Privacy policy

This document lays down the privacy policy of:

ACEA (Association des Constructeurs Européens d’Automobiles)
Rond-Point Schuman 6 
1040 Brussels
Tel: +32 2 732 55 50

It sets out how we process data and explains your rights and how to exercise them.

For any questions regarding this policy, please contact

It is our policy to respond as soon as possible and at the latest within 30 days to any request you send us in relation to our privacy policy or how we process your data.

How we process data

  • Data categories

The data we process are limited to: name, first name, job title, company, address, telephone, email unless you have provided us with additional information.

  • Data collection

We collect your data either directly from you, from the website of your organisation or from a private database (Dods Group PLC).

  • Processing purpose and legal basis
  1. Members:
    If you are a member of one of our working groups, we use your data only to inform you about the EU policy issues that are relevant for the working group(s) that you are a member of. We consider such processing to be necessary for the performance of your company’s membership agreement with ACEA. 
  2. Non-members:
    If you are not a member of ACEA, we use your data only to inform you about our position on EU policy issues, invite you to our events and send you our press releases. We consider such processing to be in the legitimate interest of ACEA as a trade association whose mission it is in a representative democracy with a free press to represent the European automobile manufacturers at EU level and to act as an interface between our member companies and the EU institutions, the media and other companies and associations that try to influence EU decision-making. We believe our legitimate interest outweighs your right to the protection of your personal data since we process your data only to contact you in your professional capacity and to send you only information that is relevant for your professional activity.
  • Data sharing

By using Office 365 software for data storage, we share your data with Microsoft Corporation. This company processes your data on servers located in the European Union.   

If you are a member of one of our working groups, we share your data with the other members of the group(s) that you are a member of.  

We may share your data with our affiliates and with other partners such as companies that host or (co-)organise our events insofar as this is necessary for specific purposes such as logistics and security. Where these companies act as data processors on our behalf, we require them to process your data in accordance with this privacy policy. 

We may also disclose your data comply with a reasonable request from competent law enforcements agents, judicial authorities and governmental agencies or bodies including competent data protection authorities. 

We do not share your data with any third party in any other way. 

  • Automated decision-making

We do not use automated-decision making when we process your data.

  • Data storage period

We store your data as long as they are current.

We will send you a notice once a year to verify whether your data are still accurate.

We instruct our staff to inform our database managers whenever they become aware of any changes in your professional situation so that we can update or remove your data as appropriate.

  • Security

We do our utmost to protect your data against destruction, loss, alteration or unauthorised disclosure.

In terms of organisational measures, we have limited the access to your personal data to specifically appointed employees who have been trained to handle such data properly. To prevent anyone else from accessing your personal data, these employees use Microsoft’s Identity and Access Management solutions to access our devices, apps and cloud services.

In terms of technical measures, we use Microsoft Intelligent Security Graph (ISG) to protect, detect, and respond to security incidents. For example, malware gets detected by Office 365 Advanced Threat Protection, shares that information with services like Windows Defender ATP and Advanced Threat Analytics, that collectively protect our user identities, apps and data, devices, and infrastructure against advanced persistent threats.

  • Amendments

We will send you a notice whenever we make substantive changes to our privacy policy that materially affect your rights, for example if we would collect additional data or if we would use your data for additional purposes.

Your rights and how to exercise them

  • Right to access

You have the right to access your data that we process. To do so, please send an email to

  • Right to rectification

You have the right to ask us to correct your data. To do so, please send an email to

  • Right to erasure

You have the right to ask us to erase your data. To do so, please send an email to

  • Right to restrict data processing

You have the right to ask us to restrict the processing of your data where:

  • You contest the accuracy of your data, for a period enabling us to verify their accuracy
  • Our processing is unlawful and you prefer to restrict the use we make or our data rather than ask for their erasure
  • We no longer need to process your data but you need the data for the establishment, exercise or defence of legal claims
  • You object to the processing of your data, for a period enabling us to verify whether our legitimate interest for processing your data overrides your rights

To do so, please send an email to

  • Right to object

Where we process your data on the basis of our legitimate interest, you have the right to object to this processing. To do so, please send an email to

  • Right to withdraw consent

Where you have given us your explicit consent to process your data, you can withdraw your consent at any time. To do so, please send an email to

  • Right to data portability

You have the right to ask us to provide you with your data that we process in an electronic format so that you use the data or transmit it to another data controller. To do so, please send an email to

  • Right to lodge a complaint

You have the right to lodge a complaint about how we process your data with the Belgian data protection authority: Commissie voor de bescherming van de persoonlijke levenssfeer/ Commission de la protection de la vie privée; Drukpersstraat/ Rue de la Presse 35; 1000 Brussel / Bruxelles;

back to topback to top