in relation to the purposes for which we process them (we refer to the purposes as listed above). Afterwards they might still be found in our back-ups or archives, but they will no longer be actively processed in a file.

More specifically, we apply the following retention guidelines:

How do we protect your personal data?

We have implemented administrative, technical and organizational measures to ensure a level of security appropriate to the specific risks that we have identified. We thereby strive to protect your personal data (to the extent reasonably possible) against destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed.
We seek to ensure that we keep your personal data accurate and up to date. In view thereof, we kindly request you to inform us of any changes to your personal data (such as a change in your contact details).

What are your rights and how can you exercise them?

You have the legal right under articles 15-22 of the GDPR Law:

To access your personal data;

To read more about these rights, please visit the website of the Belgian Data Protection Authority The initial request is free, though a charge can be made for subsequent requests.

You can exercise these rights by contacting us at info@iiabelgium.org. A proof of identity may be required.

You also have the right to lodge a complaint with your Data Protection Authority. The Belgian Data Protection Authority can be reached at this link.

Use of cookies and social media buttons

Cookies are small pieces of data that are stored on your computer or mobile device via your browser. We use performance cookies (Google Analytics, ClickDimensions web analytics and AddThis social sharing widget) and social media buttons on our website.
Performance cookies placed by Google Analytics (_ga, _gat) collect navigation information for statistical purposes and help us improve our website and user experience. The storage period is 26 months for Google Analytics, but IIA Belgium only receives geo-localization data and no IP addresses. Please visit this link to learn more about how Google processes such data and about the possible transfer of your cookie data (to Google data centres) outside the European Economic Area. To opt out of being tracked by Google Analytics across all websites, you can visit this page.
Our ‘cookie consent banner’ will register your consent to all cookies above.
Social media buttons are used to enable the possibility to share content via the most common social media platforms. When you decide to share content with these buttons, our website will link you to the chosen social media platform. When you do so, you are bound by the terms and conditions as well as the privacy policy of the relevant social media platform.

How can you manage / delete these cookies?

All major internet browsers offer the option to manage the cookies that were installed on your computer or mobile device. In addition, you can set your mobile device or browser to get a notification every time you receive a cookie on your device, so that you can decide whether you wish to accept this cookie or not.
Please note that when you disable certain cookies of which we are making use, certain parts of our website might no longer function properly, and you will no longer enjoy an optimal user experience.


Update of the Privacy Charter

IIA Belgium reserves the right to modify its privacy charter to comply with legislation or its practices. You are invited to consult the charter for any updates.