Privacy & Cookie Policy




Who are we?

The ECIIA is the voice of internal audit in Europe. Our role is to enhance corporate governance through the promotion of the professional practice of internal auditing.

Our members comprise 34 national institutes of internal auditing from countries that fall within the wider European region, representing 47 000 members. The ECIIA vision is furthering the development of good Corporate Governance and Internal Audit at the European level,  through knowledge sharing, developing key relationships, and impacting the regulatory environment.

ECIIA has its head office at Rue Royale 109-111, 1000 Brussels, Belgium. 



About your privacy

Your privacy is important to us and we strive to protect your personal data in accordance with applicable data protection legislation and more specifically with the General Data Protection Regulation 2016/679 (“GDPR”) and with the applicable national legislation.



Personal data collected

In the context of our mission, we collect personal data relating to:

  • our members and members’ representatives, as members of our board, members’ assembly or committees;
  • subscribers to newsletters, news alerts or policy updates;
  • attendees at our events, including speakers or potential speakers;
  • persons who give us their business card at meetings or events;
  • stakeholders with whom we engage within the framework of our mission.



How do we collect personal data?

We may collect information about you in various ways:

  • from our members if they designate you as their representative or as a member of one of our committees;
  • directly from you;
  • when you visit our website or interact with us through our social media accounts;
  • when you fill in (web) forms to attend events, receive newsletters, publications, policy updates, etc.;
  • when you respond to online surveys and polls;
  • when you hand over your business card.



What personal data do we collect?

We may collect the following information about you:

  • Personal identification data: name, address, telephone number, email address or other contact details;
  • Electronic identification: data Surfing behaviour and tracking results of our e-mailings (we track whether you have received, opened or clicked on our e-mails);
  • Financial transactions: payment overviews, proof of payment, amounts paid or due, etc.;
  • Personal characteristics: areas of expertise, elements of evaluation of (potential) speakers, etc.;
  • Lifestyle and areas of interest: dietary requirements;
  • Social contacts:Information on business partners and other contacts;
  • Employment and functions exercised: current functions and/or previous functions, participation to working committees, information about your position with one of our members, etc;
  • Photos and videos: photos and videos made at events, meetings, etc.



For what purposes do we use your personal data?

We use your personal data for the following purposes:

  • member administration and member communication;
  • supplier administration;
  • public relations purposes;
  • information-sharing purposes via electronic mailings (if you subscribed to them);
  • management and analysis of our website(s) and social media channels research and statistical purposes;

For member administration and member communication, we process certain personal data of members’ representatives as required for the proper execution of our mission.

For information-sharing purposes via electronic mailings, we base the processing of your data as per the consent you have provided us with. You may update your preferences at any time or unsubscribe via the link available in all mailings.

In all other cases, the processing of personal data is based on our legitimate interests to analyse website statistics, to improve the content and quality of our website and to conduct research and surveys



With whom do we share your personal data?

We may share your personal data with third parties, such as partner organisations with whom we organise events and service providers we use (e.g. IT service providers).

Where relevant, contractual safeguards are implemented to ensure the protection of your personal data when disclosing your personal data to a third party.

Your personal data will never be rented or sold to third parties for commercial purposes. Neither will we transfer any personal data outside the European Economic Area.



How long do we keep your personal data?

Your personal data will not be stored for longer than necessary in relation to the purposes for which we process them (we refer to the purposes as listed above). Afterwards they might still be found in our back-ups or archives, but will no longer be actively processed in a file.

More specifically, we apply the following retention guidelines:

  • the personal data that is collected via website cookies will be stored for the storage period of the cookie, as indicated below;
  • the personal data that is collected from attendees of our events are archived and no longer used after the event has taken place (unless you have indicated the wish to be informed of our future events or activities). As soon as we note that your contact details are no longer accurate or active, or whenever you decide to use your right to unsubscribe, we will no longer keep your personal data for these purposes;
  • any personal data used for information-sharing purposes will be retained for as long as we are sending you relevant mailings/newsletters. As soon as we note that your contact details are no longer accurate or active, or whenever you decide to use your right to unsubscribe, we will no longer keep your personal data for these purposes;
  • personal data used for member administration are retained for as long as these data are relevant for the execution of our mission; and personal data used for the purposes of statistics or research are anonymised as soon as possible.

Only where we are legally obliged to, or where it is necessary for defending our interests in the context of judicial proceedings (e.g. in case of a dispute), we will store the personal data for longer periods. More information on our retention periods is available upon simple request.



How do we protect your personal data?

We have implemented administrative, technical and organisational measures to ensure a level of security appropriate to the specific risks that we have identified. We thereby strive to protect your personal data (to the extent reasonably possible) against destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.

We seek to ensure that we keep your personal data accurate and up to date. In view thereof, we kindly request you to inform us of any changes to your personal data (such as a change in your contact details).



What are your rights and how can you exercise them?

Under certain conditions, you have the legal right under articles 15-22 of the GDPR to:

  • access your personal data;
  • rectify, complete or update your data;
  • erase your personal data (‘right to be forgotten’);
  • restrict processing of your personal data;
  • object to the processing of your personal data (i.e. your right to unsubscribe from newsletters and event invitations);
  • receive your personal data in a structured, commonly used and machine-readable format and to (have) transmit(ted) your personal data to another organisation.

To read more about these rights, please go to the website of the Belgian Data Protection Authority here. In principle you may exercise these rights free of charge. Where requests are manifestly unfounded or excessive we may however charge a reasonable fee.

You can exercise these rights by contacting us at A proof of identity may be required.

You also have the right to lodge a complaint with your Data Protection Authority. The Belgian Data Protection Authority can be reached at this link



Use of cookies and social media buttons

Cookies are small pieces of data that are stored on your computer or mobile device via your browser. We use performance cookies (Google Analytics, ClickDimensions web analytics and AddThis social sharing widget) and social media buttons on our website.

Performance cookies placed by Google Analytics (_ga, _gat) collect navigation information for statistical purposes and help us improve our website and user experience. The storage period is 26 months for Google Analytics, but ECIIA  only receives geolocalisation data and no IP address. Please visit this link to learn more about how Google processes such data and about the possible transfer of your cookie data (to Google data centres) outside the European Economic Area. To opt out of being tracked by Google Analytics across all websites, you can visit this page.

Our ‘cookie consent banner’ will register your consent to all cookies above.

Social media buttons are used to enable the possibility to share content via the most common social media platforms. When you decide to share content with these buttons, our website will link you to the chosen social media platform. When you do so, you are bound by the terms and conditions as well as the privacy policy of the relevant social media platform.



How can you manage / delete these cookies?

All major internet browsers offer the option to manage the cookies that were installed on your computer or mobile device. In addition, you can set your mobile or browser to get a notification every time you receive a cookie on your device, so that you can decide whether you wish to accept this cookie or not.

Please note that when you disable certain cookies of which we are making use, certain parts of our website might no longer function properly, and you will no longer enjoy an optimal user experience.




If you have any questions, comments or complaints in relation to this privacy policy or our processing of your personal data, please feel free to contact us at by regular mail at the attention of Carolina Baltazar at Rue Royale  109-111, 1000 Brussels or via



Our website uses cookies, mainly from 3rd party services. Please read our Privacy & Cookies Policy to learn more.