Privacy Policy

Version: June 2023 is committed to protecting and respecting your privacy. We assure you the confidential processing of your personal data in accordance with the General Data Protection Regulation, in short ‘GDPR’.

This Privacy Policy applies to the processing of personal data on our website and in the context of the services offered by (hereafter “we”, “us” or “UAO”), with office in Belgium, Havenlaan 86 C, postbox 204, B-1000, Brussels, registered under company number 0775.893.397, RPR. Brussels.

This Privacy Policy may be amended or updated on a regular basis. We therefore kindly request you to regularly consult this Privacy Policy on our website so that you always have the most recent version. This Privacy Policy should be read in conjunction with our Social Media Policy as well as our Cookie Policy.

o regularly consult this Privacy Policy on our website so that you always have the most recent version. This Privacy Policy should be read in conjunction with our Social Media Policy as well as our Cookie Policy.

Questions about applicable law and this privacy policy can be directed to our Data Protection Officer (“DPO”) at
[email protected].

1. Important information and who we are, organized as an international non-profit organization, is responsible for the processing of your personal data, acting as Data Controller within the meaning of GDPR, with regards to the personal data we process for the purposes explained in this Privacy Policy.

Your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

2.   The personal data we collect & process

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of Personal Data from you, for specified purposes and based on a specific legal ground. We have grouped the categories of personal data together as follows:


Category of personal data

(1) Identifier  

Data that helps to distinctly identify a person in different data sets:

Contact, Identification and Authentication data

Data that helps to identify and contact a person (e.g. first name, last name, address, phone number, email, username or similar identifier, login and password)

Account Data

Data that helps to unique identify a person  (e.g. job title, postal address, business address, telephone number, mobile phone number and email address,  social media accounts, profession economic category, profession, professional activities).

Online identifiers

provided by your devices, applications, tools and protocols, such as internet protocol addresses (IP), cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of a person and identify you. (e.g. IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website or other digital touchpoints.)


(2) Contract


Data that helps to identify a customer internally and connects him to the company’s offerings:

Unique customer ID

 (pre-)contractual data: includes offers, contracts, services, subscriptions.

Transaction Data includes information of the products and services you use, data (incl. history) that contains information about a financial transaction (e.g. sales history, payments, refunds, premiums).

Financial & bank data bank details, tax identification number, Credit Card details, expenses, credit rating , ongoing insolvency proceeding

Membership interactions including business information necessarily processed in a committee or participation relationship with us.


(3) Behavior
Data that gives insight into a person’s behavior and interests. It contains quantitative information such as:

your interests, preferences  includes your preferences in receiving marketing from us and our third parties and your communication preferences

Interaction Data includes information about how you use our website, products and services, information processed during interactions between you and UAO. (e.g. user behavior, website visits, click tracking, call records, cookies, social media activities (posts, likes, comments), response data (to surveys), complaints, feedback, video’s & photos during events and seminars.


(4) Corporate security data Data to safeguard our organization against offenses (e.g. internal investigation data, closed-circuit television (CCTV) data).


We also collect, use and share Aggregated Data such as statistical data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Interaction Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data for ID purposes). Nor do we collect any information about criminal convictions and offences.

3.   How is your personal data collected?

We may collect personal data about you in a number of circumstances, using different methods collection methods, via:

Direct interactions, when you:

  • fill in a contact form on our websites or contact us by e-mail, telephone, or other communications channels;
  • request our services or information, technical documents or brochures;
  • subscribe to our newsletter;
  • conclude a Membership contract;
  • request marketing to be sent to you, or when give us feedback;
  • attend a seminar or another UAO event
  • offer to provide services to us;
  • browse, make an enquiry or otherwise interact on our website or social media channels:

– Twitter –,
– LinkedIn –
– YouTube –

Automated technologies or interactions: As you interact with our website, we may automatically collect Behavior Data about you. We collect this personal data by using cookies, server logs and other similar technologies. Please see our Cookie Policy for further details.

 Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources.

4.   Legal basis for processing your personal data

We only process personal data that is necessary, both in terms of data categories and for the purposes of processing explained in the next session. We determine the most appropriate legal basis according to the characteristics of the processing, relying on:

  • performance of a contract (Art. 6 (1) (b) GDPR) , including the pre-contractual processing in order to conclude a contract : personal data is needed to perform the contract we are about to enter into or have entered into with you. This is the case for contract/Membership program management; follow-up with customers about claims management and after sales service.
  • fulfillment of a legal obligation (Art. 6 (1) (c) GDPR): to comply with a legal or regulatory obligation, such as, bookkeeping related to accounting and tax obligations.
  • free, specific, informed and unambiguous consent (Art. 6 (1) (a) GDPR) for sending direct marketing communications to you via email or other communication channel, commercial prospecting by electronic means for goods or services that you have not already been purchased/subscribed to; profiling. You have the right to withdraw consent to marketing at any time by contacting us.
  • necessary for our legitimate interests (Art. 6 (1) (f) GDPR) (or those of a third party) and provided that such interests are not overridden by your interests or fundamental rights and freedoms: satisfaction surveys, product quality studies; product testing; compilation of sales statistics; and commercial prospecting to business professionals (by email or telephone);  and electronically, for similar goods and services already purchased/subscribed to.

5.   Purposes of processing your personal data

We have set out below, in a table format, a description of the specific purposes for which we plan to use your personal data, referring to the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one legal basis depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.


Purpose/activity Categories processed Lawful basis for processing
Manage our relationship with you which includes notifying you about changes to our terms or privacy policy (1) Identifier
(2) Contract
legal obligation
Customer care

Online and off-line communication via website or other channels for customer care and information inquiry handling. We process personal data during customer care processes and your information inquiries via contact forms, email or other channels.
See separate Social Media Policy in case of social media channels.

(1) Identifier
(2) Contract
(3) Behavior
legitimate interests
Digital newsletters and Personalized direct marketing

This purpose relates to direct marketing communications, for example through our marketing campaigns and our social media channels. Communicating with you through the channels you have approved to keep you up to date on the latest technology and marketing developments, announcements, and other information about UAO services, products and technologies (including newsletters, blogs) as well as events and projects; contests or other promotional activities or events.

We collect information about your preferences to create a user profile to personalize and foster the quality of our communication and interaction with you (for example, by way of newsletter tracking or website analytics). We profile based on your consent to offer you relevant information on the services offered by UAO.


(1) Identifier
(2) Contract
(3) Behavior
Organizing events, contests and publishing team or event photos where permitted (1) Identifier
(2) Contract
(3) Behavior
contractual agreement (paid events, seminars, contests)
Photos, video’s based on consent
Contract execution & Membership management

We conclude contracts (Membership), processing personal data of legal representatives or business contact persons whereby we process, among other things, personal data of personnel or contacts in a B2B context, for the conclusion, execution and management of the contract. This purpose also includes any pre-contractual negotiation or processing of data via a contact form on our website or other channels. We also process personal data when organizing development committees and participation in projects. We administrate the provided personal data in customer relation management, contract & payment (billing and collect), accounting and auditing processes.

(1) Identifier
(2) Contract
contractual agreement
Exercising or defending legal claims

Like any business, we must file our legal claims from time to time, seek compensation or settlement and retain legal evidence, seek legal advice from outside counsel, ensure regulatory compliance, be represented by legal counsel in judicial, criminal, administrative or other proceedings or reporting to law enforcement authorities.

(1) Identifier
(2) Contract
(3) Behavior
(4) Corporate security data
legitimate interest
contractual agreement
Tax, invoicing and accounting

In order to comply with tax, billing and accounting regulations, we need to process a certain limited scope of personal data.

(1) Identifier
(2) Contract
legal obligation
Compliance with our legal obligations

such as record keeping obligations, compliance screening or recording obligations including reporting to and/or being audited by national and international regulatory bodies; (e.g. under antitrust laws, export laws, trade sanction and embargo laws, for anti-money laundering, financial and credit check and fraud and crime prevention and detection purposes), which may include automated checks of your contact data or other information you provide about your identity against applicable sanctioned-party lists and contacting you to confirm your identity in case of a potential match or recording interaction with you which may be relevant for compliance purposes.

(1) Identifier
(2) Contract
(3) Behavior
legal obligation
Quality & service improvement, customer satisfaction and market research

We process your personal data to perform statistical analyzes with the aim to improve our website and services or develop new products and services, perform customer surveys and market analysis.

(1) Identifier
(2) Contract
(3) Behavior
legitimate interests
Maintaining an adequate level of security

We consider the security of our services and in general our information security as our obligation. In doing so, we monitor the use of our systems internally to detect violations of internal policies, unauthorized operations in our systems, or malicious bots, code or behavior, protecting the security of and managing access to our premises, IT and communication systems, online platforms, websites and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities. This goal includes taking adequate security measures, their periodic assessment and review.

(1) Identifier
(4) Corporate security data
legal obligation
legitimate interests

We do not process your personal data in any form of automated decision making.

If you provide personal data to us for one of the above purposes, about someone else (such as one of your directors or employees, or someone you represent as a delegate) you must ensure that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use and disclose that personal data as described in this Privacy Policy. In particular, you must ensure the individual concerned is aware of the various matters detailed in this Privacy Policy, as those matters relate to that individual, including our identity, how to contact us, our purposes of collection, our personal data disclosure practices, the individual’s right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided (such as our inability to provide services).

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

6.   To whom do we disclose your personal data?

We may have to share your personal data with the following categories of third parties set out below for the purposes set out in session 4 above:

  • Parties in the context of execution of services and if necessary for technical support, such as CRM solution providers, website development & maintenance, hosting services, data center services, suppliers of standard software solutions (such as Microsoft, Google), marketing and analytics software providers and operators, performance monitoring and security and other software services.
  • Third party partners for the purposes of hosting events

These third parties may only process your personal data on our behalf and with our explicit written consent and in accordance with the purposes outlined above. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We guarantee that all third parties acting as processors or sub-processors are carefully selected and are required to maintain the security, confidentiality and integrity of your personal data and processes in accordance with the law. We ensure that the selection of our subcontractors and any processing of personal data by them is in accordance with the GDPR.

Within UAO, your data will only be shared with authorized personnel (internal recipients) or a verified / authorized third party. Our employees or internal contractors may have access to your personal information on a strictly necessary basis, which is generally determined and limited by the position, role and department of the relevant employee.

As we are a global association, teams and suppliers may have global or multi-country roles, and they can be located anywhere in the world, in countries with different privacy standards than the country of our customers.

We may also share your information, as necessary:

  • with competent authorities, based on a good faith belief that disclosure is necessary to respond to a judicial process, a valid official inquiry, or if otherwise required by law;
  • Authorities or court, when it is obliged to do so on the basis of a legal provision or a court decision.
  • to defend our legal rights, or to protect the rights or safety of any person or entity;
  • as instructed by you;
  • with third parties in the context of reorganization of operations.

We will get your opt-in consent before we share personal data with any other company for marketing purposes.

We do not sell your personal information to any other party.

7.   International transfers is an international non-profit organization, located with headquarters within EEA. We aim to process all personal data within the EEA (European Economic Area) or countries with adequacy decision confirmed by the European Commission, meaning countries that have adequate data protection legislation comparable to GDPR.

We preferably choose to work with third parties or service partners based within the EEA.  However, some of our subcontractors or recipients of personal data may be located outside the EEA, so their processing of your personal data will involve a transfer of data outside EEA.

Whenever we transfer your personal data to external third parties based outside EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • To ensure that your personal data is protected when transferred outside the EEA, a data transfer agreement has been put in place between UAO and the third party, incorporating the EU’s Model contractual clauses and additional technical & organizational measures.
  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

8.   How do we secure personal information?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9.   How long do we keep your data?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are set out by us in our internal retention policy which you can request by contacting us. In some circumstances you can ask us to delete your data: see Request erasure below for further information.

In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

10.   Your rights?

You can exercise various rights vis-à-vis UAO processing your personal data when you interact with us. You have the right to:

  • Request access (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correctionof the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processingof your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing: This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party (commonly known as a “data subject data portability request”). We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any timewhere we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent

To answer your rights quickly and efficiently, we kindly ask you to complete the included form and send it to
[email protected].

Download – GDPR Request Form
In this form we kindly ask you to be as specific as possible when addressing your request. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we reserve the right to refuse your requests or to charge a reasonable administrative fee of 60 euros excl. VAT per request, if your requests are clearly unfounded, repetitive or excessive (in particular because of their repetitive nature). Alternatively, we may refuse to comply with your request in these circumstances.

11. Questions or Complaints

You may address questions or complaints about the way in which we process your personal data to:
[email protected]. AISBL
Havenlaan 86C
box 204
1000 Brussels

In addition, you always have the option to submit a complaint to the Data Protection Authority: Drukpersstraat 35, 1000 BRUSSELS, e-mail: [email protected].

12. Updates to this privacy policy

This Privacy Policy was last updated in June 2023. We reserve the right to update and change this Privacy Policy from time to time in order to reflect any changes to the way in which we process your personal data or changing legal requirements. In case of any such changes, we will post the changed Privacy Policy on our website or publish it otherwise. The changes will take effect as soon as they are posted on this website.