Privacy policy platform Rise Up

Disclaimer 

In accordance with the European regulation of 27 April 2016 on data protection ("GDPR"), the National Association of Independent Health Insurance Funds (hereinafter "the Association") acts as data controller for providing the Rise Up platform. Questions about the processing of personal data by the Association can be addressed via the following channels: via the online form https://www.mloz.be/fr/eform/submit/formulaire-de-contact, by e-mail: privacy@mloz.be, or by post to the National Association of Health Insurance Funds - Route de Lennik 788 A, 1070 Brussels.

I. Processing personal data on the Rise Up platform

Which data are processed? 

• Identification data: name, first name, (professional) e-mail address, phone number (if given by the trainee), connection history to the platform (date of last connection and date on which access to the platform was suspended), unique identifier given to the trainee by his/her employer or Partner Administrator) 
• Personal characteristics: language 
• Study and training: history of training courses attended on the platform (registration date, courses in which trainees are registered, pass or fail status in the case of certification courses, with the number of points obtained where applicable, progress tracking for multi-module training, attendance or absence during the course, training organization, training duration, training objective), start date and end date of the trainee's contract 
• Profession and employment: department/team of the trainee, manager of trainee, function of the trainee, entity to which the trainee or partner administrator is attached
• Other: profile creation date on the Rise Up platform, status (trainee, training designer, training facilitator and Partner or Internal Administrator, i.e. the person responsible for managing training for a given group of trainees), individual training counter, biography (if completed by the trainee in his/her personal space)
• Image (if the user of the platform uploads a photo of him/her in his/her personal account)

What are our sources of information? 
The data concerning you come from you (for the self-managed or editable parts of your personal account), from your training manager within the entity for which you work or from APROSS, the Association's training partner (for the accounts of the training managers of the entities for which the trainees work).

Are your data processed securely? 
All these data are processed by authorised personnel contractually bound by an obligation of confidentiality and professional secrecy based on the law. In addition, security measures are put in place to guarantee the confidentiality, integrity and availability of your data.

For what purposes are your data processed and on what ground(s)? 
Your data are collected and processed for the various legitimate purposes and grounds listed below.

Who can your data be communicated to? 
Your personal data may be communicated:

• To yourself and/or the person of your choice at your request 
• To your manager, your employer or the person responsible for trainings specially designated to this task by the entity you work for

Who are our processors? 
The association mainly uses the following processors: 

• The technical provider of the training platform
• Its training partner, APROSS
• Its IT supplier, in particular for hosting and e-mail services  
   

For how long do we keep your data? 
Your training history data is kept for a maximum of 7 years from the date of the training course attended, while your identification data is kept for as long as your employer lists you as a beneficiary of the training courses we provide. Your data may be kept longer in the event of legal action, in which case we keep the data and documents necessary for the proceedings for the duration of the proceedings.

Are your data transferred to countries outside the EEA? 
Your data will not be transferred to countries outside the EEA unless you specifically request it.

What are your rights? 
You have the right to access the data we process and which concern you and to know, for each of them, how they are processed and for what purposes. In addition, provided that the exercise of these rights does not contradict the legal requirements (especially the retention one) the Association is subject to, you also have the right to request the rectification of any inaccurate or incomplete (in addition to the possibility of modifying some data in your personal account yourself) data, to request the deletion of all or part of it, to object to its processing, to limit its processing and not to be subject to an automated decision, including profiling.

How do you exercise your rights? 
To exercise one or more of your rights, you can  

• Go in your user account on the platform (right of rectification and deletion right) 
•  Or submit us your request, either by using this form here: https://www.mloz.be/fr/eform/submit/formulaire-de-contact, either by sending us a dated and signed written request by e-mail (via privacy@mloz.be) or by post (National Association of Health Insurance Funds - Route de Lennik 788, 1070 Brussels). A copy of the front side of your identity card may be required. In that case, your request will be processed within 30 days of its submission. According to the complexity and number of requests, this period may be extended by a further 2 months if necessary. You will be notified of the action taken by the National Association on the basis of this request by e-mail or by post according to the medium you have chosen. Likewise, any refusal of intervention will be motivated. 

In addition, the request to exercise one or more of your rights will be handed over, where necessary, to the subcontractors which received the personal data concerned by the request.
In the event of disagreement with a processing operation or a refusal on our part to accede to a request to exercise one of your rights, you can always contact the Data Protection Authority, located at rue de la Presse 35, 1000 Brussels or via the website www.dataprotectionauthority.be.