Privacy policy

PRIVACY NOTICE

Last updated: [1 June 2021].

This website is operated by the Bussola Institute on behalf of ourselves ("Bussola Institute", "we", "our" or "us").

Your privacy

We recognise that when you provide us with information about yourself, you trust us to act in a responsible manner. This Privacy Notice explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights. This applies to personal information that we collect though the Website or when engaging in our relationship or potential relationship with you (or your organisation). 

Who are we and what do we do?

The Bussola Institute is an independent, not-for-profit, non-governmental organisation established in Brussels in 2017 dedicated to a strong relationship between the countries of the Gulf Cooperation Council (GCC) and the European Union (EU). The vision of the Bussola Institute is to be a world-class Research Institute that is acknowledged as the premier source of understanding and knowledge concerning relations between Europe and the Gulf. The Mission of the Bussola Institute is to generate and share information and knowledge, that fosters improved understanding and promotes stronger Gulf-European relations through rigorous research and objective analysis. 

The Bussola Institute is an AISBL/IVZW (an international non-profit organisation incorporated under Belgian law), located at De Meeûssquare 28, 1000 Brussels, Belgium and registered at the Crossroads Bank for Enterprises under the number 0672.588.991 (RPR/RPM Brussels).

You can find more information about our company and on how to reach us via our contact page.

What information do we collect?

Depending on your relationship with the Bussola Institute, we may collect personal information about you that broadly falls into the following categories:

Information that you provide voluntarily

• Website information. You can visit our website without telling us anything about yourself. However, in some situations we may automatically collect some information (see below), you may provide some information on your own initiative or we may ask you to voluntarily provide us with some personal information. For example, this might be if you are interested in signing up to receive emails from us, or reading some research, or attending an event, or participating in any online forum provided by us from time to time, or if you register for any online account made available by us, or contact us via the Website (in which cases we will collect information such as name, email address, organisation, country, zip code/postal code, job title, telephone number(s), details of your comment or query and username/password). When we do receive your personal information, we will treat it securely, lawfully, and fairly.
• Job candidates. When you contact us in relation to employment opportunities at the Bussola Institute, we collect certain information as part of the recruitment process (and if successful, your employment).
• Information we collect when you do business with us. We may collect and process information relating to you as an individual (whether as a Website user or otherwise) when you conduct business with the Bussola Institute as, or on behalf of, a customer or prospective customer, or as, or on behalf of, a (prospective) vendor, supplier, consultant, speaker, professional adviser or other third party ("Customer, Vendor or Business Partner Data").

Information that we collect automatically 

When you visit our Website, we may collect certain information automatically from your device. This information may contain personal data. Specifically, the information we collect automatically may include information like your IP address, device type, cookie ID, browser-type, broad geographic location (e.g., country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked. Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them. We use this information for our internal analytics purposes and to improve the quality, relevance, and experience of our Website for our visitors. Some of this information may be collected using cookies and similar tracking technology, including web beacons. See our Cookie Policy [/link] for more information.

Information that we obtain from third party sources

In order to comply with various regulations, or to conduct background checks in accordance with our internal requirements (where permissible and in accordance with applicable law), sometimes we may receive personal information about you from third party sources. We will only obtain this information where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us or if this information is publicly available. In any case, we will only collect such information if we are legally allowed to do so and have the required legal basis (see below), such as legitimate interest, your consent or a legal obligation. 

Sensitive personal information

Normally, we will not process any sensitive personal data ('special categories of data') about you. In exceptional circumstances we may however need to process such data, which will only happen where permitted (or imposed) by, and in accordance with, applicable law. 

You may also provide us with information about a health condition to facilitate us making adjustments to ensure accessibility to premises and/or events. If you provide us with information about another person, you confirm that they have appointed you to act for them, that you have informed them of our identity and the purposes (as set out in this Privacy Notice) for which their information will be processed and that you have obtained any necessary consents to the processing of their personal information. When we first contact them, we will inform them where we obtained the information. 

Processing of such sensitive data will always/only occur in strict compliance with the applicable rules, such as art.9 of the GDPR.

How do we use your personal information?

We use your personal information essentially for the following purposes (or otherwise described at the point of collection):

To deliver our services, organise our events, conduct our research, communicate with you, etc.

• to create and administer records about your online account (if any), to provide online services to you, including facilitating your participation in any discussion forum, and for Website and system administration;
• to improve our services;
• for due diligence purposes, in accordance with and if allowed by applicable law, to assess financial, reputational, credit or insurance risks arising from any relationship or prospective relationship with you/your organisation and/or to carry out any necessary anti-money laundering checks;
• to provide you/your organisation with information or services that you have requested and deal with invoicing and payment;
• to send you service-related communications, to deal with communications you send us and request feedback;
• to facilitate your participation in events or competitions for which you have registered/which you have entered;
• to identify trends in the think-tank industry;
• to ensure that the content, services and advertising that we offer are tailored to your needs and interests (or those of your organisation) and for business development purposes;
• to contact you directly or via our agents by mail, telephone, fax, email, SMS or other electronic messaging service with offers of goods and services or information that may be of interest to you (including information about other organisations' goods and services).  We will only provide you with such (targeted) information on our services and products if you are customer (soft opt-in) or (person of interest at) a prospect, based on our legitimate interest, or if you request it, e.g. by subscribing to our newsletter. In any case, you can always opt out of receiving any more of these communications.

To maintain and develop our website:

• to improve, effectively present, and personalise our website;
• to display (targeted) messages on our website;
• to set up your web profile and thus ensure that we can offer you targeted promotions on our website;
• we use the analytical services of third parties (such as Google Analytics) to evaluate your use of the website, create reports on the activity, collect demographic data, analyse performance data, and collect other data on our website and Internet usage. These third parties use cookies and other technology to help analyse the data and to provide the data to us. Please see our Cookie Policy [/link] for more info.

For general company administration purposes: 

• Our organisation and our services etc. are supported by administrative and support services. Your personal data may be (directly or indirectly) processed by such services.
• We may need to process your personal data for general legal and regulatory compliance services, for example when we audit our business processes or audit our GDPR compliancy.

Who do we share your personal information with?

We may disclose your personal information to the categories of recipients described hereafter. These are not allowed to use this data themselves for their own purposes. These parties will only gain access to your (raw) personal data if and to the extent that such access is strictly necessary for the processing purposes described above.

Categories of recipients:

• our affiliated entities, third party services providers and partners:
• who provide data processing services to us (for example, to support the delivery of, provide functionality on, or help to enhance the security of our Website or other IT infrastructure, to assist us with carrying out due diligence checks, to carry out marketing, analytics or research on our behalf or to support the delivery of services to our clients in general or pursuant to a particular engagement).
• with whom we arrange joint promotional events (for example of both organisers are data controllers of your data or for the purposes of ensuring that you do not receive direct marketing information about the event from multiple sources, in which case we will avoid to share the actual (raw) data); or
• in the affiliated entities, who otherwise process personal information for purposes that are described in this Privacy Notice or notified to you when we collect your personal information.
• Further information about our affiliated entities and the third party service providers that may process your personal information (including their location) can be provided on request by contacting us using the details in the Contact Us section or the contact information provided below. 
• our clients and bid participants, in relation to bids and transactions with which you are involved.
• any competent law enforcement body, regulatory, government agency, court or other third party where disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person.
• to any other person with your consent to the disclosure.

Legal basis for processing personal information

Under European Union data protection law, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

However, we will normally collect personal information from you only where we need the personal information to perform a contract with you, where the processing is in our legitimate interests and not overridden by your rights, or where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.

Where we process your sensitive personal information, we do so: in the context of know-your-counterparty checks as required by applicable law; on the basis that the processing is necessary for reasons of substantial public interest; on the basis of your explicit consent; or to establish, exercise or defend legal claims. 

You can choose not to provide personal information to us. However, unless otherwise indicated, the information that we request is necessary for the purposes described above and failure to provide it may impede for example the contracting process and/or the provision of the relevant services.

If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), these interests will for example be to provide our services to you, respond to your queries, improve our Website(s), undertake marketing, or for the purposes of detecting or preventing illegal activities.

Given the context in which we undertake the processing of your personal information, and the safeguards that we take to protect your personal information, our legitimate interests are not outweighed by any prejudice to your individual rights and freedoms. If the latter would be the case, we would stop further processing. We may have other legitimate interests and, if appropriate, we will make clear to you at the relevant time what those legitimate interests are.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided in the Contact Us section of the website or the contact information provided below. 

How do we protect your information?

Reliable partners

We ensure that we only allow reliable partners to process your data, who provide us with the required written guarantees that they will process data in compliance with the requirements of this Privacy Policy and the privacy regulations.

Technical security measures

For example, in terms of access (login requirements, password policy, role division, etc.), storage (encryption, backup, etc.), and protection against outside access (firewall, antiviral software, etc.) of the media on which personal data can be stored.

Organisational measures

This includes raising awareness among employees and service providers concerning the importance of privacy, the enforcement of policies, the continuous maintenance of a data register, compliance with a data policy, etc. 

If we process your personal data based on grounds of legitimate interest (such as processing for prospection purposes to persons we have no prior relationship with), we will conduct a “legitimate interest assessment” (or “balancing test”) to assure that additional safeguards are foreseen and applied. This way, we guarantee a proportionate and balanced processing of your data in accordance with the privacy legislation.

Despite the security measures that we take, it is important to know that the transfer of data via an Internet connection is never without risks and you must take the necessary precautions when you are connected with the Internet in order to protect yourself from viruses, malware, etc.

International data transfers

We will process your personal data as much as possible within the EU. Some of our (current or future) service providers and affiliated companies may however process your personal data outside of the EU. In such cases we ensure that an appropriate level of protection is offered as required under the GDPR.

Specifically, our Website servers are in Belgium, and our affiliated companies and third-party service providers may operate around the world. This means that when we collect your personal information, we may process it in any of these countries. 

Further details about the protection given to your personal information can be provided upon request by contacting us using the details in the Contact Us section of the website or the contact information provided below. 

Data retention

We retain personal data we process from you as long as necessary for the abovementioned purposes..

• If you are a client or vendor (or a representative of a client or vendor) then the information will be retained for a period of time to allow us to provide our services, to comply with applicable legal, tax or accounting requirements and, if necessary, for the establishment, exercise or defence of legal claims. 
• If you are (a person of interest at) a prospect (for example a potential speaker on an event), we will store your personal data for 3 months only if we cannot reach you or if you show no interest in our organisation.
• If you are a job applicant, we will store your personal data for [12] months. If you have consented to be added to our list for future recruitment, we will renew this consent every 12 months.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Your data protection rights

If European data protection laws apply, you have the following rights:

• i) You are always entitled to know what personal data we have on you and how, where, and for how long it is processed;
• ii) You have a right to access and correct the personal data we have on you;
• iii) You can always unsubscribe (opt-out) from the mailings you receive;
• Iv) You can exercise your ‘right to be forgotten’ or request that we suspend the processing of your data;

If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided under the Contact Us section of the website or the contact information provided below.  

In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the Contact Us section of the website or the contact information provided below. 

You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the 'unsubscribe-link' in any mail you receive from us or by emailing us at events@bussolainstitute.org; subject: opt me out). To opt-out of other forms of marketing (such as postal marketing), then please contact us using the contact details provided under the Contact Us section of the website or the contact information provided below. 

Similarly, if we have process your personal data based on your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Links to other websites

We link to other websites. We are not responsible for the content or privacy policies of these websites for the way in which information about their users is treated. In particular, unless expressly stated, we are not agents for these websites or advertisers nor are we authorised to make representations on their behalf. In any event, you should explore the privacy practices of those third parties.

We use cookies, pixels, and other tracking technologies:

i) To guarantee and improve the operation of our website;

ii) To remember you;

iii) To show you targeted publicity;

iv) To let you share content from our website on social media;

v) To analyse, improve, and personalise the use of our website;

vi) Please see our Cookie Policy [/link] for more info.

Updates to this Privacy Notice

We may update this Privacy Notice from time to time in response to changing legal, technical, or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. You can see when this Privacy Notice was last updated by checking the date displayed at the top of this Privacy Notice. 

Website Terms

The use of our website is subject to our Website Terms  [/link].

How to contact us

If you have received an e-mail or e-mails from the Bussola Institute that you no longer wish to receive, please contact us at events@bussolainstitute.org. If you otherwise have any questions or concerns about our use of your personal information, please contact us at: info@bussolainstitute.org. 

The data controller of your personal information is the entity (i) with which you or your organisation is engaged as a supplier or customer; (ii) which is considering entering a relationship with you or your organisation; and/or (iii) with which you are engaged as user of a particular service provided by the Bussola Institute.

©ALL RIGHTS RESERVED EXCLUSIVELY TO THE BUSSOLA INSTITUTE