Privacy & Cookies Policy

1. Introduction

The Virtual Worlds Association IVZW (“the Association”, “we”, “us”) is fully committed to protecting the personal data of all visitors and users of our website https://www.virtualworldsassociation.eu/. Safeguarding privacy and ensuring that personal data is handled responsibly and transparently is of the utmost importance to us.

We take data protection seriously and process personal data strictly in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Belgian Law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data, the ePrivacy Directive (2002/58/EC, as amended by Directive 2009/136/EC) and any other applicable data protection laws. This Privacy & Cookies Policy explains what personal data we collect through our website, how and why we process it, the legal bases we rely on, how long we keep it, and what rights you have in relation to your data.

Our aim is to provide you with clear, accessible information about how we handle your data, and to demonstrate our ongoing commitment to respecting your privacy and complying with the highest data protection standards.

Please note that the Association is not liable or responsible for ensuring compliance with the General Data Protection Regulation (GDPR) or local privacy laws for external pages or websites advertised or redirected from our website. Each external website or page accessible through our platform maintains its own privacy policies and terms of use, which users are advised to review independently. While we make reasonable efforts to partner with reputable entities, the practices and policies of these external sites are beyond our control. Users accessing these external pages or websites do so at their own discretion and risk.

A. Privacy Policy

A1. Key definitions

For the purposes of this Policy:

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.

“Processing” means any operation performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, restriction, erasure, or destruction.

“Controller” means the natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

“Data Protection Officer (DPO)” means the person designated to monitor compliance with GDPR, act as a contact point for data subjects and the supervisory authority, and advise the controller or processor on data protection obligations.

A2. Identity of the controller

The controller responsible for the processing of personal data via this website is:

Name: Virtual Worlds Association, international non-profit association

Registered address: Rijvisschestraat 124, 9052 Zwijnaarde, Belgium

Contact email: <anne@annedemoor.be>

If you have any questions regarding this Policy (including the Cookies Policy), you can contact us via the above email or address.

A3. Categories of personal data collected

While you are interacting with our website, we may process the following categories of personal data:

• Identification details (e.g. [name, surname])
• Contact details (e.g. [email address, telephone number, postal address])
• Organization-related details (e.g. [organisation, position])
• Job applicants’ details (e.g. [CVs, motivation letters, identification details, contact details, organization-related details]
• Educational level (e.g. [Bachelor’s Degree, Master’s Degree, PhD])
• Domain of Expertise & interest in SRIA chapters (e.g. [Manufacturing, Culture, Media, etc])
• Information regarding user interaction (e.g. [IP address, cookies, clicking behavior], see also our Cookies Policy below)
• Other data voluntarily provided in forms or correspondence (e.g. [free-text fields])

A4. Purposes of processing

We may process personal data for the following purposes:

• To process membership applications
• To respond to queries and communications submitted through the website
• To provide you with technical or other support requested through the website
• To manage registration and participation in events, activities and/or initiatives
• To manage mailing lists (where the individual has subscribed)
• To send marketing communications, newsletters and updates about our services (where the individual has subscribed)
• To inform you about events, initiatives or activities of our organization
• To process job applications and respond to job applicants applying through our website
• To inform you or contact you or put you in touch with relevant people about activities you have shown interest in
• To solicit your feedback in revising the strategic research agenda and other key documents of the virtual worlds association that will be placed under public consultation
• To use your data for statistics and other website analysis
• To improve our website and enhance user experience.
• To analyze website usage and trends
• To comply with our legal and regulatory obligations
• To fulfill any other legitimate interests

We will only use your personal data to send you marketing communications or newsletters, where we have your prior consent. In certain cases, and in accordance with applicable law, we may rely on the “soft opt-in” exception, which allows us to use your contact details obtained in the context of a prior interaction with you to promote similar activities or services, provided that you are clearly offered the opportunity to opt out at the time of collection and with every subsequent communication. You may withdraw your consent or object to receiving marketing communications at any time by following the “unsubscribe” link included in our messages or by contacting us at <anne@annedemoor.be>.

A5. Legal bases for processing

Your personal data may be processed by us if there is a valid legal basis under the GDPR. These grounds may be:

• Consent (Art. 6(1)(a) GDPR)

Consent means that you have freely given us permission to process your personal data for a specific purpose. Consent must be informed, specific, and revocable at any time.

• Performance of a contract (Art. 6(1)(b) GDPR)

Processing is lawful when it is necessary to perform a contract to which you are a party, or to take steps at your request prior to entering into a contract.

• Compliance with a legal obligation (Art. 6(1)(c) GDPR)

In some cases, we are required by law to process personal data (e.g. obligations relating to accounting, tax, or regulatory compliance).

• Legitimate interests (Art. 6(1)(f) GDPR)

Processing is lawful if it is necessary for the purposes of the legitimate interests pursued by the Association or a third party, provided that such interests are not overridden by your fundamental rights and freedoms.

How these bases may apply to our website:

• When you provide personal data through contact forms, newsletter subscriptions, or acceptance of cookies: the legal basis is your consent.
• When you register for an event, membership, or activity: the legal basis is the performance of a contract (processing is necessary to manage your registration and participation).
• When we are required to keep certain records (e.g. financial records, invoices): the legal basis is compliance with a legal obligation.
• When you apply for membership with the Association, we process your personal data as necessary to manage your application request in accordance with the Association’s Articles of Association: the legal basis is the performance of a contract.
• For ensuring the security and proper functioning of our IT systems, or to protect against fraud or misuse: the legal basis may be our legitimate interests.

Withdrawal of consent

Where processing is based on your consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal. To withdraw your consent, please contact us at <anne@annedemoor.be>.

A6. Recipients of personal data

As a general rule, we do not sell, trade, or otherwise transfer your personal information to third parties without your consent.

However, we may disclose your personal information if required by law or in response to a valid legal request and we may share your personal information with trusted recipients who assist us in operating our website, supporting you regarding your requests and performing our activities. In the latter case, such recipients or third parties will be contractually required to process personal data only on our instructions and in compliance with GDPR and applicable data protection laws.

Therefore, recipients may include:

• IT and website hosting providers
• External consultants or service providers
• Payment service providers and banks (if applicable)
• Public authorities where required by law

More concretely but not exhaustively, we may share your personal information with the recipients below:

• Google Cloud Services
• Zapier.com
• Stripe.com

A7. International data transfers

The      Association may transfer personal data outside the European Economic Area (EEA). Such transfers will only take place:

• to countries that the European Commission has recognised as providing an adequate level of protection for personal data (adequacy decision); or
• subject to appropriate safeguards, such as the European Commission’s Standard Contractual Clauses, Binding Corporate Rules, or other lawful transfer mechanisms under the GDPR.

Details of such transfers, including the applicable safeguards, will be made available upon request.

A8. Retention of data

We will retain personal data only for as long as necessary for the purposes described in this Policy, and in line with statutory obligations.

Event/Activity participation data: [3 years]

Newsletter/mailing lists subscriptions: until consent is withdrawn

Job applications: [3 years]

Support/queries: [3 years]

All other purposes: [3 years]

A9. Security of processing

The Association takes the security of your personal data very seriously. In accordance with Article 32 GDPR, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

These measures include, for example:

• Technical measures: access controls and authentication mechanisms, encryption and pseudonymisation of data where appropriate, firewalls and intrusion detection systems, regular updates and security patches, secure data transmission (HTTPS/SSL).
• Organisational measures: staff training and awareness, strict access rights policies (“need-to-know” principle), internal procedures for data handling, confidentiality obligations for staff and contractors, and incident response planning.

Personal data may be stored in different forms and locations, including:

• on secure servers operated or contracted by the Association;
• on local devices or systems within our offices, subject to access restrictions;
• in secure backup systems to ensure business continuity.

We do not use personal data collected through our website for profiling or for making decisions based solely on automated processing which produce legal effects concerning you or similarly significantly affect you, as defined in Article 22 GDPR.

Whenever personal data is shared with third-party providers (e.g. IT hosting services, consultants, or other service providers), such parties are bound by contractual obligations to process the data only on our documented instructions, to apply adequate security measures, and to respect confidentiality.

While we strive to use commercially acceptable means to protect your personal data, please note that no method of transmission over the Internet or method of electronic storage is completely secure. Nonetheless, we continuously monitor and update our safeguards to reduce risks as far as possible in line with legal and industry standards.

B. Cookies Policy

B1. Introduction

This Cookies Policy explains what cookies are, the types of cookies we use on our website, the purposes for which they are used, and how you can manage your cookie preferences.

B2. What are Cookies?

Cookies are small text files placed on your device (computer, smartphone, tablet) when you visit a website. They are widely used to make websites work, improve user experience, and provide information to the website owner. Cookies can also enable tracking of user interactions across websites.

Similar technologies (such as pixels, web beacons, or tracking scripts) are also covered by this policy.

B3. Types of Cookies We May Use

Our website may use the following categories of cookies:

• Strictly Necessary Cookies
  These cookies are essential for the functioning of the website and cannot be switched off in our systems. They are usually set only in response to actions you take (such as filling out forms, setting privacy preferences, or logging in).
• Functional Cookies
  These cookies enable the website to provide enhanced functionality and personalisation (e.g. remembering language preferences).
• Analytics/Performance Cookies
  These cookies allow us to measure and analyse traffic on our website so we can improve its performance. For example, they help us know which pages are most popular.
• Marketing/Advertising Cookies
  These cookies may be set through our site by advertising partners to build a profile of your interests and show you relevant adverts on other sites.
• Social Media Cookies / Third-Party Cookies
  These cookies are set by third-party services (such as Facebook, LinkedIn, Twitter, YouTube) that we may integrate on our website to allow you to share content or view embedded content. These third parties may collect data about your browsing habits across websites.

B4. Cookie Banner and Consent

When you first visit our website, you will be presented with a cookie banner. Through this banner, you can:

• Accept only strictly necessary cookies.
• Consent to functional, analytics, and/or marketing cookies.
• Review and change your preferences at any time.

Your consent is required for any cookies other than strictly necessary ones.

B5. List of Cookies Used

A detailed list of the cookies used on our website, their purpose, provider, and retention period is available below:

B6. Managing Cookies

You can manage your cookie preferences at any time via the cookie banner or settings on our website.

In addition, most browsers allow you to block or delete cookies through their settings. Please note that blocking essential cookies may impact the functionality of the website.

For more information on managing cookies, you can visit:

• Google Chrome Support
• Mozilla Firefox Support
• Microsoft Edge Support
• Apple Safari Support

B7. Third-Party Cookies and Services

Our website may include links to third-party websites, plug-ins, or embedded services. If you interact with these, the third parties may set cookies and collect data independently. We encourage you to review the privacy and cookie policies of those providers:

• X
• Meta
• Linkedin
• Tiktok
• Youtube

2. Data subject rights

As a data subject, you have the following rights under the GDPR:

• Right of access (Art. 15 GDPR) – to obtain confirmation as to whether we process your personal data, access to that data, and information about how it is processed.
• Right to rectification (Art. 16 GDPR) – to request the correction of inaccurate or incomplete personal data.
• Right to erasure (“right to be forgotten”, Art. 17 GDPR) – to request the deletion of your personal data when it is no longer necessary for the purposes collected, or if you withdraw consent, object to processing, or where processing is unlawful.
• Right to restriction of processing (Art. 18 GDPR) – to request that the use of your data is limited, e.g. while accuracy is being verified or in case of an objection.
• Right to data portability (Art. 20 GDPR) – to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
• Right to object (Art. 21 GDPR) – to object at any time to the processing of your personal data on grounds relating to your particular situation, including processing based on legitimate interests or for direct marketing.
• Right to withdraw consent (Art. 7(3) GDPR) – where processing is based on your consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out before withdrawal.

Please note that the exercise of these rights may be subject to conditions or restrictions under applicable law. For example, we may refuse or limit the fulfilment of your request where processing is necessary for compliance with a legal obligation, for the performance of a contract, or for the establishment, exercise, or defence of legal claims.

Requests to exercise these rights or any queries about how your personal data is processed can be sent to <anne@annedemoor.be>.

You also have the right to lodge a complaint with the Belgian Data Protection Authority (GBA/APD): https://www.autoriteprotectiondonnees.be/citoyen/agir/introduire-une-plainte  .  

You can contact them as follows:

Address: Rue la Presse / Persstraat 35, 1000 Brussels

Email: contact@apd-gba.be 

Tel: +32 (0)2 274 48 00

3. Updates to this Policy

We may update this Privacy & Cookies Policy to reflect changes in legislation, technology, or our practices. Any updates will be published on this website and will indicate the “last updated” date and “Version”. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your personal information.

Version: v3.0

Last updated: Nov 5th, 2025