Home / Legal / Privacy Statement

Privacy Statement

Privacy Statement – October 2024


Your privacy and the security of your personal data are very important to INREV. INREV wants you to be as comfortable as possible visiting our website and/or using the services provided thereon. INREV is dedicated to protecting the privacy of anyone who visits this website, for example to browse through articles, ask questions and/or access the members only areas of the website. As the requirements of privacy and the security of your personal data continue to evolve, so will this Privacy Statement. We may therefore amend this Privacy Statement from time to time. Please read this Privacy Statement on a regular basis.


Processing of personal data by INREV


INREV receives personal data from our members and from you personally as either a representative of one of our members or a visitor of our website. INREV shall process and store the personal data we receive for such purposes as responding to your requests, for security, identification and administrative purposes, to improve usability and quality of our website and services and/or to securely perform the services a member and their representative are entitled to and/or have requested. For example, personal data provided by members or representatives is used to verify the identity of representatives and consequently provide them access to the members-only area of INREV's website. If you send INREV an e-mail with questions or comments, we will use data provided in that e-mail to respond to your questions or comments, and we may file your questions or comments for future reference.

If you have expressed your permission to do so, we may also send you our newsletter and/or information and updates which we think you may find interesting based on information you provided us with regarding your wishes, preferences and interests, e.g. on our training programs, or services. 
INREV shall furthermore use your data to comply with any possible legal obligations.

INREV also automatically receives and stores specific types of data when you interact with us, as we use cookies. We obtain certain types of information when your browser accesses our website and/or specific content or services provided by INREV. 

Click here to see our Cookie Policy.

The members-only area of the INREV website includes both a members’ and a representatives’ directory, which lists certain contact details of members and their representatives. As the contact details of representatives will often include personal data, INREV will only include contact information of representatives of members in the relevant directories, after having received clear and unambiguous permission (informed consent) to do so from individual representatives themselves. INREV shall update the information on a regular basis once advised of changes by its members or their representatives.

Personal data shall be retained only for as long as it is necessary to fulfill the purposes for which it was collected, or as required by applicable laws or regulations. Once the relevant purpose has been achieved, or the retention of personal data is no longer required by law, at INREV’s own discretion, the data will be securely deleted, anonymised, or otherwise appropriately disposed of, within four weeks after either determining that further processing is no longer required or receiving a valid request to terminate all processing of personal data by a data subject. Regular reviews of the data retention practices will be conducted to ensure ongoing compliance with this Privacy Statement. 


Data Breach Notification


In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the Autoriteit Persoonsgegevens without undue delay, and no later than 72 hours after becoming aware of the breach, in accordance with applicable data protection laws. If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will also inform the affected individuals without undue delay. The notification will include the nature of the breach, the likely consequences, the measures taken or proposed to address the breach, and the contact details for further notification.


Security 


We want your personal data to remain as secure as possible. For that reason, we have adopted the ISO27001 standard as a guidance for implementing various technical and organisational security measures to safeguard the ongoing confidentiality, integrity, availability and resilience of information, (processing) systems and services, including (but not limited to) secure transmission by industry-standard security techniques of personal data from your computer through the INREV website to our servers, that are located in secure and controlled environments, protected from unauthorised access, use or modification.


Access


Only employees who need access to your personal data to perform a specific task or function are granted access to such personal data. All employees, including temporary staff, must abide by the Privacy Statement as stated on our website and the confidentiality clauses in their employment agreement.

INREV engages carefully selected, specialised third parties, including consultants, for specific technical, infrastructural and other types of support and services, including (but not limited to) support and services related to the processing of data. This means that sometimes your personal data will be transferred, made accessible or available to such third parties for the performance of their support or services to INREV or INREV’s members. By providing your personal data, you give your explicit consent to the transfer and processing of your data by these third parties for the aforementioned purposes. INREV has agreements in place with all such third parties, stipulating that an adequate level of security is guaranteed and processing of any and all personal data provided to them is restricted to those types of processing that are appropriate and necessary for the fulfilment of the support or services required by INREV or its members. To be deemed adequate, the level of security must meet or exceed the requirements set out in this Privacy Statement.


Your rights


You can request INREV to inform you as to whether INREV processes personal data relating to you. We will provide you with the requested information within four weeks after the receipt of such a request. 

You have the right to receive your personal data, which you have provided to INREV, in a structured, commonly used, and machine-readable format. You also have the right to request that INREV transmits this data directly to another controller, where technically feasible. This right applies only where the processing is based on consent or the performance of a contract, and the processing is carried out by automated means.

In addition, you have the right to restrict and/or object to processing and therefore you can request INREV to correct, supplement, delete and/or block (the processing of) personal data that INREV processes if those personal data are factually inaccurate, incomplete or irrelevant to the purpose(s) of the processing, or are being processed in any other way which infringes any legal provision. The request shall contain the modifications that you want INREV to make. INREV shall inform you within four weeks of receiving the request as to whether and, if so, to what extent it will comply with your request. 

Once personal data is provided by a representative and permission (informed consent) is given to include personal data, such as your business contact information in one of our directories, each representative is individually able to correct, supplement and/or delete their personal information online (using their account, username and password) or by contacting INREV. As a representative you may also, at any time, amend or withdraw INREV’s permission to process your personal data. This may however affect your possibilities to use the members-only area and/or other services for which (continued) processing of personal data by INREV is a necessity. For example, merely withdrawing or withholding permission to include your contact information in a directory does not affect your access to the members only area. However, withholding permission to process any personal data prevents us from identifying you as a representative, which consequently prevents us from granting you access to the members-only area or providing you with services, such as newsletters, updates and information on training programs.

If you have any requests or questions with regard to this Privacy Statement and or the exercise of your rights regarding INREV’s processing of your personal data, please contact our Information Security Officer by sending an e-mail to info@inrev.org or a letter to INREV’s Amsterdam office. When exercising your rights regarding the processing of personal data INREV shall take every measure to amend its records according to your request and to make sure the changes are saved when a new dataset overwrites the previous one. INREV does not - to the extent permissible by law - accept any ongoing obligation, responsibility or liability to you or to any third party and is not liable for any errors, omissions, interruptions or delays made within this process. Please notify us if you feel your request has not been dealt with appropriately.

Our contact information is included at the bottom of this Privacy Statement. If, at any time, you feel that INREV is not respecting your rights regarding the processing of personal data, you may also file a complaint with the Autoriteit Persoonsgegevens.


Contact information 


Amsterdam office
Ito Tower, 8th floor
Gustav Mahlerplein 62
1082 MA Amsterdam
The Netherlands
T +31 (0)20 235 8600

Brussels office
Square de Meeûs 23
1000 Brussels
Belgium
T +32 (0)22 138 160

General 
M info@inrev.org
T +31 (0)20 235 8600