Use of Infrabel platforms
1. Personal data
By simply connecting to the Infrabel platforms, some data concerning the End User may become known to INFRABEL and external providers (such as Microsoft). Infrabel may collect information about your visit, such as :
- Identification data: surname, first name, organization;
- Contact details: email address, phone number;
- Preferences: language
- Technical data: data relating to the end user’s use of the applications, such as status, registration date, deactivation date, date of the last password reset, the IP address you use to connect, the date and time of your visit, the pages and applications you view, and the browser and operating system you use. These data will be used to improve and ensure the proper functioning of the various tools.
By simply connecting to Infrabel Microsoft 365 tools such as Teams group, some data concerning the user may become known to Infrabel or Microsoft, the supplier of the Microsoft Teams tool.
These data enable Microsoft and the administrator of Microsoft Office 365 tools within Infrabel to have access to statistics on use, errors and quality in relation to these tools.
These data are of the type:
- Census data: these data are collected for the purpose of providing, supporting and improving Microsoft products and their functionality. They include environmental information such as the versions of the devices and operating systems used, as well as regional and language settings. They also include the number of connection attempts and failures.
Census data do not at any time contain information that could identify an individual or a company. More specifically, they mainly concern:
Data type - Example
AppName - iPhoneSkype
DeviceModel - iPhone
OSName - iPhoneiOS
OSVersion - 13.3
UserLanguage - BE-FR - Usage data: usage data include information such as the number of calls, the number of instant messages sent or received, the number of meetings, the frequency of features used and application stability issues. Usage data may contain information that makes it possible to identify the organisation that owns the Teams group, such as “infrabel.be”. Usage data do not at any time contain information that could identify an individual. More specifically, they mainly concern:
Data type - Example
IM Sent - 12
IMReceived - 5
Join a meeting (attempts) - 5
Join a meeting (success) - 4
Call/meeting minutes - 30 mins
FederationPartner - infrabel.be - Error reporting data: error reporting data may include information on performance and reliability, device configuration, network connection quality, error codes, error logs, etc.
The data may also contain personally identifiable information such as the End User’s IP address. More specifically, they mainly concern:
Data type - Example
Message direction - Incoming
Conversation state - Idle
Conversation thread ID - AdDO8hsJqilU93hQHC3OZaPR2saEA==
UserID - Amosmarble
To find out more about how Microsoft processes personal data when using the tools concerned, we invite you to consult Microsoft’s privacy documentation available at the following link: https://docs.microsoft.com/en-us/microsoftteams/teams-privacy.
2. Purposes and basis of the processing of personal data
Personal data are processed for the following purposes, based on the following legal bases:
- Proper functioning of the platforms (including IT security and maintenance): processing is necessary for the performance of the contract with the User (Art. 6(1)(b) GDPR).
- Access management: processing is necessary for the performance of the contract with the User (Art. 6(1)(b) GDPR).
- Management of incidents relating to access to and use of the platforms: processing is necessary for the performance of the contract with the User (Art. 6(1)(b) GDPR).
- Sending informational emails and/or surveys about the use of the platforms: processing is based on the legitimate interest of the controller (Art. 6(1)(f) GDPR).
- Sending emails with information necessary in the context of crisis management: processing is necessary for the performance of the contract with the User (Art. 6(1)(b) GDPR).
- Compliance with Infrabel’s legal obligations: processing is necessary in order to comply with Infrabel’s legal obligations (Article 6(1)(c) GDPR).
3. Recipients of personal data
Personal data are processed and managed exclusively by the relevant and competent Infrabel staff members, or by Infrabel subcontractors (such as Microsoft) acting in accordance with its instructions for the purposes indicated above.
4. Retention of personal data
Personal data that we process in accordance with this policy will be retained for a maximum of one year after deactivation of the End User with access to the Infrabel platforms. Personal data no longer required to be stored in accordance with legal requirements shall be securely deleted.