Privacy Policy

1. Introduction

This privacy policy aims to inform you about how E.P.L. collects and processes personal data, a.o. via its website https://e-p-l.eu/ (the “Website“) and, per individual event, the event website https://www.eplevents.eu (the “Event Website”).

You are typically a member of E.P.L., a website-visitor, and/or an attendee or speaker of a conference.

E.P.L. respects your privacy and is committed to protecting your personal data in accordance with the applicable Belgian and European data protection legislation (including the General Data Protection Regulation (“GDPR”)).

Please read this privacy policy carefully. It describes not only your rights, but also the way in which you can exercise them. By using our Website or our Event Website, disclosing your personal data, or accepting this privacy policy, you acknowledge the manner in which E.P.L. collects and processes your personal data as described in this privacy policy.

When you visit our Website or Event Website, our system automatically collects information about you about your visit, such as your browser type, your IP address and the referring website. We refer to our cookie policy.

2. Who we are and how to contact us?

“E.P.L.” refers to European Petrochemical Luncheon International, non-profit association, with registered office at Avenue Louise 143 box 4, 1050 Brussels, Belgium, and with company number BE0421.501.325.

This privacy policy only describes our data processing activities as controller. Under the GDPR, controllers are the main decision-makers: they exercise overall control over the purposes and means of the processing of personal data.

E.P.L. has appointed a data protection officer, whom you can contact for questions about this privacy policy, your privacy, and the processing of your personal data, via: privacy@e-p-l.eu.

3. What personal data do we process?

E.P.L. processes different types of personal data; this depends on the functionalities you use, such as on our Website, Event Website and on the personal data you share with us.

If E.P.L. processes your personal data, it may process the data listed below:

Identification and contact details	Data that allows us to identify and contact you, such as: name and first name; job title; phone number; email address; company name; (company and/or billing) address; company registration and VAT number.
Application details	name and first name; job title; phone number; email address; company name.
Conference organization details	name and first name; phone number; email address; company name; (company) address; company registration and VAT number; (profile) photo; In some circumstances, we also collect and process special categories of data, such as health data, such as with regard to dietary requirements and/or accommodation preferences.
Attendee (incl. speaker) list details	name and first name; job title; phone number; email address; company name; profile) photo.
Payment data	bank account or credit card details (of you, personal our in your capacity of employer of the organization, as case may be)
Login data	email address; universal and confidential access code for all attendees, per conference or event; confirmation number.
Technical information	Data required to use our Website and/or Event Website, for the proper functioning of our Website and/or Event Website and for analytical purposes: technical information about your computer, mobile and other devices used to visit our Website and/or Event Website (such as, your IP- address, unique device identifiers, user-ID, operating system, browser type); information regarding your usage of our Website and/or Event Website (such as, history, logs, date, time, location, frequency, duration of the pages you have viewed, consent preferences); information regarding consent(s) given by you (such as, the date and time of your consent, the user agent, IP-address, unique device identifiers or user-ID).
Other data	data that you have provided while contacting us

4. For which purposes do we process your personal data, on which legal basis and for how long?

General

E.P.L. processes personal data for the purposes specified in this section 4 (if and to the extent applicable to your situation). This list may evolve and will be updated as necessary.

For certain processing purposes, E.P.L. requires your consent. The consent you give is always free and you have the right to withdraw it at any time. You can withdraw your consent by sending an email to: privacy@e-p-l.eu.

Your withdrawal of consent does not affect the processing of personal data prior to such withdrawal or our processing activities which are based on any other legal basis.

4.1 General management of membership

Purpose	To register members in the database of E.P.L.; To inform members about the activities of E.P.L.; General membership registration; To contribute to the exchange of ideas between parties involved in the petrochemical industry and any other interested party and the dissemination of information about the petrochemical industry and its related activities.
Type of personal data	Identification and contact details; Any accompanying message and/or information you share with us.
Legal basis	Performance of an agreement
Retention term	As long as necessary to contact you as part of the performance of the agreement (including as long as necessary to answer to your request or to manage any appointments).

4.2 Organization of and communication during events, conferences and lunch debates

Purpose	To organize events, conferences and lunch debates; To draft an attendee list. To communicate during events and conferences, except for the communication via the Application and/or Event Website, as defined under 4.3;
Type of personal data	Identification and contact details; Conference organization details. We also contract with third party suppliers and vendors, such as hotels, catering services abroad as organizer of the events. Attendee list details.
Legal basis	Performance of an agreement Picture: consent, i.e. whenever consent has been asked and received
Retention term	As long as necessary for the performance of the agreement; Your identification and contact details will in any event be deleted no later than 90 days after termination of said membership.

4.3 Communication via the application and the event website during the events and conferences

Purpose	To communicate during events and conferences during the event and conferences
Type of personal data	1. E.P.L. uses third-party suppliers, i.e.: – Aventri, Inc. (“Aventri”) Marshall Street Norwalk, Connecticut 06854 USA (https://na-admin.eventscloud.com/login.php), or another similar service E.P.L. might contract with in the future, to ensure communications with participants during our events via an event app (the “Application”) and the Event Website, per event or conference. The Event Application and Event Website contain details of E.P.L. events such as program, notifications, messages, personal data of delegates, list of attendees. The underlying personal data may be processed: Application details; Login details (i.e. general access code, sent via e-mail). Link to the privacy policy of Aventri: https://www.aventri.com/privacy-policy You may only send messages to other event attendees and connect, during the event and/or conference. 2. E.P.L. may send notifications or messages to you. In this case, the Application and/or Event Website will collect records and personal data reflecting your interactions with E.P.L. and the other attendees. 3. During the event or conference, photographs may be processed by E.P.L.
Legal basis	Picture: consent, i.e. whenever consent has been asked and received Performance of an agreement, i.e. to perform our obligations within the context of the event or conference (or to provide support for access to the account on the Event Website or Application).
Retention term	As long as necessary for the performance of the agreement pursuant to which you have access to the Event Website and Application (e.g. your employer, principal, etc.) and E.P.L.; Your photos, identification and contact details will in any event be deleted no later than 90 days after termination of said agreement.

4.4 Operation of our Website and Event Website

Purpose	To use our Website and/or Event Website; To ensure the proper functioning of our Website and/or Event Website; To allow us to recognize the end-user that is using our Website and/or Event Website; To remember your preferences (such as consent preferences) so that we can automatically read and respect your preferences on all subsequent and future end-user sessions; To allow us to keep evidence of particular consents you have provided to us; To comply with our obligations in respect to the Event Website towards our members/attendees and to enable such members/attendees (and their appointed end users (i.e. you)) to access and use the Event Website (if applicable).
Type of personal data	Technical information. We use cookies and similar technologies to collect this technical information. For more information, we refer to our cookie policy.
Legal basis	Performance of an agreement; Legitimate interest
Retention term	The retention period varies from as long as the duration of a session/Website/Event Website visit, to as long as necessary for E.P.L.’s legitimate interest or the performance of the agreement concluded between you or the organization pursuant to which you have access to the Event Website (e.g. your employer, principal, etc.) (as applicable). Technical information will in any event be deleted or pseudonymized 90 days after the collection of the data. For more details about the retention period, you can always send an email to: privacy@e-p-l.eu. For information on the retention period of personal data processed through cookies, we refer to our cookie policy

4.5 Analytical purposes

Purpose	To improve our Website and/or Event Website; To tailor our Website and/or Event Website to your use; To monitor effectiveness and accessibility of our Website and/or Event Website; For other technical, statistical and diagnostical purposes. Personal data collected from you for these purposes will only be used by us (to the greatest reasonable extent possible) in an aggregated and de-identified format.
Type of personal data	Technical information. We use cookies and similar technologies to collect this technical information. For more information, we refer to our cookie policy.
Legal basis	Consent
Retention term	The retention period varies from as long as the duration of a session/Website/Event Website visit, to as long as your consent is not withdrawn (as applicable). Technical information, will in any event be deleted or pseudonymized (i) upon your withdrawal of consent; and (ii) 90 days after the collection of the data. For more details about the retention period, you can always send an email to: privacy@e-p-l.eu. For information on the retention period of personal data processed through cookies, we refer to our cookie policy.

4.6 Payments

Purpose	To fulfill payments for the membership, events and/or conferences
Type of personal data	Identification and contact details; Payment details of employees
Legal basis	Performance of an agreement
Retention term	As long as necessary for the performance of the agreement concluded between you or the organization (e.g. your employer, principal, etc.) and E.P.L.; Your personal data will in any event be deleted no later than 10 years after termination of said agreement or termination of the membership. For information on the retention period of personal data processed through cookies, we refer to our cookie policy.

4.7 Business administration

Purpose	To manage our membership relations; To manage services agreements, consultancy agreements, sponsorship agreements, funding agreements; To execute our business administration.
Type of personal data	Identification and contact details; Payment details (of the member, such as an employee of an organization); Any additional information you share with us in relation to any complaint.
Legal basis	Performance of an agreement
Retention term	Up to 10 years after the expiry or termination of the membership, contractual relationship; or As long as necessary for E.P.L.’s legitimate interest(s).

4.8 Adherence to our legal obligations

Purpose	To comply with our legal obligations, such as competition law; To cooperate with any ongoing judicial investigation, court order or lawsuit; To protect our and/or the rights of members or other third parties; To respond to requests from data subjects.
Type of personal data	Identification and contact details; Payment details; Any accompanying message and/or information you share with us related to a data subject request and/or judicial investigation or lawsuit; Other types of personal data, depending on the legal obligation concerned.
Legal basis	Legal obligation
Retention term	Up to 10 years after the expiry or termination of membership; or As long as required by law (i.e. tax and social law).

4.9 Direct marketing

Purposes	To send promotional e-mails and newsletters to our existing members and prospects about E.P.L. and events, conferences, lunch debates e.a., including about new features, updates, functionalities, special offers and other information which we think might interest you. It also concerns publishing brochures, writing and disseminating comparative studies of a scientific or technical nature, and promoting works dealing with the problems and achievements of the industry.
Type of personal data	Identification and contact details.
Legal basis	Consent You shall have the right at any time to object to the processing of your personal data for direct marketing purposes, including profiling, to the extent that it is related to such direct marketing, free of charge, by sending an e-mail to: privacy@e-p-l.eu..
Retention period	Personal data obtained for direct marketing purposes will be deleted as soon as you withdraw your consent.

5. Personal data of third parties

If you disclose any personal data of third parties to us, you guarantee that you have informed those third parties and you have received all necessary consents to communicate the third parties’ personal data to E.P.L.

6. Cookies

Our Website and Event Website uses cookies and similar technologies. For more information, we refer to our cookie policy.

7. Disclosures of Personal Data

E.P.L. may share your personal data, as required for the purposes set forth in section 4, with:

third party service providers (such as IT service providers (app development), payment procurement providers, or hosting providers);
professional advisers (such as lawyers or auditors); and
third parties with whom we contract within the context of the organization of an event and/or the conference.

Upon request, E.P.L. shall, as soon as possible after the request, inform you of the third parties with whom your personal data have been shared by providing you a more detailed list.

In addition, we may disclose your personal data if this is required by law, or if we determine in good faith that such disclosure is required in order to comply with any pending judicial inquiry, judicial order or litigation and/or to safeguard our rights.

Processors and sub-processors of E.P.L. always act under the responsibility of E.P.L. If E.P.L. engages processors or sub-processors, this will always be done in accordance with a data processing agreement that meets the requirements of the GDPR. We require all our processors or sub-processors to take appropriate technical and organizational (including security) measures to protect your personal data in line with our policies. We do not allow our processors or sub-processors to use your personal data for their own purposes. In the event we disclose your personal data as described above, we will implement appropriate safeguards to ensure the integrity and confidentiality of your personal data.

Your personal data will only be viewed and made available to processors, sub-processors, employees and other third parties on a “need-to-know” basis, limited to the extent necessary to perform their services.

8. International transfers

E.P.L. or through its (sub-)processors might transfer your personal data to third countries located outside the European Economic Area (“EEA“). In this event, E.P.L. will only transfer your personal data outside the EEA in accordance with the applicable data protection legislation and subject to appropriate safeguards.

Please contact us if you want further information on the specific mechanism(s) used by us when transferring personal data out of the EEA.

9. Direct marketing

E.P.L. may use your personal data for direct marketing purposes. It is possible that your personal data will be subject to profiling for marketing purposes. This enables E.P.L. to keep you informed about its products, updates, events, etc. You give your explicit consent for this, but you may at any time withdraw this consent and object to the processing of your personal data for direct marketing purposes, including profiling, to the extent that it is related to such direct marketing (free of charge).

You shall have the right at any time to object to the processing of your personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing, free of charge, by sending an email to: privacy@e-p-l.eu.

10. Data security

E.P.L. is committed to trying to make sure that your personal data is secure and makes all reasonable and appropriate efforts to protect the confidentiality of your personal data. We have implemented appropriate technical and organizational measures, safeguards and assurances to process your personal data in accordance with the GDPR, in particular to protect your personal data against loss, misuse, or unauthorized alteration or destruction.

E.P.L. maintains a team of technicians, automated systems, and advanced technologies, following the industry best practices and makes all necessary efforts to protect the confidentiality of your personal data. Please contact us if you would like more information on the specific measures taken.

Despite the above measures taken by us, you should be aware that there are always risks associated with sending personal data over the internet. The security and protection of your personal data can never be fully guaranteed, nor can we guarantee that unauthorized third parties will never be able to defeat those measures or use your personal data for improper purposes.

11. Data retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes determined in section 4 of this privacy policy, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you or the organization you work for. Afterwards it is still possible that they can be found in our back-ups or archives, but they will no longer be actively processed in a file.

The applicable retention periods are set out in the table above under section 4.

12. Your legal rights

If and in as far as provided for in the applicable data protection legislation, you have the right:

to receive confirmation as to whether we process your personal data and, where this is the case, to access such personal data,
to have any inaccurate or incomplete personal data corrected without undue delay,
to have your personal data deleted by us under certain circumstances, namely when one of the following applies:

if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
if you withdraw your consent on which the processing is based, and where there is no other legal ground for the processing;
if you object to the processing in case the processing is for direct marketing purposes;
if the personal data have been unlawfully processed; or
if the personal data have to be erased for compliance with a legal obligation in EU or national law;

to obtain your personal data and to transfer them to another controller or processor,
to obtain a limitation of the processing of your personal data, to the extent possible and subject to the applicable data protection legislation, at any time, when one of the following applies:

if you contest the accuracy of the personal data, for a period enabling E.P.L. to verify the accuracy of the personal data;
if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or
if E.P.L. no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims;
to receive your personal data in a structured, common and machine-readable format,
to prevent the processing of your personal data and the use of your personal data for direct marketing purposes; and
where the processing of your personal data is based on points (e) and (f) of article 6(1) of the GDPR, to object to the processing of personal data.

You can exercise these rights by sending an e-mail to: privacy@e-p-l.eu.

E.P.L. reserves the right to request a copy of the front side of your identity card if E.P.L. is unable to identify you or if E.P.L. has reason to doubt your identity. You may, however, blackline any information which is not necessary for identification or verification purposes.

If and to the extent provided for in the applicable data protection legislation, you have the right to file a complaint with the competent supervisory authority should the processing of your personal data violate the applicable regulations. In Belgium the competent authority is the Data Protection Authority (“Gegevensbeschermingsautoriteit”):

www.gegevensbeschermingsautoriteit.be

Drukpersstraat 35, 1000 Brussels, Belgium

+32 (0)2 274 48 00

contact@apd-gba.be.

We would, however, appreciate the chance to deal with your concerns before you approach the authority, so please contact us in first instance.

13. Third party links

Our Website and/or Event Website may contain links to third party websites and/or applications, such as the privacy policies of Aventri and Momice. E.P.L. is not responsible for the content of these websites and applications and is not responsible for the privacy standards and practices of such third parties.

We recommend you to read the relevant privacy policies of these third parties and their websites before you accept their cookies and visit their website to ensure yourself that your personal data is sufficiently protected. Nonetheless, we seek to protect the integrity of our Website and Event Website and welcome any feedback about these websites and/or applications.

14. Consent for disclosure

You acknowledge that we may disclose your personal data if this is required by law, or if E.P.L. determines in good faith that such disclosure is required in order:

to comply with any pending judicial inquiry, judicial order or litigation pertaining to the Website and/or Event Website;
to respond to claims against E.P.L. regarding personal data that violate any rights of third parties;
to safeguard the rights, property and safety of E.P.L., its employees, users, members, attendees of events/conferences and the general public.

15. Liability

If E.P.L. has legitimately transmitted your personal data to a third party (not being its (sub-)processor), E.P.L. shall not be liable for any unlawful processing or unlawful use by that third party.

Under no circumstances does E.P.L. accept responsibility for any direct or indirect damages resulting from faulty or unlawful use of the personal data by a third party (not being its (sub-)processor).

Additionally, E.P.L. is not liable if third parties unlawfully process or use your personal data and E.P.L. has implemented appropriate technical and organizational measures to prevent such unlawful processing or use.

E.P.L. is in any case only liable for the damage caused by the processing of personal data if it did not comply with its specific obligations under the GDPR. E.P.L. shall in no event be liable for any special, incidental, indirect or consequential losses or damages.

The foregoing exclusions and limitations shall only apply to the maximum extent permitted by applicable law.

16. Changes to this privacy policy

E.P.L. may always amend this privacy policy. Any changes we may make to our privacy policy will be indicated on the Website and Event Website and when proportionate and in line with the significance of the changes, may be notified to you by e-mail or advised to you on your next visit of the Website or Event Website. The date of the most recent version is shown in the top right-hand corner of the privacy policy. Please review E.P.L.’s privacy policy periodically to stay informed of changes that may affect you.

Amended versions of this privacy policy take effect ten (10) days after their publication on the Website, Event Website and/or other form of announcement and, if necessary, will always be submitted for approval, unless such modifications are necessary to comply with a legal requirement. In the latter case, such changes will take effect immediately.

17. Applicable law and competence

This privacy policy shall be governed, interpreted, and implemented in accordance with Belgian laws.

The Antwerp courts (department Antwerp) are exclusively competent to decide on any dispute that may arise from the interpretation or implementation of this privacy policy, without prejudice to the consumer’s right to present a dispute before a competent court based on a mandatory statutory provision.

Last updated: [12.10.2022]

GENERAL RULES

Members cannot conclude anticompetitive agreements with competitors
This includes agreements on prices (including price setting, discounts, timing of price increases, margins, etc.), the allocation of markets and/or customers, volumes to be placed on the market, or the handling of public or private tenders. Under competition law, an ‘agreement’ is a broad concept. It covers both formal and informal agreements, including gentlemen’s agreements, tacit arrangements or mutual understandings.
Members cannot exchange recent or forward-looking commercially sensitive information with competitors
Commercially sensitive (or strategic) information is information that is not publicly available and that reduces the strategic uncertainty on the market.Commercially sensitive information is a broad notion. Examples of such information are prices, price changes, discounts, production or distribution costs, production capacity, sources of supply, strategic plans, information on bids and customer information.Commercially sensitive information can only be exchanged if it is:
- truly public information; or
- historic information (i.e. at least older than one year); or
- aggregated and anonymized (so that no data of individual competitors can be distilled from the information).

PROCEDURAL SAFEGUARDS DURING MEETINGS

The EPL committee, each member and its representative(s) need to ensure strict compliance with the following safeguards when conducting any type of EPL meeting:

Pre-agreed agenda and documentation
- An agenda is prepared and circulated in advance of each meeting to all relevant members for review.
- A competition law compliance statement is included as the first item on the agenda. − Any documentation that will be presented or distributed during the meeting is circulated in advance of the meeting to all relevant members for review.
During the meeting
- A secretary representative is present/secretary is appointed at each meeting to monitor compliance with the guidelines and having the task to intervene whenever he/she observes a risk of non-compliance.
- Only items on the agenda are discussed during the meeting.
- Competition counsel should be consulted on all questions related to compliance with competition law.
Incidents
- Any discussion or meeting activity which entails the possible risk of violating the guidelines should immediately be stopped.
- The discussion or activity can only continue after appropriate legal checks by competition counsel.
- In case the discussion or meeting continues without the appropriate legal checks, members should distance themselves publicly and leave the meeting.
- Any incident and the subsequent actions undertaken in reaction thereto should be included in the minutes.
Meeting minutes
- Meeting minutes are taken of every meeting, accurately recording the discussions (including incidents, if any).
- The minutes are circulated to all members after the meeting.
- The members are invited to comment on the minutes within a given period, after which the minutes will be deemed accepted by all members.

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__utma	2 years	This cookie is set by Google Analytics and is used to distinguish users and sessions. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmb	30 minutes	Google Analytics sets this cookie, to determine new sessions/visits. __utmb cookie is created when the JavaScript library executes and there are no existing __utma cookies. It is updated every time data is sent to Google Analytics.
__utmc	session	The cookie is set by Google Analytics and is deleted when the user closes the browser. It is used to enable interoperability with urchin.js, which is an older version of Google Analytics and is used in conjunction with the __utmb cookie to determine new sessions/visits.
__utmt	10 minutes	Google Analytics sets this cookie to inhibit request rate.
__utmz	6 months	Google Analytics sets this cookie to store the traffic source or campaign by which the visitor reached the site.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_GCPC1VQGJZ	2 years	This cookie is installed by Google Analytics.