AG CIA AND ITS MUSEUMS

AG CIA is committed to protecting your personal data and to respecting your privacy. AG CIA complies with all applicable laws and regulations, including the General Data Protection Regulation (GDPR, EU 2016/679).

In each and every case, we ensure that we:

• Only process your personal data for the reasons it was provided;
• Always process the minimum amount of personal data required to ensure proper functioning;
• Always ask for your express consent before we retrieve your personal data;
• Do not pass on your personal data to third parties unless this is essential for the purpose for which the data was provided;
• Are aware of your rights regarding your personal data, will inform you of said rights and respect them.

If, after reading our privacy policy, you have any questions about how we process your data, you can contact us by using the following contact information:

AG CIA / Erfgoed
Francis Wellesplein 1
2018 Antwerp
informatieveiligheid@antwerpen.be

This privacy policy is subject to change. Previous versions are stored in our archive. You may submit a request to consult the archive via email. The latest amendment is dated 1 July 2020.

FOR WHOM IS THIS PRIVACY POLICY INTENDED?

Our privacy policy is aimed at visitors to our museums and websites, participants in our activities, persons who are interested in or have been interested in our activities, members, journalists, clients, prospects and suppliers.

This privacy policy applies to all AG CIA services. By “all services” is understood to mean the services that you encounter through visiting our museums, media campaigns, public events organised by AG CIA or one of its museums, and through administrative services such as invoicing. Furthermore, this policy covers all AG CIA online services, such as websites, apps, internet services offered by AG CIA and access to content (e.g., the press site, digital platforms, and so on).

WHY DOES AG CIA PROCESS PERSONAL DATA?

AG CIA and its museums process personal data for various reasons and legal grounds, including for:

• Participation in activities, such as workshops, events and tours organised by AG CIA and its museums (performance of an agreement)

• Purchasing of tickets, delivery of tickets, access control, service mailing prior to/after your visit and for making contact in case of program changes or cancellations (legitimate interest)

• Consulting the online collection catalogue (data subject’s consent)

• Use of the library (data subject’s consent)

• Maintaining press relations (legitimate interest)

• Communication purposes (data subject’s consent)

• Sending updates, newsletters, marketing emails and invitations based on your location, age, language and interests (data subject’s consent)

• Financial administration, such as generating, sending and receiving order forms, invoices and debt recovery (performance of an agreement)

• Obtaining government subsidies (legal obligation)

• Security of the museums, our infrastructure, staff and visitors (general interest)

• Analysing trends and statistics (anonymous)

You have the right to withdraw your consent at any time, if indeed the processing takes place based on consent. We use the data provided exclusively for the purposes for which it was obtained.

WHAT PERSONAL DATA DOES AG CIA PROCESS?

For the purposes described above and depending on the specific purpose, AG CIA processes the following data:

• Personal identity data: family name, first name, place of residence

• Private contact information: telephone number, email address

• Identity information issued by the government: identity card number, national registry number

• Personal details: date of birth, place of birth, sex/gender, nationality

• Financial details: account number, payments

• Visual material (during a physical visit to a museum)

We collect this information when you share it with us (for example, when subscribing or making a booking) or when you use our online services. The ways that we collect data include: cookies, registration forms, contracts, debt recovery forms and through personal/telephone/digital contact. We do not collect personal data through third parties with the exception of the data that we receive from the City of Antwerp.

In order to provide the best possible service, we may combine your data with publicly available data or with data that you provide to AG CIA on other platforms (for example, by purchasing a ticket or booking a guided tour).

WHAT PERSONAL DATA DOES AG CIA COLLECT WHEN I VISIT ITS WEBSITES?

Certain data is automatically collected when you visit AG CIA’s website or museums. For example, we can see the IP address, the opened pages, the number of mouse clicks, the date and time of the visit and which browser you are using. This data allows the website to recognise you when you next visit and helps us optimise our websites and tailor our operations to the needs of the user.

We use cookies to make visiting the website as enjoyable an experience for everyone as possible. Cookies remember pieces of information, such as your language choice, obtained from a previous visit. We do not use this data to track you on other websites. You can disable cookies by going to your browser settings.

We use Google Analytics to gain insight into who visits our websites and how we can improve them.

WHAT DATA DOES AG CIA COLLECT FROM MY UNDER-13-YEAR-OLD?

Under-13-year-olds can only register for workshops, guided tours and the newsletter if they have parental permission. Furthermore, under-13-year-olds have the same rights as anyone else regarding this privacy notice.

WHAT IF I DO NOT PROVIDE CERTAIN DATA?

If you do not provide certain information to us you may be unable to purchase tickets, make a reservation and/or work with AG CIA and its museums, as certain data is essential to the performance of these activities.

WILL MY DATA BE PASSED ON TO THIRD PARTIES?

We only provide your data to third parties if this is necessary to perform the actions described above. We always request your permission before we do so. You can withdraw this permission at any time. We use a third party in the following circumstances:

• To sell entrance tickets and receive bookings for workshops and guided tours (Beeple, Syx Automations, GlobalTicket)

• To send out press releases (Prezly)

• To store and process data in the cloud (Microsoft and Google)

• To maintain the internet environment for webhosting and mail hosting (Microsoft, Lunar, DeltaBlue and Digipolis)

• To manage the IT infrastructure (Digipolis)

• To manage financial administration (EASI)

• To create and distribute newsletters and invitations (Mailchimp)

• To register library users (KOHA)

• To provide access for visitors to consult the collection (Adlib)

When we do use a third party, we either draw up a data processing agreement (DPA) or make certain that the same provisions are included in the contract terms. We ensure that your personal data is secured through the DPA or contract at all times.

AG CIA regularly collaborates with other companies and government agencies and this means they may come in contact with your personal data in certain cases. We share personal data with the following third parties:

• Government agencies (such as grant authorities, tax offices and social security agencies)

• Partners with whom we organise joint activities, which involves the exchange of lists of participants (such as the City of Antwerp)

With these parties we also make sure that the necessary agreements regarding the protection of your personal data are made, monitored and respected. We will not under any circumstances pass on your data to third parties unless this is legally obligated and permitted (for example, by court or police order). Your personal data will never be sold, leased or used for commercial purposes.

In the event that your personal data is passed on to countries outside the European Economic Area (EEA), this data is protected by specific contractual obligations in compliance with the European privacy regulation.

FOR HOW LONG DOES AG CIA STORE MY PERSONAL DATA?

We never store your personal data for longer than is necessary to achieve the purpose for which it was provided, in compliance with the legally defined period (such as for accounting reasons). Retention periods may differ according to the purpose.

An account you create yourself on KOHA is automatically deleted after three years of inactivity.

We undertake to keep personal data for no longer than a maximum of ten years after it was last used or after termination of a collaboration.

HOW IS MY DATA PROTECTED?

Your personal information is protected against unlawful access, use, loss or disclosure. The measures we have taken include the following:

• Persons who have access through us to your personal data have a confidentiality obligation

• We make back-ups of your personal data in order to be able to recover it in case of physical or technological incidents

• We test and evaluate our measures at regular intervals and modify them where necessary

• Our employees have been made aware of the importance of protecting personal data

• Access to your personal data is only granted if an employee has a legitimate need for it in the performance of their task

• When new projects may have an impact on your privacy, a detailed analysis is conducted to ensure that your rights and the security of your personal data are protected

You will be personally notified if, despite these precautions, an incident should occur involving your personal information, in the manner provided by law.

WHAT ARE MY RIGHTS?

You have a number of rights with regard to the processing of your personal data, including:

• Right of access and copy of data

• Right of rectification and supplement of data

• Right to have the data deleted if it is no longer strictly necessary for the purposes for which it was processed. We reserve the right to determine if your request is justified

• Right to limitation of processing

• Right to object to the way in which your personal data is processed, such as the right to object to the use of your personal data for direct marketing purposes

• Right to transferability of data to yourself or, on your stipulation, to another party

You can exercise these rights by contacting us at the address at the top of this privacy policy notice, accompanied by the reason for your submission and proof of your identity. We recommend that you conceal your ID photograph and clearly state that it is a copy and not the original.

If you simply wish to withdraw your consent to receive newsletters, click on “unsubscribe” in the footer of any email you receive from AG CIA or its museums.

If you are present at events or activities in a museum, you may be recognisable in photographs taken to illustrate the occasion. These images may be used for communication purposes (such as newsletters and social media). You have the right to have images in which you can be recognised removed at any time by sending an email to info@fomu.be

WHAT SHOULD I DO IF I HAVE A COMPLAINT?

If you have a complaint about how we process your data or about the exercise of your rights, we recommend that you contact us first directly by using the contact details at the top of this privacy notice.
You also have the right to file a complaint with the supervisory authority (the Data Protection Authority) if you have reason to believe that your data is being processed incorrectly.

Drukpersstraat 35
1000 BRUSSELS

Tel. 02/274.48.00
Fax. 02/274.48.35

contact@apd-gba.be

If you have any questions about the processing of your personal data as described in this notice, you can always contact our data protection officer, Ms Anne Baré, at informatieveiligheid@antwerpen.be