Privacy Policy

Thank you for visiting our website and your interest in our organisation.  Protecting your personal data is important to us.  Personal data means any information relating to an identified or identifiable natural person and includes information such as the person’s name, address, identification number, phone number and/or date of birth.  As a ‘data subject’, you are afforded certain rights and protections under the relevant laws, including the European General Data Protection Regulation (GDPR).  This Privacy Policy explains the ways in which your personal data is processed when you use and interact with our website (www.lei.direct) and register with us and the services we provide.  If you have any questions or feedback, please do not hesitate to contact us at privacy@gs1.org.

References in this Privacy Policy to “we”, “our”, “us” (and similar terms) refers to GS1 AISBL, an international non-profit association incorporated under Belgian law, having its registered office at Avenue Louise 326, bte-10, B-1050 Brussels, Belgium.

1.         PURPOSE FOR PROCESSING DATA

A.         Using our Website

You can visit our website without providing any personal data.  If you use our website for information purposes only (i.e. you do not log in, register, place an order, or otherwise provide us with information about yourself), we do not process any personal data, except for data that your browser transmits, enabling you to visit the website and information transmitted to us (i.e. cookies).

B.         Technical Aspects

For the purpose of technical website provision, we may process certain automatically submitted information from you, for your browser to display and enable you to use our website.  This information is automatically collected each time you visit our website and is stored in our server log files.  This information refers to the computer system of the calling computer.  The following information is collected in this process:

  • Host
  • IP address
  • author name (if applicable
  • date and time of access
  • access method (retrieve/post)
  • request
  • protocol (e.g. http)
  • status (e.g. error messages)
  • data volume retrieved
  • referrer
  • browser and operating system of the use.

We also use cookies to make our website available to you.  Cookies are text files that are stored by and in the Internet browser or on your computer system when you visit a website.  A cookie contains a distinctive character string that enables a unique identification of the browser when the website is called up again.  We use these cookies exclusively to provide you with our website along with its technical functions.  Without using cookies, we cannot offer some of the functions on our website.  With the exception of statistical analysis regarding the use of our website, we only use session cookies.  These session cookies are erased when you leave the website.  This does not apply to login cookies that store your access authorisation.  These are automatically erased after 24 hours.

We process your personal data for the technical provision of our website on the following legal bases, to:

  • fulfill contractual obligations or to execute pre-contractual measures (per Article 6(1)(b) of the GDPR), insofar as you visit our website to obtain information about our products or services; and
  • protect our legitimate interests (per Article 6(1)(f) of the GDPR) in order to make the website technically and securely available to you.  This is necessary for us to provide you with a technically functional and user-friendly website, and to protect our website from cyber risk and prevent our website from posing cyber risks to third parties.

C.         Website Analysis

We use Google Analytics and cookies, which allows us to analyse the traffic to and activity on our website and to improve its quality and content.  The information obtained in the context of the statistical analysis of our website will not be merged with your other data collected in the context of the website.

Google AdWords:  We use the online advertising program "Google AdWords" and conversion tracking as part of Google AdWords.  Google Conversion Tracking is an analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States) ("Google").  When you click on an ad served by Google, a conversion tracking cookie is placed on your computer. These cookies lose their validity after 30 days, do not contain any personal data and are not used for personal identification.

If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognise that you clicked on the ad and were redirected to this page.  Each Google AdWords customer receives a different cookie, which means it is not possible to track cookies on the websites of AdWords customers.

The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking.  Customers can see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information with which users can be personally identified.

If you do not wish to participate in tracking, you can object to this use by preventing the installation of cookies by setting your browser software accordingly (deactivate now or install browser plug-in available on http://tools.google.com/dlpage/gaoptout?hl=en). Further information and Google's privacy policy can be found at:  http://www.google.com/policies/technologies/ads/, or https://policies.google.com.

Google Tag Manager:  We use the Google Tag Manager on our website.  Google Tag Manager is a solution that allows marketers to manage web page tags through a single interface.  The Google Tag Manager service itself (which implements the tags) is a cookie-less domain and does not collect any personal data.  The Google Tag Manager service triggers other tags that may collect data.  Google Tag Manager does not access this data.  If deactivation has been made at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager.

Google Analytics:  We use Google Analytics, which is a web analysis service.  Google Analytics uses cookies, being text files placed on your computer, to help the website analyze how users use the site.  The information generated by the cookie about your use of our website is usually transferred to a Google server in the United States and stored there.  However, if IP anonymisation is activated on our website, Google will reduce your IP address within Member States of the European Union or in other treaties of the Agreement on the European Economic Area beforehand.  Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and shortened there.  On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website and Internet use to the website operator.  The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.  Our website uses Google Analytics with the extension "_anonymizeIp()". This shortens the processing of IP addresses and prevents direct personal contact.  You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website.

D.         Registration

In addition to simply accessing our website, you can also actively use our website to order one of our products or services, to register for our newsletter, or to contact us.  In addition to the above-mentioned processing of your personal data for purely informational purposes, in this case we also process other personal data that we require to carry out your order or to process and respond to your inquiry.

Contact request:   In order to process and answer your requests (e.g. those sent via the contact form or to our e-mail address), we process your personal data.  Such personal data includes your name and e-mail address in order to send you an answer, as well as the other information that you send to us.  We process your personal data to answer user requests on the legal basis to protect our legitimate interests (per Article 6(1)(f) of the GDPR), being to answer contact requests appropriately.

Contract processing:   If you order our products or services via our website, we process your personal data in order to receive and handle your order and to provide you with the products or services you have ordered.  In this context, we process the information from the respective input forms (voluntary information is marked “if applicable”):

  • E-mail address
  • Salutation
  • Position
  • Full name
  • Company
  • Industry
  • Street/house number
  • Postal code
  • City
  • Country
  • Telephone 

We process your personal data to establish, execute, and terminate a contract on the legal basis to fulfil the contract or to execute pre-contractual measures (per Article 6(1)(b) of the GDPR).

E.         Service Communications

If we receive your e-mail address in connection with your registration and to provide our products or services, we reserve the right to e-mail you offers for related products or services from our range if you have not objected to this.  You can object to our use of your e-mail address at any time by emailing privacy@gs1.org .  We process your personal data to forward our newsletter on the legal basis in the aforementioned case to safeguard our legitimate interests (per Article 6(1)(f) of the GDPR) to advertise our products and services.

F.         Contact Requests

If you send us a contact request, conclude a contract and this is not done via our website but through another communication channel (e.g. e-mail, telephone, in person), we process your personal data, which you make available to us and which is necessary to provide our products or services, establish, execute, and, if necessary, terminate our contracts/events with you, as described below.

Contact request:  In order to process and answer your inquiries via telephone, post, or our e-mail address, we process the personal data you provide.  In any case, this includes your name and address information such as your e-mail address, postal address, or a fax number, in order to send you an answer, as well as any other information you send us in the context of your communication.

We process your personal data to answer user requests on the legal basis to protect our legitimate interests (per Article 6(1)(f) of the GDPR), namely to answer contact requests appropriately.

Contract conclusion:  If you place an order by telephone, e-mail, or in person (or similar) for one of our products or services, we process your personal data in order to receive and handle your order and to provide you with the products or services you have ordered.  In this context, we process the information from the respective input forms (voluntary information is marked with “if applicable”):

  • E-mail address
  • Salutation
  • Position
  • Full name
  • Company
  • Industry
  • Street/house number
  • Postal code
  • City
  • Country
  • Telephone

We process your personal data to establish, execute, and terminate a contract on the legal basis to fulfil a contract or to execute pre-contractual measures (per Article 6(1)(b) of the  GDPR).

G.         Data Processing under Contract

In performing our obligations under contract with you, we process your personal data in the following ways:

Provision of Services:  in order to meet our contractual obligations to you, we process your personal data to provide the services (including to enter into contact with you, clarify further inquiries, and to provide services).   We process your personal data to establish, execute, and terminate a contract on the legal basis to fulfil a contract or to execute pre-contractual measures (per Article 6(1)(b) of the  GDPR). 

Payment:  We engage payment service providers and banks for payment processing.   We process your personal data to establish, execute, and terminate a contract on the legal basis to fulfil a contract or to execute pre-contractual measures (per Article 6(1)(b) of the GDPR).

Regulatory Compliance:  We process your personal data in order to fulfil other legal obligations that affect us in connection with the execution of the contract.  This particularly includes retention periods under commercial, trade, or tax law.  We process your personal data to establish, execute, and terminate a contract on the legal basis to fulfil our legal obligations (per Article 6(1)(c) of the GDPR) in connection with relevant commercial, trade, or tax law regulations.

Enforcement:  We may process your personal data in order to assert our rights and enforce our legal claims.  In addition, we process your personal data to defend ourselves against legal claims, and to the extent necessary to defend against or prosecute criminal offences.   We process your personal data to enforce our rights to protect our legitimate interests (per Article 6(1)(f) of the GDPR), insofar as we commence or defend  legal claims or disputes or prevent or clarify criminal offenses.

2.         DATA RECIPIENTS

At first instance, only our authorised employees may access information about your personal data.  In some cases, to the extent permitted or required by law, we share your personal data with other recipients who provide services to us in connection with our website and the service.  We limit the transmission of your personal data necessary data.  In some cases, our service providers receive your personal data as processors who may only access and process your personal data according to our direction(s).  In some cases, the recipients act independently with the data transmitted to them.

The categories of necessary recipients of your personal data many include:

  • Payment service providers and banks for processing payment;
  • IT service providers, for the administration and hosting of our website or the operation of our apps; and
  • debt collection companies and legal advisors. 

3.         CROSS-BOARDER TRANSMISSION

If it is necessary for us to share your personal data internally or with third parties in other countries, we ensure the necessary safeguards are in place to protect it.  In the case of a transfer to a country outside the European Economic Area whose local data protection regime is not considered as adequate by the European Commission, we rely, amongst other things, on:

  • The conclusion or the execution of an agreement that adequately protects your personal data in line with the GDPR;
  • EU Model clauses, which are standardised contractual clauses used in agreements with service providers to ensure personal data transferred outside of the European Economic Area complies with the GDPR.  We may provide you with a copy of these clauses upon request;
  • Reasons necessary for the public interest;
  • Your explicit consent; and
  • The Privacy Shield framework that protects personal data transferred to the United States.

4.         DATA RETENTION

If you use our website for information purposes only, we store your personal data on our servers for the duration of your visit to our website.  After you have left our website, your personal data is erased.  Cookies installed by us are generally also erased after you have left our website, except for log-in cookies which are stored for 24 hours.

In the event of active use of our website, contact requests, conclusion of contracts, outside the website, we initially store your personal data for the period until we have responded to your request.  If a business relationship and/or conclusion of a contract occurs, we store your personal data for the duration of our business relationship and/or for the duration of the contractual relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.

5.         YOUR RIGHTS AS A DATA SUBJECT

The GDPR affords you with the following rights:

Right of access:  You have the right to request confirmation from us at any time as to whether we process your personal data and, if we do, you have the right to request access to it and certain other information (including processing purposes, categories of personal data, categories of recipients, planned storage period, your rights, the origin of the data, the use of automated decision-making, and, in the case of transmission to a third country, the appropriate guarantees).

Right to rectification:  You are entitled to rectification of your personal data if it is inaccurate or incorrect. 

Right to erasure:  You have the right to request your personal data be erased without undue delay. Among other things, there is no right of erasure if the processing of personal data is necessary for (i) exercising freedom of expression and information, (ii) fulfilling a legal obligation to which we are subject, or (iii) the assertion, exercise, or defense of legal claims.

Right to restriction of processing:  You have the right to require us to restrict the processing of your personal data.

Right to data portability:  You have the right to access your personal data in a structured, commonly used, and machine-readable format to transfer, or have transferred to, another data controller.

Right of revocation:  You have the right to revoke your consent to your personal data being processed at any time.

Right to object: You have the right to object to the processing of your personal data in certain circumstances (per Article 21 of the GDPR).  In some cases, our interests may require that we continue or are required to process your personal data despite your objection.  Objections in this case are determined on a case-by-case basis.

Right to lodge a complaint with a supervisory authority:  You have the right to lodge a complaint with a supervisory authority in the Member State of your residence, place of work, or place of the alleged infringement. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

The applicable supervisory authority is:

  Data Protection Authority
Rue de la Presse 35
1000 Brussels
Belgium
Telephone:+32 (0)2 274 48 00
Facsimile:+32 (0)2 274 48 35
Email:contact@apd-gba.be 
Website:https://www.dataprotectionauthority.be/ 

 

We recommend that you address your complaints or concerns to us at first instance, via privacy@gs1.org

6.         YOUR OBLIGATION TO PROVIDE DATA

In principle, you are not obliged to provide us with your personal data.  However, if you do not provide your personal data to us, it may limit our ability to make our website and services available to you.  Personal data that we require for the above-mentioned processing purposes is marked as mandatory information with an “*” or another symbol.

*          *          *

This is the Privacy Policy of GS1 AISBL, acting as a data controller, applies to the GS1 Global LOU service.  We may amend this Privacy Policy to remain compliant with any changes in law and/or to reflect how our business processes personal data.  This version was created in May 2018 and enters into force on 1 June 2018 (being the date on which the GS1 Global LOU service commenced).