Confidentiality Policy
Table of Contents
I. What is the purpose of a confidentiality policy? ?
- A. Principles
- B. Legal notice
II. Collection of personal data – Privacy charter
- A. What are personal data?
- B. What kind of personal identification data is collected about you?
- C. Who collects your data?
- D. What to do in the event of identity theft, data theft or computer piracy?
- E. How does the BRPS use your data?
- A. What is a cookie?
- B. Types of cookies we use
- C. How to manage cookies on my computer, tablet, etc.?
IV. Your rights with regard to your personal data
I. What is the purpose of a confidentiality policy?
A. Principles
The Brussels Regional Public Service (BRPS) undertakes to protect your personal data online in accordance with regulations concerning privacy. It also undertakes to comply with the right to one’s image (see section “B. Legal notice”). This policy governs all the pages of the websites managed by the BRPS.
The BRPS uses your personal data that it collects in order to communicate with you, better understand how its website (including its mobile apps) or services are used, and send you information that may be of interest to you (see sections II and III of this policy).
There are several other names for this policy – “Privacy statement”, “Data Protection Policy” or sometimes simply “Privacy”. Its goal is always the same: to inform users about how their personal data are used.
The BRPS invites you to read this policy in order to understand how your personal data are used. Seeing as this policy may be subject to modifications, the BRPS invites you to consult it regularly.
This confidentiality policy is a document which specifies the way in which the BRPS collects, uses and communicates data. It aims to fulfil four roles :
- Inform users about the collection and use of their personal data.
- Offer users the possibility to withdraw their consent for this processing of their personal data.
- Offer users access to the data collected and allow them to exercise their rights with regard to these data.
- Reassure users about the security of their data.
All these measures help to ensure that your personal data will not be sold to third parties or used for malicious purposes.
B. Legal notice
1. Regulations concerning privacy
The BRPS will use your data in accordance with regulations concerning privacy, in particular the following legal texts :
- The regulation (UE) 2016/679 of the European Parliament and the Council of 27 April 2017 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, also called “GDPR”);
- The Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications);
- The Law of 3 December 2017 concerning the creation of the Belgian Data Protection Authority.
Specific provisions
Specific provisions might apply, for example, if you take part in contests. In that case, they will be mentioned in the appropriate place concerning the general purpose: for example, in the regulations concerning participation in the said contest.
3. Changes to the confidentiality policy
The BRPS reserves itself the right to modify this confidentiality policy with a view to ensuring its compliance with regulations in force concerning privacy or adapting it to its practices. Consequently, it invites you to consult it regularly in order to learn about any modifications. The new versions will be published on our website and the date of the update will appear in the last paragraph.
The BRPS will not make any modifications that will reduce the level of protection of your rights as guaranteed in this confidentiality policy, without obtaining your prior consent.
II. Collection of personal data – Privacy charter
A. What are personal data?
“Personal data” (hereinafter referred to as “your data” when it is yours) represent all data concerning an identified or identifiable natural person (hereinafter referred to as “data subject”). An identified or identifiable person is considered to be a person who can be identified directly or indirectly, in particular using an identification, such as a name, an identification number, location data, online identification, or one or more elements that are specific to his or her physical, physiological, psychological, genetic, mental, economic, cultural or social identity.
Personal data must be processed lawfully, fairly and in a transparent manner with regard to the data subject, collected for specified, explicit and legitimate purposes, be appropriate, relevant and not excessive, be accurate and stored in a format which enables the identification of the persons in question.
B. What kind of personal identification data is collected about you?
The type and volume of data that the BRPS receives and saves depends on how you use our website and other communication platforms. It is possible for you to access most of our pages without indicating who you are and without revealing personal data.
In some cases, the BRPS will ask you to supply these details in order to provide specific services or send you correspondence. The personal identification data that you provide in this manner will not be transmitted to any third parties other than for the purpose of implementing the service requested.
The BRPS does not collect personal data unless this data is willingly divulged.
By entering willingly into contact with the BRPS or by making an account on one of its websites, you declare that you agree to the legitimate collection of data, for example: surname and first name of the data subject, e-mail address, phone number, content of the message, time (date and time), the header of e-mails and any physical address mentioned, as well as any other personal data you have supplied.
On the other hand, data may be collected while you browse the BRPS websites or use its services without you communicating directly your details (see section III Cookie policy).
In order to facilitate your registration, it is sometimes possible for you to associate a personal social media account (e.g. Facebook, Google, Twitter, Instagram, …) with your account created for the BRPS or one of its administrations. In this case, some of the personal data that you have communicated to these third party services (basic data, email address, etc.) may be transmitted to the BRPS by the editors of these third party services. The BRPS invites you to read their policy with regard to processing personal data and, if necessary, to configure these third party services concerning the transmission of your personal data.
By accepting this confidentiality policy when creating your account, you agree to your data being processed accordingly to the conditions and methods specified in this confidentiality policy.
C. Who collects your data?
When you are on the BRPS website or on any other communication platform that is dependent on it or on which its staff members are active to perform their official duties, and you are asked to provide personal data, you communicate this data to the BRPS, and to it alone, unless otherwise specified.
This is the case, for example, for online payments. When you use our provided form for this purpose, after completing it with your personal identification data and validating it, you are automatically transferred to the secured environment of a partner company, usually your own bank. This is a highly secure environment in which you will be asked to enter data concerning your debit/credit card.
D. What to do in the event of identity theft, data theft or computer piracy?
The BRPS has taken all possible and relevant legal and technical measures to prevent unauthorised access and use of your data. Consequently, it declines all responsibility in the event of identity theft, data theft or computer crime. In the event that its computer systems are hacked, the BRPS will immediately take all possible measures to limit damage and/or theft and it will inform you about the data concerned and the extent to which they have been affected.
In the case of identity theft, data theft or computer crime, the BRPS invites you to file a complaint with the Complaints Department [insert hyperlink to the Complaints Department] as well as with the competent authorities. Once the complaint has been received by the Complaints Department, and unless otherwise instructed by the said authorities, the BRPS will store the data in question for a period of two years.
E. How does the BRPS use your data?
The BRPS does not distribute, rent or sell data about the user to anyone. It uses personal data about yourself to better understand the people who visit its websites (including social media, blogs, forums, etc.), apps and other technological and communication systems. It also uses your data to be able to send you information to which you have subscribed or which it feels may be of interest to you.
If you owe money to the BRPS, your data may be transmitted in part to agencies for purely technical and administrative processing. These agencies are not authorised to distribute, sell or rent your data.
1. The end goals of using your data
The BRPS uses your data only for specified, explicit and legitimate goals designed to :
- Allow the organisation of the game/contest/quiz in which you are participating.
- Manage the relationship of the BRPS with you, manage advertising for its services or those of the BPRS’s partners, even those of third parties: for example, it should collect and use your data to send you its newsletters and keep you informed about its contests, useful tips, and other data which may be of interest to you.
- Customise your experience by recommending content that is likely to interest you according to your centres of interest, your age category and your earlier use of its services.
- Understand your preferences and habits in order to allow it to customise its offering and, ultimately, offer you content, including advertising that matches your profile.
- Offer customised content and adapt its websites and its services, as well as the content and adverts that it offers (i) to the characteristics that you have entered and which it is not possible for us to know (age, gender, etc.) and, if applicable (ii) to your earlier browsing that it may know.
- Improve its content on the basis of data about who consults it and how its content is consulted.
- Evaluate the effectiveness and conviviality of the BRPS’s websites and other technological systems, as well as their improvement for the benefit of our web users and other users.
- Carry out internal statistical surveys and market research: for example, in order to evaluate your interests and better define the development of its contests, games, quizzes, services and its communication strategies.
2. Data storage period
The BRPS only stores your data for a period that does not exceed that required with regard to the final goals for which it is used in agreement with legal requirements.
3. Communication of your data
The BRPS may communicate your data to its administrations and its partners in order to achieve exactly the same purposes as those developed above, provided that data sharing is fair and lawful, in order to fulfil a specified, explicit and legitimate purpose.
With a view to help you to discover the products or services likely to be of interest to you, the BRPS may also communicate your data to other third party companies, provided that you have explicitly agreed to this.
Your data may be transmitted to third parties acting on behalf of the BRPS or for it, with a view to the data being used in line with the purposes for which it has been collected (for example, a transport company in order to deliver a prize won by participating in a contest or a company that will send newsletters). The BRPS ensures that its own sub-contractors guarantee an adequate level of protection, namely that it demands a contractual guarantee from its sub-contractors that they will use your data solely with the authorised purpose in mind, and with discretion and the required security.
4. Security and confidentiality of your data
Access to your data is limited to BRPS staff members who need to know it and who comply with strict privacy standards when processing your data.
To guarantee the security and confidentiality of your data, the BRPS has set up the highest safety standards and it only works with sub-contractors which are also required to comply with it. Despite the resources implemented in order to create a reliable website worthy of confidence, the BRPS recalls that the Internet is not a completely safe environment. Consequently, the BRPS does not assume any responsibility for or does not guarantee the security of your data during their transit over the Internet.
5. Transfer of your data outside of the European Union
In accordance with privacy regulations, personal data may only be transmitted to countries which guarantee an adequate level of security, and which comply with the same or essentially equivalent provisions and guarantees as those of privacy regulations. The country, duration of the transfer and storage, the nature of the data and the exact purpose are criteria that need to be examined on a case-by-case basis.
The Brussels-Capital Region guarantees that it shall refrain from carrying out the processing or storage of data in countries that cannot offer essentially equivalent guarantees, except if :
- the person in question has given their explicit agreement;
- the transfer is necessary to implement the contract (between the user and the BRPS);
- the transfer is necessary for the end or execution of a contract concluded or to be concluded between the party responsible for processing and a third party in the interests of the user;
- the transfer is necessary (important public interest or right) or meets a legal obligation;
- the transfer takes place from a public register intended to inform the public, by virtue of European or national law.
6. Sending advertising by e-mail and any other communication method
The BRPS will be delighted to share with you its newsletters, contests, useful tips and any other information likely to be of interest to you by e-mail and/or by any other communication method (all social media, for example: Facebook, Twitter, Instagram, LinkedIn, forums, etc.).
Of course, at any time and free of charge, you have the right to oppose the use of your personal data to receive advertising from the BRPS, its administrators, partners or third party companies.
In order to oppose the sending of any further communications, just choose one of the following options :
- click on the unsubscribe link included in the advertisement e-mail;
- modify your account settings.
- Should these steps undertaken against the responsible administration or the modification of your user preferences have no results, we invite you to exercise your rights by means of the procedure described in section IV “People involved exercising their rights”.
Only if you have agreed to it, we will send your email address and/or your personal data to our partners and other third party companies so that they send you product or service offers likely to be of interest to you.
7. Hypertext links to other websites
The websites of the BRPS and its services may contain hypertext links to other websites which are not operated or controlled by the BRPS. Consequently, the BRPS may not be held responsible for the content of such websites, or any protection practices of third parties that operate them and which may differ from our own.
III. Cookie policy
In order to facilitate the use of its website and make it more pleasant, the BRPS uses cookies. These allow its sites to memorise your actions and preferences (username, language, size of characters and other display settings) for a given period of time so that you do not have to communicate this information again each time you consult these sites or browse from one page to another.
A. What is a cookie?
A cookie is a small text file, which may be encoded, that is stored by a website on your computer or any other technological system (smartphone, tablet, etc.) that you use to consult it. These cookies are designed to speed up and personalise how you use the BRPS site when you visit it and return to it.
To that end, cookies communicate data between your web browser (Chrome, Firefox, Internet Explorer, Safari, etc.) and the server that hosts your website. For example, cookies communicate about your site display preferences (language, size of characters, etc.), your browsing history, your choices from among the options proposed by a site, or by saving data.
Cookies allow the BRPS, for example, to compare new visitors with old ones, understand how users browse its site, count the visitors to the site and obtain information which it will use to improve the browsing experience in the future.
Cookies do not keep any trace of personal data about a user and identifiable data will never be saved. If you do not want to use cookies, you must configure your computer’s settings in order to delete all of the website’s cookies and/or receive a notification if cookies are saved.
If you do not want to modify the cookies settings, you can simply continue visiting the site.
B. QUEL TYPE DE COOKIES UTILISONS-NOUS ?
Type of cookie | Compulsory/optional | Name of the cookie and storage period | Purpose of the cookie |
---|---|---|---|
Cookies strictly necessary for browsing | Compulsory | / | / |
Analytical and performance cookies | Compulsory | Google Analytics. These cookies are anonymous and their lifespan may be as much as 2 years. | For example, know the number of visitors, their geographic location, their path on the site (how and via which page they accessed it, the pages that followed their session and the page via which they left the site), the time of the visit, etc. |
Functional cookies | Optional |
1. Cookies strictly necessary for browsing
These cookies are essential for browsing the site and taking advantage of its features. They cannot be deactivated in our systems. They are stored on your terminal in response to your actions, which are equivalent to a request for services, such as defining your privacy preferences, logging in (accessing secure areas on the site) or completing forms.
Therefore, they allow :
- browsing between the website’s sections;
- completing of forms;
- safe checks of your identity before allowing access to your personal data when a personal account has been created, including browsing between the site’s secure zones which require authentication.
You can configure your Internet browser to block cookies or notify you about the existence of cookies. If you refuse these cookies at a later date, certain sections of the website or certain of the services proposed may not work as they should or may not even work at all.
2. Analytical and performance cookies
These cookies collect data about the way in which visitors use a website and, in particular, the number and behaviour of users on the sites.
These cookies allow the BRPS in particular to draw up statistics. For example, by counting visits and the traffic sources so that the BRPS is able to assess and improve the performance of its websites and its services. They help to know which pages are the most and least popular, see how visitors browse the sites and how its services are used.
These cookies also help to verify its performance in the sense that they also indicate if error messages are sent, how often and on the basis of which actions.
Cookies do not collect data that allow visitors to be identified. To the extent that all the data collected by these cookies are brought together, they remain anonymous. These cookies are designed solely to improve the functioning of websites.
The data collected by the cookies are aggregated. The consequence of this is that if you delete these cookies, the BRPS will ignore when you visited our site or used its services and it will not be able to monitor its performance.
By using a BRPS website, you agree to receive this type of cookie on your technological system.
3. Functional cookies
Functional cookies, also called “functionality cookies”, provide improved and customised functions. Indeed, they facilitate and analyse the functioning of websites in order to make them more pleasant to use and more personal by allowing the site to memorise the choices that you made and providing you with more precise and personal features.
In particular, they help to :
- personalise the services by memorising your preferences (remember your username; choice of a language, currency, region, where you are, etc.);
- avoid you repeating your choices each time you visit the site (memorise the changes made by the user, such as the size of the text or the font);
- collect data communicated in online forms;
- provide services that you have requested (such as watching a video or leaving a comment on a blog);
- draw up statistics (for example, the number of single visitors);
- analyse use of the site and the popularity of our pages.
These cookies are specific to the content management platform (for example, WordPress, Drupal, Liferay, Craft CMS), which is a sort of program that can be described as the “motor” of a site.
The information collected by these cookies is rendered anonymous and cannot track your browsing activity on other websites. With the exception of the cookie defining your linguistic preference, functional cookies expire when closing your browser. Therefore, they are deleted from your computer or any other technological system when you quit the program.
By using a BRPS website, you agree to receive this type of cookie on your system. If you block these cookies, all or some of these services may not work properly.
C. How to manage cookies on my computer, tablet, etc.?
Most web browsers are automatically configured to accept cookies. However, you can configure your browser to accept or block cookies or some of them.
To find out more about cookies, consult: AllAboutCookies.org (in EN/FR), Wikipedia.
You may, at any time, delete cookies already installed on your technological system (computer, smartphone, tablet, etc.), and configure most browsers so that they block them. However, in this case, you may have to indicate certain preferences yourself each time that you visit one of the websites of the BRPS. In this case, certain services and features may not be accessible. In other words, the BRPS is unable to guarantee you access to all the services of its websites in the event of a refusal to save cookies.
In your browser’s settings, it is possible for you to refuse the installation of cookies. The method for activating cookies or not and deleting them depends on your technological system and your web browser.
IV. Your rights with regard to your personal data
You have the right :
to receive information about the processing of your personal data
to access the personal data kept about you
to demand the correction of incorrect, inaccurate or incomplete personal data
to demand the deletion of personal data when they are no longer needed or when their processing is illegal
to oppose the processing of your personal data for prospection purposes or for reasons related to your particular situation
to demand a limited processing of your personal data in specific cases
to receive your personal data in a structured format, commonly used and machine-readable, and to send them to another data controller (“data portability”)
You can exercise your rights in the following manner :
You can either :
- submit a request to excercise your rights through our online portal :
https://mes-droits-rgpd.servicepublic.brussels/
https://mijn-avg-rechten.overheidsdienst.brussels/ - Contact the data protection officer by mail addressed to :
Brussels Regional Public Service
DPO
Place Saint-Lazare 2
1035 Brussels
V. Data controller
The BRPS or one of its administrations is the data controller.
To contact it :
Brussels Regional Public Service
Place Saint-Lazare 2
1035 Brussels
The BRPS is one of the public bodies of the Brussels Capital Region (Cabinet of the Minister-President, Rue Ducale 7-9, 1000 Brussels).
VI. Who is to be contacted?
For all questions, remarks and complaints with regard to the GDPR, the protection of your personal data or respect for your privacy, the BRPS always asks you to first contact the administration responsible for the processing of your personal data your request is about.
Should the administration be unable to answer your questions or offer you a satisfactory solution, you can contact the following operators :
A. Data protection officer (DPO)
The data protection officer (DPO), appointed in virtue of article 37 of the general data protection regulation, can be reached on the e-mail address dpo@sprb.brussels or by mail addressed to :
Brussels Regional Public Service
DPO
Place Saint-Lazare 2
1035 Brussels
For an optimal processing of your request, please formulate it as precisely as possible (e.g. objecting to advertising from an administration of the BRPS or its partners).
B. Complaint department
If you would like to receive further information or make a complaint about any other subject than the processing of your personal data or respect for your privacy, you can contact the complaint department of the Brussels Regional Public Service (BRPS).
Contact information :
Brussels Regional Public Service
Complaint department
Place Saint-Lazare 2
1035 Brussels
Tél. : +32 (0)2 800 37 54
e-mail : plaintes@sprb.brussels
C. Data Protection Authority
If you believe that SPRB has not processed your personal data in accordance with applicable regulations, you have the right to lodge a complaint with the Data Protection Authority and/or to seek legal redress.
To lodge a complaint with the Data Protection Authority:
Data protection authority
Rue de la Presse 35
1000 Brussels
E-mail : contact@apd-gba.be
Last update : 19.07.2021