Declaration of confidentiality

Tabel of Content

Article 1 – General principles

Article 2 – Field of application of the declaration of confidentiality

Article 3 – Public and anonymous access

Article 4 – Voluntary transfer of information

Article 5 – Use of contact information

Article 6 – Security and confidentiality

Article 7 – Legality and transparency

Article 8 – Purpose

Article 9 – Proportionality

Article 10 – Right of access and correction

Article 11 – User’s liability

Article 12 – Transfer to third parties

Article 13 – Administration’s public accessibility

Article 14 – Adaptations to the declaration of confidentiality

Article 1 – General principles

The protection of your private life is of the greatest importance to the federal Administration. This declaration of confidentiality describes which measures are taken in order to protect your private life when you are using the services organised by or on the orders of the federal Administration within the framework of e-government, and what rights you have as a user of these services.

All data of a personal nature (namely: data which can identify you directly or indirectly) which you give the federal Administration will be handled with the necessary care. This naturally means that this data of a personal nature will always be processed in accordance with the law of 8 December 1992 relating to the protection of private life with regard to processing data of a personal nature, as amended by law of 11 December 1998 transposing directive 95/46/CE of 24 October 1995 of the European Parliament and the Council relating to the protection of individuals in connection with processing data of a personal nature and to the unrestricted circulation of this data (Belgian Monitor of 03/02/1999).

You are invited to read through this declaration of confidentiality and to take note of its content. This declaration of confidentiality may be adapted in the future. We therefore ask you to reread the declaration of confidentiality from time to time in order to remain abreast of these adaptations. It goes without saying that all new versions of the declaration of confidentiality will at all times comply with the aforementioned Law relating to the protection of private life.

This general declaration of confidentiality does not provide a detailed examination of the specific characteristics of particular categories of data such as legal or medical data. For this, we refer you to the public services which process this type of data. These services will provide an additional declaration for this type of data.

In this declaration, we start from the principle that the data is not being transferred outside the EU. Nevertheless the public services which do this as part of their tasks must mention this in an additional declaration.

Article 2 – Field of application of the declaration of confidentiality

The declaration of confidentiality applies to all the services organised by or on the orders of the federal Administration within the framework of e-government.

Within the context of this declaration of confidentiality, the following are considered to be services:

• applications offered to citizens and businesses by or on the orders of the federal Administration, either as independent applications, or as web-based applications which are incorporated in a web site
• the web sites created and maintained by or on the orders of the federal Administration and which are intended to be used by citizens or businesses, with the exception of internal web sites which are not accessible to the general public
• any form of electronic communication which is used for the exchange of data between the federal Administration on the one hand and citizens and businesses on the other.

Within the context of this declaration of confidentiality, the following are considered to be part of the federal Administration: the federal public services, the federal public services for programming and the federal public institutions.

You should preferably take into account the fact that the various services offered by or on the orders of the federal Administration are also subject, because of their specific nature, to specific declarations of confidentiality. Before you connect up to use a service, you are therefore advised to check whether the service has a separate declaration of confidentiality, which involves more detailed regulations for this specific service. It goes without saying that these specific declarations of confidentiality will also be reconcilable with the aforementioned Law relating to the protection of private life and that they will never contradict this general declaration of confidentiality.

Also note that the web sites created and maintained by or on the orders of the federal Administration can have links with other web sites run by authorities, bodies and organisations over which the federal Administration does not exercise any technical control or control relating to content. The federal Administration cannot therefore offer any guarantee over the policies of these web sites on the subject of private life. The federal Administration does not therefore accept any liability in the event of direct or indirect damage resulting from consulting or using these external web sites. We recommend that you read through the policy of these web sites on the subject of private life.

Article 3 – Public and anonymous access

The administration uses different levels of securitising the various services it offers. The lowest level comprises services offered on a public and anonymous basis.

With regard to the services offered on a public and anonymous basis (i.e. without any prior registration procedure or without any subsequent transfer of data), only a limited amount of data can be collected. This data is obtained from the use of cookies and logging.

Cookies are small information files which are automatically recorded onto the hard disk of your computer when you visit a site, and which have a unique identification number. These cookies can simplify access to the site as well as navigation, and increase the speed and efficiency of using sites. They can also be used to customise the site to suit your personal preferences. Cookies also allow you to analyse the use of a site in order to identify and eliminate any problems.

The configuration of most navigators allows you to accept or refuse cookies, and informs you each time a cookie is used. You are free to refuse these cookies, although this may be detrimental to optimum navigation and the functionality of the services on the site. Please consult the aid function on your navigator if you require further information.

Unless indicated to the contrary in a specific site’s declaration of confidentiality, all cookies allocated are automatically deleted at the end of a user session.

On the federal portal site 3 cookies recording the language selection(s) are not automatically deleted.

In addition, any use you make of the services which are created by or on the orders of the federal Administration can be logged within the framework of e-government. This means that the following data can be collected:

• the IP address which was allocated to you at the time of connection;
• the date and time of accessing the service;
• any pages consulted over a certain period;
• any navigator used;
• the platform and/or the user system installed on your system;
• the search engine and the passwords used to find the site offering the service;
• the files downloaded;
• the choice of language;
• the site you used to get there.

This data will only be processed in order to find out about the number of users from the various sections of the services and in order to improve the content of the services. They will never be used to establish a citizen’s profile.

Article 4 – Voluntary transfer of information

In order to be able to use certain services with a higher level of securitisation, you will be asked to notify certain data of a personal nature to the federal Administration. To this end, only the data required to be able to provide a top quality service will be requested. The necessary measures will be taken in relation to this data to guarantee the protection of your private life, as will be described below. Note that special services can fulfil these guarantees in a more detailed manner by means of a separate declaration of confidentiality. You are therefore advised to check whether the service has a separate declaration of confidentiality. The level of security used will also be clearly indicated in the declaration of confidentiality or the regulations for use for the users of each service.

The services offered with a higher level of security pose a series of typical requirements relating to your identification and your authentication.

Depending on the level of security, you will be asked to send through a series of data with a view to your registration, identification and authentication.

This means that you can be allocated a user number so that the public services can identify you correctly when you use the electronic services.

You may also be able to use your electronic identity card which is provided with an identity certificate to do this.

In addition to this data which is needed if services are to be supplied, you may also be asked to provide a certain amount of feed-back. Obviously, you are entirely free to accept or refuse to do so. By returning this feed-back, you are giving us authorisation to process the data of a personal nature which you have returned in order to improve user experience or to allow new services to be provided.

Article 5 – Use of contact information

In order to be able to use the services, you will sometimes be asked for your contact information (such as e-mail address, telephone number or fax number). This data will only be processed by the federal Administration in order to ensure satisfactory functioning of the service, i.e.:

• in order to contact you if necessary for the additional data required to guarantee the satisfactory functioning of the service; or
• in order to supply you with all the useful and relevant information relating to changes in the provision of services which may affect your user experience in a significant way, such as messages relating to user management or interruptions in services; or
• possibly in order to notify modifications to the declaration of confidentiality or to the user’s regulations for use which are being applied, in order to keep you up to date with your rights and obligations as a user; or
• if you explicitly authorise this, your e-mail address will be used by the federal, regional and local authorities in order to communicate electronically with you.

This contact information will not under any circumstances be used for advertising purposes or transferred to third parties. The establishments responsible for fulfilling a public service or for carrying out a task of general interest on the basis of an administrative assignment, independently of their legal form, are not considered as third parties within the context of this article if they are directly or indirectly involved in providing the services to which this declaration of confidentiality applies.

It goes without saying that this data will be processed in a confidential way, in accordance with the provisions of the aforementioned Law relating to the protection of private life.

If you contact the federal Administration by e-mail in order to obtain information or to request publications, the administration will automatically obtain certain data of a personal nature. This data will be used to reply to your message. They can also be recorded in a user database, to which the provisions of the Law relating to the protection of private life apply. You are entitled to consult your data, modify it or have it deleted.

Article 6 – Security and confidentiality

The federal Administration takes all the steps necessary in order to guarantee the security of your personal data. In order to monitor whether your data is protected, particularly against unauthorised access, unlawful use, loss or unauthorised modifications, the services use various securitisation techniques and procedures. The necessary measures have been taken to guarantee the securitisation and confidentiality of your personal data both from a physical, electronic and organisational point of view.

So, for example, the personal data you provide is registered on servers which are only accessible to the relevant personnel. This personnel has been notified of this declaration of confidentiality and about all the applicable internal directives which have been issued for the protection of your personal data. They are obliged to respect the confidentiality of your personal data.

Sensitive personal data which is sent via the Internet will also be securitised using coding, for example by using the SSL protocol (Secure Socket Layer).

Specific information about the measures which have been taken to protect security and confidentiality within a specific service will, if necessary, be repeated in the separate declaration of confidentiality for this service.

Your personal data will only be transferred to third parties following your authorisation or under the conditions described below.

Article 7 – Legality and transparency

For each service organised by or on the orders of the federal Administration within the framework of e-government, the following information must be clearly repeated in this service’s additional declaration of confidentiality:

• data of a personal nature which is to be processed
• the purposes of this processing
• the person responsible for correct processing
• whether or not the data can be transferred to third parties, and if so, the identity of these third parties
• the source of any personal data which has not been notified by you, but which has been extracted from authentic sources (such as the national Register)
• contact information should you wish to exercise your right of access and correction, as described below.

If data of a personal nature has not been notified by you (for example because the administration already has this data), and the federal Administration is only acting as an intermediate organisation, this notification can be omitted provided that the federal Administration has received by or by virtue of a law the formal assignment to collect and code personal data, and that it is consequently subject to the specific measures established by or by virtue of the law protecting your private life.

Any legal regulation on the basis of which the processing of data for the service is authorised must also be explicitly notified in the declaration of confidentiality of each specific service.

Unless explicitly indicated to the contrary in the declaration of confidentiality for a specific service, the federal Administration is responsible for the processing. Contact information in the event of questions or remarks will also be recorded.

Article 8 – Purpose

In each service organised by or on the orders of the federal Administration within the framework of e-government, the additional declaration of confidentiality for this service must clearly describe what specific aim the processing of your personal data serves within the framework of this service, even though this has already been clearly indicated in this declaration of confidentiality. Personal data collected when the service is used can be processed in order to manage and supply the service.

Within the context of the support for services organised by or on the orders of the federal Administration as part of e-government, your personal data can be processed in order to improve your experience as a user and to simplify the use of services as a result of the fact that you do not have to encode the same data on a frequent basis and that the services can be adapted to suit your preferences or interests.

Within the organisation of each service, what is known as « authentic sources » will be used as far as possible. These are data sources (databases) which are kept updated on the orders of the federal Administration and where official data relating to a person or to a business is collected. The federal Administration will make an effort never to ask the citizen or business for this information again after it has been initially collected. If possible, each service therefore uses these sources. Access to data in authentic sources is controlled and authorised by sectorial committees (set up within the Commission for the Protection of Private Life ) which monitor compliance with the legislation relating to the protection of private life.

In concrete terms, this means that data from authentic sources (for example the National Register) is used to identify users, and that after this identification is provided, access can be granted to other databases. The private life of users can thus be protected in an optimum way: since there is only one source, data protection can be centrally organised.

The information collected as a result of a service being used can be combined with personal data which is collected as a result of other services being used, so that your interaction with the federal Administration is as consistent as possible.

The legal regulations which act as a basis for processing data will also be explicitly notified in the declaration of confidentiality for each specific service.

Article 9 – Proportionality

The federal Administration ensures that the personal data collected is adequate, relevant and not excessive, taking into account the purpose of the processing as indicated in the declaration of confidentiality for each specific service. Your personal data will not be kept for a duration in excess of that needed for achieving the purpose of the processing, unless the data must be kept in order to comply with the law, a decree or order.

Article 10 – Right of access and correction

You are entitled to access your personal data and correct it.

With regard to all services organised by or on the orders of the federal Administration within the framework of e-government, a procedure will be repeated in the declaration of confidentiality for this service to allow you to exercise these rights.

It will repeat the contact information which will allow you to obtain information on the following:

• the personal data itself which is processed as part of the service and which relates to you
• the origin of this data
• the purposes of the processing
• the recipients to whom the personal data can be supplied
• the logic at the basis of any automated processing of this personal data if this processing has legal consequences for you or if it affects you significantly in another way
• the steps you can take to correct or complete any incorrect or incomplete data

The possibility of objecting to the processing, when you have this right. This only applies if the processing is not necessary in order to comply with an obligation to which the person responsible for the processing is subject by or by virtue of a law, a decree or an order, and if you have serious and legitimate reasons for making an objection with regard to your particular situation.

Article 11 – User’s liability

Although the federal Administration makes every possible effort to protect your private life, effective protection is naturally only possible if you yourself take the necessary measures to protect your private life.

With regard to using services organised by or on the orders of the federal Administration as part of e-government, you must:

• supply complete, accurate and truthful information ;
• duly monitor the confidentiality of any user data (such as a user name, a password, a token or a PIN code), so that this data remains accessible only to you. This data is strictly personal and non transmissible;
• choose a safe password. This means that it must comprise at least 8 characters combining both letters and other characters, which are placed in an order which cannot be easily discovered. Each user is personally liable in the event of discovery and/or abuse of a password which has not been composed in accordance with these rules;

send through valid and usable contact information so that you can be contacted within a reasonable period of time and in a reasonably confidential way.

Article 12 – Transfer to third parties

Your personal data will never be made available to third parties unless a transfer of this kind is imposed by or by virtue of a law, a decree or an order.

Establishments responsible for providing a public service or for fulfilling a task of general interest on the basis of an administrative assignment, independently of their legal form, are not considered to be third parties within the context of this article if collaboration with these institutions is essential for the correct implementation of the services to be provided. This collaboration with other branches of the administration (including at other levels, such as communities, regions and municipalities) must be regulated by means of outline agreements or protocol agreements.

If your personal data is passed on to this type of institution, the declaration of confidentiality for the service in question will indicate which personal data is involved, and to what processing it will be subjected by this institution.

Your personal data will never be used for advertising purposes or passed on to third parties who might use this data for these purposes.

Your personal data will never be processed by an institution or a business set up outside the European Union.

Article 13 – Administration’s public accessibility

By means of law of 11 April 1994 relating to the administration’s public accessibility, the federal administrative authorities must grant access to the government documents they possess. This means that all citizens have the right to consult the administrative documents of a federal administrative authority and to receive copies of these. All the information which the federal Administration possesses within the framework of the services organised by or on the orders of the federal Administration as part of e-government can be considered to be administrative documents, and are therefore subject to the legal stipulations relating to the administration’s public accessibility.

With regard to administrative documents of a personal nature (that is, documents which contain an evaluation or a judgement on merit relating to an individual designated by name or easily identifiable, or the description of behaviour whose disclosure can clearly cause this person damage), this right to public accessibility only applies, however, if the requesting party can justify a personal, legitimate, current, direct and definite interest.

Requests for access to administrative documents of this kind can be sent to the relevant federal administrative authority which is designated in the declaration of confidentiality for the specific project. This authority can refuse the request, in particular if it is bound by a legal obligation of secrecy, or if it considers that the publication of the government document is prejudicial to the private life of the person concerned, unless the latter has given his or her consent with regard to consultation of the document, explanations relating to it or its communication in the form of a copy. If the federal administrative authority cannot respond immediately to a request for public accessibility or it rejects this, it must inform the party making the request, within a period of thirty days following receipt of the request, of the reasons for the delay or rejection. In the event of delay, the deadline cannot under any circumstances be extended by more than fifteen days.

It goes without saying that these rules only apply to federal government authorities. At other levels of power (such as communities, regions and municipalities), other legal rules may apply. If an authority at another level of power possesses information which you wish to obtain, you are advised to check which rules apply at this level with regard to the administration’s public accessibility.

The information processed as part of the services can, after a certain period of time, also be filed voluntarily in the Kingdom’s Archives on request of the public authority to which they belong, if this information is not longer useful to the administration. After being filed, the information is in principle public. In this case as well, access to the archives remains subject to the legislation relating to the administration’s public accessibility. More specifically access can be refused if the Kingdom’s Archivist considers that it is bound by a legal obligation of secrecy, or if publication of the administrative document is prejudicial to the private life of the person concerned, unless the latter has given his or her approval with regard to consultation of the document, the relating explanations or its communication in the form of a copy.

These archives can be registered for an unlimited duration in the Kingdom’s Archives, and cannot be destroyed without the authorisation of the authority which has sent through the documents.

Article 14 – Adaptations to the declaration of confidentiality

This declaration of confidentiality may be adapted in the future. We therefore ask you to reread the declaration of confidentiality from time to time in order to remain abreast of these adaptations. After each adaptation, the date on which this document was most recently updated will also be amended.

It goes without saying that all new versions of the declaration of confidentiality will at all times comply with the aforementioned Law relating to the protection of private life.

If the declaration of confidentiality is amended in a significant way, you will be informed of this as far as possible. To do this, a notification can be sent out on the service’s web site and any contact information you have sent through at the time of registering to use the service may be utilised.

Any use made of the services is subject to the provisions of the version of the declaration of confidentiality which applies at that particular point.

The federal government places a great deal of importance on the private life of users. Although the majority of the information available on or via the portal site does not require the user to provide any personal data, it is possible that users will be asked to enter personal information. In this case, the data will be processed in accordance with the provisions of the act of 8th December 1992 concerning the processing of personal data.

In particular, this means that:

• Personal data cannot be recorded or processed except for the purpose of responding to a request for information which you have made.
• Personal data will not be passed to third parties or used for any commercial purposes.
• You have the right to refer to your own personal data, to check the accuracy of the data and to have any errors corrected.
• The federal government undertakes to put in place the best possible security measures in order to ensure that third parties cannot misuse the personal data which you have provided.