1 Purpose of this privacy statement
The Department ‘Flanders Chancellery and Foreign Office’ (DKBUZA)
attaches great importance to your privacy and the careful handling of your personal
data. When doing so, we always comply with privacy law requirements, including the
General Data Protection Regulation (GDPR), and with the provisions of federal and
Flemish legislation on the protection of natural persons with regard to the
processing of personal data. With this privacy statement, we wish to inform you about
the processing of your personal data. The Flanders Chancellery and Foreign Office of
the Flemish public administration is the data controller for personal data.
If you have any questions or remarks about this privacy statement or about the
protection of personal data by the Department, you can always contact us at firstname.lastname@example.org
2 Processing of your personal data
2.1 When do we collect and process your personal data?
We only process personal data and we only have personal data processed if this is
necessary for us to be able to perform the tasks assigned to us. We always process
the data in accordance with the provisions of the General Data Protection Regulation
(GDPR), and with the provisions of federal and Flemish legislation on the protection
of natural persons with regard to the processing of personal data.
We collect and process your personal data when you request one of our services or
contact us in the context of the services we provide. We may also process your
personal data if you submit a general question to us. An arrangement may also be
developed by decree or by the Government whereby we grant you a benefit or a
detriment without you taking any action for this yourself. In this case, we must
process your personal data to determine whether you are eligible for that benefit or
whether we must impose a detriment on you, such as a fine.
2.2 Which data do we process?
The Department processes your personal data. Personal data are data that identify
you or establish a link with you as a natural person. Which data we actually process
depends on the services we offer and provide.
2.3 How do we collect and process your personal data?
We may request data directly from you in a form or in documents that you have to
attach to a form. We may also obtain your data for the performance of our tasks
carried out in the public interest, or by indirectly collecting them through publicly
available databases, websites, or other public sources. We also retrieve data from
other public authorities that already have them at their disposal. When doing so, we
always comply with the provisions on the protection of natural persons with regard to
the processing of personal data, which, where applicable, are laid down at federal or
2.4 On what grounds do we process your personal data?
As a public authority, we process your personal data for the performance of our
tasks carried out in the public interest. When this is the case, you have additional
rights (see Section 6: ’Rights in respect of your personal data’). The
processing of personal data may also be based on a legal obligation.
We may process data for archiving purposes in the public interest, scientific or
historical research purposes or statistical purposes.
Processing data for the performance of tasks not governed by public law is
possible if you give your explicit consent, if the processing is the result of a
contract to which you are party, or if we have legitimate interests for doing so. In
this case we explicitly state the basis on which we are processing these data and
which rights you have (see also Section 6: ‘Rights in respect of your personal
2.5 Why do we process your personal data?
We process your personal data in order to provide a service that you request from
us, or if we need to grant you a benefit or a detriment without you taking any action
for this. We also use these data to perform our tasks carried out in the public
interest pursued by the Flanders Chancellery and Foreign Office. These tasks result,
among other things, from the Organisation Order of the Government of Flanders of 5
June 2005. More information about the competences of DKBUZA can be found here.
To perform our tasks carried out in the public interest, we also organise
conferences, receptions, lectures and other events. During such events, photographs
and other visual material may be processed on which you can be identified. We never
process visual material on which you appear unless you agree to it yourself by posing
voluntarily. This visual material is used for the Department’s general
communication about its activities, e.g. on its website and social media and in
3 To whom are your personal data disclosed?
Your data are mainly processed internally by our staff. In order to maintain and
improve our service provision, we sometimes use third parties, such as developers and
IT service providers. Your personal data may also be transferred to or consulted by
these third party service providers, if necessary for the provision of their
services. We conclude agreements with these third parties to ensure that they only
process your personal data in accordance with the Department’s instructions and
apply the same level of security and confidentiality as we do. The Department shall
remain responsible for such processing operations by third parties.
At the request of the authorities or to comply with other legal obligations, some
personal data may be transmitted to competent authorities, e.g. in the context of
impending or pending legal proceedings or in the context of judicial investigations
and requests for information.
We are occasionally required by law or decree to transfer your personal data, and
public authorities have the right to request data from us. To do so, they must have
an authorisation or a protocol.
4 Are your personal data transferred outside the European Union?
Under the GDPR, personal data may only be transferred to countries that guarantee
a similar adequate level of protection. DKBUZA guarantees that no transfer shall take
place to third countries for data processing or storage without all the necessary
measures having been taken to meet the protection requirements from the GDPR.
We will only respond to a request to transfer or provide personal data to a
country outside the European Union, based on a judgment of a court or tribunal or a
decision of an administrative authority, if that judgment or that decision is based
on an international agreement, such as a mutual legal assistance treaty in force
between the requesting third country and the Union or a Member State, without
prejudice to the other grounds for transfers to a third country pursuant to the
5 How long do we keep your personal data?
As a general rule, we are only allowed to keep your personal data for the period
during which they are necessary for the provision of certain services. We therefore
keep your data for as long as you use our services. After that, we keep your data for
the period during which we must be able to account for the services provided. This
period depends on the services provided. After this period of limitation, the data
are deleted, unless they are of historical, cultural or public interest.
When keeping data, a distinction is made between the period in which your file is
active and the period in which it becomes passive. Your file is active as long as you
use the service provided. In this case, staff who need your data in order to be able
to perform their task have access to your data during that period. Afterwards, your
file becomes passive and only a limited number of staff from the competent service
have access to your data. Furthermore, we delete your data without undue delay upon
your request (see Section 6 of this privacy statement).
6 Rights in respect of your personal data
You have various rights with respect to the processing of personal data:
- Right to object: If we process your personal data in the context of the
public interest, you may object to the processing of your data at any time. In
this case we assess whether your individual interests outweigh the public
interest we are pursuing with the processing. If we are no longer allowed or able
to process your data, it will also no longer be possible to provide you with the
service or the benefit you are claiming. This right to object only has a
suspensory effect if your interests (taking into account the specific situation)
at first sight and explicitly outweigh the compelling interests of DKBUZA.
- Right of access to your personal data
- Right to rectification of your personal data
- Right to erasure of your personal data
- Right to withdraw consent on which the processing is based and the right to
oppose the processing.
Requests for exercising your rights can be addressed in English to the Data
Protection Officer (DPO) at email@example.com. We ask that you
provide proof of your identity so that your data are not disclosed to anyone who is
not entitled to them.
If you do not agree with the way in which we process your data, please contact our
Data Protection Officer (DPO) at firstname.lastname@example.org.
In addition, you can lodge a complaint with the competent supervisory authority,
i.e. the Flemish Supervisory Committee for the Processing of Personal Data (Vlaamse
Toezichtcommissie voor de verwerking van persoonsgegevens/VTC).
Koning Albert II Laan 15 Brussel 1210
+32 (0)2 553 20 85
7 The security of your personal data
We implement appropriate technical and organisational measures to ensure a level
of security appropriate to the risk. We take into account the state of the art, the
cost of implementation and the nature, scope, context and purposes of processing as
well as the risks of varying likelihood and severity for rights and freedoms of
natural persons posed by the processing.
DKBUZA takes all necessary technical and organisational measures in accordance
with the information
classification model approved by the Steering Body for Flemish Information and
ICT Policy (Stuurorgaan Vlaams Informatie en ICT-Beleid).
8 Changes to the privacy statement
We have the right to change and modify the policy. We shall at all times report
changes and modifications via the website.
9 Contact details of the Data Protection Officer
Havenlaan 88, 1000 Brussel