WEP (hereinafter “WEP” or “we”) considers your privacy a priority. Consequently, we commit to treating the personal data of our participants, clients, potential clients and online users (hereinafter “you”) with the greatest care and to provide the best possible protection for such data in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regards to the processing of personal data, and on the free movement of such data (hereinafter “GDPR”) and the national law applicable in this field.
This charter provides information about:
Most recent modification: 14 June 2018; see previous version(s), archived:
► Explanatory glossary of the main legal terms used in this charter
► Explanatory glossary of the other terms used in this charter
2. Why do we collect your personal data and on what bases?
3. What personal data do we collect about you?
4. With whom do we share your personal data?
5. How long do we keep your personal data?
6. What rights do you have in regards to your personal data and how can you exercise these rights?
The Joint Data Controllers for the processing of your personal data described in this charter are WEP International and WEP Belgium having their registered offices respectively at Rue Neck 24, 1081 Brussels (WEP International is registered with the ECB under No. 0476.725.504) and Avenue de Jette 26, 1081 Brussels (WEP Belgium is registered with the ECB under No. 0435.130.419). This charter reflects the agreement between them to facilitate the exertion of your rights. Any question or request concerning the processing of your data may be addressed to the following email address: dataprotection@wep.org. You may exercise your rights with respect to and against each of the joint controllers.
We collect personal data about you for various reasons.
WEP collects and uses your personal data to be able to work efficiently and offer you the best possible experience with its services.
Moreover, please note that we can only collect and use your personal data if its use is based on one of the legal grounds defined by the GDPR (e.g., your consent or the implementation of a contract, which is completed with you).
The table below more specifically lists the purposes for which WEP uses your personal data and the corresponding legal basis.
| Purposes for which your personal data is collected | Legal basis for the processing of your personal data |
|
1/ Management of pre-contractual relations with potential clients We process your personal data in order to respond to your requests concerning your participation in an information session, your request to receive our information brochure on the various programs offered by WEP, your participation in an online language test to determine your level, and your various questions sent by email (including via the contact form on our site), by post or via online chat. |
WEP's legitimate interest in processing potential clients’ personal data in order to meet the requests and expectations expressed by them (Article 6.1.f. of the GDPR) |
|
2/ Marketing to our clients and prospects, i.e.:
|
WEP has a legitimate interest in processing its clients’ personal data (in particular that which is obtained directly in the context of participation in one of our programs) in order to inform them of other programs and activities it organises. Pursuant to Article XII.13(1) of the Code of Economic Law and the Royal Decree of 4 April 2003, WEP processes personal data relating to electronic contact details of prospects after obtaining prior consent to inform them of other programs and activities it organises. |
|
3/ Organisation of competitions The data of participants in a competition is processed by WEP in order to ensure the successful execution of the competition, in particular, to contact the winners and award them their prizes effectively and quickly in the event of a win. |
The execution of a contract concluded with you (Article 6.1.b. of the GDPR), in this case, a contract for participation in a competition |
| 4/ The publication of your testimonials | Your consent (Article 6.1.a. of the GDPR) |
| 5/ Issue of press releases | WEP's legitimate interest in processing journalists' personal data for the purpose of sending and publishing press releases (Article 6.1.f. of the GDPR) |
|
6/ Registration/pre-registration The registration process is a prerequisite to your participation in one of our programs. We process your personal data in order to process your request. |
Implementation of a pre-contractual measure (Article 6.1.b. of the GDPR) |
|
7/ Orientation and selection interviews For certain programs, we hold orientation and/or selection interviews in which we collect your personal data to ensure that the chosen program suits you and corresponds to your expectations. We also make sure that your profile matches the conditions of participation in the chosen program. |
Implementation of a pre-contractual measure (Article 6.1.b. of the GDPR) |
|
8/ Organisation of your program We process your personal data in order to ensure the correct management of your stay and the successful completion of the program to which you have subscribed (whether you decide to study at a secondary school or university, do a language study program or a family immersion program without a course, do volunteer work, find an au-pair job, do a World Tour, or go on a group trip). |
The implementation of a contract concluded with you (Article 6.1.b. of the GDPR), in this case, a contract for participation in a program Your express consent to the processing of your sensitive data within the scope of Article 9 of the GDPR, e.g., your health data, your religious beliefs, your political opinions, sexual orientation, etc. (Article 6.1.a. and 9.2.a of the GDPR) |
|
9/ Follow-up and assistance We process your personal data to ensure your follow-up and provide you with help and assistance if necessary during your program. |
The implementation of a contract concluded with you (Article 6.1.b. of the GDPR), in this case, a contract for participation in a program Your express consent to the processing of your health data and data revealing your religious beliefs (Articles 6.1.a and 9.2.a. of the GDPR) |
|
10/ Recruitment of host families When you submit an application to become a host family, we process your personal data in order to assess your application. |
The implementation of a pre-contractual measure (Article 6.1.b. of the GDPR) Your express consent to the processing of your health data and data revealing your religious beliefs (Articles 6.1.a. and 9.2.a of the GDPR) |
|
11/ Management of relations with host families Once designated as a host family, we will process your personal data in order to manage the relationship between you, the student and us. |
The implementation of a contract concluded with you (Article 6.1.b. of the GDPR) Your express consent to the processing of your health data and data revealing your religious beliefs (Articles 6.1.a. and 9.2.a. of the GDPR) |
| 12/ Assessment of our services | The legitimate interest of WEP to process its clients’ personal data in order to measure their degree of satisfaction with the goal of improving the services offered (Article 6.1.f. of the GDPR) |
|
13/ Statistics “Statistical purposes” means any practice of collecting and processing of personal data, which is necessary for statistical surveys or the production of statistical results. These statistical results may also be used for various purposes, including improving our programs and projects. “Statistical purposes” implies that the result of processing for statistical purposes does not allow any identification of those persons whose information has been used |
The legitimate interest of WEP in processing its clients’ personal data in order to improve the services offered and to have a better understanding of its target audiences (Article 6.1.f. of the GDPR) |
| 14/ Dispute management |
WEP's legitimate interest in processing personal data for the purpose of defending its interests, in particular, but not exclusively for the purpose of contesting or taking legal action (Article 6.1.f. of the GDPR) |
Please note that we may collect and use your personal data only if this use is founded on a legal basis determined by the GDPR (e.g., your consent or the implementation of a contract concluded with you).
The table below precisely lists the purposes for which your personal data is used by WEP and the corresponding legal basis.
| The purpose for collection | Personal data collected | Direct or indirect collection of your personal data |
| 1/ Management of pre-contractual relations with potential clients |
|
|
| 2/ Marketing |
|
|
| 3/ Organisation of competitions |
|
|
| 4/ Publication of your testimonials |
|
|
| 5/ Issue of press releases |
|
|
| 6/ Registration |
|
|
| 7/ Orientation and selection interviews, etc. |
|
|
| 8/ Organisation of your program |
|
|
| 9/ Follow-up and assistance |
|
|
| 10/ Recruitment of host families (in Belgium) |
|
|
| 11/ Management of relations with the host families |
|
|
| 12/ Evaluation |
|
|
|
13/ Statistics “Statistical purposes” means any practice of collecting and processing of personal data, which is necessary for statistical surveys or the production of statistical results. These statistical results may also be used for various purposes, including improving our programs and projects. “Statistical purposes” implies that the result of processing for statistical purposes does not allow any identification of those persons whose information has been used |
|
|
| 14/ Dispute management |
|
|
In the context of our activities, we may share your personal data. It goes without saying that should this be the case, we will ensure optimal protection of your personal data.
► Sharing your personal data with our service providers/partners and/or subcontractors
Our service providers, partners and/or subcontractors can access your personal data for the processing operations they perform. Below, you will find the list of subcontractors with whom we share your data, their location and the reason why we share the information in question with them.
| Service providers, partners and/or subcontractors that are involved in the sharing of your personal data | Location of service providers, partners and/or subcontractors | Reason for sharing your personal data |
| Expert IT | Belgium |
|
| Media&More | Italy |
|
| Online.net | France |
|
| Deluxe Small Business Sales |
USA
This company is located outside the EEA. |
|
| Zendesk, Inc. |
USA
This company is located outside the EEA. |
|
| Formstack |
USA
This company is located outside the EEA. |
|
| Altissia | Belgium |
|
| Facebook Lead |
USA
This company is located outside the EEA. |
|
| Local rep/psychologist | Belgium |
|
| Our partners |
In the EU or outside the EU* *The partner varies according to the choice of program and destination; its contact details will be included in the travel document sent prior to the participant's departure. |
|
► With government bodies, in response to legal requests, including requirements regarding national security or the application of the law
► In the context of a transaction, such as a merger, a takeover, a consolidation or a sale of assets, it may be that we have to share your personal data with the buyers or sellers.
We do not share your data with commercial partners who may want to propose products or services to you.
WEP has laid down precise rules on the storage period for your personal data. The storage period varies depending on different objectives and has to take into account any legal obligations to keep some of your data.
► Click here for more information
We aim to inform you as clearly as we can about your rights with regards to your personal data. We aim to ensure that you can easily exercise these rights.
Please find below a summary of your rights and a description of the way in which you can exercise them.
► Right of access
You can ask us to grant you access to all the following information with concerning:
• How to exercise your right to access
For this, you simply have to contact us by email at dataprotection@wep.org, indicating "right to access: personal data" in the subject line and attaching a copy of the front of your identity card and a brief description of the data you wish to access. Unless you indicate otherwise, you will receive the requested data free of charge in an electronic format within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request.
If you are unable to consult your data by email, you can also send us your request by post to the following address: Rue Neck 24, 1081 Brussels, Belgium.
Written requests must be signed and accompanied by a copy of the front of your identity card. The request must specify the address to which the reply must be sent. In that case, a reply will be sent to you within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request or if WEP receives an excessively large number of requests.
► Right of correction
You may ask WEP to correct and/or update your personal data.
• How to exercise your right to have data corrected
For this, you simply have to send an email to dataprotection@wep.org providing your surname and first name, indicating "right to correction: personal data" in the subject line and attaching a copy of the front of your identity card.
Do not forget to state the reason for your email in the text itself (e.g., the correction of inaccurate data and the information to be corrected, and if necessary, proof of the correct information, if you have it).
You can also exercise this right by sending a letter to the following address: Rue Neck 24, 1081 Brussels, Belgium. Your written request must be signed and accompanied by a copy of the front of your identity card. The request must specify the address to which the reply must be sent. In that case, a reply will be sent to you within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request or if WEP receives an excessively large number of requests.
► The right to have data deleted
If you find yourself in one of the following situations, contact us at any time to ask us to delete the personal data that we process about you:
• How to exercise your right to have data deleted
For this, you simply have to send an email to dataprotection@wep.org providing your surname and first name, indicating "right to have data deleted" in the subject line and attaching a copy of the front of your identity card. Do not forget to state the reason for your email in the text itself (e.g., the deletion of your data when you have withdrawn your consent on which processing is based).
You can also exercise this right by sending a letter to the following address: Rue Neck 24, 1081 Brussels, Belgium.
Your written request must be signed and accompanied by a copy of the front of your identity card. The request must specify the address to which the reply must be sent. In that case, a reply will be sent to you within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request or if WEP receives an excessively large number of requests.
However, we may be unable to respond to your request to exercise your right to be forgotten. It is important to remember that this right is not absolute. We have to ensure that this right is balanced against other important rights and values, such as freedom of expression, compliance with a legal requirement to which we are subject or important reasons of public interest.
► The right to be forgotten
Our website may contain personal data that concerns you. If you do not wish for this data to appear on the website, you can ask us to remove it if you are in one of the following situations:
• How to exercise your right to be forgotten
To have certain information concerning you removed from our website, you simply have to send an email to dataprotection@wep.org providing your surname and first name, indicating "right to be forgotten: personal data" in the subject line and attaching a copy of the front of your identity card. Do not forget to give the reason for your request in the text of your email, for example, a brief explanation and the precise address (URL) of the page in question. You can also exercise this right by sending a letter to the following address: Rue Neck 24, 1081 Brussels, Belgium.
Your written request must be signed and accompanied by a copy of the front of your identity card. The request must specify the address to which the reply must be sent. In that case, a reply will be sent to you within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request or if WEP receives an excessively large number of requests.
However, we may be unable to respond to your request to exercise your right to be forgotten. It is important to remember that this right is not absolute. We have to ensure that this right is balanced against other important rights and values, such as freedom of expression, compliance with a legal requirement to which we are subject or important reasons of public interest.
► The right to object
You cannot, under any circumstances, prevent us from processing your data:
• How to exercise your right to object
For this, you simply have to send an email to dataprotection@wep.org providing your surname and first name, indicating "right to object: personal data" in the subject line and attaching a copy of the front of your identity card.
It is important to indicate the reasons for your request to object.
You can also exercise this right by sending a letter to the following address: Rue Neck 24, 1081 Brussels, Belgium. Your written request must be signed and accompanied by a copy of the front of your identity card. The request must specify the address to which the reply must be sent.
In that case, a reply will be sent to you within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request or if WEP receives an excessively large number of requests.
However, we may not be able to respond to your request. In that case, we will of course reply to you as clearly as possible. In addition, any emails or information letters that may be sent to you will include a link, which you can click so that you no longer receive any promotional information from us.
► The right to the transferability of data
This right offers you the possibility of controlling your personal data more easily and more specifically by yourself:
This right relates to data provided actively and knowingly to create your online account (e.g., email address, username, age) and data collected by WEP.
Conversely, the personal data derived, calculated or put together from the information provided by you, such as the result of an assessment of your health, are excluded from the right of transferability of data because they were created by WEP.
• How to exercise your right to the transferability of data
For this, you simply have to send an email to dataprotection@wep.org giving your surname and first name, indicating "right to the transferability of data: personal data" in the subject line and attaching a copy of the front of your identity card. Do not forget to specify the respective files and the type of request (return of data and/or transfer to a new service provider) in your email.
You can also exercise this right by sending a letter to the following address: Rue Neck 24, 1081 Brussels, Belgium.
Your written request must be signed and accompanied by a copy of the front of your identity card. The request must specify the address to which the reply must be sent. In that case, a reply will be sent to you within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request or if WEP receives an excessively large number of requests.
However, you should know that WEP has the right to refuse your request for the transferability of data. This right only applies to personal data that was collected on the basis of your consent or the performance of a contract concluded with you (to find out more specifically about the personal data that may be the subject of the right to the transferability of data, click on the purposes and bases section). Moreover, this right may infringe the rights and freedoms of third parties, whose data may form part of the data, which would be transferred further to the request for transferability.
► The right to limit processing
You have the right to ask us to limit the processing of your data, that is to say the marking (e.g., a temporary move of your data to another processing system or a lock on your data making it inaccessible) of your registered personal data in order to limit future processing. You can call upon this right when:
In case of processing limitations, your personal data will no longer be subject to any treatment without your prior consent with the exception of its storage.
Your personal data may nevertheless still be processed for the purpose of ascertaining, exercising or defending legal rights, or for the protection of the rights of another legal or natural person, or for important reasons of public interest in the Union or the Member State.
In case of limitation of the treatment of some of your personal data, we will keep you informed about the timing when the measures will be lifted.
• How to call upon your right to limitation
In order to do this, simply send us an email to dataprotection@wep.org indicating your surname, first name and in the subject, “right to limitation: personal data”, as well as a copy of the front of your identity card. Do not forget to mention the reason for your request in the body of your email.
You can also exercise this right by sending us a letter to the following address: Rue Neck 24, 1081 Brussels, Belgium.
Your written request must be signed and accompanied by a copy of the front of your identity card. The request must specify the address to which the reply must be sent. In that case, a reply will be sent to you within one month of receipt of the request and within two months if in-depth research has to be carried out to meet the request or if WEP receives an excessively large number of requests..
► Data transfer within Europe
Some data is transferred in Europe for the purpose of certain processing operations (see point 4.1).
Within the European Economic Area (28 EU members states - Germany, Austria, Belgium, Bulgaria, Cyprus, Croatia, Denmark, Spain, Estonia, Finland, France, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Czech Republic, Romania, United Kingdom, Slovenia, Slovakia, Sweden - Iceland, Norway and Liechtenstein), personal data will benefit from the same level of protection.
► Data transfer outside Europe
You should be aware that the protection of privacy and the rules allowing authorities to access your personal data in these countries are not necessarily equivalent to those in Europe.
In order to ensure a high standard of data protection and privacy, we only use or assign service providers, partners and subcontractors with sufficient technical and legal guarantees.
The table below details the transfer of your personal data outside Europe.
| Recipient Categories | Company Name | Location of the Company | Reason for the Transfer | Legal Safeguards Applicable to the Transfer |
| Sub-contractor | Deluxe Small Business Sales | USA | Email marketing |
Deluxe Small Business Sales, Inc. is committed to and respects the Privacy Shield principles. This is a self-certification mechanism for companies established in the United States that has been recognised by the European Commission as providing a legal guarantee for personal data transfer by a European entity to companies established in the United States. For more information about Privacy Shield, click here. |
| Sub-contractor | Zendesk, Inc. | USA | Online chat (Zopim) | Zendesk, Inc. is committed to and respects the Privacy Shield principles. This is a self-certification mechanism for companies established in the United States that has been recognised by the European Commission as providing a legal guarantee for personal data transfer by a European entity to companies established in the United States. For more information about Privacy Shield, click here. |
| Sub-contractor | Formstack | USA | Form solution | Formstack is committed to and respects the Privacy Shield principles. This is a self-certification mechanism for companies established in the United States that has been recognised by the European Commission as providing a legal guarantee for personal data transfer by a European entity to companies established in the United States. For more information about Privacy Shield, click here. |
| Sub-contractor | Facebook Lead | USA | Form advertisements | Facebook is committed to and respects the Privacy Shield principles. This is a self-certification mechanism for companies established in the United States that has been recognised by the European Commission as providing a legal guarantee for personal data transfer by a European entity to companies established in the United States. For more information about Privacy Shield, click here. |
| Partners | The partner varies according to the choice of the program and destination. Its contact details will be included in the travel document sent before the participant's departure. | Outside the EU | Local partners who are involved in co-organising or facilitating our activity in the organisation of our programs |
We transfer and/or grant access to your personal data to a partner located in a non-EEA country only if: (1) It is located in a country, which ensures an adequate level of protection under an adequacy decision taken by the European Commission; (2) Appropriate safeguards have been implemented in accordance with the GDPR; (3) The transfer is necessary for the performance of a contract concluded with you or the implementation of pre-contractual measures taken at your request; or (4) You have explicitly consented to this. For more information and/or a copy of the guarantees in place, simply send us an email to dataprotection@wep.org indicating your surname, first name and in the subject, "transfers outside the EU: personal data". Also, remember to specify in the body of your email the exact information you wish to obtain. |
► Do you have a question or a suggestion about this Charter on the Protection of Your Personal Data?
Do not hesitate to pass your question or suggestion on to us by using this email address: dataprotection@wep.org, or by sending a letter to Rue Neck 24, 1081 Brussels, Belgium. It will be our pleasure to read and respond to your message or letter as soon as possible.
► Do you think we do not protect your personal data sufficiently?
If you believe that WEP is not processing your personal data in accordance with the GDPR and the applicable national law by using this email address: dataprotection@wep.org or by sending a letter to Rue Neck 24, 1081 Brussels, Belgium. In any case, you have the right to lodge a complaint with:
► Lodging a complaint with the Belgian Data Protection Authority
This Charter on the Protection of Your Personal Data may be modified at any time, in particular, to take account of any legal or statutory changes and the development of our services. Any major changes that may be made will be announced via our website or by email, as far as possible at 30 thirty days before they come into force.
When we publish modifications to this charter, we will adapt the "most recent update" date at the top of the confidentiality policy and describe the modifications on the page entitled "History of Modifications". We advise you to consult this charter regularly to find out how WEP protects your personal data.