Skip to main content

Infrabel General Privacy Policy

Last revised on 24 January 2023
 

  1. SCOPE OF THIS PRIVACY POLICY

This privacy policy (the "Policy" or the "Privacy Policy") describes how Infrabel collects, uses, consults or otherwise processes a natural person's Personal Data. For the purposes of this Privacy Policy, any reference to "Infrabel", "we" or "us" refers to Infrabel SA, registered at the Crossroads Bank for Enterprises under number 0869.763.267, having its registered office at Place Marcel Broodthaers 2, B-1060 Brussels, telephone number +32 (0)2 525.22.11, email address internet@infrabel.be. In all situations described in this Policy, Infrabel will process your Personal Data as a Controller.  You can contact Infrabel's Data Protection Officer at DPO@infrabel.be.

TUC RAIL is a subsidiary of Infrabel. TUC Rail's privacy notice is similar to Infrabel's Privacy Policy. The latest version of TUC Rail's privacy notice can be found here.

We are committed to protecting the privacy of our users and customers. The purpose of this Privacy Policy serves to inform you about how we collect, define and use information that would allow us to identify you, such as your name, email address or other contact information, online identifiers such as IP address or any other information you provide to us when using our website or our services.

We therefore ask you to take a moment to read this Privacy Policy carefully. It describes various data processing operations (including those related to your use of our website, your use of our contact forms and the use of our chatbot).

Our "website" means our main website www.infrabel.be and the sub-websites for which no specific privacy policy exists (such as www.info.infrabel.be or www.press.infrabel.be) or the external websites owned by us that link to this Privacy Policy (such as www.destrafsteploeg.be). If the website in question does contain a privacy policy, this privacy policy takes precedence over our "website" (e.g. www.jobs.infrabel.be and https://opendata.infrabel.be).

The most recent version of the Privacy Policy can be found here.  It will be updated periodically to reflect any changes in statutory requirements, processing or new features or services we may add. These changes will be announced through our information channels (including our website) and will take effect upon their announcement.
 

  1. APPLICABLE LEGISLATION

For the purposes of the Privacy Policy, the term "Data Protection Legislation" shall refer to Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the "GDPR"), as well as any other legislation and/or regulation introduced pursuant to the GDPR and the e-Privacy legislation, or which implements, amends, replaces or consolidates them or any one of them, and any other applicable legislation relating to the processing of Personal Data and privacy.

Below are the details of the various types of processing of Personal Data.
 

  1. WEBSITES, APPS AND SOCIAL MEDIA
  2. LOCAL RESIDENTS
  3. CAMERAS
  4. RAIL SAFETY
  5. COMMUNICATION
  6. HUMAN RESOURCES
  7. WHAT ARE YOUR RIGHTS?

Once you have provided us with your Personal Data, the Data Protection Legislation grants you several rights. Barring legal exceptions, you may, in principle, exercise them free of charge. These rights may be limited, for example, if granting a request would reveal Personal Data of another person, or if you ask us to delete information that we are required by law to keep or that we keep based on our legitimate interests.

To exercise your rights, you may submit a request by email to DPO@infrabel.be or by letter to the following address: Infrabel, for the attention of the Data Protection Officer, Place Marcel Broodthaers 2, B-1060 Brussels. In this case, please attach a copy of a proof of ID so that we can identify you.

Should you still have unanswered concerns, you have the right to file a complaint with the Data Protection Authority at any time. We of course encourage you to resolve any concern you have, with us, but, to the extent that this right applies to you, you are entitled to complain directly to the Data Protection Authority.

RIGHT TO WITHDRAW CONSENT

Wherever we rely on your consent, you will be able to choose to withdraw that consent at any time and on your own initiative by contacting us here. Withdrawing your consent does not affect the lawfulness of the processing based on your consent until the time of your withdrawal.

RIGHT TO ACCESS AND RECTIFY YOUR DATA

You have the right to access, evaluate and rectify your Personal Data. You may be entitled to ask us for a copy of your information in order to evaluate and/or correct it. If you wish to correct information such as your name, email address, address and/or any other data or preferences, you can easily do so by contacting us. You may also ask us for a copy of the Personal Data we process, as described in this Privacy Policy.

RIGHT TO ERASURE

In accordance with Data Protection Legislation, you have the right to have your Personal Data processed by us erased as described in this Privacy Policy, in case it is no longer necessary for the purposes for which it was initially collected or processed, or if you have withdrawn your consent or objected to any processing described in this Privacy Policy and no other basis for processing exists. If you wish your Personal Data to be erased, a request can be made by contacting us. 

RIGHT TO RESTRICTION OF PROCESSING

Under certain circumstances, described in the Data Protection Legislation, you may ask us to restrict the processing of your Personal Data. This is the case, for example, if you dispute the accuracy of your Personal Data. In this case, we will restrict processing until we are able to verify the accuracy of your data.

RIGHT TO OBJECT TO PROCESSING

Under certain circumstances, described in the Data Protection Legislation, you may object to the processing of your Personal Data, including but not limited to when your Personal Data is processed for direct marketing purposes.

RIGHT TO DATA PORTABILITY

Where the processing of your Personal Data is carried out through automated processes and is based on your consent or the execution of a contract between you and us, you have the right to receive your Personal Data processed by us in a structured, common and machine-readable form and to transfer  your Personal Data to another service provider.
 

  1. SECURITY MEASURES

We have put in place appropriate technical and organisational measures to ensure an appropriate level of security for your Personal Data. These measures include (but are not limited to) encryption techniques, physical and IT system access controls, confidentiality obligations, and so forth.

In the event that Personal Data is compromised as a result of a Personal Data Breach, and where such a breach is likely to pose a risk or high risk to the rights and freedoms of individuals, we will make the necessary notifications as provided for in the Data Protection Legislation.
 

  1. WHAT RULES APPLY TO CHILDREN?

We do not knowingly collect or solicit Personal Data from persons under the age of 16, except with the consent of a child's statutory representative, and in specific cases.

Should we become aware that we have collected Personal Data from a child under the age of 16, without verification of parental consent, we will take steps to ensure deletion of this data as soon as possible. If you believe we (may) have collected data from/about a child under the age of 16, please contact us.
 

  1. HOW IS YOUR PERSONAL DATA SHARED WITH THIRD PARTIES?

We only share or disclose information, including to Third Parties, as described in this Privacy Policy.

In addition, your Personal Data will also be shared with government authorities and/or police officers when necessary for the purposes described above, if mandated by law or if required for the legal protection of the Data Controller's legitimate interests in accordance with applicable law.
 

  1. ARE YOUR PERSONAL DATA TRANSFERRED TO A COUNTRY OUTSIDE THE EEA?

For the purposes described in this Privacy Policy, your data will generally be held within the European Economic Area ("EEA") and will only be transferred to a country or countries outside the EEA that is or are recognised by the European Commission as providing an adequate level of data protection. In the event that your data were to be nevertheless be transferred to or held in a country outside the EEA that is not recognised as providing an adequate level of protection, Infrabel will take appropriate security measures to ensure that the transfer complies with the requirements of the Data Protection Legislation.

If you would like more information on how Infrabel applies the above in relation to your Personal Data, please contact us.
 

  1. HOW LONG WILL WE KEEP YOUR PERSONAL DATA?

We will retain your Personal Data for as long as necessary to fulfil the processing activities set out in this Privacy Policy, as long as you have otherwise been notified or as long as permitted by applicable law.
 

  1. WHAT HAPPENS IF WE MAKE CHANGES TO THIS PRIVACY POLICY?

Infrabel reserves the right to occasionally update and/or make changes to this Privacy Policy. We will draw your attention to these changes where they involve a fundamental change to the processing or where the changes are relevant to the nature of the processing or are relevant to you and affect your data protection rights.
 

  1. HOW TO CONTACT US

If you have questions, requests, comments or complaints regarding this Privacy Policy, please do not hesitate to contact us via:

DPO@infrabel.be

or

Infrabel SA Data Protection Officer Place Marcel Broodthaers 2 B-1060 Brussels