1. Controller Information

Controller: European Ventilation Industry Association (EVIA)
Address: Rue du Luxembourg 22-24, 1000 Brussels, Belgium
Email: secretariat@evia.eu

Representative: Not applicable (EVIA is established in the EU).

Data Protection Officer: EVIA is not required to appoint a Data Protection Officer. However, any enquiries may be directed to secretariat@evia.eu

2. Purposes and Legal Bases for Processing

We process your personal data for the following purposes and legal bases:

  • Membership administration (managing membership, invoicing, benefits) → Contractual necessity.
  • Event registration and participation (conferences, working groups, webinars) → Contractual necessity and legitimate interest.
  • Communication (newsletters, policy updates, advocacy materials) → Consent or legitimate interest.
  • Compliance with legal obligations (accounting, tax, regulatory requirements) → Legal obligation.
  • Representation of industry interests (stakeholder engagement, policy monitoring) → Legitimate interest.

Legitimate interests pursued: To represent the ventilation industry at European level, inform members about policy and regulatory developments, and foster collaboration between stakeholders.

3. Categories of Data Subjects and Personal Data

We may process the following personal data:

  • Members and representatives: Name, title, position, organisation, contact details, membership history.
  • Event participants: Name, title, organisation, contact details, dietary preferences (where applicable).
  • Suppliers and partners: Contact details, contract-related data, billing information.
  • Website users: Technical identifiers (cookies, IP address, browser data).

4. Recipients of Data

Your personal data may be shared with:

  • EVIA staff and authorised service providers (e.g. IT, accounting, event organisers).
  • Public authorities where legally required.
  • Partner organisations for joint events or initiatives (with notice to participants).

We do not sell personal data to third parties.

5. International Data Transfers

EVIA does not routinely transfer data outside the EU/EEA.
If transfers occur (e.g. use of cloud services), we ensure:

  • An adequacy decision by the European Commission, or
  • Standard Contractual Clauses and appropriate safeguards.

You may request a copy of the safeguards at secretariat@evia.eu

6. Data Retention

We retain your personal data only as long as necessary:
– Membership data: duration of membership + 5 years.
– Event data: 3 years after the event.
– Financial/accounting records: 7 years (legal obligation).
– Newsletter/communications: until you withdraw consent or unsubscribe.

7. Your Rights as Data Subject

You have the right to:

  • Access your personal data.
  • Rectify inaccurate or incomplete data.
  • Erase your data (“right to be forgotten”).
  • Restrict processing of your data.
  • Object to processing (especially in case of legitimate interests or direct marketing).
  • Data portability (where processing is based on consent or contract).
  • Withdraw consent at any time (without affecting prior lawful processing).
  • Lodge a complaint with the Belgian Data Protection Authority

(https://www.gegevensbeschermingsautoriteit.be).

8. Technical and Organisational Measures

EVIA applies appropriate measures to protect your personal data, including:

  • Secure IT systems with restricted access.
  • Encryption and authentication mechanisms.
  • Confidentiality agreements with staff and suppliers.
  • Regular review of data security practices.

9. Provision of Data

  • Statutory requirement: Certain data must be collected for legal and tax obligations.
  • Contractual requirement: Membership and event participation require providing basic personal data.
  • Failure to provide data: May result in EVIA being unable to deliver membership services, register you for events, or comply with legal obligations.

10. Meeting Recordings and Transcriptions

We may use secure third-party AI tools to record and/or transcribe certain meetings, working groups, or webinars for the purpose of preparing accurate minutes and ensuring proper follow-up. Participants will be informed in advance if recording or transcription is enabled. Access to recordings and transcripts is strictly limited to authorised staff and, where applicable, relevant members.

11. Cookie Policy

EVIA uses cookies on its website (https://www.evia.eu).

Cookies are small text files stored on your device to help the website function properly and provide an improved user experience.

Types of cookies used:

  • Essential cookies: Required for website functionality and security (authentication, fraud prevention).
  • Functional cookies: To remember your preferences (e.g. language settings).
  • Analytical cookies: Collect anonymised, aggregate statistics (e.g. Google Analytics) on how users interact with our website.
  • Third-party cookies: May be used where we embed external content or services.
  • How to manage cookies:
  • You can delete or block cookies by changing your browser settings. Please note that some parts of the site may not function properly if you disable cookies.

For more information about cookies, see:

  • http://www.allaboutcookies.org/
  • http://www.networkadvertising.org/

12. Updates to this Policy

We review this policy regularly and update it as necessary. Any material changes will be communicated to members and published on our website.