THE EUROPEAN FUEL MANUFACTURERS ASSOCIATION
SIEF PRIVACY NOTICE
This SIEF privacy notice (this "Notice") explains how the European Fuel Manufacturers Association AISBL, acting through its Concawe division ("Concawe", "We", "us", "our") processes information in connection with Concawe’s role as SIEF/post SIEF facilitator for petroleum substances in compliance with the EU General Data Protection Regulation ("GDPR").
1. What Personal Data do We hold about You?
We collect, store and use the following categories of Personal Data about You:
(a) If you are the authorised representative and/or contact person, your name, organization, job title, email address, business address and telephone number (mobile and/or fixed line); and
(b) Organization billing information.
2. How is your Personal Data collected?
We collect Personal Data about You through our SIEF webpage or when You contact us by mail. Personal Data are provided to us voluntarily by You directly or via a third party authorized by You to disclose your Personal Data to us.
3. Why do We use your Personal Data?
We process your Personal Data for the following purposes:
(a) Processing web order links;
(b) Preparing licenses, SIEF collaboration services or lead registrant agreements;
(c) Performing obligations in the course of or in connection with our provision of the license or SIEF collaboration services;
(d) Responding to queries, requests, complaints and feedback from You;
(e) Processing invoices/billing, payment and accounting operations;
(f) Data collection for the maintenance or update of the REACH dossier for the considered substance;
(g) IT maintenance and update of IT tools;
(h) Complying with any applicable laws, regulations, codes of practice, guidelines or rules;
(i) Sending You our communication with regard to REACH registration dossier, dossier updates, fees or other matters relating to the license or SIEF collaboration services agreement.
4. On which legal basis do We rely to process your Personal Data?
We will rely on the following legal basis with regard to the purposes identified above:
Purpose of processing
Lawful basis for processing
Processing web order links
Performance of a contract
Preparing licenses, SIEF collaboration services or lead registrant agreements
Performing obligations in the course of or in connection with our provision of the license or SIEF collaboration services
Sending you our communication with regard to REACH registration dossier, dossier updates, fees or other matters relating to the license or SIEF collaboration services agreement and other SIEF information
IT maintenance and update of IT tools
Responding to queries, requests, complaints and feedback from You
Processing invoices/billing, payment and accounting operations
Data collection for REACH dossiers
Complying with any applicable laws, regulations, codes of practice, guidelines or rules
5. Change of purpose
We will only use your Personal Data for the purposes for which We collected it, unless We reasonably consider that We need to use it for another reason and that reason is compatible with the original purpose. If We need to use your Personal Data for an unrelated purpose, We will notify You and We will explain the legal basis which allows us to do so.
6. Which third-parties process your Personal Data? Do We share, disclose or transfer Personal Data
We may have to share or disclose your Personal Data to third parties, including third-party service providers.
We disclose your Personal Data when such disclosure is required for performing obligations in connection with the license or SIEF (post SIEF) collaboration services, for instance when requesting IT to fix technical issues with a web order or when requesting external accounting personnel to fix issues in the accounting system.
We share your Personal Data with third party IT and accounting service providers, agents and other organizations We have engaged to perform any of the purposes identified above. Any such third party service provider engaged by us is expected to comply with the requirements of the GDPR and this Notice.
7. Data security
Your Personal Data are treated as confidential. We never pass on your Personal Data to third parties for commercial purposes. In order to safeguard your Personal Data from unauthorized access, collection use, disclosure copying, modification, disposal or similar risks We have put in place appropriate administrative, physical and technical measures such as antivirus protection and encryption to secure all storage and transmission of Personal Data by us, and disclosing Personal Data both internally and to our authorized third party service providers and agents only on a need-to-know basis. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, We strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
8. How long will We retain your Personal Data?
We store your Personal Data for the duration of the licence agreement, SIEF collaboration services agreement or lead registrant agreement. We commit to delete the Personal Data We hold about You upon termination of the licence agreement, SIEF collaboration services agreement or lead registrant agreement, unless other requirements apply based on our retention policies or under EU or national laws.
When We process your Personal Data based on your consent or on our legitimate interest, We store your Personal Data as long as You don't withdraw your consent or don't object to the Processing. In these cases, We undertake, absent of any Processing activities within a period of 24 months, to delete the Personal Data We hold on You. However, We may retain your Personal Data under EU or national laws.
We may retain electronic copies of files containing Personal Data created pursuant to automatic archiving or back-up procedures which cannot reasonably be deleted. In these cases, We shall ensure that the Personal Data are not further actively processed.
9. Your rights in connection with your Personal Data
Under certain circumstances, by law You have the right to:
(a) Request access to your Personal Data. This enables You to receive a copy of the personal information We hold about You and to check that We are lawfully processing it.
(b) Request correction of the Personal Data that We hold about You. This enables You to have any incomplete or inaccurate information We hold about You corrected.
(c) Request erasure of your Personal Data. This enables You to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where You have exercised Your right to object to processing (see below).
(d) Object to processing of your Personal Data where We are relying on a legitimate interest (or those of a third party) and You want to object to processing on this ground.
(e) Request the restriction of processing of your Personal Data. This enables You to ask us to suspend the processing of Personal Data about You, for example if You want us to establish its accuracy or the reason for processing it.
(f) Request the transfer of your Personal Data to another party (right to data portability).
10. How can You contact us?
For more information, or if You have questions about your Persona Data, on the way We collect and process Personal Data, or want to exercise your rights as data subject, make queries or complaints, please contact our Legal Advisor at +32 2 566 91 22 or the REACH SIEF Manager at +32 2 566 91 07. You can also contact us via email firstname.lastname@example.org. or visit us at our office at 165 Boulevard du Souverain, 1160 Brussels, Belgium.
11. Changes To Notice
We may revise this Notice from time to time and any revisions will be made available to You via the SIEF space.
In this Notice:
"Personal Data" means any information about an individual from which that person can be identified.
"You" or "Data Subject" means an individual:
(a) Who has contacted us through any means to find out more about the REACH Licenses or the SIEF (and post SIEF) collaboration services We provide; or
(b) Whose organization has entered into a License agreement, SIEF Collaboration Services or Lead Registrant contract with us.
"Processing" means any operation or set of operations which is performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Other terms used in this Notice shall have the meanings given to them in the GDPR or the REACH Regulation (where the context so permits).
Last update: June 2022