Skip to main content
Brussels Smart City Home

Privacy Policy

Data Controller

The Brussels Regional Informatics Centre (hereinafter referred to as the "BRIC") - Avenue des Arts, 21 - 1000 Brussels

Contact email: communication@cirb.brussels

Contact email for any request relating to individual rights: privacy@cirb.brussels

Processor Go Vocal NV - Meusegemstraat 105 - 1861 Wolvertem

Contact email address: support@CitizenLab.co

1. Privacy statement

The BRIC draws up this Privacy Statement, the purpose of which is to inform Users of the website hosted at the following address: https://participate.smartcity.brussels/ (hereinafter the "Site"), of the manner in which personal data is collected and processed, in full transparency.

The term "User" refers to any user, either a natural or legal person, who visits or interacts in any way with the Site.

In this regard, the BRIC shall determine all the technical, legal and organisational means and purposes of processing Users' personal data. To this end, the BRIC undertakes to take all necessary measures to ensure the processing of personal data in accordance with Regulation (EU) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the "Regulation") and the Law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data (hereinafter the "Law").

The BRIC is free to choose any natural or legal person who processes users' personal data at its request and on its behalf (hereinafter the "Processor"). The BRIC undertakes to select a Processor, Citizen Lab, which offers sufficient guarantees as to the technical and organisational security measures for the processing of personal data, with respect to the Law and the Regulation. 

2. What are personal data?

In this Privacy Statement, personal data refers to information or parts of information that can identify you. An identifiable person is a person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors related to physical, physiological, mental, economic, cultural or social identity. A typical example of personal data is your name and e-mail address. 

3. Which personal data do we collect and process?

When visiting and using the Site, the User consents to the fact that we may collect and process their personal data during the registration process on the platform, according to the terms and principles described in this Privacy Statement. 

The personal data that we may collect from you and that we may process are:

•      Username (required);

•      E-mail address (required);

•      Surname and first name (optional);

•      Age (optional);

•      Educational level (optional);

•      Region (neighbourhood) where you live (optional).

4. What are the purposes of processing? 

In accordance with article 13 of the Regulation, the purposes of the processing of personal data are communicated to the User and are as follows:

The general purpose is to gather ideas and comments from members of the public regarding the "smart city" initiative of the Brussels-Capital Region.

We use your personal data for the following purposes:

•      To create and maintain your user profile on this site; 

•      To manage user identification and authentication.

•      To provide information about your municipality and/or news that may be of interest to you.

The personal data will be kept and processed only for the period necessary to achieve the purposes of the processing. The data will then be deleted or made anonymous.

5. Consent

By accessing and using the Site, the User declares that they are aware of and agree freely, specifically, knowingly and unequivocally to the processing of personal data concerning them. This agreement pertains to the contents of this Privacy Statement.

Consent is given by the conscious act whereby the User has ticked the box displaying the Privacy Statement in the hyperlink. This consent is an essential condition for carrying out certain operations on the Site or for enabling the User to enter into a contractual relationship with the BRIC. Any contract between the BRIC and the User relating to the services offered on the Site is subject to the User's acceptance of the Privacy Statement.

The User agrees that the Data Controller may process and collect the personal data that they communicate on the Site for the purposes indicated above, in accordance with the methods and principles contained in this Privacy Statement.

6. Cookies and monitoring of online activity

This site uses cookies, which are small data files stored on your device to record information, in order to store your preferences and other information from one visit to the next.

The site visit statistics are processed by "Google Analytics". The information is made anonymous so that no link can be made to your identity.

You can find our more information about cookies in our Cookie policy.

7. Where do we transmit your personal data?

The collected and processed personal data are for the exclusive use of the Data Controller. Under no circumstances will they be transferred to a third party or in any country outside Belgium.

8. Duration of retention of Users' personal data

In accordance with Article 13 §2 of the Regulation and the Law, the Data Controller shall only keep personal data for the time reasonably necessary to allow the fulfilment of the purposes for which they are processed.

This duration is in any case less than 1 year.

9. Data Protection Officer (DPO)

The DPO shall perform the tasks described in Article 39 of the Regulation. The DPO can be contacted as follows:

·       by email: dpo@cirb.bussels

·       or by mail at the following address: Data Protection Officer, BRIC, Avenue des Arts 21, 1000 Brussels, Belgium.e.

10. What are your rights?

a. Right of access

In accordance with article 15 of the Regulation, the User has the right to access their personal data and the following information at any time and free of charge:

•      the purposes of the processing

•      the categories of personal data concerned

•      the recipients or categories of recipients to whom the personal data have been or will be disclosed

•      where possible, the intended retention duration of the personal data or, where this is not possible, the criteria used to determine this duration

•      the existence of automated decision making, including profiling, as referred to in Article 22(1) and (4) of the Regulation, and, at least in similar cases, relevant information concerning the underlying rationale and the importance and intended consequences of the processing operation for the data subject

The Data Controller may require payment of a reasonable fee based on administrative costs for any additional copies requested by the User.

If the User submits this request electronically (e.g. via e-mail address), the information shall be provided in a commonly used electronic format, unless the User requests otherwise.

A copy of the User's data will be communicated to the User no later than one month after receipt of the request.

b. Right of rectification

The BRIC guarantees the User's right to the rectification and erasure of personal data.

In accordance with Article 16 of the Regulation, incorrect, inaccurate or irrelevant data may be rectified or erased at any time. The User shall first make the necessary changes themselves from their user/other account, unless these changes cannot be made independently, in which case the request can be made to the BRIC.

In accordance with Article 19 of the Regulation, the Data Controller shall notify each recipient to whom the personal data have been disclosed of any rectification of the personal data, unless such communication proves impossible or requires a disproportionate effort. The Data Controller shall provide the data subject with information on these recipients if the latter so requests.

c. Right of erasure

The User has the right to obtain the erasure of their personal data as soon as possible in the scenarios listed in article 17 of the Regulation.

If the Data Controller has made the personal data public and is under an obligation to erase them pursuant to the previous paragraph, the latter shall, taking into account the available technologies and the costs of implementation, take reasonable measures, including technical measures, to inform other data controllers who process such personal data that the data subject has requested the erasure by those data controllers of any link to, or any copy or reproduction of, such personal data.

The two preceding paragraphs shall not apply insofar as such processing is necessary:

•      for exercising the right to freedom of expression and information;

•      for complying with a legal obligation which requires processing in accordance with Union law or the law of the Member State to which the data controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the data controller;

•      for establishing, exercising or defending legal rights.

In accordance with Article 19 of the Regulation, the Data Controller shall notify each recipient to whom the personal data have been disclosed of any erasure of the personal data or any restriction of the processing carried out, unless such communication proves impossible or requires a disproportionate effort. The Data Controller shall provide the data subject with information on these recipients if the latter so requests.

d. Right to restrict processing

The User has the right to obtain the restriction of the processing of their personal data in the scenarios listed in article 19 of the Regulation.

In accordance with Article 19 of the Regulation, the Data Controller shall notify each recipient to whom the personal data have been disclosed of any restriction of the processing carried out, unless such communication proves impossible or requires a disproportionate effort. The Data Controller shall provide the data subject with information on these recipients if the latter so requests.

e. Right to data portability

In accordance with Article 20 of the Regulation, Users have the right to receive their personal data from the BRIC in a structured, commonly used and machine-readable format. Users have the right to transfer such data to another data controller without the BRIC obstructing it in the cases provided for in the Regulation.

If the User exercises their right to data portability pursuant to the previous paragraph, they are entitled to have their personal data transferred directly from one data controller to another, where this is technically possible.

Exercising the right to data portability is without prejudice to the right of erasure. This right does not apply to the processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.

The right to portability does not affect the rights and freedoms of third parties.

f. Automatic decision-making and profiling

The processing of your personal data does not include profiling and is not subject to automated decision-making by the BRIC.

g. Right to lodge a complaint

The User has the right to lodge a complaint concerning the processing of their personal data by the BRIC with the Data Protection Authority, competent for the Belgian territory. More information can be found on the website: https://www.dataprotectionauthority.be/.

Complaints can be lodged at the following addresses:

Data Protection Authority, rue de la presse 35, 1000 Brussels

Tel: +32 2 274 48 00

Fax: +32 2 274 48 35

E-mail: contact@apd-gba.be

The User may also lodge a complaint with the Court of First Instance of their place of residence. 

11. Limitation of the liability of the Data Controller

The Website may contain links to other websites owned by third parties unrelated to the BRIC. The content of these sites and their compliance with the Law and the Regulation is not the responsibility of the BRIC.

The holder of parental authority must give their express consent for a minor under 16 years of age to disclose personal information or data on the website. The BRIC strongly advises persons exercising parental authority over minors to encourage responsible and secure use of the Internet. The Data Controller cannot be held liable for having collected and processed information and personal data from minors under 16 years of age whose consent is not effectively covered by that of their legal parents or for incorrect data - in particular concerning age - submitted by minors. Under no circumstances shall personal data be processed by the Data Controller if the User specifies that they are under 16 years of age.

The BRIC is not responsible for the loss, corruption or theft of personal data caused in particular by the presence of viruses or following computer attacks.

12. Applicable law and competent jurisdiction

This Privacy Statement is governed exclusively by Belgian law. Any dispute shall be brought before the courts of the judicial district of the registered office of the BRIC.

13. Contact

For any questions or complaints relating to this Privacy Statement, the User may contact the Data Controller at the following address:

Brussels Regional Informatics Centre

Avenue des Arts, 21 – 1000 Brussels

communication@cirb.brussels