FCC Compliance: FCC Privacy Notice

FAIM Coordination Centre (FCC) Privacy Notice

 

The FAIM Coordination Centre (FCC) maintains and processes personal as well as confidential information about FAIM Applicants directly related to their FAIM Compliance Procedures.

This personal and company confidential information is however strictly limited and considered as absolutely necessary to execute the Applicant's Compliance Procedures, an integral part of the FIDI-FAIM quality certification programme.

The FIDI-FAIM certification programme requires that international movers have periodic independent assessments of their inter-continental moving activities through an independent audit.

The FCC is committed to respect FAIM Applicants by handling all personal and company confidential information collected in connection with their FAIM Compliance Procedures in accordance with applicable local laws (EU-GDPR) as well as our own Privacy Policy (Privacy Principles)

This notice explains our practices with regard to your personal and/or company confidential information.

 

Our Privacy Notice addresses 10 privacy principles:

These 10 privacy principles are essential to the proper protection and management of FAIM Applicants personal and confidential information. They are based on internationally known fair information practices included in many privacy laws and regulations of various jurisdictions around the world and recognized good privacy practices. Furthermore they are in full compliance with the EU-GDPR:

https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN 

 

Outlined Summary:

 

1. Management:

The FCC will, through appropriate management and strict application of criteria and controls:

 

•        Observe fully conditions regarding the fair collection and use of information.

•        Meet our legal obligations to specify the purposes for which information is used.

•        Collect and process appropriate information, and only to the extent that it is needed to fulfil our operational needs or to comply with any legal requirements.

 

We have a responsible person in the FCC for ensuring compliance with up to date Data (Privacy) Protection regulations.

We ensure that everyone processing personal and/or your company confidential information understands that they are contractually responsible for following good data protection practice aligned with internal procedures and legal requirements.

We ensure all FCC staff is appropriately trained with up to date privacy legislation.

We collect, process and transfer personal and/or company confidential information about FAIM Applicants through computerized and paper-based data processing systems.

We have established routine processing functions (such as processing FAIM Compliance Procedure applications and FAIM  Compliance Procedure audit reporting)

We ensure that all processing and transfers of personal and confidential information are subject to reasonable confidentiality and privacy safeguards.

 

2. Notice:

We provide notice about our privacy policies and procedures at the time of the FAIM (Re) Application; our notice is also available on the FIDI website under the FAIM section. We are committed to respect FAIM Applicants by handling all their personal and company confidential information collected in connection with their FAIM Compliance Procedures in accordance with applicable local laws (EU-GDPR) as well as our own Privacy Policy (Privacy Principles).

We only process personal and confidential company information to accommodate FAIM Applicants with their respective Compliance Procedures. For example we identify key contacts to communicate during the FAIM application.

We only process company confidential information if needed for business objectives or if it is required to comply with applicable laws. For example, we process audit reports related to FAIM Applicants audit performance. We may therefore need to process confidential company information as an integral part of the FAIM Compliance Procedure.

As a general rule personal and/or company confidential information will only be collected, processed or transferred where adequate privacy protection mechanisms are in place.

 

3. Choice and consent:

By applying for FAIM Certification you give your consent with respect to the collection, use, and disclosure of certain personal and/or company confidential information as described in this notice. Consent here means you understand our lawful basis for processing and agree with the collection, use, and disclosure of personal and/or company confidential information with the sole purpose to accommodate your FAIM Compliance Procedures.

 

4. Collection:

We shall obtain and process personal and confidential data fairly and in accordance with statutory and other legal obligations. We collect personal and/or confidential information for the sole purposes to accommodate FAIM Applicants before, during and after their FAIM Compliance Procedures.

 

5. Use, retention, and disposal:

We limit the use of personal information to the sole purpose of executing your FAIM Compliance Procedures and for which you have given your consent at the time of your FAIM (Re) Application.

We retain personal and/or company confidential information for only as long as necessary to fulfil the stated purposes or as required by law or regulations and thereafter appropriately dispose of such information. For example we will retain your personal and/or company confidential information as long as you are affiliated to FIDI and therefore subject of the various FAIM Compliance Procedures.

We do not retain hard copies of your personal and/or company confidential information. At the time of disposal all electronic data concerning your personal and/or company confidential information will be removed from our systems.

 

6. Access:

You may access and update your personal information by contacting the FCC.

In the event you have any questions/comments about your personal and/or confidential data that is either collected, used, retained, disclosed, and/or disposed by the FCC you may contact us at following details:

 

FAIM Coordination Centre (FCC)

Boulevard Louis Schmidt 29 B1

1040 Brussels (Belgium)

Tel.: +32 24 25 55 55

Email: fcc@fidi.org

 

7. Disclosure to third parties:

We shall use and disclose your personal and/or company confidential data only in circumstances that are necessary for the purposes for which we collected the data. For example we will disclose your company confidential information only to the independent FAIM auditors for the sole purpose to accommodate your company Compliance Procedure, an integral part of the FIDI-FAIM certification. We will never sell, or make available in any other way, your personal and/or company confidential information to third parties.

 

8. Security for privacy:

We protect personal and/or your company confidential information against unauthorized access (both physical and logical) aligned with our internal IT policy and procedures. We shall take appropriate security measures against unauthorised access or alteration, disclosure or destruction of personal and/or company confidential data.

Personal and/or company confidential information will only be accessible to authorised FCC staff.

In the event you have any questions/comments about how we protect and secure personal and/or your company confidential information against unauthorized access,  you may contact us at following details:

 

Andrew Mavin

IT SPOC

FAIM Coordination Centre (FCC)

fcc@fidi.org

Tel: +32 24 25 55 55

 

 

9. Quality:

We maintain accurate, complete, and relevant personal and/or company confidential information as reasonable possible and only for the purposes identified in this notice.

We retrieve your personal and/or your company confidential information from the FAIM Application Form, FAIM online platform and corresponding e-mails.

Please note that we have shared responsibility with regard to the accuracy of your personal information. Please let us know of any changes to your personal information.

 

10. Monitoring and enforcement:

We monitor compliance with applicable local laws (EU-GDPR) as well as our own Privacy Policy (Privacy Principles) and have procedures to address privacy related complaints and disputes. All FCC staff are aware that a breach of the rules and procedures identified in this policy may lead to disciplinary action being taken against them.

If you believe that your personal and/or your company confidential information is not handled in accordance with applicable local laws (EU-GDPR) as well as our own Privacy Policy (Privacy Principles), you may submit a complaint to the person responsible for complying with data protection laws and regulations, who will investigate the complaint.

 

John Prooij

Project Manager Quality & Risk

FAIM Coordination Centre

fcc@fidi.org

Tel: +32 24 25 55 55

 

 

This Data Protection Policy will be reviewed regularly in light of any legislative or other relevant developments.

 

Last updated:

 

19-06-2018

 

 

Glossary of Terms

 

EU-GDPR: European General Data Protection Regulation

Privacy:  The rights and obligations of individuals and organizations with respect to the collection, use, retention, disclosure, and disposal of personal information.

Personal information: (sometimes referred to as personally identifiable information) information that is about, or can be related to, an identifiable individual. It includes any information that can be linked to an individual or used to directly or indirectly identify an individual.

Individuals, for this purpose, include prospective, current, and former customers, employees, and others with whom the entity has a relationship. Most information collected by an organization about an individual is likely to be considered personal information if it can be attributed to an identified individual. Some examples of personal information are as follows:

  • Name
  • Home or e-mail address
  • Date of Birth
  • Identification number (for example, a Social Security or Social Insurance Number)
  • Physical characteristics
  • Consumer purchase history

 

Sensitive information: Some personal information is considered sensitive. Some laws and regulations define the following to be sensitive personal information:

  • Information on medical or health conditions
  • Financial information
  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Sexual preferences
  • Information related to offenses or criminal convictions

 

Non-personal information: information about or related to people that cannot be associated with specific individuals. This includes statistical or summarized personal information for which the identity of the individual is unknown or linkage to the individual has been removed. In such cases, the individual’s identity cannot be determined from the information that remains because the information is de-identified or anonymized. Non-personal information ordinarily is not subject to privacy protection because it cannot be linked to an individual. However, some organizations may still have obligations over non-personal information due to other regulations and agreements

 

Privacy or Confidentiality?

Unlike personal information, which is often defined by law or regulation, no single definition of confidential information exists that is widely recognized. In the course of communicating and transacting business, partners often exchange information or data that one or the other party requires be maintained on a “need to know” basis. Examples of the kinds of information that may be subject to a confidentiality requirement include the following:

  • Transaction details
  • Engineering drawings
  • Business plans
  • Banking information about businesses
  • Inventory availability
  • Bid or ask prices
  • Price lists
  • Legal documents
  • Revenue by client and industry

 

Also, unlike personal information, rights of access to confidential information to ensure its accuracy and completeness are not clearly defined. As a result, interpretations of what is considered to be confidential information can vary significantly from organization to organization and, in most cases, are driven by contractual arrangements.

 

Processing: Means collecting, amending, handling, storing or disclosing personal and/or company confidential information.