As a general directorate of the Federal Public Service Home Affairs ("FPS Home Affairs"), the National Crisis Center ("NCCN") collects, uses, communicates or transmits your personal data within a specific legal and organisational context. Each processing operation is listed in an internal register.
Your personal data is processed in accordance with the European Regulation of 27 April 2016 ("GDPR") and the Belgian Law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data ("Law of 30 July 2018").
You may at any time request information from us about the processing operations carried out by NCCN and the operations we perform on your personal data.
1. Definitions
"Personal data" means any information relating to an identified or identifiable natural person ("the data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more elements characterising the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Controller" means he natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
"Recipient" means a natural or legal person, public authority, department or other body, to which personal data are disclosed, whether a third party or not.
"Third-party" means a natural or legal person, public authority, department or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
"Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
"Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed .
"Supervisory Authority" means an independent public authority which is established by a Member State pursuant to Article 51 of the GDPR.
2. The Controller
The controller of personal data processed by the NCCN is the FPS Home Affairs, represented by the Chairman of the Executive Committee.
3. Legal basis
The NCCN processes your personal data in the performance of its duties in accordance with Article 6 (a), (b), (c) and (e) of the GDPR, and this:
- To comply with a legal obligation;
- For the fulfilment of a task of general interest or a task in the exercise of public authority entrusted to us;
- In the context of a contractual relationship;
- On the basis of your consent regarding the processing proposed to you in addition to our legal duties (such as sending newsletters, your subscription to the BE-Alert application provided by the Crisis Center and the elaboration of a family emergency plan through the application provided to you by the NCCN.)
4. Objectives
The data referred to in paragraph 5 of this statement will be processed for the following purposes:
- to ensure a general security service for the benefit of the Government;
- to steadily collect and analyse information related to its powers, and to inform the responsible persons and services about national crisis situations or about events that may lead to such a state;
- to provide the necessary infrastructure and resources to the competent authorities for the management of a national crisis, and in particular to ensure the coordination, preparation of decisions, their possible implementation and follow-up;
- where appropriate, to take or initiate the immediate actions provided for in the emergency and relief plans;
- handling calls from the public and, where appropriate, ensuring uniform and consistent information;
- providing advice and proposing action on matters referred to the NCCN by the Guidance Committee;
- for the management of new suppliers;
- for managing correspondence between the NCCN with governments, or other actors addressing the NCCN;
- to ensure the follow-up of the services for which you have filled in a form (BE-Alert, MonPland’Urgence, Newsletter, etc.).
Furthermore, the NCCN processes personal data for its additional tasks entrusted to it by the Minister of the Home Affairs within the scope of its powers.
5. Processed personal data
The NCCN undertakes to process only personal data that is adequate, relevant and not excessive in relation to the intended purpose (see point 4), and not to use it further in a way incompatible with this purpose.
This includes the following data categories:
- Identification data
- Financial data
- Personal Characteristics
- Living habits
- Composition of the family
- Judicial data
- Housing details
- Health related data
- Study and training
- Profession and job
- National Registry Number / Social Security Identification Number
- Racial or ethnic data
- Political views
- Philosophical and religious beliefs
- Captured images
- Sound Recordings
The NCCN may need to process data that you have voluntarily provided.
6. Recipients
Personal data processed by the NCCN will be kept confidential. It may be communicated to the following categories of recipients, given the purposes of specific processing operations:
- The affected person and their legal representatives;
- Staff of the NCCN;
- Other services and directorates of the FPS Home Affairs: General Directorate of Civil Security, central departments within the FPS Home Affairs, etc.;
- Belgian diplomatic and consular posts;
- Federal, community and regional government services;
- Courts and tribunals, police departments, intelligence agencies;
- International organisations: European union, NATO, etc.;
7. Data transfer
No data transfers outside the European Economic Area ('EEA') will be made, subject to legal obligations and offering the guarantees required under the GDPR.
The NCCN shall ensure, to the extent possible, that the agreements it concludes with third countries include clauses guaranteeing an adequate level of protection of your personal data.
However, in the absence of an adequacy decision and in order to conclude agreements that guarantee an adequate level of protection for your personal data, the NCCN may, in exceptional cases for compelling reasons of public interest, transfer some personal data to third countries. Such transfers will always be carried out under the GDPR.
8. Storage period
As the general directorate of a federal government, the NCCN is subject to the Archives Law of 24 June 1955 (amended by the Law of 19 May 2009), which means that the documents in its possession cannot be freely destroyed. When the documents of a public administration no longer have an administrative and/or legal use, they can still be of historical, scientific or statistical interest. They are then transferred to the National Archives.
In this respect, administrative documents are kept for a defined period of time, in cooperation with the State Archives, in archive selection lists which can be consulted here.
For the documents that are not included in these selection lists, the NCCN determines the retention period according to objectively established criteria, particularly for the longest necessary period, in compliance with the applicable legal and regulatory provisions or taking into account operational obligations, such as the settlement of possible disputes or the requests of an auditing authority.
On the other hand, electronic communications (such as emails, SMS, chat messages or other similar technologies) that you have with our call centre and our staff members, and in some cases your telephone calls (for example, the telephone calls to the duty line of the NCCN), are recorded in order to keep evidence of the exchanges that have taken place during these communications, including the content of these communications, in particular the advice given.
Recordings of electronic communications and, in certain cases, telephone communications, are retained as long as legally required or permitted, namely during the period in which a dispute may arise as a result of these communications.
9. Safety
The NCCN takes appropriate technical and organisational measures to secure and protect your data against unauthorised destruction, against the alteration of or access to this data (possibly with malicious intent), or any other unauthorised processing thereof.
10. Rights
In accordance with the applicable regulations and subject to legal exceptions, you have various rights, in particular:
- Right of access: You can obtain information about the processing of your personal data and obtain a copy of this personal data. This information is specified in Articles 13 and 14 of the GDPR and concerns in particular the purposes and legal basis of the data processing, the categories of data, the recipients and, if possible, the storage period, the existence of rights in favour of the person concerned and the possibility for the person concerned to lodge an objection with the supervisory authority.
- Right to rectification: if you believe that your personal data is incorrect or incomplete, you can ask for it to be rectified.
- Right to erasure: you can demand the erasure of your personal data, except when its processing is imposed by law or in the context of a mission of public interest or to enable the implementation of the freedom of expression and information, when the processing is necessary for scientific, statistical or historical archiving and taking into account the rules on the retention period established according to objective criteria.
- Right to restriction of processing: you can request the restriction of the processing of your personal data if you exercise your right to object, if you dispute the accuracy of the data, if the processing is unlawful or if you need the data for the establishment, exercise or substantiation of your legal claims. This means that the processing of your data will be "suspended", subject to exceptions.
- Right to object: in certain cases, you may object to your personal data being processed, for reasons relating to your particular situation.
- Right to withdraw your consent: if the processing of your personal data is based solely on your consent, you have the right to withdraw this consent at any time.
We provide an online form where you can assert these rights if necessary.
11. Data breach
A personal data breach, commonly referred to as a "data leak," occurs when personal data is accidentally or unlawfully lost, destroyed, altered, disclosed to or accessed by persons without the relevant authorisation.
If you observe such violations concerning the personal data managed by our organisation, you may indicate this by:
- calling 0800/1 1610 immediately;
- completing and submitting the following form for individuals or for suppliers to incidents.gdpr@ibz.fgov.be.
12. Data Protection Officer (“DPO”)
If you have any questions regarding the use of your personal data, you can contact our DPO. Considering the tasks of the NCCN and taking into account the specificity and sensitive nature of some of the databases managed by the NCCN, two different DPOs were appointed to us by the Federal Public Service of the Home Affairs:
- 1 DPO Home Affairs, attached to the FPS of the Home Affairs that handles all matters for which no specific DPO was designated (see below):
For the attention of the DPO IBZ
FPS Home Affairs
Rue de Louvain 1
B-1000 Brussels - 1 DPO associated with PNR/Belpiu (Passenger Database):
For the attention of the DPO BELPIU (PNR division)
FPS Home Affairs
Rue de Louvain 1
B-1000 Brussels
To assist you in exercising your rights, we provide a unique contact form at your disposal. When you use this form, your request will automatically be forwarded to the appropriate DPO.
13. Response time
The NCCN shall have a period of one (1) month from the receipt of the request to respond to such request. Depending on the complexity of the requests and the number of requests, this period may be extended by two (2) months if necessary. You will then be notified of the extension and the reason for the extension within one (1) month of receipt of the request.
If your request is not acted upon, you will be informed of this with the corresponding reasons no later than one (1) month after receipt of your request.
14. Objection
If, after contacting our DPO to exercise your rights, you believe that these rights are still not being respected, you can lodge a complaint with the supervisory authority, i.e. the Data Protection Authority, Rue de la Presse 35, B-1000 Brussels (contact@apd-gba.be) in order to:
- obtain information through the frontline service that assists citizens in taking steps;
- request mediation if you are not satisfied with the way the NCCN is handling your application;
- file a complaint after exhausting all other remedies.
You also have the option of filing a judicial appeal with the president of the Court of First Instance, as provided in Article 209 of the Law of 30 July 2018. More information can be found on the website of the supervisory authority: https://www.dataprotectionauthority.be/.
15. Amendments to the Data Protection Statement
Future amendments to this statement cannot be ruled out, so we ask you to regularly review the data protection statement to stay informed of these amendments. After each amendment, the date this document was last updated will also be changed. It goes without saying that all new versions of the privacy statement will always be in accordance with the applicable legal provisions on the protection of personal data.
This Data Protection Statement was last amended and revised on 9 September 2022.