Privacy charter
This Policy has been drawn up by: OPERATEUR DE TRANSPORT DE WALLONIE, Société anonyme de droit public (SA), and registered in the Crossroads Bank of Enterprises under company number BE 0242.069.339.
Address: Avenue Gouverneur Bovesse (JB), 96 in B-5100 Jambes (Namur) – Email: [email protected]
Hereinafter, the “TEC”, “we”, “us” or “our”
We are especially attentive to the protection of personal data (hereinafter referred to as “the data”) and to respecting the privacy of all individuals who are brought into contact with us. We act in a transparent fashion, in accordance with the national and international provisions in this regard, and in particular EU Regulation 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data, and repealing directive 95/46/EC (hereinafter referred to as “the General Data Protection Regulation” or “GPDR”).
This policy may be amended at any time, in particular to ensure that we comply with any changes to regulations, case law or technology. We recommend that you consult it regularly.
For our website, please read our cookie policy, which you can view at this link.
You can contact us in response to any of the practices described below.
1. Who is this charter intended for?
This declaration is intended for all individuals whose data we process as data controller, such as users of our transport services or other products and services, and also visitors to our website and users of the mobile app, those who visit our offices and points of sale and those individuals who participate in a market survey, answer a questionnaire, enter a competition or attend an event, as well as to people who send us a request by email or using any other means of communication.
This declaration is also intended for all individuals who perform the role of contact person at one of our suppliers, contractors or service providers, hereinafter referred to as “economic operators” and any enterprises whatsoever (businesses, public authorities, professional associations of employers or workers, schools, universities, etc.) with whom we have undertaken or are currently undertaking or intend to undertake a collaboration.
We wish to inform you that your data will be used in accordance with this data protection declaration.
2. Why do we process your data?
We receive and process your personal data for a number of different reasons, and in this we apply a legal basis determined by GDPR (e.g. compliance with a legal obligation by which we are bound or the implementation of a contract concluded with you).
The table below lists the purposes and legal grounds for the related use of your personal data, and this in accordance with your profile.
1. If you are a user, the following table applies to you:
| Processing | Purpose of use | Legal grounds for the processing |
|---|---|---|
| Management and issuing of tickets |
We process your personal data so that we can issue a personal transport card - also known as MoBIB - onto which one or more tickets will be loaded that are adapted to the holder’s personal situation (season tickets or tickets of other kinds). You can also travel anonymously, in which case no data will be collected for this use. |
This processing is necessary for the performance of a public interest mission, in accordance with article 6.1.e) of the GDPR. This processing is also required in order to fulfil our contractual obligations, in accordance with article 6.1.b) of the GDPR. |
| Management of validation data |
We process your personal data within the framework of ticket management, supplying a certificate attesting to use of public transport, technical ticket management, for fraud case management purposes and to determine the amount of subsidies. In addition, validation data are used to optimise the public transport offer to best correspond to the journeys actually carried out by users. |
This processing is necessary for the performance of a public interest mission, in accordance with article 6.1.e) of the GDPR. Moreover, this processing is necessary in order to fulfil our legal and regulatory obligations, in accordance with article 6.1.c) of the GDPR. |
| Management of validation data on the network of other operators (BMC) |
We process your personal data to facilitate interoperability and the use of a single ticket - on the MoBIB card - on several different networks. We also process the issuing of interoperable tickets issued by other transport operators. Furthermore, we process your data to guarantee you the possibility of recovering your tickets issued by a different operator than the one that issued the MoBIB card in case of loss or a technical issue with your MoBIB card. You will find more information on how we process your data within the context of interoperable tickets by clicking the following link: here. |
This processing is necessary for the performance of a public interest mission, in accordance with article 6.1.e) of the GDPR. |
| Management of school transport | We process your personal data within the framework of the management of season tickets and other tickets, and to enable us to offer a personalised service to the pupils and students who use school transport. | This processing is necessary for the performance of a public interest mission, in accordance with article 6.1.e) of the GDPR. |
| Management of special transport (for persons with reduced mobility) | We process your personal data so that we can offer a personalised service to persons with reduced mobility, on their request. | This processing is necessary for the performance of a public interest mission, in accordance with article 6.1.e) of the GDPR. |
| Management of the MoBIB after-sales service and help desk |
We process your personal data to enable us to answer your questions (whether you are a customer or third party) raised via telephone, social networks, email or filling in the contact form or to help those who ask us to look for a personal item lost on the TEC network (whether you are a customer or third party). We also process the data on your personal MoBIB card to enable us to replace it if it is lost or if there is a technical issue, so as to make sure there is no loss of tickets you have previously purchased and that are still valid. |
This processing is necessary for the pursuit of our legitimate interests in accordance with article 6.1.f) of the GDPR, and this after having weighed up our interests against your own interests, fundamental rights and freedoms and by examining your reasonable expectations. |
| Mobile app management |
We process your personal data to create a digital account and allow use of the mobile app. We process your personal data to create a digital account and allow use of the mobile app. The mobile app allows you to personalise your route search and the purchase and validation of tickets on your smartphone. |
This processing has become necessary in order for us to fulfil our (contractual) obligations towards you - whether free of charge or in exchange for payment - in accordance with article 6.1.b) of the GDPR. This processing is also required for the performance of some of our missions in the public interest, in accordance with article 6.1.e) of the GDPR, in particular with regard to the digitalisation of our services. |
| Management of accounting and customer billing | We process your personal data to keep our accounts in order, issue invoices and tax certificates and fulfil our legal obligations with respect to the publication and the filing of records. |
This processing is required in order for us to fulfil our legal and/or regulatory obligations, in accordance with article 6.1.c) of the GDPR. This processing is also necessary for the pursuit of our legitimate interests in accordance with article 6.1.f) of the GDPR, and this after having weighed up our interests against your own interests, fundamental rights and freedoms and by examining your reasonable expectations. |
| Management of traveller checks and fines | We process your personal data with a view to imposing an administrative fine if you are observed to commit an offence as per the meaning of the Walloon Government decree of 22/05/2008 on administrative fines in the public transport sector for people in the Walloon Region. | This processing is necessary for the performance of a public interest mission, in accordance with article 6.1.e) of the GDPR. |
| Management of checks of traffic offences observed by our inspectors and processed by the public prosecutors. | We process your personal data with a view to sharing it with the public prosecutors who will be responsible for the criminal proceedings regarding your offence. |
This processing is necessary for the performance of a public interest mission, in accordance with article 6.1.e) of the GDPR. |
2. If you are one of our economic operators, one of their workers or a person with whom we work in partnership, or one of their workers, this table applies to you:
| Processing | Purpose of use | Legal grounds for the processing |
|---|---|---|
| Management of relationships with commercial partners and economic operators |
We also process your personal data - along with the data of your contact persons - to allow us to communicate with you and also in order to fulfil our legal and contractual obligations towards you, or to carry out the public procurement contract, in particular within the framework of the award and assignment of public procurement contracts and for the follow-up of our contracts. The data of service providers linked to professional activities may also be published on our website, or shared with third parties with a view to providing the communication now imposed by law, and in particular the GDPR. |
This processing is necessary for the pursuit of our legitimate interests in accordance with article 6.1.f) of the GDPR, and this after having weighed up our interests against your own interests, fundamental rights and freedoms and by examining your reasonable expectations. This processing is also necessary for the fulfilment of our pre-contractual (negotiations) and contractual obligations, in accordance with article 6.1.b) of the GDPR. Moreover, this processing is necessary in order to fulfil our legal and regulatory obligations, in accordance with article 6.1.c) of the GDPR. |
| Management of accounting and billing of our economic operators | We process your personal data to allow us to keep our accounts in order, issue invoices or credit notes and fulfil our legal obligations to publish and file records. |
This processing is required in order for us to fulfil our legal and/or regulatory obligations, in accordance with article 6.1.c) of the GDPR. This processing is also necessary for the pursuit of our legitimate interests in accordance with article 6.1.f) of the GDPR, and this after having weighed up our interests against your own interests, fundamental rights and freedoms and by examining your reasonable expectations. |
3. The following table applies to you if you are a user, potential user, supplier or person with whom we work in partnership or if you have addressed a request to us:
| Processing | Purpose of use | Legal grounds for the processing |
|---|---|---|
| Management of job applications | We process your personal data if you share your job application electronically or by email (receipt and saving of applications, archiving of CVs, replies to applicants, management of the recruitment reserve, legal dispute management). | This processing is required for the implementation of pre-contractual measures in accordance with article 6.1.b) of the GDPR. |
| Management of visits and requests | We process your personal data to allow us to fill in the visitor log, manage incoming and outgoing mail (internal data entry or scan), manage the diary and check car park access. | This processing is necessary for the pursuit of our legitimate interests in accordance with article 6.1.f) of the GDPR, and this after having weighed up our interests against your own interests, fundamental rights and freedoms and by examining your reasonable expectations. |
| Management of marketing, communication, in particular via social networks, the newsletter and the organisation of games and competitions |
We process your personal data so that we can send you information on our services. We may also use your data to meet our own legitimate interests or those of third parties, without however infringing upon your own interests or fundamental freedoms and rights, to allow us to offer and promote all manner of services and/or to share with you informative messages that are relevant to you and that you can reasonably expect from us within the context of our existing or potential future relationship. We process your personal data so that we can collect and identify social network users within the context of page views and in the event of an interaction. Finally, we process your personal data so that we can properly run our games and competitions. |
If you are a user, this processing is necessary for the pursuit of legitimate interests in accordance with article 6.1.f) of the GDPR, and this after we have weighed up our interests against your own interests and fundamental rights and freedoms and by examining your reasonable expectations. If you are not a user yet, some types of processing may require the consent of the person concerned, in accordance with article 6.1.a) of the GDPR. In such cases, you may withdraw your consent at any time, as explained below. |
| Management of polls and market surveys | We process your personal data to allow us to carry out surveys and analyse the level of user satisfaction. We do this so that we can adapt the offer and our service provision and monitor our service provision, but also so that we can direct policies for target groups and apply differentiation in prices and rates. |
This processing is necessary for the performance of a public interest mission, in accordance with article 6.1.e) of the GDPR. This processing also requires the consent of the person concerned (surveys and polls first require participation). |
| Website management |
We process your personal data with a view to creating a digital account and allowing the purchasing of tickets. We process your personal data with a view to creating your digital space to allow use of the mobile app for purchasing and validation using your smartphone. Your digital account also allows ordering of a personalised MoBIB card and the purchase of personalised tickets to be loaded onto your MoBIB card. |
This processing has become necessary in order for us to fulfil our (contractual) obligations towards you - whether free of charge or in exchange for payment - in accordance with article 6.1.b) of the GDPR. This processing is also required for the performance of some of our missions in the public interest, in accordance with article 6.1.e) of the GDPR, in particular with regard to the digitalisation of our services. |
| Camera management (fixed and mobile) | We process your personal data to guarantee the safety of travellers, visitors and TEC staff, the safety of TEC property and legal dispute management. | This processing is also necessary for the pursuit of our legitimate interests in accordance with article 6.1.f) of the GDPR, and this after having weighed up our interests against your own interests, fundamental rights and freedoms and by examining your reasonable expectations. |
| Management of relationships with the competent municipal and regional authorities | We process your personal data to allow the issuing of multimodal tickets (Public transport + Parking; self-service bicycles, etc.), one of the partners of which is a municipal or regional authority. | This processing is necessary for the performance of a public interest mission, in accordance with article 6.1.e) of the GDPR. |
| Asset management and route management for buses, trams and métro trains | We process your personal data to allow us to acquire the necessary property for the performance of our public interest mission, including as regards public service contract obligations and in particular the creation or extension of the bus warehouse and the planning of bus stations and bus stops, as specified in the AGW of 5 July 2018, article 2; manage expropriation procedures associated with our public interest mission, including public service obligations and in particular - for example - the creation of a Charleroi Métro Léger (“Light Metro”) line or Liège Tram line as specified in the AGW of 5 July 2018, article 23; - to establish title agreements for the occupation of sites with a view to the performance of our public interest mission, including public service obligations and in particular to allow the planning of bus stations and bus stops. |
This processing is necessary for the performance of a public interest mission, in accordance with article 6.1.e) of the GDPR. |
| Management of legal complaints, claims and requests for compensation |
We process your personal data to ensure we have the information we need to communicate with the parties involved in a dispute, to claim compensation for damages in case of a loss suffered by the TEC or to respond to a request for compensation for damages in the event of damage caused by the TEC. We may also use your data to serve our legitimate interests or those of third parties, to defend our interests (or those of third parties) in legal proceedings within the context of our existing relationship or any future relationship. |
This processing is necessary for the pursuit of our legitimate interests in accordance with article 6.1.f) of the GDPR, and this after having weighed up our interests against your own interests, fundamental rights and freedoms and by examining your reasonable expectations. We may also be called upon to process sensitive data in this context, in accordance with the provisions of article 9 §2, f). |
| Management of requests from competent police, judiciary and administrative authorities |
We may process your data to respond to requests from the competent authorities, within the context of police and judicial investigations. We may also share your data with the competent authorities. |
This processing is necessary for the fulfilment of our legal and/or regulatory obligations, in accordance with article 6.1.c) of the GDPR. This processing is necessary for the pursuit of our legitimate interests in accordance with article 6.1.f) of the GDPR, and this after having weighed up our interests against your own interests, fundamental rights and freedoms and by examining your reasonable expectations. |
| Statistics management | We process your personal data to allow us to contact you for the compilation of our statistics, or to allow us to make the data anonymous for the same purpose. | This processing is necessary for the performance of a public interest mission, in accordance with article 6.1.e) of the GDPR. |
| Archiving | We process your personal data in the context of archiving. |
This processing is necessary for the fulfilment of our legal and/or regulatory obligations, in accordance with article 6.1.c) of the GDPR. This processing is necessary for the pursuit of our legitimate interests in accordance with article 6.1.f) of the GDPR, and this after having weighed up our interests against your own interests, fundamental rights and freedoms and by examining your reasonable expectations. This processing is also necessary for the fulfilment of our legal and/or regulatory obligations regarding the retention of data, in accordance with article 6.1.c) of the GDPR. |
Unless there is a legal exception, you may refuse processing based on our legitimate interests, or where applicable you may withdraw your previous consent at any time simply by contacting us.
3. What data is collected and processed?
Depending on the intended use of the processing, the data processed is not the same. Below you will find the data processed, listed by our end use.
You are entirely free to choose not to communicate your personal data to us. However, you should be aware that some services may be refused to you if you do not. We also wish to draw your attention to the fact that you will then be held solely responsible for the accuracy of the data you send to us and may contact us to correct it at any time.
We strive to only process the data that strictly requires it, in all circumstances.
1. If you are a user, the following table applies to you:
| Processing | Data collected and processed | Collection methods |
|---|---|---|
| Management and issuing of tickets | Identification data (civil status, surname, first name, date of birth, gender, home address, county, language, photo) Electronic identification data (email address, telephone number) Financial data Data regarding social status (BIM holder, large family, etc.) |
Directly from you; From a TEC partner; From another transport operator (SNCB, DE LIJN, STIB); From your employer, who acts as a third-party payer. |
| Management of validation data | Identification data within the TEC (MoBIB number, MoBIB card serial number, validation stop, ticket, line, direction of line, validation zone, zone of first boarding, date of validation, time of validation, vehicle, scanner ID, validation status, number of journeys remaining) | Directly from you, in the case of MoBIB card scanning. |
| Management of validation data on the network of other operators (BMC) | Identification data within the TEC and other operators (MoBIB number) | Directly from you, in the case of MoBIB card scanning. From another transport operator (SNCB, DE LIJN, STIB). |
| Management of school transport | Identification data and address (civil status, surname, first name, gender, home address, national registration number, household composition) Electronic identification data (email address, telephone number) |
Directly from you. |
| Management of transport for persons with reduced mobility | Identification data and address (civil status, surname, first name, date of birth, gender, home address, country, language, national registration number, photo, customer type) Electronic identification data (email address, telephone number) Financial data Data regarding health |
Directly from you. |
| Management of the MoBIB after-sales service and help desk | Identification data (civil status, surname, first name, date of birth, gender, home address, country, language, national registration number) Electronic identification data (email address, telephone number) |
Directly from you; You have made your data publicly accessible. |
| Mobile app management | Identification data (civil status, surname, first name, date of birth, gender, home address, country, language, gender, national registration number) Electronic identification data (email address, telephone number) |
Directly from you. |
| Management of accounting and customer billing | Identification data and address (civil status, surname, first name, home address, address of registered office, BCE and VAT number) Electronic identification data (email address, telephone number) |
Directly from you. |
| Management of traveller checks and fines | Identification data and address (civil status, surname, first name, place and date of birth, ID card number, national registration number, gender) If the person is a minor – identification data and address of the minor and legal guardian (parent, etc.) Electronic identification data (email address, telephone number) Identification data within the TEC (season ticket data, including data from other operators, validation data, place of inspection) |
Directly from you; You have made your data publicly accessible; We may add to this information using information extracted from the national population register. |
| Management of checks of traffic offences observed by our inspectors and processed by the public prosecutors. | Identification data and address (civil status, surname, first name, place and date of birth, ID card number, national registration number, gender, vehicle registration number if a vehicle is involved) | Directly from you or from the DIV. |
2. If you are one of our suppliers, one of their workers or a person with whom we work in partnership or one of their workers, this table applies to you:
| Processing | Data collected and processed | Collection methods |
|---|---|---|
| Management of relationships with commercial partners and economic operators | Identification data and address (civil status, surname, first name, home address, address of registered office, BCE and VAT number, business card) Electronic identification data (email address, telephone number) |
Directly from you; You have made your data publicly accessible. |
| Management of accounting and billing of our economic operators | Identification data and address (civil status, surname, first name, home address, address of registered office, BCE and VAT number, business card) Electronic identification data (email address, telephone number) Financial data (bank, account number) |
Directly from you; You have made your data publicly accessible. |
3. The following table is for you if you are a user, economic operator or person with whom we work in partnership or if you have sent us a request:
| Processing | Data collected and processed | Collection methods |
|---|---|---|
| Management of job applications | Identification data and address (civil status, surname, first name, date of birth, gender, home address, country, language, national registration number) Electronic identification data (email address, telephone number) Professional characteristics (profession, degree, career, training and education path followed, CV, tests, assessments) |
Directly from you; From the temporary work agency or external recruitment offices; You have made your data publicly accessible. |
| Management of visits and requests | 1. Register Identification data (civil status, surname, first name) Electronic identification data (email address, telephone number) 2. Diary Identification data (civil status, surname, first name) Electronic identification data (email address, telephone number) 3. Incoming/outgoing mail Identification data and address (civil status, surname, first name, gender, home address, BCE and VAT number) Electronic identification data (email address, telephone number) 4. Car park access Identification data and address (civil status, surname, first name, number plate) |
Directly from you; You have made your data publicly accessible. |
| Management of marketing, communication, in particular via social networks, the newsletter and the organisation of games and competitions | Identification data and address (civil status, surname, first name, date of birth, home address, language, gender) Electronic identification data (email address, telephone number, pseudonym, profile picture or avatar; posts, messages exchanged, platform use data) |
Directly from you; You have made your data publicly accessible; From databases. |
| Management of polls and market surveys | Identification data (civil status, surname, first name, date of birth, home address, language, gender) Electronic identification data (email address, telephone number, pseudonym, profile picture or avatar; posts, messages exchanged, platform use data) Financial data Data regarding health Identification data within the TEC Data regarding use of transport |
Directly from you; You have made your data publicly accessible; From databases. |
| Website management | Identification data (civil status, surname, first name, date of birth, home address, language, gender) Electronic identification data (email address, telephone number, pseudonym, profile picture or avatar; posts, messages exchanged, platform use data) |
Directly from you. |
| Camera management (fixed and mobile) | Images and audio recorded by cameras | Recordings made by our indicated cameras. |
| Asset management and route management for buses, trams and métro trains | Identification data and (civil status, surname, first name, date of birth, home address) Data regarding types of right (rights of ownership) |
Directly from you; You have made your data publicly accessible; We may add to this information using information extracted from the national population register. |
| Management of relationships with the competent municipal and regional authorities | Identification data and (civil status, surname, first name, date of birth, home address) | Directly from you or your employer. |
| Management of legal complaints, claims and requests for compensation | Identification data and address (civil status, surname, first name, home address, national registration number, household composition, country, language, gender) Electronic identification data (email address, telephone number) Data regarding health Financial data (bank, account number) Data from agents or representatives (lawyers and insurers) Images from TEC surveillance cameras |
Directly from you; Directly from the experts, insurance companies, lawyers and bailiffs; Images recorded by surveillance cameras; You have made your data publicly accessible; We may add to this information using information extracted from the national population register. |
| Management of requests from competent police, judiciary and administrative authorities | Identification data and address (civil status, surname, first name, home address, national registration number, household composition, country, language, gender) Electronic identification data (email address, telephone number) Data regarding health Financial data (bank, account number) Data from agents or representatives (lawyers and insurers) Images from TEC surveillance cameras As well as all other information in the TEC's possession |
Directly from you; You have made your data publicly accessible; We may add to this information using information extracted from the national population register. |
| Statistics management | Identification data and address (civil status, surname, first name, home address, national registration number, household composition, country, language, gender) Electronic identification data (email address, telephone number) Data regarding health Financial data (bank, account number) Data from agents or representatives (lawyers and insurers) Images from TEC surveillance cameras As well as all other information in the TEC's possession that might prove necessary for the compiling of statistics before they are anonymised. |
Directly from you; You have made your data publicly accessible. |
| Archiving | Identification data and address (civil status, surname, first name, home address, national registration number, household composition, country, language, gender) Electronic identification data (email address, telephone number) Data regarding health Financial data (bank, account number) Data from agents or representatives (lawyers and insurers) Images from TEC surveillance cameras As well as all other information in the TEC's possession that might prove necessary for archiving purposes |
Directly from you; You have made your data publicly accessible. |
4. Are your data disclosed to or shared with third parties?
The data listed above are accessible to people who are members of our team or where applicable act as partner workers, to our lawyers and all technical consultants and banking or insurance organisations only when strictly necessary.
We may also send your data:
a) at the request of a legal, judiciary, administrative or auxiliary justice authority; or
b) in good faith and taking into consideration that this action is required in order to comply with any law or regulation in force;
c) to protect and uphold our rights or those of other users of our services.
We may also allow our co-contractors - referred to as “subcontractors” - access to some data in the meaning of the legislation on data protection, but only if strictly necessary for the achievement of our goals, such as the functioning of apps or computerised management systems.
In all circumstances, we guarantee the protection of your data using agreements that guarantee confidentiality.
For security reasons, the list of subcontractors, their field of activity, the goal pursued and where applicable the country in which the data is processed and hosted shall not be available on our site but may be accessed on request. We invite you to contact us to this end by sending an email to the following address: [email protected].
| Transfers | Location |
|---|---|
| Email sending solution service providers | Within the European Economic Area |
| Postal solution service providers | Within the European Economic Area |
| Social networks | Outside the EU |
| IT services, maintenance and development services | Within the European Economic Area |
| Hosting/Cloud service providers | Within the European Economic Area |
| Insurers | Within the European Economic Area |
| Banks | Within the European Economic Area |
| Payment service providers | Within the European Economic Area |
| Accountants and financial services | Within the European Economic Area |
| Lawyers, legal service providers, judicial and administrative authorities | Within the European Economic Area |
| Other mobility operators (BMC, etc.) | Belgium |
| School establishments | Belgium |
| Walloon Region or other competent municipal, provincial, regional or federal authorities | Belgium |
5. Do we transfer your data to outside the European Union?
In principle, we avoid making transfers to outside the European Union. Where applicable, if we have to transfer this data to a country outside the EU, such transfers shall only be authorised if:
- The European Commission has issued a decision granting adequate and equivalent protection to that specified by the European legislation, personal data will be transferred on these grounds.
- The transfer shall be covered using adequate measures that provide a level of protection equivalent to that specified by the European legislation, such as the Commission Standard Clauses or any other agreement in accordance with article 46 of GDPR, consent.
6. For how long are your data kept?
The length of storage varies depending on the purposes of the processing of your data. This duration is limited to take into account any possible obligations regarding data storage imposed on us by the law. Below you will find a list of purposes and storage durations.
1. If you are a user, the following table applies to you:
| Processing | Duration |
|---|---|
| Management and issuing of tickets | The length of storage of your data is 18 months after the date of sale of the contract. The customer file regarding the MoBIB card is closed 6 months after the MoBIB card expiry date. The file will then be deleted 180 days following closure of the file. This period is required because a transport contract remains valid until its expiry date, even if the MoBIB card related to the contract has expired. |
| Management of validation data | The storage duration is 6 months after the validation date. |
| Management of validation data on the network of other operators (BMC) | The storage duration is 18 months after the date of sale. |
| Management of school transport | The storage duration is 18 months after the date of sale. |
| Management of special transport (for persons with reduced mobility) | The storage duration is 5 years starting from the date of last transport or the end of the contractual relationship. |
| Management of the MoBIB after-sales service and help desk | The storage duration is 5 years starting from the date of last contact. |
| Mobile app management | The storage duration is 18 months for sales data and 6 months for validation data. |
| Management of accounting and user billing | The length of storage of your data is 7 years from the end of the relationship, for as long as we are legally required, in particular with regard to taxation. The length of storage of your data is 7 years starting from the last day on which your data are integrated into our accounting system. (Articles III.86 and III.88 of the Economic Law Code and article 8 of the Royal Decree implementing articles III.82 to III. 95 of the Economic Law Code) |
| Management of traveller checks and fines | The length of storage of your data is 5 years starting from the inspection. |
2. If you are one of our economic operators, their workers or a person with whom we work in partnership or one of their workers, this table applies to you:
| Processing | Duration |
|---|---|
| Management of relationships with commercial partners and economic operators | The length of storage of your data is 7 years starting from the end of the contractual relationship |
| Management of accounting and billing of our economic operators |
The length of storage of your data is 7 years from the end of the relationship, for as long as we are legally required, in particular with regard to taxation. The length of storage of your data is 7 years starting from the last day on which your data are integrated into our accounting system. |
3. The following table applies to you if you are a user, supplier or person with whom we work in partnership, or if you have sent us a request:
| Processing | Duration |
|---|---|
| Management of job applications | The length of storage of your data is 5 years after the job application to allow us to contact you again if you meet the requirements for another position. If your application is retained, the data collected at the time of the application is transferred to an internal file and the length of storage of your data shall be identical to the length of your employment contract. |
| Management of visits and requests | The storage duration is 6 months following the visit. |
| Management of marketing, communication, in particular via social networks, the newsletter and the organisation of games and competitions | The length of storage of your data is 2 years starting from the last communication or contact. |
| Management of polls and market surveys | Your data are immediately anonymised or a pseudonym is applied for the purposes of our polls. |
| Camera management (fixed and mobile) | The length of storage of your data from camera images recorded in buildings and along the side of routes (which are fitted with a recording device) is one week. Images from cameras on buses are kept for between 36 hours and 5 days In the event of an accident or incident, the length of storage of your data may be longer and last for as long as a dispute exists between us. |
| Asset management and route management for buses, trams and métro trains | If a project is abandoned, the data shall be deleted as soon as the OTW confirms the abandonment of the project. If the project comes to fruition, the data shall be retained until authentication of the acquisition or authentication of the title agreement, i.e. a maximum of 4 months following the signature of the title right transfer agreement with the owner, specifically at the time the authenticated deed is concluded. From that moment, the data will be available on the deed or the contract itself. |
| Management of relationships with the competent municipal and regional authorities | The storage duration shall be a maximum of 18 months for sales data and 6 months for validation data. |
| Management of legal complaints, claims and requests for compensation | The data are deleted after execution of the ruling or the definitive closure of the file. |
| Management of requests from competent police, judiciary and administrative authorities | The data are deleted after execution of the ruling or the definitive closure of the file. After this, for accounting documentation purposes, we keep the rulings for 10 years. |
| Statistics management | Your data are immediately anonymised |
7. How do we protect your privacy?
To guarantee an optimal level of security for data gathered on the website, we put appropriate technical and organisational measures in place (encrypting technology and security measures to protect and avoid loss, illegitimate use or alteration of the information collected on the websites). We take into account the state of knowledge, costs of implementation and the type, extent, context and purposes of the processing as well as the risks incurred for your rights and freedoms.
In all circumstances, we guarantee an appropriate level of technical and organisational security for your data, so that you can be warned in case of any data leaks and in particular of loss, destruction, public disclosure or unauthorised access as well as of any illegitimate use. However, if you are aware of the existence of a data leak or if you suspect one has taken place, we ask you to immediately contact us to report it.
Under no circumstances may we be held liable for any damage arising directly or indirectly from an erroneous or illegitimate manipulation of personal data committed by third parties.
8. What are your rights and how can you exercise them?
Unless a legal provision in force in Belgium - including the GDPR - does not allow for it, you have the following rights under the regulations:
- The right to access, including the right to know whether we process your data;
- The right to a copy of the data processed;
- The right to rectification of the data processed;
- The right to refuse the processing of your data, in particular if you wish to withdraw your previous consent, or for processing based on our legitimate interests;
- The right to limit processing of the data processed;
- If you are disputing the accuracy of this data. While waiting for assessment of interests present before exercising the right to refuse processing of some of your personal data.
- If the processing of your personal data is not carried out legitimately, but you nevertheless do not wish to exercise your right to delete the data.
- If we no longer require your personal data, but you require it in the context of legal proceedings.
- The right to delete the data processed. This right is not an absolute right however and we will not be able to apply it if a legal obligation requires us to process your data.
- The right to portability for the data processed, i.e. the right to recover for your personal use or transfer to a third party of your choice the personal data that we process, and this in the same format in which we keep it.
- The right to lodge a complaint with the Data Protection Authority:
www.autoriteprotectiondonnees.be
Rue de la Presse, 35 - 1000 Brussels
Tel.: +32 (0)2 274 48 00
Fax: +32 (0)2 274 48 35
Email: [email protected]
You can also lodge a complaint with the court of first instance in the legal district of your residential area. For further information on complaints and available appeals channels, we recommend you visit the following address for the Data Protection Authority: https://www.autoriteprotectiondonnees.be/citoyen/agir/introduire-une-plainte
If you require any further information on your rights, please contact us. We will make sure we follow up on your request as quickly as we can and we will notify you of the action we have taken at the latest within the month following receipt of your request.
Depending on the degree of difficulty of your request and the number of requests we receive from others, this period may be extended by two months. In this case, we will warn you of this extension in the month following receipt of your form.
In addition, should it prove necessary, we may ask you to share a copy of your ID card so that we can check your identity. If so, the reply period of one month shall begin from the date of receipt of your ID card.
In all circumstances, when this information is communicated we are always obliged to take the rights and freedoms of other people into account.
Should you wish to provide feedback regarding one of the practices described in this Policy, or if you want to exercise your rights, send an email to the following address: [email protected] or send a letter to the following postal address: Avenue Gouverneur Bovesse (JB), 96 - B-5100 Jambes (Namur).
9. What law applies and what is the competent jurisdiction?
These terms and conditions are subject to Belgian Law.
10. Be aware that this policy may be updated!
This Policy may be updated at any time and without prior notice of modification. We therefore recommend that you consult it regularly.
Last updated: May 2023.
GDPR - version EN from Le TEC on Vimeo.
Site index
