hera is an international consultancy company working towards fostering the right to health and development.

hera undertakes to make every effort to comply with applicable laws and regulations related to Personal Data protection in countries where hera operates and to protect the confidentiality of personal data collected in line with the European Regulation EU General Data Protection Regulation (GDPR) 2016/679 of the European Parliament and of the Council of 27 April 2016.

This policy sets forth the basic principles by which hera processes the personal data of customers (clients and consultants), suppliers, business partners, employees and other individuals and indicates its responsibilities while processing personal data, and the security measures taken to protect this data.

This policy applies to hera partners, associates, employees and contracted consultants conducting business with the European Economic Area (EEA) or processing the personal data of data subjects within the EEA.

The users of this document are hera’s employees, permanent or temporary and all contractors working on behalf of hera.

Name: hera – right to health and development

Registered Address: Kardinaal Mercierplein 2, 2800 Mechelen, Belgium

Phone Number: +32 3 844.59.30

E-mail: hera@hera.eu

GDPR contact person e-mail address is hera@hera.eu.

WHAT PERSONAL DATA DO WE COLLECT?

We currently collect and process the following information:

• Identity data (for example, name, surname, job title, place of work, nationality, date of birth, passport details and age)

• Contact data (e-mail address, residence address, telephone number, emergency contacts and business contact details)

• Qualification data (for example details of achievements, qualifications and courses attended and other details mentioned on your CV)

• Cookies and technical data (including internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website. For more information on how we use cookies see our Cookie Notice.

• Website usage data (information about how you use our website)

• Personal data collected as part of the research, studies and evaluations we conduct.

2.2 HOW DO WE COLLECT YOUR PERSONAL DATA?

We will collect your personal data directly from you when you:

• make an enquiry or information request to us

• email us

• submit your CV via the “work with us section”

• apply to become one of our contractors or suppliers

• agree to partner or collaborate with us

• subscribe to our e-newsletters

• use, visit, browse and interact with our website (see more in our Cookie Notice)

• visit our offices

• participate in a research, study, evaluation or survey

2.3 OTHER INFORMATION WE COLLECT ABOUT YOU FROM THIRD-PARTY SOURCES

We also receive personal information indirectly, from the following sources:

• From other third parties outside hera where you have agreed to them to share your information with us (such as references);

• Government, tax or law enforcement agencies.

3.1 TO PERFORM OUR BUSINESS

hera needs these data to provide services to its hera partners, consultants and clients:

• propose consultancies to hera partners and consultants in the field of work of hera

• propose contracts to hera partners and consultants in the field of work of hera

• implement tenders and contracts with hera partners and consultants in the field of work of hera

• establish a pool of capable consultants in the field of work of hera

• execute contracts with clients in the field of work of hera

• provide services to clients in the field of work of hera

3.2 LEGAL OBLIGATION

We may use your information also to:

• enable us to enforce our legal rights, and/or to protect the rights, property or safety of our employees and/or other third parties

• prevent, detect, mitigate and investigate frauds or illegal activities

• comply with legal obligations and requirements, for example tax purposes.

3.3 CONSENT

The way in which we collect and process your data is based on your consent.

If you do not provide your consent for us to process your personal data for a specific service that is offered under the lawful basis of your consent then we might not be able to provide that service to you in full.

Where we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time. If you are unsure how to withdraw your consent please contact the Data Protection Officer.

The personal and other data are collected and treated to realize the aimed service delivery by hera and can therefore be shared within hera. Hosting and storage of these data takes place in our protected hera cloud environment (MS365 Sharepoint), in our ERP AFAS software (cloud) and in applications in the cloud (website www.hera.eu, ) managed by Squarespace (www.squarespace.com) which is located in 8 Clarkson St, New York, NY 10014, USA.

Data collected as part of consultancy assignments are only used for the purpose of that consultancy assignment and are saved in a protected Teams and SharePoint environment where only consultants contracted for the assignment and hera employees have access to. All data will be processed only as required for the duration of the project. Processing will stop in relation to any data shared in relation to the Project or were collected by the Sub-Contractor when the Project has finished. The nature of the processing for the project may involve collection, recording, organising, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data. Any data processed would only be processed in relation to the project for the purposes of fulfilling contractual obligations, processing, assessment, review, monitoring, learning, audit or evaluation. The Consultant will provide the anonymised data set to hera at the end of its processing, whether on termination of the Agreement or otherwise, and will destroy any records or copies of that data it holds, and this at the latest within 10 days after termination of the Agreement. This responsibility is communicated to the Consultant as part of their contract with hera (see annex 1 and 2 for the Personal Data Processing Agreement with Consultants and Companies).

Anonymized data can also be used for studies and for statistical purposes, on the reach of the newsletter and the reach and the use of our website.

No personal data are distributed to third parties (including the clients we work with) without the explicit consent of the hera partner, employees or contracted consultants it refers to. hera employees, associates, partners or consultants can always ask to review their personal data which we have about them, update them or have them deleted if they wish.

The hera website uses cookies to collect information about the use of the website with the purpose to improve the content and the usability of the website. Website visitors can always refuse or delete cookies by adjusting the settings of your browser.

You can request from us a comprehensive list of our data processors.

We take all reasonable and appropriate technical and organisational measures to protect the security of your personal information throughout the course of our business. Technical safeguards include for example security audits, restrictive access, encryption, antivirus software, regular testing and evaluation.

Your personal data will be retained for no longer than is necessary for the purpose for which it was obtained, or for as long as we are obliged to according to relevant regulatory, tax, accounting, legal or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

We will then dispose of your information by removing all files and back-ups from all personal computers, shared drives and hard drives.

Details of retention periods for different aspects of your personal data are available in our data protection and information security policy which you can request by contacting us.

Under data protection law, you can exercise the following rights free of charge:

• withdraw consent - You can withdraw your consent at any given time by contacting the Data Protection Officer.

• access – You have the right to ask us for copies of your personal information.

• rectification – You have the right to ask us to correct personal information. You also have the right to ask us to complete information you think is incomplete.

• erasure – You have the right to ask us to erase your personal information in certain circumstances, i.e. if your personal data are no longer necessary for the purpose they were collected for or if you withdraw your consent.

• restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances, i.e. if you think that the information we process is inaccurate or unlawful.

• object to processing – You have the right to object to the processing of your personal information only if we process the relevant information on legitimate or public interest grounds.

• data portability – You have the right to ask that we transfer the personal information you directly gave us to another organisation, or to you, if we process the relevant information on consent or contract grounds.

• rights in relation to automated decision-making and profiling.

• lodge a complaint – You have the right to lodge a complaint to the supervisory authority if you think our processing of data is unlawful.

If you make a request to exercise your rights, we have one month to respond to you before you can complain to the relevant Data Protection Authority. You can also lodge a complaint if you are unsatisfied with our reply.

For Belgium, the contact details for the Data Protection Authority are:

Gegevensbeschermingsautoriteit

Drukpersstraat 35, 1000 Brussel

+32 (0)2 274 48 00

+32 (0)2 274 48 35

contact@apd-gba.be

We want the data we hold to accurate and up-to-date. Please contact us if you wish to make a change or if you have a question or complaint about how we use your personal data. See our full contact details in section 1 of this Privacy Notice.

We regularly update this Privacy Notice to reflect changes in our services and in data legislation. This Notice was last updated on 09 June 2023.

Protection of personal data

If you become a hera partner, are contracted by hera for any hera related work, subscribe to receive a newsletter or for activity on our website, personal data are requested. This information complies with the European privacy regulation “GDPR”.

Your personal data are collected and treated to realize the aimed service delivery by hera, and can therefore be shared within hera.

Data can also be used for statistical purposes (anonymised) on membership, the reach of the newsletters and the reach and the use of the website.

No personal data are distributed to third parties without your explicit consent. You can always ask to look into your personal data which we treat about you, update them or have them deleted if you wish.

This Cookie Notice ("Notice") explains how hera - right to health and development ("hera," "we," "us," or "our") uses cookies and similar tracking technologies on our website, which is hosted and managed by Squarespace. This Notice is intended to provide transparency and comply with the European Union General Data Protection Regulation (GDPR) and other applicable data protection laws.

WHAT ARE COOKIES AND SIMILAR TRACKING TECHNOLOGIES?

Cookies are small text files that are placed on your device (such as a computer or mobile device) when you visit a website. They are widely used to make websites work or improve their efficiency, as well as to provide information to the website owners.

In addition to cookies, we may also use other similar tracking technologies, such as web beacons, pixels, and scripts. These technologies work together with cookies to collect and track information about your interactions with our website.

TYPES OF COOKIES WE USE

We use different types of cookies on our website, including:

a) Essential Cookies: These cookies are necessary for the functioning of our website and cannot be switched off in our systems. They are usually only set in response to actions made by you, such as setting your privacy preferences, logging in, or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the website may not function properly.

b) Analytics and Performance Cookies: These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our website. They help us understand how visitors interact with our website by collecting and reporting information anonymously.

c) Functionality Cookies: These cookies enable enhanced functionality and personalization of our website. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies, some or all of these services may not function properly.

d) Targeting and Advertising Cookies: These cookies may be set through our website by advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other websites. They do not directly store personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

HOW WE USE COOKIES AND SIMILAR TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies for various purposes, including:

a) To provide and improve our website's functionality and performance.

b) To analyze and understand how visitors use our website and identify areas for improvement.

c) To personalize your experience on our website and remember your preferences.

d) To serve targeted advertisements based on your browsing activities.

YOUR CONSENT

By using our website, you consent to the use of cookies and similar tracking technologies as described in this Notice. You can manage your cookie preferences through the settings of your web browser. Please note that blocking or deleting cookies may impact your experience on our website.

THIRD-PARTY COOKIES

We may also allow third-party service providers to place cookies and similar tracking technologies on our website. These providers may collect information about your online activities over time and across different websites when you use our website. We do not have control over third-party cookies, and their use is subject to the third party's own privacy policies.

CHANGES TO THIS NOTICE

We may update this Cookie Notice from time to time to reflect changes in our use of cookies and similar tracking technologies. The most recent version will be posted on our website with the effective date indicated. We encourage you to review this Notice periodically for any updates.

If you have any questions or concerns about our use of cookies and similar tracking technologies, please contact communications@hera.eu