Other official information and services: www.belgium.be   

Privacystatement

  1. Purpose of the privacy statement

The Regulatory Body for Railway Transport and Brussels Airport Operations (hereinafter: the Regulatory Body) processes personal data from various website users for various purposes. This privacy statement provides an overview of the processing of our website and is intended for all citizens and organizations that use our website.

  1. Processing manager

The Regulatory Body for Railway Transport and Brussels Airport Operations, located at Boulevard du Botanique 50, box 72, 1000 Brussels, is responsible for the processing of the personal data that it processes in the exercise of its legal tasks. This means that he only determines the purpose and means for the processing of these personal data.

  1. Function of the Data Protection Officer (DPO)

The Data Protection Officer is responsible for ensuring that the Regulatory Body complies with the legal framework on data protection. His mission is to inform and advise the Regulatory Body on his obligations under the GDPR, to cooperate with the Data Protection Authority and to act as a contact point for this authority. He is also the contact point for all your questions about how we process your personal data.

You can reach our DPO via the following e-mail address: [email protected]

Through the mail:

Regulatory Body for Railway Transport and Brussels Airport Operations
DPO
Boulevard du Botanique 50, box 72
1000 Brussels

  1. What are “personal data”?

Within the meaning of Article 4, 1) of the GDPR[1], personal data is “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

In recital 14 of the Regulation, data on legal persons, such as the name, legal form of the legal entity and contact details are excluded from the scope of the GDPR.

  1. What is “processing of personal data”?

Data processing is based on Article 4, 2) of the GDPR “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”.

  1. What personal data do we process and for what purposes?

The processing of personal data by the website has three purposes:

  1. Providing information and assistance to citizens and organizations. The acquisition of personal data is done here via the contact form. The processing of personal data is based on the consent of the data subject.
  2. Dispute management. It is possible that the Regulatory Body will be informed in the context of a file of information that is provided to it via the contact form. The processing of personal data in that case is based on the necessity of fulfilling a task of general interest or of a task in the exercise of the public authority that is assigned to the Regulatory Body by law.
  3. Operation and security of the website. The processing of personal data is based on the legitimate interest of the controller and the analysis cookies on the consent of the data subject.

Which personal data?

How did we obtain this information?

How long?

To whom?

From contact forms: mere provision of information

Directly from the person concerned

No longer than necessary to achieve the purpose

No external communication

From contact forms: information about (current) files

Directly from the person concerned

Subject to the terms of the Public Records Act (24.06.1955)

No external communication

Functional cookies

Directly from the person concerned

see cookie policy

No external communication

Analysis cookies

Directly from the person concerned

see cookie policy

No external communication

 

Cookie policy

Name of the cookie Third Party Provider Type Retention Description
__cfduid Cloudflare Technical 1 year Used to distinguish users.
pll_languange   Technical 1 year Contains the current language of the site user.
displayCookieConsent   Technical 1 year This cookie is used to remember the user’s choice about cookies on the website to avoid opening the popup after acceptance.
_ga Google analytics Analytical 2 years The Google Universal Analytics javascript library uses first-party cookies to: distinguish unique users and throttle the request rate. To opt out click here.
_gid Google analytics Analytical 1 day Used to distinguish users.
_gat Google analytics Analytical Session Used to distinguish users.


7. What are your rights?

You have a number of rights with regard to your personal data. However, some of these rights apply only in a limited number of cases.

  • You have the right to access your personal data processed by our organization;
  • You have the right to obtain rectification of incorrect personal data without delay. With due regard for the purposes of the processing, you have the right to obtain the completion of incomplete personal data;
  • In certain cases provided by the GDPR, you have the right to obtain a restriction on the processing of your personal data;
  • In certain cases provided by the GDPR, you have the right to object to the processing of your personal data at any time due to your specific situation;
  • You do not have the right to be subject to a decision based solely on automated processing, including profiling, to which you have legal consequences or that you otherwise have a significant effect, unless this decision is necessary for the creation or execution of an agreement, legally permitted or based on your explicit consent;
  • In certain cases provided by the GDPR, you have the right to immediately erase your personal data.

In certain circumstances, the exercise of your rights may be suspended.

  1. How can you exercise your rights?

To exercise your rights, you can contact the Data Protection Officer (DPO) through the aforementioned channels.

We remind you that your identity must be reasonably verifiable so that we can be sure that no one else is trying to exercise your rights.

  1. Appeal possibilities

Without prejudice to other administrative or judicial remedies, you have the right to file a complaint with the Data Protection Authority and to institute a legal remedy if you believe that your rights are not respected or that the processing of your personal data constitutes a breach of the GDPR .

You can submit your complaint at the following address:

Data Protection Authority
Rue de la Presse 35
1000 Brussels
Tel: +32 (0) 2 274 48 00
Fax: +32 (0) 2 274 48 35
E-mail: [email protected]

  1. More information

More information about the legislation that applies to your personal data in Belgium can be found on the website of the Data Protection Authority:

https://www.dataprotectionauthority.be

[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, May 4th 2016, p. 1–88, in force since May 25th, 2018.