Privacy Statement for volunteers
CM respects the privacy of its volunteers in accordance with applicable legislation.
With the privacy statement below, the Christian Mutuality (CM) would like to inform its volunteers about the privacy policy and the processing of the personal data of volunteers, applicable between the controller and the candidate volunteers, volunteers and former volunteers.
- Controller of personal data
- Personal data that are the subject of processing
- Purpose and legal basis of volunteer data processing
- Duration of the processing of volunteers' personal data
- Rights of the volunteer
- Exercise of rights
- Recipients of the personal data
- Details of the data protection officer
- Technical and organizational measures
- Changes to this privacy statement
Controller of personal data
Your personal data in the context of CM volunteer work is processed by the following controllers:
- the National Association of Christian Mutualities, Haachtsesteenweg 579, box 40, 1031 Schaarbeek, Belgium with company number 0411.702.543;
- the Christian Mutuality Flanders, Haachtsesteenweg 579, box 40, 1031 Schaerbeek, Belgium, with company number 0874.853.490;
- the Regional Mutual Assistance Company (RMOB) CM Brussels, Haachtsesteenweg 579, box 40, 1031 Schaerbeek, Belgium, with company number 0713.670.669;
- the Regional Mutual Assistance Company (RMOB) MC Wallonia, Rue de Fernelmont 42, 5020 Champion-Namur, Belgium, with company number 0713.671.758.
For example, if you apply via the volunteer vacancy page to one of the legal entities listed below, the legal entity concerned will be the controller of the personal data processed in the context of your application. In that case, the relevant privacy statement of the legal entity involved applies. The vacancies page may contain volunteer vacancies from:
For volunteers from CM-Zorgkas and CM-verzekeringen, we refer to the privacy statement of the legal entity involved: CM-Zorgkas privacy statement , CM-verzekeringen privacy statement .
Personal data that are the subject of processing
The General Data Protection Regulation (GDPR) defines personal data as 'any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identification code such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.'
Data obtained directly from you
- Identification data (e.g. surname, first name, address, telephone number, personal and professional email address).
- Personal social data (e.g. national register number).
- Personal characteristics (e.g. gender, date of birth, place of birth, marital status, nationality).
- For expense reimbursements: amount, bank account number for payment, supporting documents (for actual expense reimbursement).
- Curriculum vitae (e.g. experience, education and training, leisure activities, competencies and interests).
- Image recordings (photos).
- Signature (as part of declaration of honour, expense report, etc.).
- Communication preferences (e.g. newsletter received/not received, by post/digital, for what effect).
- Commitments (e.g. for which operation you are available or not).
- Declaration of agreement (e.g. confidentiality of personal and medical data).
- Judicial records (proof of good conduct and morals) when required.
- Driving license for volunteer activity for which a driving license is required (e.g. transport of chronically ill people).
Data that is not obtained directly from you
- Personal file in the context of coaching the volunteer.
- History of engagements through the volunteer employee.
- CM membership via the member database (this may be required for insurance purposes).
Purpose and legal basis of volunteer data processing
The personal data mentioned in point 2 are processed by CM to enable the organization of volunteer work. This processing is necessary for the execution of the volunteer agreement* to which the volunteer is a party, for compliance with the legal and contractual obligations incumbent on CM and for the pursuit of its legitimate interests:
- need to be able to contact and communicate with the volunteer;
- to be able to pay the cost reimbursement to the volunteer;
- to be able to draw up the tax form if necessary;
- need to plan any training for the volunteer;
- to plan volunteer work;
- to be able to participate in CM's activities;
- supporting and guiding volunteers (in case of reporting obligation for volunteers entitled to benefits), as well as relationship management towards volunteers;
- obtaining government subsidies;
- statistical purposes: for this purpose the personal data is pseudonymised/anonymized;
- need to be able to enter into contracts with third parties (insurance, transport companies, House of Labor (access to buildings), etc.);
- need to inform volunteers about CM's actions and initiatives (newsletter by post);
- evaluation of the collaboration with the volunteer;
- writing to the volunteer based on his/her profile with any new interesting volunteer commitments.
The volunteer shares the personal data as referred to in point 2.1. to CM as soon as he/she becomes a volunteer or when he/she receives a request to provide this information. For example, when registering for a vacancy via the website, when registering for a volunteer activity or during an intake interview. This information is necessary so that CM can correctly apply the volunteer legislation. The continuation of the volunteer agreement is not guaranteed if the volunteer refuses to communicate the data concerned and this refusal prevents the proper execution of CM's legal, regulatory or contractual obligations.
The volunteer is obliged to inform CM spontaneously and as quickly as possible of any changes to the personal data provided in accordance with the appropriate procedures.
The above does not apply to the processing of personal data for which the volunteer must expressly consent. This could be the case, for example, for a particular use of a photo of the volunteer. The volunteer must be informed separately about these specific processing purposes. The volunteer is free to give, refuse or withdraw consent afterwards, without any negative consequences. Depending on the specific case, CM can rely on all possible legal grounds as determined by law, even if these are not expressly mentioned above.
*This volunteer agreement is not always formalized in a written agreement. The organization of volunteer work is always explained with an organizational note.
Duration of the processing of volunteers' personal data
CM will store and use the personal data of volunteers to the extent necessary for compliance with legal obligations and within the context of its activities. CM is bound by legal retention periods for storing certain personal data. If the law does not prescribe a period, the personal data may be retained for a period that CM deems necessary for the efficient performance of its obligations.
CM stores data of candidate volunteers during the recruitment process. The candidate data will be kept for one year. If the volunteer gives permission for this, we can store it for a longer period of time, for example to propose suitable volunteer commitments later.
When the engagement with CM ends, the data can be kept for ten years. However, some data will be deleted when it is no longer needed, depending on the system in which the data is located.
Rights of the volunteer
Right of access to personal data
The volunteer has the right to be informed of the personal data relating to him, as well as the specific nature of the processing, including the purpose of the processing of this data. The volunteer may request a copy of the data, provided this does not infringe the rights and freedoms of others. Where appropriate, this copy will be provided to the volunteer.
Adjust or delete the personal data
The volunteer may request that incorrect data relating to him or her be corrected or supplemented. The volunteer may request the deletion of personal data relating to him:
- when those data are no longer necessary in relation to the purposes for which they were collected or processed;
- when there is no longer a legitimate purpose for the processing;
- when the volunteer reconsiders his consent regarding the processing of certain data and CM cannot rely on another legitimate purpose or legal basis for the processing.
Restriction of the processing of personal data
The volunteer may request the restriction of the processing of personal data relating to him/her if he/she contests the accuracy of such data (limitation of the duration necessary to verify the accuracy of the data) or opposes the processing of the data (in accordance with point 5.4.). In that case, the data may only be processed (with the exception of their storage) with the consent of the volunteer concerned or for the establishment of the exercise or defense of rights in court or for the protection of the rights of another person.
Objection to the processing of personal data
Except for the personal data necessary for compliance with CM's legal obligations, the volunteer may at any time object to the processing of personal data relating to him for reasons related to his particular situation. The right can be exercised as provided in Article 21 of the General Data Protection Regulation.
Portability of the personal data
The volunteer has the right to receive the personal data concerning him/her that he/she has provided to CM in a structured, commonly used and readable format and has the right to transmit such data to a data controller. The volunteer may request that the transfer be made directly between CM and another controller to the extent that this transfer is technically possible. However, this right can only be exercised if your data has been processed exclusively on the basis of consent or a contract, and if this processing is done using automated processes.
Right to withdraw consent
If the lawfulness of the data processing is based on the explicit consent of the volunteer, the latter has the right to withdraw his consent at any time. The processing of this data before the withdrawal of consent remains valid.
Exercise of rights
The rights mentioned in point 5 can be exercised in accordance with the regulations and restrictions provided for in the legislation. The text of the General Data Protection Regulation takes precedence over what is stated in point 5.
The volunteer can contact the data protection officer for this (see point 8). The response to this request will be communicated to the volunteer as soon as possible and in principle within one month of receipt of the request. If necessary, this period can be extended by two months, taking into account the number of requests and their complexity.
The refusal to comply with the volunteer's requests as well as the reasons for this refusal will be communicated to the volunteer as soon as possible and at the latest within one month of receipt of the request. In case of refusal, the volunteer has the right to file a complaint with the supervisory authority (Data Protection Authority) or to initiate legal proceedings.
Recipients of the personal data
Your personal data may be passed on to:
- yourself, your legal representative (administrator, etc.), your representative (lawyer, etc.) or someone who has received a mandate or your approval for this;
- other volunteers, so that they can be responsible for the practical organization of volunteer work;
- the activity partners in the context of fire safety, attendance lists in the context of activities, in short for the purpose of volunteer administration, etc.;
- our auditors who are bound by a duty of confidentiality;
- our processors, e.g. in the context of the internet environment (web hosting, cloud system), providing the IT infrastructure (including IT network, CRM system), communication (mailing companies);
- the insurance institution for your insurance;
- Wiegwijs vzw, a volunteer organization that is part of CM Vlaanderen, can view your data in the context of volunteer work if you have given your permission for this. This makes it possible for Wiegwijs vzw to view your data in the context of a joint activity or to propose an interesting volunteer activity via CM.
CM may be obliged to disclose certain data to third parties, such as judicial and administrative authorities, in accordance with applicable legislation.
Details of the data protection officer
The volunteer can contact the data protection officer for any question regarding the processing of his personal data or the exercise of his rights. Any breach of personal data that may pose a risk to the rights and freedoms of natural persons must be reported to the data protection officer.
- By e-mail: [email protected] (attn. data protection officer)
- By letter: National Association of Christian Mutualities, Attn. data protection officer, Haachtsesteenweg 579, 1031 Schaerbeek
In addition to the option of contacting us directly, you also have the option to contact the Data Protection Authority (formerly Privacy Commission) and, if necessary, file a complaint: Commission for the Protection of Privacy, Drukpersstraat 35, 1000 Brussels - www.dataprotectionauthority.be/contact .
Technical and organizational measures
We take appropriate technical and organizational measures to ensure the security, integrity and availability of your data, taking into account the state of the art, the scope and context of the processing purposes and the type of personal data.
We take appropriate physical, administrative, organizational and technical security measures to protect your personal data against loss, unauthorized access, unauthorized use and unauthorized disclosure.
Your personal data is processed carefully and confidentially by the authorized employees to perform their tasks in the context of the described assignments.
- All persons who can access your data on behalf of CM are bound to confidentiality.
- We have a username and password policy on all our systems.
- Access management for the volunteer database, as well as the associated various roles and responsibilities, are provided.
- We make backups of personal data in order to be able to restore them in the event of physical or technical incidents.
- We regularly test and evaluate our measures.
- Our employees are informed about the importance of protecting personal data.
Changes to this privacy statement
This data processing policy can be adjusted when circumstances require it, for example in the event of changes in legislation, IT systems, etc.