Privacy Policy

At UITP, we make it a matter of pride to respect the privacy and to treat personal data we receive or have access to, in the strictest confidentiality and in accordance with the legislation in force, in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data ( hereinafter the “GDPR“),

This privacy policy is intended to inform you about the personal data we collect, the purpose for collecting it, the way we use it and the rights you have regarding the processing of such data.

The Union Internationale des Transports Publics, an international non for profit association (IVZW/IASBL), with registered address at rue Sainte-Marie, 6 in 1080 Brussels, Belgium and registered with the Belgian Crossroads Bank for Enterprises under number 0544.198.506 (hereinafter “UITP” or “we” or “us”) is the data controller of the personal data it collected from you. We are responsible for your personal data.

If you have any concerns, questions or comments about this privacy policy or your personal data you can contact us by e-mail at privacypolicy(@)uitp.org or in writing by sending us a letter at UITP, rue Sainte-Marie, 6 in 1080 Brussels, Belgium.

We might collect miscellaneous personal data from you, depending upon the reasons or the purposes for which your personal data are being shared with us (see point 3 below), such as:

• General identifiable information such as your surname, first name, profession, position, gender, language, job title, social media account (Facebook, LinkedIn and Twitter), fax, business address, picture, phone number, e-mail address or similar;
• Where payment would be required, your bank details (credit card number, IBAN and BIC/SWIFT) and invoicing details;
• Personal data we are obliged to collect from you pursuant to obligations imposed by law, such as all personal data the law obliges us to collect from our employees in the framework of social security obligations, insurance, etc.
• Other categories of personal data but only to the extent that this would be strictly necessary to achieve the purpose for which we have collected them.

We collect your data for different reasons:

3.1 For any reason related to our statutory goal and our core activity as described on our website www.UITP.org, to keep you informed about UITP, our activities and relevant sector related information and news, to invite you to and organize events, to duly perform the services that you require from us, to improve the quality of our products and services where possible, to answer to your reasonable expectations and more in general to facilitate communication with you where and when this necessary or deemed useful.

3.2 We may also use your data to carry out analysis and costumer profiling.

3.3 We can also collect your personal data for pure administrative, organizational or operational purposes, e.g. to identify you as a contact person, lawful representative of a corporation or similar legal entity.

3.4 We might also collect personal data to meet any applicable law, regulation, legal process or enforceable governmental request and/or where this would be necessary for the prevention of fraud.​

The legal basis for the processing of your personal data is:

• Your consent,
• Performance of a contract,
• Compliance with a legal obligation to which we are subject, and
• In our legitimate interest, e.g. to keep you informed about UITP, our activities and relevant sector related information and news, to invite you to and organize events, to duly perform the services that you require from us, to improve the quality of our products and services where possible, to answer to your reasonable expectations and more in general to facilitate communication with you where and when this necessary or deemed useful. We may also use your data to carry out analysis and costumer profiling

5.1. Directly from you.

Most of the personal data that we will obtain from you will be through your active intervention. We might collect your personal data via e-mail or any other electronic means, via our website, via telephone, via postal services, via your business card you have handed over to one of our employees or representatives.

Where required by law we will seek your prior consent before processing your personal data.

We will not collect personal data directly from minors under 16 years old unless we have obtained the consent of an adult who has the legal custody over the minor.

5.2. Indirectly via other sources.

We might collect personal data from you via other sources, such as via platforms or databases where you have made your personal data available to the public (e.g. LinkedIn, etc), via third parties, such as database vendors, partners with whom we work together, the employer you work for, your colleagues, public authorities and in general any other source other than you.

In the cases where we obtain personal data from you through another source than yourself, we will seek sufficient guarantees from that source that your personal data have been collected by that third party in compliance with privacy legislation and that where necessary your consent has been obtained to share your personal data with us and allow us to use it for the purposes that we envisage.

5.3. Automatically — Use of cookies.

Each time you access and browse one of our websites as a visitor and/or to use the services we offer through our website, we automatically collect personal data from you through the use of cookies.

A cookie is a small piece of data stored in your web browser while you are browsing on one of our websites. When you browse the website(s) again in the future, the data stored in the cookie can be retrieved to notify us of your previous activity.

Our cookies do not store personal information such as your name or your address. We use cookies to enhance the functionality of our websites by storing your preferences, for example. We also use cookies to improve the performance of our websites in order to provide you with a better user experience.

For more information about the cookies we use, the different types of cookies we use and the way you can manage them, please see our cookie policy at www.uitp.org/cookies.

We have invested in a state-of-the-art IT infrastructure that allows us to protect your personal data to the maximum extent possible against theft, loss and any illegal use.

We constantly develop and improve internal security and data protection policies, which contains strict guidelines and manuals for our personnel with regards to an appropriate treatment of personal data

We regularly organize information- and training sessions for our personnel.

We will delete or anonymize your personal data completely and irreversibly:

• as soon as the goal for which your personal data have been collected and processed is fully achieved and/or
• at your specific request (see in this respect section 9 below on your rights with regards to the processing of your personal data).

Unless we are required to keep your personal data longer to:

• meet any applicable law, regulation, legal process or enforceable governmental request.
• detect, prevent, or otherwise address fraud, security or technical issues.
• protect against harm to the legal rights and interests of UITP or its members and stakeholders as required or permitted by law.

8.1For organizational, administrative and efficiency reasons

We might share personal data with certain external service providers and partners where we deem this necessary or useful to duly perform the services to you and/or organize and optimize the efficiency of our activities.

We may e.g. rely on – and share your personal data with – third parties for technical services, such as external IT hosting providers, cloud service providers, external IT maintenance providers or for organizational purposes such as event organizers, providers of platforms for e-mail surveys, travel agencies, etc.

8.2.For legal and/or security reasons

We might share your personal data with outside companies, organizations, authorities or individuals if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

• meet any applicable law, regulation, legal process or enforceable governmental request.
• detect, prevent, or otherwise address fraud, security or technical issues.
• protect against harm to the legal rights and interests of UITP or its members and stakeholder as required or permitted by law.

8.3. Not for third party’s commercial, promotional or marketing purposes

We will not disclose or share your personal data with third parties for their own commercial, marketing- or promotional purposes unless we would have obtained your consent thereto.

We will not share any sensitive data about you with third parties without your explicit consent.

UITP remains at all times liable towards you for a secure processing of your personal data by external parties to whom it has granted access to the personal data it collected from you.

We only share your personal data with external parties who can evidence and commit to an adequate protection of your personal data at the same – or at least at a similar – level as UITP and we will seek sufficient contractual guarantees to this effect.

We only transfer personal data to third parties in a non-EU country, only when that country provides an adequate level of protection within the meaning of the legislation in force, and, in particular the GDPR or within the limits permitted by the legislation in force, for example by ensuring the protection of data by appropriate contractual provisions.YOUR RIGHTS – OUR OBLIGATIONS: ACCES, CORRECTION, DELETION, RESTRICTION, OBJECTION

We take all reasonable steps to ensure that your personal data are kept accurate and up-to date for the purposes for which they were collected.

You have the right to be at all times and free of charge, be informed about your personal data.

You can at any time require access to your personal data, have them corrected and/or updated.

We will provide you with the ability to object to the processing of your personal data if such processing is not reasonably required for a legitimate business purpose as described in this policy or our compliance with law.

Where appropriate, we will also provide in an opt-out box  or- link if you do not longer want to be included in our database. For example if you would not longer want to receive our newsletter.

Requests to restrict the use of your personal data and/or to delete your personal data will be subject to any applicable legal and ethical reporting or document filing or retention obligations imposed on us.

You also have the right to ask us to transfer your personal data to another data controller.

You have the right to lodge a complaint with a supervisory authority.

If you wish to contact us regarding our use of your personal data or object to the processing of your personal data, please contact us at privacypolicy(@)UITP.org or in writing by sending a letter to UITP, rue Sainte-Marie, 6 in 1080 Brussels, Belgium.

You are invited to carefully read this policy and to revisit this page periodically to stay aware of any changes to this privacy policy, which we may update from time to time to be able to comply with any changes in existing applicable legislation, decisions, recommendations, guidelines and best practices issued by the European Data Protection Board and/or other competent authorities with regard to the implementation or interpretation of applicable legislation.