Privacy Policy
Why a Personal Data Protection Policy?
Your privacy is a priority for FEBIAC (hereinafter referred to as “FEBIAC” or “we”/”us”). We are accordingly committed to respecting the personal data of our clients, prospects, members, political figures, journalists and online users (hereinafter referred to as “you”), to processing them with the utmost care and to ensuring the highest level of protection in accordance with Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR”) and with the applicable national legislation on the subject.
This policy may apply to you if you are:
A client of our services;
A potential client or prospect of our services;
A user of our services;
A political figure (member of a ministerial cabinet, minister, deputy, etc.);
A member of our federation;
A journalist, in particular one specializing in the field of automobiles or other types of vehicles and mobility;
A person who has shown interest or participated in one of our training courses or conferences or an instructor in the automotive section;
A number plate holder;
An Internet user who has visited our websites www.febiac.be and www.autosalon.be.
This policy informs you about:
The personal data that we collect about you and the reasons why;
How we use your personal data;
Your rights to your personal data and how to exercise them.
Last update: 25 November 2025
Glossary of main legal terms used in this Policy:
Terms frequently used in this Policy | Definitions provided by the GDPR | Explanation of the terms in common language |
|---|---|---|
| Personal data | Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;. | Any information relating to a natural person, i.e. an individual, identifiable directly or indirectly, as distinct from other persons. For example: a name, photo, fingerprint, e-mail address, telephone number, social security number, IP address, your navigation data on a website, data relating to an online purchase, etc. |
| Data Protection Officer | / | The Data Protection Officer (DPO) is responsible for, inter alia, compliance with the GDPR and the applicable national legislation as well as our policies and practices for managing your personal data in the company. He or she is also responsible for cooperating with the supervisory authorities. The DPO is your preferred point of contact for any queries regarding your personal data. |
| Processing | Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; | Any use of personal data, irrespective of the process used (recording, organizing, storing, modifying, reconciling with other data, transmitting, etc. of personal data). For example: the use of your data for order management, delivery, sending newsletters, etc. |
| Controller | The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; | The person, public authority, company or body that has control over your data and decides on any use thereof. It is said person, public authority, company or body that decides whether to create or delete a processing operation and determines why your data will be processed and to whom it will be transmitted. He, she or it is primarily responsible for ensuring that your data is protected. |
| Processor | A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. | Any natural person or legal entity that carries out processing tasks on the instructions and under the responsibility of the controller. |
Glossary of other terms used in this Policy:
| Client | Any natural person (acting in a consumer or professional capacity) who is in a contractual relationship with us, in particular any person who has obtained an entry ticket to the show(s) or event(s) or any person expressing an interest in or wishing to gain access to an event organized by FEBIAC. |
|---|---|
| Prospect | A natural person (acting in a consumer or professional capacity) who may be interested in concluding a service contract with us. |
| User | User A natural person (acting in a consumer capacity) with whom we have already had at least one contractual relationship (including users of applications) as well as any online visitor to our websites. |
| Partner | Any natural person or legal entity that may be involved in co-organizing or facilitating our activity to organize the various services. |
| Statistical purposes | Any collection and processing of personal data necessary for statistical surveys or the production of statistical results. Statistical purposes entail that the result of the processing does not allow any identification of the persons whose information has been used. |
Who is responsible for the use of your data in your relationship with our services?
Controller
Your data controller is the non-profit association FEBIAC ASBL, having its registered office at 46, Boulevard de la Woluwe, Box 6, 1200 Brussels, registered with the Crossroads Bank for Enterprises (central business register) under number 0407.693.572. Any questions or requests concerning the processing of your Data can be sent to the following e-mail address: [email-hidden].
FEBIAC is the owner of the websites accessible at the following addresses (URL): https://www.febiac.be , on which this Policy is hosted.
Appointment of an internal Data Protection Officer (DPO)
The FEBIAC Controller has appointed a data protection officer in the person of Jean-Philippe Letellier. He is in charge of the internal application of the rules for the protection and management of your data and for cooperation with the control authorities. Here are his contact details:
Mr Jean-Philippe Letellier c/o j2p sprl
104 Wezembeeklaan
1950 Kraainem Belgium
Why do we collect your personal data and on what bases do we do so?
We collect personal data about you for various reasons.
FEBIAC collects and uses your personal data to operate efficiently and to provide you with a better experience with our services.
You should also bear in mind that we can collect and use your personal data only if this use is based on one of the legal grounds determined by the GDPR (for example, your consent or the performance of a contract with us).
The tables below list precisely the purposes for which FEBIAC uses your personal data and the corresponding legal basis. These are the data processed in the Federation, Press and Communication, Training, Data Services departments respectively as well as any other processing relating to Clients, Prospects and Users.
For personal data processing activities carried out in our Federation:
FEBIAC processes your personal data and more specifically, for the following purposes:
Purposes of collecting your personal data | Legal basis for processing your personal data |
|---|---|
(1) Management of a file of contacts for the purpose of invitations to meetings organized by the Federation and information We bring our members together in working groups in order to develop and define common positions that we will defend before political interlocutors, but also to keep them abreast of (in particular legislative) developments that affect the automotive sector. To this end, we have set up a file of contacts to whom we send invitations to meetings. | The legitimate interest of FEBIAC as a federation of the Automobile and Motorcycle Industries is to process the personal data of its members in order to keep them informed about developments in the sector and the meetings it organizes (Article 6.1.f of the GDPR) The performance of a contract conclude with you, in this case a membership contract (Article 6.1.b). |
2) Management of a file of contact persons for lobbying purposes We have compiled a file of contact persons (ministerial cabinet, ministers, MPs, etc.) for the purpose of sending invitations, contacts or disseminating the positions of FEBIAC and its members to political interlocutors | FEBIAC’s legitimate interest in processing personal data for lobbying purposes where there is a relevant and appropriate relationship between FEBIAC and the political interlocutors and where in any event the political interlocutors can reasonably expect that the personal data will be processed for this purpose, at the time and in the context of the collection of the personal data (Article 6.1.f) |
(3) Management of a file of contact persons for the purpose of organizing and inviting to events and seminars on mobility For example, we organize forums, events and seminars on mobility (such as the European Automotive Forum) for which we send invitations. | FEBIAC’s legitimate interest in processing personal data for the purpose of invitations to mobility events and seminars where there is a relevant and appropriate relationship between FEBIAC and such persons and where such persons could in any event reasonably expect that such data would be processed for that purpose at the time and in the context of the collection of the personal data (Article 6.1.f) |
| (4) Dispute management | The performance of a contract with You (Article 6.1.b). We also have a legitimate interest in processing personal data for the purpose of defending our interests, including but not limited to litigation or legal proceedings (Article 6.1.f) |
For personal data processing activities carried out in our Press and Communication Department:
Purposes of collecting your personal data | Legal basis for processing your personal data |
|---|---|
| (1) Sending press releases | FEBIAC’s legitimate interest in processing the personal data of prospects in order to respond to their requests and expectations. (Article 6.1.f of the GDPR) |
| (2) Accreditation for one of our events | FEBIAC’s legitimate interest in processing the personal data of journalists in order to provide them with the necessary accreditation for our events and to send them useful information regarding the organization thereof (Article 6.1.f) FEBIAC obtains prior consent to share the email address with event exhibitors, solely for the purpose of enabling those exhibitors to send information and press releases. |
| (3) Sending invitations to one-off events such as the annual press conference | FEBIAC’s legitimate interest in processing personal data for the purpose of invitations to events where there is a relevant and appropriate relationship between FEBIAC and such persons and where such persons can in any event reasonably expect that such data will be processed for that purpose at the time and in the context of the collection of the personal data (Article 6.1.f) |
| (4) Sending newsletters and files | FEBIAC has a legitimate interest in processing the personal data of its members in order to keep them informed of the activities of the federation to which they are affiliated (Article 6.1.f) |
| (5) Dispute management | We also have a legitimate interest in processing personal data in order to defend our interests, in particular but not exclusively in a dispute or legal action (Article 6.1.f) |
For the personal data processing activities carried out in our Training Department:
Purposes of collecting your personal data | Legal basis for processing your personal data |
|---|---|
| (1) Management and organization of training courses and conferences | FEBIAC’s legitimate interest in processing your personal data for the purpose of organizing training courses and conferences and facilitating the performance of its contractual services (in particular for a training course which you attend) and the performance of the said contract (Article 6.1.f and b of the GDPR). |
| (2) Management of relations with trainers and lecturers | FEBIAC’s legitimate interest in processing your personal data in order to facilitate the performance of its contractual services (in particular in the context of the organization of training courses and conferences) and the actual performance of said contract (Article 6.1.f and b). |
(3) Marketing to our Clients and Prospects, namely:
| FEBIAC has a legitimate interest in processing personal data of its Clients (Alumni) (including those obtained directly in a training course or through participation in a conference) with a view to promoting its services and training courses, these being similar to the services already provided (Article 6.1.f ). Pursuant to Article XII.13(1) of the Economic Law Code and the Royal Decree of 4 April 2003, FEBIAC processes the personal data of Prospects (with the prior consent of the latter) in order to inform them about the various services offered and the training courses and conferences organized. |
| (4) Dispute management | The performance of a contract concluded with You (Article 6.1.b). We also have a legitimate interest in processing personal data in order to defend our interests, including but not limited to in a dispute or legal action (Article 6.1.f) |
| (5) Accounts management | We process the personal data of our clients for invoicing purposes. This processing is necessary to fulfil our legal obligations as defined by the VAT Code for tax and accounting matters (Article 6.1.c) |
For personal data processing activities carried out in our Data services department:
As the Federation that represents the automotive sector in Belgium, FEBIAC has been designated as a partner in the operation of the Crossroads Bank for Vehicles (see Article 4 of the Royal Decree of 8 July 2013 implementing the Act of 19 May 2010 establishing the Crossroads Bank for Vehicles).
This is a database organized by law (see the Act of 19 May 2010 establishing the Crossroads Bank for Vehicles), the aim of which is to enable and facilitate the traceability of vehicles.
To this end, the legislation provides for the exchange of data between various services concerned (closely or remotely) with vehicles in the exercise of their public interest missions.
FEBIAC can have access to data via the Crossroads Bank for itself and its members, depending on the purpose to be achieved. The purposes for accessing the data, as laid down by law, are listed in the table below.
Guarantees, provided for by the Act, govern these accesses and data transfers. For more information, cf. the Memorandum of Understanding which organizes the communication of data between the Crossroads Bank and FEBIAC and between FEBIAC and its members on the website of the FPS Mobility, here.
Purposes of collecting your personal data | Legal basis for processing your personal data |
|---|---|
(1) Enable the compilation of global and anonymous statistics Description: provision of various types of information and statistics concerning the Belgian car market (monthly registration information and statistics, market research, brand loyalty rates, penetration per point of sale, CO2 emissions, etc.). | The processing is necessary to carry out a task in the public interest and for the purposes of the legitimate interests pursued by FEBIAC and/or its members to whom the data are transmitted (Article 6.1.e and 6.1.f of the GDPR). The basis for this processing is the Act of 19 May 2010 establishing the Crossroads Bank for Vehicles and the implementing Royal Decree thereof of 8 July 2013. |
| (2) Facilitating and supporting the development of an efficient mobility policy that respects safety and the environment (purpose 4 of the Memorandum of Understanding) | The processing is necessary to carry out a task in the public interest and for the purposes of the legitimate interests pursued by FEBIAC and/or its members to whom the data are transmitted (Article 6.1.e and 6.1.f of the GDPR). The basis for this processing is the Act of 19 May 2010 establishing the Crossroads Bank for Vehicles and the implementing Royal Decree thereof of 8 July 2013. |
(3) Improve consumer protection (Goal 5 of the Memorandum of Understanding) Description: determination of the contractual warranty date and fight against contractual fraud, safety and environmental communications, protection of the privacy of owners/holders | The processing is necessary to carry out a task in the public interest and for the purposes of the legitimate interests pursued by FEBIAC and/or its members to whom the data are transmitted (Article 6.1.e and 6.1.f of the GDPR). The basis for this processing is the Act of 19 May 2010 establishing the Crossroads Bank for Vehicles and the implementing Royal Decree thereof of 8 July 2013. |
| (4) Dispute management | We also have a legitimate interest in processing personal data in order to defend our interests, including but not limited to in a dispute or legal action (Article 6.1.f) |
All other personal data processing activities relating to our users, clients and potential clients:
Purposes of collecting your personal data | Legal basis for processing your personal data |
|---|---|
| FEBIAC processes the data of its Clients or Prospects for the performance of the contract concluded or for pre-contractual measures (Article 6.1.b of the GDPR). FEBIAC obtains prior consent for the data collected as part of campaigns offering event tickets to persons who meet certain conditions (data necessary for participation and for eligibility verification for preferential conditions). |
| (2) Organization of public events (such as fairs, exhibitions, trade shows, etc.) | We have a legitimate interest in processing certain personal data of persons who go or wish to go possibly by invitation to our public events (Article 6.1.f ). |
| (3) Management of incoming messages | We have a legitimate interest in processing the personal data of persons who contact us in order to respond appropriately (Article 6.1.f) |
(4) Sending newsletter These newsletters inform you about content posted online relating to automotive news, as well as initiatives and events organized by us or third parties in connection with this content. They are sent to you once you register. | This processing is based on the performance of a contract, in this case a subscription to the newsletter (Article 6.1.b) |
(5) Marketing to our Clients and Prospects, namely:
| We have a legitimate interest in processing the personal data of our Clients (including those obtained directly in the context of the sale of a ticket to participate in an event). This purpose is also based on FEBIAC’s legitimate interest in collecting and processing data relating to online users of social networks about its publications. Such processing is carried out under the joint responsibility of FEBIAC and the social networks (Article 6.1.f ). Pursuant to Article XII.13(1) of the Code of Economic Law and the Royal Decree of 4 April 2003, we process personal data relating to the electronic contact details of Prospects (with their prior consent) with a view to informing them of forthcoming public events of FEBIAC. |
(6) Organization of games and competitions FEBIAC processes the data of participants in a competition so as to ensure the smooth running thereof, in particular in order to contact the winners and to award them their prize in an efficient and timely manner. | The performance of a contract concluded with you, in this case a contract for participation in a competition (Article 6.1.b) |
| (7) Dispute management | The performance of a contract concluded with You (Article 6.1.b). We also have a legitimate interest in processing personal data in order to defend our interests, including but not limited to in a dispute or legal action (Article 6.1.f) |
| (8) Statistics | We have a legitimate interest in processing the personal data of our Clients and Prospects in order to improve the websites and services offered as well as to gain a better understanding of the target audiences (Article 6.1.f) |
| (9) Acquisition of new clients targeted on the basis of their similarity to existing ones | We have a legitimate interest in asking third party service providers, including social networks or advertisers, to search among their clients or members for prospects targeted on the basis of their similarity to our Clients, in order to display FEBIAC’s advertisements to them subject to appropriate safeguards (Article 6.1.f ). |
| (10) Accounts Management | We process the personal data of our clients for invoicing purposes. This processing is necessary to fulfil our legal obligations as defined by the VAT Code for tax and accounting matters (Article 6.1.c) |
.
What personal data do we collect about you?
Below we itemize the personal data we collect about you, the reason why we collect them, as well as the methods we use to collect them (information directly provided by you, collected with your consent or collected by our computer systems).
For personal data processing activities carried out in our Federation:
Purpose of collection | Personal data collected | Direct or indirect collection of your personal data |
|---|---|---|
| (1) Management of a file of contact persons for the purpose of invitations to meetings organized by the Federation and for information purposes |
| For this purpose, the data are collected directly from you |
| (2) Management of a file of contact persons for lobbying purposes |
| For this purpose, the data are collected directly from you or obtained from your website |
| (3) Management of a file of contact persons for the purpose of organizing and inviting to events and seminars on mobility |
| For this purpose, the data are collected directly from you |
| (4)Dispute management |
| For this purpose, data are collected directly from you, obtained from your website or indirectly from a third party |
For the personal data processing activities carried out in our Press and Communication Department:
Purpose of collection | Personal data collected | Direct or indirect collection of your personal data |
|---|---|---|
| (1) Sending press releases |
| For this purpose, the data are collected directly from you |
| (2) Accreditation for one of our shows or events |
| For this purpose, the data are collected directly from you |
| (3) Sending invitations to one-off events such as the annual press conference to present the next show |
| For this purpose, the data are collected directly from you |
| (4) Sending newsletters and files |
| For this purpose, the data are collected directly from you |
| (5) Dispute management |
| For this purpose, the data are collected directly from you or indirectly from a third part |
For personal data processing activities carried out in our Training Department:
Purpose of collection | Personal data collected | Direct or indirect collection of your personal data |
|---|---|---|
| (1) Management and organization of training courses and conferences |
| For this purpose, the data are collected directly from you |
| (2) Management of relations with trainers and lecturers |
| For this purpose, the data are collected directly from you |
| (3) Marketing to our Clients and Prospects |
| For this purpose, the data are collected directly from you or to whom the transmission of your data to FEBIAC can be reasonably assumed. |
| (4) Dispute management |
| For this purpose, the data are collected directly from you or indirectly from a third party. |
For personal data processing activities carried out in our Data services department:
| Purpose of collection | Personal data collected | Direct or indirect collection of your personal data |
|---|---|---|
| (1) Enable the establishment of global and anonymous statistics | For more details on the data transmitted/accessible to FEBIAC via the Crossroads Bank, please consult Annex 2 of the Memorandum of Understanding posted on the FPS Mobility website available here. | For this purpose, the data are collected indirectly via the management service of the Crossroads Bank for Vehicles |
| (2) Facilitate and support the development of an efficient mobility policy that respects safety and the environment | For more details on the data transmitted/accessible to FEBIAC via the Crossroads Bank, please consult Annex 2 of the Memorandum of Understanding posted on the FPS Mobility website available here. | For this purpose, the data are collected indirectly via the management service of the Crossroads Bank for Vehicles |
| (3) Improve consumer protection | For more details on the data transmitted/accessible to FEBIAC via the Crossroads Bank, please consult Annex 2 of the Memorandum of Understanding posted on the FPS Mobility website available here. | For this purpose, the data are collected indirectly via the management service of the Crossroads Bank for Vehicles |
| (4) Dispute management |
Any other information arising out of a dispute or litigation concerning the data subject | For this purpose, the data are collected directly from you or indirectly from a third party. |
All other personal data processing activities relating to our users, clients and potential clients:
Purpose of collection | Personal data collected | Direct or indirect collection of your personal data |
|---|---|---|
| (1) Management of the contractual and pre-contractual relationship with Clients and Prospects |
| For this purpose, the data are collected directly from you or indirectly from a third party or to whom the transmission of your data to FEBIAC can be reasonably assumed. |
| (2) Organization of public events |
| For this purpose, the data are collected directly from you or indirectly from a third party or to whom the transmission of your data to FEBIAC can be reasonably assumed. |
| (3) Management of incoming messages |
| For this purpose, the data are collected directly from you |
| (4) Sending Newsletter |
| For this purpose, the data are collected directly from you |
| (5) Marketing to our Clients and Prospects |
| For this purpose, the data are collected directly from you or indirectly from a third party or to whom the transmission of your data to FEBIAC can be reasonably assumed. |
| (6) Organization of games and competitions |
| For this purpose, the data are collected directly from you. |
| (7) Dispute management |
| For this purpose, the data are collected directly from you or indirectly from a third party. |
| (8) Statistics |
| For this purpose, the data are collected directly from you or indirectly from a third party or to whom the transmission of your data to FEBIAC can be reasonably assumed. |
| (9) Acquisition of new clients targeted on the basis of their similarity to existing ones |
| For this purpose, data are collected from a third party (e.g. social networks). |
| (10) Accounts management |
| For this purpose, the data are collected directly from you. |
With whom do we share your personal data?
We may share your personal data in the course of our activities. Needless to say, we always do this in a way that ensures the best possible protection of your personal data.
"We do not share your data with business partners who may wish to offer you products and services."
Sharing your personal data with our service providers, partners, members and/or processors
Our service providers, partners, members and/or processors may have access to your personal data for the processing operations they carry out. Their location and the reason for sharing are provided below.
For personal data processing activities carried out in our Federation:
Location of service providers, partners and/or processors | Reason for sharing your personal data |
|---|---|
| Belgium | Development and management of online media (websites, newsletters and social media management |
| Belgium | Infrastructure and systems maintenance |
| Belgium | Hosting of websites for trade shows and/or events |
| Belgium | Application maintenance |
For personal data processing activities carried out in our Press and Communication department:
Location of service providers, partners and/or processors | Reason for sharing your personal data |
|---|---|
| Belgium | Development and management of online media (websites, newsletters and social media management |
| Belgium | Infrastructure and systems maintenance |
| Belgium | Hosting of websites for trade shows and/or events |
| Belgium | Application maintenance |
| Belgium | Sending of information and press releases by exhibitors of our events. |
For personal data processing activities carried out in our Training department:
Location of service providers, partners and/or processors | Reason for sharing your personal data |
|---|---|
| Belgium | Development and management of online media (websites, newsletters and social media management |
| Belgium | Infrastructure and systems maintenance |
| Belgium | Hosting of websites for trade shows and/or events |
| Belgium | Application maintenance |
For personal data processing activities carried out in our Data services department:
Location of service providers, partners and/or processors | Reason for sharing your personal data |
|---|---|
| Belgium | Hosting of websites for trade shows and/or events |
All other personal data processing activities relating to our users, clients and potential clients:
Location of service providers, partners and/or processors | Reason for sharing your personal data |
|---|---|
| Belgium and France | Development and management of online media (websites, newsletters and social media management |
| Belgium | Infrastructure and systems maintenance |
| Belgium | Hosting of websites for trade shows and/or events |
| Belgium | Application maintenance |
| Luxembourg | Data processing and data contextualization |
| United States, EU | Social networks and Social Network Strategy optimization solution providers |
| Belgium | Providers of online games and competitions |
| Belgium | Survey platform service providers |
| Advertising networks | Belgium |
With public authorities, in response to legal requests, including to meet national security, public health or law enforcement requirements.
We may share your personal data with the buyers or sellers in the course of a transaction such as a merger, acquisition, consolidation or sale of assets.
How long do we keep your personal data?
FEBIAC has laid down precise rules concerning the time we keep your personal data. This period varies depending on the different purposes and must take into account possible legal obligations to keep some of your data.
For personal data processing activities carried out in our Federation:
Reason for collection | Period of retention |
|---|---|
| (1) Management of a file of contacts for the purpose of invitations to meetings organized by the Federation and information | The data are kept until it is known that they are no longer of interest for the activities of FEBIAC |
| 2) Management of a file of contact persons for lobbying purposes | The data are kept until it is known that they are no longer of interest for the activities of FEBIAC |
| (3) Management of a file of contact persons for the purpose of organizing and inviting to events and seminars on mobility | The data are kept until it is known that they are no longer of interest for the activities of FEBIAC |
| (4) Dispute management | The data are kept for 10 years as of the end of the dispute. |
For personal data processing activities carried out in our Press and Communication department:
Reason for collection | Period of retention |
|---|---|
| (1) Sending press releases | The data are kept until it is known that the professional activity has come to an end |
| (2) Accreditation for one of our shows or events | The data are kept until it is known that the professional activity has come to an end |
(3) Sending invitations to one-off events | The data are kept until it is known that the professional activity has come to an end |
| (4) Sending newsletters and files | The data are kept for 3 years from the last action/reaction by the member |
| (5) Dispute management | The data are kept for 10 years as of the end of the dispute. |
For personal data processing activities carried out in our Training department:
Reason for collection | Period of retention |
|---|---|
| (1) Management and organization of training courses and conferences | The period of retention is 10 years as of the end of the end of the contract |
| (2) Management of relations with trainers and lecturers | The period of retention is 10 years as of the end of the end of the contract |
(3) Marketing to our Clients and Prospects, namely: | The data are kept for 3 years from the last action/reaction by the data subject |
| (4) Dispute management | The data are kept for 10 years as of the end of the dispute. |
| (5) Accounts management | The data are kept for 10 years as of the end of the dispute. |
For personal data processing activities carried out in our Data services department:
Reason for collection | Period of retention |
|---|---|
| (1) Statistics | The data are deleted permanently after a period of 5 years as of the date on which the deletion takes effect at the DIV [vehicle registration service]. |
| (2) Mobility policy development (efficiency, safety and environment) | The data are deleted permanently after a period of 5 years as of the date on which the deletion takes effect at the DIV [vehicle registration service]. |
| (3) Consumer protection | The data are deleted permanently after a period of 5 years as of the date on which the deletion takes effect at the DIV [vehicle registration service]. |
| (4) Dispute management | The data are kept for 10 years as of the end of the dispute. |
All other personal data processing activities relating to our users, clients and potential clients:
Reason for collection | Period of retention |
|---|---|
| (1) Management of the contractual and pre-contractual relationship with Clients and Prospects | The period of retention is 10 years as of the end of the end of the contract. Data collected as part of campaigns offering event tickets to persons who meet certain conditions - limited to data necessary for participation and eligibility verification for preferential conditions - will be retained until the end of the month in which the event’s final day takes place. |
| (2) Organization of public events | The period of retention is 10 years as of the end of the end of the contract. |
| (3) Organization of incoming messages | The data are kept for the time necessary to respond to the request and are then deleted. |
| (4) Sending Newsletter | The data are kept until the end of the contractual relationship. Unsubscribing from the newsletter terminates the contractual relationship. |
| (5) Marketing to our Clients and Prospects | The period of retention is 4 years as of the last action/reaction by the data subject For data relating to the social networks, you are kindly requested to consult the policy of the social network concerned. |
| (6) Organization of games and competitions | The period of retention is 10 years as of the end of the game or competition. |
| (7) Dispute management | The data are kept for 10 years as of the end of the dispute. |
| (8) Statistics | The period of retention is 4 years as of the last action/reaction by the data subject |
| (9) Acquisition of new clients targeted on the basis of their similarity to existing ones | The data are kept for the time necessary for the process to create similar audiences, and are then deleted. |
| (10) Accounts management | The data are kept for 10 years as of the end of the dispute. |
What rights do you have to your personal data and how can you exercise them?
We want to inform you as clearly as possible about your rights to your personal data. We also want to make it easy for you to exercise said rights.
A summary of your rights is provided below together with a description of how to exercise them.
Right of access
You can ask us to access all of the following information about:
The categories of personal data we collect about you;
The purposes for which we use them;
The categories of persons to whom your personal data have been or will be disclosed and in particular those outside the European Economic Area;
The period of retention of your personal data kept on our systems;
Your right to ask us to correct or delete your personal data or to limit the use thereof and the right to object to such use;
Your right to lodge a complaint with a European data protection authority;
Information about the source of your personal data when we have not collected them directly from you;
How your personal data are protected when they are transferred to countries outside the European Economic Area.
Right to rectification
You can ask FEBIAC to correct and/or update your personal data.
Right to erasure
You can also contact us at any time to ask us to delete the personal data we process about you, if you find yourself in one of the following cases:
Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
You have withdrawn your consent to the processing of your personal data by FEBIAC;
For your own reasons, you consider that one of the processing operations in question infringes your privacy and causes you undue harm;
You no longer wish to receive commercial solicitations from us;
Your personal data are not processed in accordance with the GDPR and Belgian and Luxembourg law;
Your personal data must be deleted in order to comply with a legal obligation under European Union law or under national law to which FEBIAC is subject;
Your personal data were collected in the offer of a website addressed to children.
However, we may not be able to comply with your request for the right to be forgotten. Indeed, it is important to keep in mind that this right is not absolute. We must balance it with other significant rights or values, such as freedom of expression, compliance with a legal obligation to which we are subject, or important public interest considerations.
Right to digital oblivion
Our website may contain personal data about you. If you no longer wish to have your personal data displayed on our website, you can ask us to delete it if any of the following cases apply to you:
Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
You have withdrawn your consent to the processing of your personal data by FEBIAC;
For your own reasons, you consider that one of the processing operations in question infringes your privacy and causes you undue harm;
You no longer wish to receive commercial solicitations from us;
Your personal data are not processed in accordance with the GDPR and Belgian and Luxembourg law;
Your personal data must be deleted in order to comply with a legal obligation under European Union law or under national law to which FEBIAC is subject;
Your personal data were collected in the offer of a website addressed to children.
We are also required to take reasonable measures to inform other companies (data controllers) who process the personal data for which you have requested deletion of any links to, or copies of, the personal data.
Right to object
You may object to the use of your personal data for commercial solicitations, particularly for advertising purposes;
You have the right to object to our processing of your personal data if, for any reason, you consider that such processing infringes your privacy and causes you undue harm.
Under no circumstances can you prevent us from processing your data:
the processing is necessary for the conclusion or performance of your contract;
the processing has been imposed by law or regulation. This is the case, for example, if you move to another municipality;
the processing is necessary to establish, exercise or defend legal claims.
However, we may be able to comply with your request. Of course, in such a case, we will ensure to provide you with the clearest possible response.
Furthermore, any emails or newsletters that you may receive will include a link that you can click on to stop receiving promotional information from us.
The right to portability
This right offers you the option of controlling your personal data more easily yourself and more precisely of:
retrieving your personal data that are processed by us, for your personal use, and storing them on a private device or cloud for example;
transferring your personal data from us to another company, either by you or directly by us, provided that such direct transfer is “technically possible.”
This right applies to your data submitted actively and knowingly such as those you provide to create your online account (e.g. e-mail address, username, age) as well as to information collected by FEBIAC.
Conversely, personal data that are derived, calculated or inferred from the data you have provided, for example the result of an assessment of your health, are excluded from the right to portability because they were created by FEBIAC.
However, you should be aware that FEBIAC is entitled to refuse your portability request. Indeed, this right only applies to personal data based on your consent or the execution of a contract concluded with you (to know exactly which personal data may be subject to the right to portability, please refer to the purposes and legal basis section). Similarly, this right must not infringe upon the rights and freedoms of third parties whose data might be included in the data transmitted following a portability request.
Right to restrict processing
You have the right to ask us to restrict your data, i.e. to mark your stored personal data (e.g. move them temporarily to another processing system or lock them so that they are inaccessible) so as to restrict the processing thereof in future.
You can exercise this right when:
The accuracy of the data in question is disputed;
Your personal data are not processed in accordance with the GDPR and Belgian and Luxembourgish law;
The data are no longer necessary for the purposes originally intended but cannot be deleted yet for legal reasons (in particular for the establishment, exercise or defence of your legal rights);
The decision on your objection to the processing is progress.
If the processing is restricted, your personal data will no longer be processed in any way without your prior consent, with the exception of the retention thereof (storage).
Your personal data may nonetheless still be processed for the establishment, exercise or defence of legal claims, or for the protection of the rights of another legal entity or natural person, or on important grounds of public interest within the Union or the Member State.
If the processing of some of your personal data is restricted, we will inform you when the measure will be lifted.
How to exercise your right ?
Simply send us an e-mail to [email-hidden] indicating your surname, forename and in the subject “right to limitation: personal data” together with a copy of the front of your identity card.
Do not forget to indicate the reason for your request in the body of your e-mail. You can also exercise this right by sending us a letter to the following address:
46, Boulevard de la Woluwe, Box 6 1200 Brussels
Belgium
Your written request must be duly signed and accompanied by a copy of the front of your identity card. It must specify the address to which the reply should be sent. A reply will be sent to you within one month of receipt of the request, or within two months in the case of a request requiring in-depth research or if FEBIAC receives too many requests.
Will your personal data be transferred abroad?
Transfer of data within Europe
For the purposes of certain processing operations, some data are transferred within Europe (see point 4.1).
Please bear in mind that personal data benefit from the same level of protection in the European Economic Area (27 EU Member States, Iceland, Norway, Liechtenstein).
Transfer of data outside Europe
Please bear in mind that we do not transfer any of your personal data outside of Europe except to Switzerland, which provides an adequate level of protection by virtue of an adequacy decision taken by the European Commission.
For more information and/or to obtain a copy of the measures taken, simply send us an e-mail to [email-hidden] indicating your surname, forename and in the subject “transfers outside the EU: personal data”. Do not forget to specify in the body of your e-mail the exact information you wish to obtain.
Would you like to contact us about this Privacy Policy and/or lodge a complaint with a data protection authority?
Do you have a question or a suggestion about this Privacy Policy?
Do not hesitate to contact us here, or by post at:
46 Boulevard de la Woluwe, Box 6, 1200 Brussels
We would be delighted to hear from you and will be happy to reply as soon as possible.
Do you feel that we do not provide sufficient protection for your personal data?
If you consider that FEBIAC is not processing your personal data in accordance with the GDPR and Belgian and Luxembourgish law, you have the right to lodge a complaint with:
The data protection authority of the European country in which you usually reside, or
The data protection authority of the European country in which you work, or
The data protection authority of the European country in which the breach of the GDPR occurred.
Lodging a complaint with the Data Protection Authority in Belgium:
Data Protection Authority
35 Rue de la Presse, 1000 Brussels
Tel.: +32 (0)2 274 48 00
Fax: +32 (0)2 274 48 35
For more information on complaints and possible remedies, data subjects are invited to consult the following page of the Data Protection Authority:
https://www.autoriteprotectiondonnees.be/citoyen/agir/introduire-une-plainte
Lodging a complaint with the Commission Nationale pour la Protection des Données au Grand-Duché du Luxembourg (CNPD) [National Commission for Data Protection in the Grand Duchy of Luxembourg]:
Commission Nationale pour la Protection des Données 15 Boulevard du Jazz, 4370 Belvaux, Luxembourg
Tel. : (+352) 26 10 60 1
Fax. : (+352) 26 10 60 6099
For more information on complaints and possible remedies, the persons concerned are requested to consult the following CNPD page:
https://cnpd.public.lu/fr/particuliers/faire-valoir.html
Lodging a complaint with another European data protection authority
To be able to lodge a complaint with another data protection authority, please consult the list here.
How do you know that this Privacy Policy has been updated?
This Privacy Policy may be updated at any time, in particular to take account of any legislative or regulatory changes and the development of our services.
When we post changes to this Policy, we will revise the date of “last update” at the top of this document (page 1).
Previous versions of this Privacy Policy are archived and can be provided upon request.
We encourage you to consult this Policy periodically to find out how FEBIAC is protecting your personal data.