FIDI Data (Privacy) Protection Procedure

FIDI Global Alliance, registered at Boulevard Louis Schmidt 29 B1, 1040 Brussels, Belgium, collects your personal data as an Affiliate, applicant, association, industry organisation, individual related to the moving industry or as a supplier to FIDI. Primarily, FIDI maintains personal information about employees of FIDI Affiliated companies related to their FIDI Affiliation. This personal information however is strictly limited and considered as absolutely necessary to execute FIDI’s affiliation programs and membership.

FIDI is committed to respect individuals’ data by handling all the personal information collected in connection with FIDI Affiliation in accordance with applicable local law and GDPR as well as our own Privacy Policy. This notice explains our practices with regard to your personal information.

Our Data (Privacy) Protection procedure addresses 10 privacy principles:

These 10 privacy principles are essential to the proper protection and management of personal and sensitive information. They are based on internationally known fair information practices included in many privacy laws and regulations of various jurisdictions around the world and recognized good privacy practices.

Outlined Summary:

1. Management:

We will, through appropriate management and strict application of criteria and controls:

  • Observe fully conditions regarding the fair collection and use of information.
  • Meet our legal obligations to specify the purposes for which information is used.
  • Collect and process appropriate information, and only to the extent that it is needed to fulfil our operational needs or to comply with any legal requirements.

We ensure that we have necessary measures in place ensuring compliance with up to date Data (Privacy) Protection regulations.

We ensure that everyone processing personal information understands that they are contractually responsible for following good data protection practice aligned with internal procedures and legal requirements.

We collect, process and transfer personal information through computerized and paper-based data processing systems.

We have established routine processing functions to ensure data protection (such as processing FIDI Applications, FIDINET Logins). Please note the FAIM Coordination Centre is a different entity with its own privacy policy. The FAIM Coordination Centre data privacy protection procedure is published on FIDINET here.

We ensure that all processing and transfers of personal information are subject to reasonable confidentiality and privacy safeguards.

2. Notice:

We provide notice about our privacy policies and procedures at the time of processing personal data within FIDI’s database. We are committed to respect individuals’ data by handling all their personal information collected in connection with their FIDI Affiliation in accordance with applicable law as well as our own Privacy Policies.

We only process personal information related to the FIDI application or affiliation of the individual’s company.

We may process sensitive information if it is needed to for business objectives (statistics) or if it is required to comply with applicable law. Such data can be collected as part of the FAIM Compliance procedure, as previously mentioned in this policy, the FAIM Coordination Centre has its own data privacy protection procedure, published on FIDINET here.

In general, personal and/or sensitive information will not be collected, processed or transferred, except where adequate privacy protection mechanisms are in place.

3. Choice and consent:

By applying to FIDI, requesting FIDINET Access or subscribing to a FIDI Service, either directly or indirect subscription from your company, you give your explicit consent with respect to the collection, use, and disclosure of personal information as described in this notice. Explicit consent here means you were clearly presented with an option to agree or disagree with the collection, use, or disclosure of personal information.

4. Collection

We shall obtain and process personal data fairly and in accordance with statutory and other legal obligations. We collect personal information for the sole purposes to provide FIDI Membership services to employees of FIDI Affiliated companies, FIDI Applicant companies and individuals working for FIDI Associations.

5. Use, retention, and disposal:

We limit the use of personal information to the sole purpose of providing FIDI Affiliates, Applicants and Associations with FIDI Membership related services for which we have obtained consent at the time of entry into our database.

We retain personal information for only as long as necessary to fulfil the stated purposes or as required by law or regulations and thereafter appropriately dispose of such information. For example, we will retain your personal information as long as you are affiliated to FIDI and occasionally longer if linked to a FIDI business requirement.

6. Access:

You may reasonably access and update your personal information by contacting FIDI.

This notice provides basic information about our processing of your personal information and your privacy rights. Should you have additional questions, you may contact FIDI.

7. Disclosure to third parties:

We shall use and disclose your personal data only in circumstances that are necessary for the purposes for which we collected the data. For example, we will disclose your personal information only to other FIDI departments or suppliers providing FIDI Services and for the sole purpose of providing FIDI Membership services. We will never sell your personal information to third parties.

8. Security for privacy:

We protect personal data against unauthorized access (both physical and logical) aligned with our internal IT policy and procedures. We shall take appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of personal data and against its accidental loss or destruction. Personal data will only be accessible to authorised staff.

9. Quality:

We maintain accurate, complete, and relevant personal information as reasonably possible and only for the purposes identified in this notice.

We retrieve your personal data from the following channels – FIDI Application Form, FIDINET access requests, Academy Training enrolment, Affiliate (employer) sharing of personal data for the purpose of providing FIDI Services and through direct e-mails to FIDI. All employees of FIDI Affiliated companies are eligible for access to FIDI Services.

Please note that we have shared responsibility with regard to the accuracy of your personal information. Please let us know of any changes to your personal information.

10. Monitoring and enforcement:

We monitor compliance with our privacy policies and procedures and have procedures to address privacy related complaints and disputes. All FIDI staff are aware that a breach of the rules and procedures identified in this policy may lead to disciplinary action being taken against them. If you believe that your personal information is not handled in accordance with the applicable law, GDPR Regulations or our privacy policies, you may submit a complaint to FIDI’s Secretary General or the FIDI Board who will investigate the complaint.

In case of breach of GDPR Regulations, we will investigate this breach within the applicable timeframe.

This Data Protection Policy will be reviewed regularly in light of any legislative or other relevant developments.

Glossary of Terms

Privacy: The rights and obligations of individuals and organizations with respect to the collection, use, retention, disclosure, and disposal of personal information.

Personal information: (sometimes referred to as personally identifiable information) information that is about, or can be related to, an identifiable individual. It includes any information that can be linked to an individual or used to directly or indirectly identify an individual.

Individuals, for this purpose, include prospective, current, and former customers, employees, and others with whom the entity has a relationship. Most information collected by an organization about an individual is likely to be considered personal information if it can be attributed to an identified individual. Some examples of personal information are as follows:

  • Name
  • Home or e-mail address
  • Date of Birth
  • Identification number (for example, a Social Security or Social Insurance Number)
  • Physical characteristics
  • Consumer purchase history

Sensitive information: Some personal information is considered sensitive. Some laws and regulations define the following to be sensitive personal information:

  • Information on medical or health conditions
  • Financial information
  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Sexual preferences
  • Information related to offenses or criminal convictions

Non-personal information: information about or related to people that cannot be associated with specific individuals. This includes statistical or summarized personal information for which the identity of the individual is unknown or linkage to the individual has been removed. In such cases, the individual’s identity cannot be determined from the information that remains because the information is de-identified or anonymized. Non-personal information ordinarily is not subject to privacy protection because it cannot be linked to an individual. However, some organizations may still have obligations over non-personal information due to other regulations and agreements.

Privacy or Confidentiality?

Unlike personal information, which is often defined by law or regulation, no single definition of confidential information exists that is widely recognized. In the course of communicating and transacting business, partners often exchange information or data that one or the other party requires be maintained on a “need to know” basis. Examples of the kinds of information that may be subject to a confidentiality requirement include the following:

  • Transaction details
  • Engineering drawings
  • Business plans
  • Banking information about businesses
  • Inventory availability
  • Bid or ask prices
  • Price lists
  • Legal documents
  • Revenue by client and industry

Also, unlike personal information, rights of access to confidential information to ensure its accuracy and completeness are not clearly defined. As a result, interpretations of what is considered to be confidential information can vary significantly from organization to organization and, in most cases, are driven by contractual arrangements.

Explicit consent:

Is a freely given, specific and informed agreement by an individual or FIDI Affiliate submitting employee data in the processing of personal information about her/him. Explicit consent is needed for processing sensitive data.

Processing:

Means collecting, amending, handling, storing or disclosing personal information.