Privacy Policy

Privacy Policy

OBJECTIVE

The aim of this privacy policy is to provide adequate and consistent safeguards for the handling of Personal Data (as defined below) by Man Friday Consultancy Services in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“General Data Protection Regulation”, or “GDPR”).
Man Friday Consultancy Services is the controller.

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to a name, an identification number, location data, an online identifier or to one or more factors specific to the person’s physical, physiological, genetic, mental, economic, cultural or social identity and includes information, that (i) relates to an identified or identifiable person (ii) can be linked to that person; (iii) is transferred to third parties and (iv) is recorded in any form. It does not include data where the identity had been removed (anonymous data) prior to being accessed by Man Friday Consultancy Services.

CONTACT DETAILS

Quieterrail is the controller. Its details are as follows:
Chemin des Cosaques 51,
Waterloo, WBR 1410
VAT: BE0669.911.494

Quieterrail’ representative is Jose Bertolin, Project Coordinator
If data subjects have any questions about this privacy notice, including any requests to exercise their legal rights, they should contact Quieterrail at jose.bertolin@unife.org.

Data subjects have the right to make a complaint at any time to the Belgian Data Protection Authority, the Belgian supervisory authority for data protection issues (https://www.dataprotectionauthority.be/citizen) at present. Quieterrail would, however, appreciate the chance to deal with such concerns before data subjects approach the Belgian Data Protection Authority, so would be grateful if data subjects would contact the contact person in the first instance.

PRINCIPLES OF PROCESSING PERSONAL DATA

Quieterrail respects data subjects’ privacy and is committed to protecting personal data in compliance with the applicable legislation in the EU with the desire to keep its data subjects informed and to recognize and respect their privacy rights. Quieterrail will observe the following principles when processing personal data:

  • Data will be processed fairly and in accordance with applicable law.
  • Data will be collected for specified, legitimate purposes and will not be processed further in ways incompatible with those purposes.
  • Data will be relevant to and not excessive for the purposes for which they are collected and used.
  • Data subjects in the EU will be asked to provide their clear and unequivocal consent for the collection, processing and transfer of their personal data insofar as consent is relied on for the processing of the personal data.
  • Data will be accurate and, where necessary kept up up-to-date. Reasonable steps will be taken to rectify or delete personal data that is inaccurate or incomplete.
  • Data will be kept only as it is necessary for the purposes for which it was collected and processed. Those purposes shall be described in this privacy policy.
  • Data will be deleted or amended following a relevant request by the concerned data subject, should such notice comply with the applicable legislation each time.
  • Data will be processed in accordance with the individual’s legal rights (as described in this policy or as provided by law).

It is important that the personal data Quieterrail holds about data subjects is accurate and current. Data subjects should keep Quieterrail informed if their personal data changes during their relationship with Quieterrail.

Appropriate technical, physical and organizational measures will be taken to prevent unauthorized access, unlawful processing, unlawful alteration or disclosure and unauthorized or accidental loss, destruction or damage to data. In addition, Quieterrail limits access to the personal data of data subjects to those employees, agents, contractors and other third parties who have a business need to know.

Quieterrail will ensure personal data is processed on their instructions and subject to a duty of confidentiality.

In case of any such violation with respect to personal data, Quieterrail will take appropriate steps to end the violation and will notify relevant data subjects and any applicable authority or regulator in accordance with applicable law and will cooperate with all such competent authorities.

TYPES OF PERSONAL DATA

Quieterrail collects data subjects’ personally identifiable information:

  • Contact, usage and profile information, such as name, user name or similar identifier, password, postal address, title, email address and telephone number, interests, preferences, feedback and survey responses.
  • Personal data in content subjects provide on Quieterrail’ website and other data collected automatically through the website (such as IP addresses, login data, browser characteristics, device characteristics, operating system, language preferences, referring URLs, information on actions taken on these websites (including products or services used), and dates and times of website visits).
  • Financial account and transaction information, including billing address, details about payments to and from data subjects and other details of products and services received from Quieterrail.
  • Marketing and communications data includes data subject preferences in receiving marketing from Quieterrail and its third parties and data subject communication preferences.

Quieterrail does not collect any sensitive personal data (as defined in the GDPR) about its data subjects (this includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information regarding health and genetic and biometric data). Nor does Quieterrail collect any information about criminal convictions and offences.

WAYS OF OBTAINING PERSONAL DATA

The ways by which Quieterrail obtains personal data are set out in this section. Quieterrail does not obtain any personal information about data subjects unless the data subject has provided that information to Quieterrail in a way that is in accordance to the established data protection rules to do so, including but not limited to:

  • visiting or creating an account with respect to Quieterrail’ website;
  • applying for or subscribing to Quieterrail’ services or publications;
  • requesting that marketing be supplied by Quieterrail;
  • providing feedback, entering any promotion or survey;
  • by the completion of a written agreement, consent form, survey; or
  • completion of an on-line or hard copy form.

Data subjects may choose to submit personal, private information by facsimile, regular mail, e-mail, or electronic transmission over Quieterrail’ internal websites, interoffice mail, or personal delivery, as each of these methods may be deemed applicable each time.

AUTOMATED TECHNOLOGIES OR INTERACTIONS

When interacting with Quieterrail’ websites, Quieterrail entities may automatically collect technical data about the equipment, browsing actions and patterns of its data subjects. Quieterrail collects this personal data by using cookies, server logs and other similar technologies.Quieterrail may also receive technical data about a data subject if it visits other websites employing their cookies. Please see Quieterrail’ cookie policy for further details.

THIRD PARTIES OR PUBLICLY AVAILABLE SOURCES

Quieterrail may receive personal data about data subjects from various third parties and public sources as set out below:

  • Technical data from the following parties: analytics providers such as Google based outside the EU; and search information providers Facebook, Twitter, Google, LinkedIn based inside and outside the EU;
  • Contact, financial and transaction data from providers of technical, payment and delivery services such as Isabel based inside the EU;
  • Identity and contact data from data brokers or aggregators such as Google based outside the EU.

USE OF PERSONAL DATA

Quieterrail collects and use data subjects’ personal information to operate the Quieterrail entities’ websites and deliver requested services. Quieterrail also uses personally identifiable information to inform on services available from Quieterrail. Quieterrail may also contact data subjects via surveys to conduct research about their opinion of current services or of potential new services that may be offered.

For data subject’s specific information, the purposes of processing may include:

Necessity for the performance of a contract or by law
e.g.:

  • Management of Quieterrail’ relationships with its data subjects
  • Processing payments, expenses and reimbursements
  • Carrying out Quieterrail’ obligations under various contracts

Legitimate interests

IP addresses, browser types, domain names, access times and referring website addresses are used by Quieterrail for the operation of the service, to maintain quality of the service and to provide general statistics regarding use of the Quieterrail websites.

Consent

Quieterrail keeps track of the websites and pages its data subjects visit, in order to determine what services are the most popular. This data may be used to deliver customized content to data subjects whose behaviour indicates that they are interested in a particular subject area.

Marketing activities

Subject to any applicable local laws and requirements, Quieterrail will only send you marketing information when you have consented to receive direct marketing information from us or when this is within our legitimate interest.

New purposes

If Quieterrail introduces a new process or application that will result in the processing of personal data for purposes that go beyond the purposes described above, Quieterrail will inform the concerned data subjects of such new process or application, new purpose for which the personal data are to be used, and the categories of recipients of the personal data.
Quieterrail will disclose data subjects’ personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the law or comply with legal process served on Quieterrail or the site; (b) protect and defend the rights or property of Quieterrail; and, (c) act under exigent circumstances to protect the personal safety of data subjects of Quieterrail, or the public.

USE OF COOKIES

Quieterrail’ websites use cookies that automatically track certain information about visitor activity on the sites. Cookies are data files that contain information created by a web server that can be stored on a visitor’s hard disk for use either during a particular session or for future use. Quieterrail uses cookies only to support visitor’s interaction with the site and keep it running efficiently. This information includes the browser and operating system being used, the IP address and the referring URL.

Quieterrail will not use cookies to collect personally identifiable information. However, if a visitor wishes to restrict or block the cookies which are set by their websites (or indeed any other website), this can be done through the browser settings.

EQUIPMENT AND INFORMATION SECURITY

To safeguard against unauthorized access to personal data by third parties outside Quieterrail entities, all electronic personal data held by Quieterrail are maintained on systems that are protected by up-to-date secure network architectures that contain firewalls and intrusion detection devices. The data saved in servers is “backed up” (i.e. the data are recorded on separate media) to avoid the consequences of any inadvertent erasure, destruction or loss otherwise. The servers are stored in facilities with high security, access protected to unauthorized personnel, fire detection and response systems.

ACCESS SECURITY

The importance of security for all personally identifiable information is of highest concern. Quieterrail is committed to safeguarding the integrity of personal information and preventing unauthorized access to information maintained in Quieterrail’ databases. These measures are designed and intended to prevent corruption of data, to block unknown and unauthorized access to our computerized system and information, and to provide reasonable protection of personal data in Quieterrail’ possession. Access to the computerized database is controlled by a log-in sequence and requires users to identify themselves and provide a password before access is granted. Quieterrail may need to request specific information from data subjects in order to help them confirm the identity of that data subject and to ensure the right of that data subject to access its personal data (or to exercise any of its other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

RIGHTS OF DATA SUBJECTS

Data subjects have certain rights under data protection legislation concerning the personal data Quieterrail holds, including the following:

 Request access (commonly known as a “data subject access request”):

This enables the data subject to receive a copy of the personal data Quieterrail holds and to check it is lawfully processed.

 Request correction:

This enables the data subject to have any incomplete or inaccurate data corrected. Quieterrail may need to verify the accuracy of the new data that is provided.

 Request erasure:

This enables the data subject to ask Quieterrail to delete or remove personal data where there is no good reason for continuing to process it.

The data subject also has the right to ask Quieterrail to delete or remove personal data where the right to object to processing has been successfully exercised, where information has been processed unlawfully or where personal data was erased to comply with local law.
However, Quieterrail may not always be able to comply with a request of erasure for specific legal reasons. These reasons will be notified to the data subject at the time of the request. Quieterrail is only entitled to refuse to comply with your request for erasure for one of the following reasons:

  • to exercise the right of freedom of expression and information;
  • to comply with legal obligations or for the performance of a public interest task or exercise of official authority;
  • for public health reasons in the public interest;
  • for archival, research or statistical purposes; or
  • to exercise or defend a legal claim.

 Object to processing:

This enables the data subject, where Quieterrail is processing the data subjects’ personal data relying on a legitimate interest (or that of a third party), to object to processing because of the particular situation that impacts on the data subject’s fundamental rights and freedoms.

In some cases, Quieterrail may demonstrate the existence of compelling legitimate grounds to process information which override the data subject’s rights and freedoms.

 Request restriction of processing:

This enables the data subject to ask Quieterrail to suspend the processing of personal data in the following scenarios: (a) where the accuracy of the data needs to be established; (b) where the use of the data is unlawful, but the data subject does not want it to be erased; (c) where the data subject wishes Quieterrail to hold the data in order to be able to establish, exercise or defend legal claims even though Quieterrail do not need it; or (d) the data subject has objected to Quieterrail use of the data, but it has to be verified whether there are overriding legitimate grounds to continue to process it.

 Request the transfer:

This enables the data subject to ask Quieterrail to provide to the data subject, or a third party the data subject has chosen, personal data in a structured, commonly used, machine-readable format.

 Withdraw consent at any time:

Withdrawal of consent will not affect the lawfulness of any processing carried out before consent is withdrawn. If consent is withdrawn, Quieterrail may not be able to provide certain services. In this case, the data subject will be advised at the time that consent is withdrawn.

A data subject who wishes to exercise any of the rights set out above should contact Quieterrail’ contact person Mr George Candon at georgecandon@manfridayconsultancy.eu.

IF A DATA SUBJECT FAILS TO PROVIDE PERSONAL DATA

Where Quieterrail needs to collect personal data by law, or under the terms of a contract it has with a data subject and that data subject fails to provide that data when requested, Quieterrail may not be able to perform the contract they have or are trying to enter into with that data subject (for example, to provide services). In this case, Quieterrail may have to cancel a product or service that the data subject has with it. Quieterrail will notify the relevant data subject if this is the case at the time.

THIRD PARTY LINKS

Quieterrail’ websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about the data subject. Quieterrail does not control these third-party websites and cannot be held responsible for their privacy policy. Therefore, Quieterrail recommends that when data subjects leave their websites that they should read the privacy policy of every website visited.

DATA RETENTION PERIOD

Data subject preferences and personal data processed for the use of any of Quieterrail’ services will be retained for so long as is necessary to fulfil the purposes for which it was collected (including for the purpose of satisfying any legal, accounting or reporting requirements). To determine the appropriate retention period for personal data, Quieterrail considers the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of the personal data, the purposes for which they process the personal data of data subjects and whether they can achieve those purposes through other means, and the applicable legal requirements.

TRANSFER OUTSIDE THE EU

In connection with the activities of Quieterrail, Quieterrail may transmit personal data outside the EU and more specifically to Quieterrail’ providers of information technology and other services services, who would act in their capacity as data processors under the instructions of Quieterrail. Such processors guarantee to implement appropriate technical and organisational measures in such a manner that processing will meet the GDPR requirements and ensure the protection of the rights of the data subjects.