Infrabel has installed technical and operational cameras on its site, in closed areas not accessible to the public. These cameras are operated by Infrabel and are used particularly for the purpose of:
- the purchase, design, construction, upgrade, maintenance and management of railway infrastructure,
- the allocation of available railway infrastructure capacity (including studies, analysis and statistics and punctuality),
- managing the control and safety systems of this infrastructure (including operational safety),
- suicide prevention and anti-trespassing (warning the intruder that he/she is in a restricted area so that he/she can act accordingly).
The list below describes the categories of data we process for these purposes, where your data comes from, the legal basis for this processing activity and with whom we may share the data.
Categories of data processed: video and images
Categories of data subjects: (1) and (3) and (4): local residents, passers-by, railway personnel and contractor personnel (2): railway personnel and contractor personnel
Source of data: technical and operational cameras according to inventory
Retention period: maximum of 30 days: level crossings (30 days), SPM (30 days), punctuality (7 days), safety catenary (2 weeks), other: 30 days.
Legal basis for the processing: Necessary for fulfilling a task of public interest (Art. 199, 1°, 2°, 3° - 4° - 5° of the Law of 21 March 1991)
Access to data: Access to personal data is limited to staff members involved in such data processing. Access is granted only by the managers of Infrabel's access processes and is strictly controlled.
Recipients of data: /
If you live near a railway line, you may see drones flying over the railway infrastructure and its immediate surroundings. The purpose of these drones is to take images of the tracks and associated infrastructure (bridges, tunnels, signalling boxes, etc.) at the request of Infrabel or its subsidiary TUC Rail. The drones are operated by a duly authorised pilot who holds the required licenses under the legislation on the use of unmanned aerial vehicles in Belgian airspace.
The drones are always visible when in use (at a distance of up to 90 m). They are always within sight of the pilot and the observer who are in close proximity.
Drones are deployed at Infrabel's request to verify the proper operation and condition of the rail infrastructure, install systems to ensure network safety and manage incidents or accidents on the network.
In its capacity as operator of such drones, Infrabel is, of course, obliged to process any personal data (such as images that could reveal information about anyone) it might acquire in accordance with the legislation in force (see also Regulation (EU) 2019/947 and the Belgian Royal Decree of 8 November 2020 in this regard).
The list below describes the categories of data we process for these purposes, where your data comes from, the legal basis for this processing activity and with whom we may share the data.
Categories of data processed : video and images, but these are only processed in anonymised form in our IT Systems (so that no personal data is processed).
Categories of data subjects: before anonymisation: local residents, passers-by, railway personnel, after anonymisation: at most, railway personnel (if they enter the railway site, this processing is subject to the employee privacy policy).
Source of data: Drones (according to inventory)
Retention period: 2 weeks (during this time the personal data will be completely anonymised)
Legal basis for the processing: necessary for fulfilling a task of public interest (Article 199, 1°, 2° of the Law of 21 March 1991, - 1° the acquisition, design, construction, renewal, maintenance and management of railway infrastructure; and - 2° the management of the control and safety systems of this infrastructure)
Access to data: Access is granted only to persons who require it in order to process this data.
Recipients of data: /
Infrabel has installed surveillance cameras on its site, in closed areas not accessible to the public.
Pursuant to Article 156 of the Law of 21 March 1991 and Article 24 of the SNCB management contract, SNCB has a Security Operations Centre (SOC) whose tasks include "ensuring the centralised management of camera surveillance and alarm processing".
The surveillance activities performed by the SOC of SNCB on behalf of Infrabel, using the cameras installed on Infrabel's premises, are carried out within the framework of this legal task.
SNCB is responsible for this data processing together with Infrabel. A declaration of these cameras has been submitted in application of the Law on surveillance cameras, and it also meets the requirements of that law (e.g. pictogram, contact with the police, real-time display of images).
Data processing for monitoring purposes, carried out by SNCB SOC on Infrabel's behalf, focuses on the evaluation of potential risks and hazards, and concerns
- railway track trespassers,
- prevention of theft, and criminal acts,
- whether or not to file a complaint with the police (calling the police, handing over images to the police, etc.).
- prevention and control of incidents and accidents, as well as prevention of suicide and anti-trespassing.
The list below describes the categories of data we process for these purposes, where your data comes from, the legal basis for this processing activity and with whom we may share the data.
Categories of data processed: video and images of individuals and car registration plates
Categories of individuals involved: local residents, passers-by, railway personnel and contractors
Source of data: Temporarily deployed (mobile) cameras
Retention period: 30 days
Legal basis for processing: Necessary for fulfilling a task of public interest (Art. 199, 1°, 2° of the Law of 21 March 1991)
Recipients of data: police, prosecutor's office, directly by SOC of SNCB
Access to data: Access is granted only to persons who require it in order to process this data.
Subcontractors: Service provider (Porteyes) and IT supplier (IT platform).
- The SNCB SOC manages all surveillance cameras for Infrabel through NICE / Milestone.
- Porteyes is the operator of the control room and the operator of the Porteyes cameras, on behalf of Infrabel.
- In the event of burglary and/or suicide alarm, the operator transmits the images to the SNCB SOC (location of the burglary, established facts, printout of the alarm screen/CCTV images) for further follow-up (including contact with the police).
Access to data: Access to personal data is limited to the personnel involved in this data processing, including control room (SNCB) operators, SNCB SOC operators, and police officers. Access is granted only by the managers of Infrabel's access processes and is strictly controlled. Infrabel does not have direct access to the camera images for surveillance purposes. In the event of an incident, the SNCB SOC checks the actual images upon request and, if necessary, stores them for the subsequent follow-up of these incidents.
The technical and operational cameras and surveillance cameras, may in certain cases be used for awareness-raising purposes, if identification of individuals is made impossible (anonymisation).
Since the anonymisation of these images also constitutes personal data processing, Infrabel, as the data controller, is of course also obliged to process the personal data in accordance with the applicable legislation.
The list below describes the categories of data we process for these purposes, the source of the data, the legal basis for this processing activity and any parties with whom we may ultimately share the data.
Categories of data processed: video and images (which are anonymised using a blurring technique)
Categories of data subjects: local residents, passers-by, railway personnel
Source of data: technical/operational and surveillance cameras
Retention period: during the anonymisation process and then deleted
Legal basis for the processing: Legitimate interest of Infrabel to raise awareness among local residents and the general public.
Access to data: Access to personal data is limited to staff members involved in this data processing, specifically individual members of Infrabel's Communication Department. The (non-anonymised) source images can only be accessed by these individuals. These anonymised images are not viewed in real time and only relevant images are communicated.
Access is granted only by the managers of Infrabel's access processes and is strictly controlled.
Recipients of the processing: /
The technical and operational cameras, and surveillance cameras, may be used in certain cases for study and analysis purposes.
More specifically, this concerns various projects in which additional statistically relevant information is obtained, as an authorised (compatible) further use of camera images mentioned above, to obtain:
- Statistics for suicide prevention and anti-trespassing
- Study and Analysis of camera infrastructure for railway infrastructure optimisations and improvements.
The list below describes the categories of data we process for these purposes, the source of the data, the legal basis for this processing activity and any parties with whom we may ultimately share the data.
Categories of data processed: video and images (which are anonymised using a blurring technique)
Categories of data subjects: Before anonymisation: railway personnel, subcontractor employees, road users, local residents, passengers (e.g. at head of platform). After anonymisation: none.
Data source: The warning box at some sites (technical & operational cameras, at level crossings), at some locations of anti-trespass cameras and (limited to counts, with and without AI) of the surveillance cameras of Porteyes cameras for counting individuals and vehicles at level crossings.
Retention period: limited to the anonymisation process and then deleted
Legal basis for the processing: necessary for fulfilling a task of public interest (Article 199, 1°, 2° of the Law of 21 March 1991, - 1° the acquisition, design, construction, renewal, maintenance and management of railway infrastructure; and - 2° the management of the control and safety systems of this infrastructure)
Access to data: Access to personal data is limited to staff members involved in this data processing (specifically employees of I-CBE 131). The (non-anonymised) source images can only be accessed by these individuals. These anonymised images are not viewed in real time and only relevant images are communicated.
Access is granted only by the managers of Infrabel's access processes and is strictly controlled.
Recipients of the processing: IT service provider (assisting us in anonymising the data)
The technical management (including access management, calibration and parameter setting) of the various cameras mentioned above is strictly limited and controlled. Before access can be granted, the internal process is required and approved by the Infrabel access process manager. He will do so only after prior consultation with the Legal Department and the Data Protection Officer. This access is checked periodically by Infrabel's Compliance Department.