Privacy statement

Privacy Statement

By Kortrijk, we understand both the City and Public Social Welfare Centre (hereafter OCMW)

Date of last update: September 13, 2024

The protection of your privacy is very important to Kortrijk. In this privacy statement, you will learn more about, among other things:

  • the personal data - digital and on paper - that we process from you
  • the processing purposes and legal grounds for processing your personal data
  • your rights and how you can exercise them
  • the measures we take to protect your personal data

The management of your personal data is carried out in accordance with the applicable regulations (as provided in Regulation (EU) 2016/679 of the European Parliament and the Council of April 27, 2016, concerning the protection of natural persons in relation to the processing of personal data). Kortrijk applies this to both computerized and manual data processing.

We ask you to carefully read this privacy statement before using our services (physically or digitally) and providing your personal data to Kortrijk.

Future adjustments to this privacy statement cannot be excluded. Kortrijk therefore reserves the right to adjust this privacy statement at any time, provided that you are informed via this website.

Terminology

  • "Personal data": data that relates to you as a natural person.
  • "Processing": an operation or a set of operations on personal data, whether or not automated, such as collecting, structuring, storing, consulting, updating, using, combining, deleting, or destroying personal data.
  • "Cookie": small text files that a website stores on your computer or mobile device when you visit the website

Identification

  • "Kortrijk" or "we": the municipal administrative services of the city of Kortrijk, headquartered at Grote Markt 54, 8500 Kortrijk, and OCMW Kortrijk, headquartered at Budastraat 27, 8500 Kortrijk, who are also responsible for processing personal data as stated in this privacy statement.
  • "User" or "you": any natural person, legal entity, or government institution whose data is processed.

Are you a minor (under 16 years old)?

If you are under 16 years of age, we encourage you, before you provide personal data to Kortrijk when visiting our website and/or when visiting our offices, to:

  • Carefully read this privacy statement together with your parents or legal representative
  • Ask for permission from your parents or legal representative for your (online) activities on our website and when you use our services or products.

We ask your parents and legal representatives to:

  • Be involved in the (online) activities on our website and/or the offered services or products.
  • Give explicit permission when providing personal data to Kortrijk.
  • Give explicit permission when purchasing offered services or products.

The personal data we process from you

When you use our services, purchase services or products or visit our website, you can leave certain data with us. This may be personal data that we have obtained directly from you or not. The data is used for various processing purposes with variable retention periods. 

We only process your data if we have a clear and justified purpose for it. This is only possible:

  • to comply with a legal obligation
  • to fulfil our tasks of general interest or a public authority assignment
  • to execute an agreement
  • when you have given permission for this
  • to combat a serious threat to your health

We only share your data with authorities with the explicit permission of the person concerned or if regulations oblige us to do so. 

We use various IT partners to process personal data. As the controller, Kortrijk concludes processing agreements with the IT partners in question to guarantee the maximum privacy of all parties involved.

Photo and video

Within the operation of our services, we can take photos or recordings that also show visitors or users of our services (e.g. residents of residential care centres, visitors to community centres, participants in sports plus activities, etc.). We make a clear distinction between non-targeted and targeted images:

  • Non-targeted images are not intended to clearly show one or a few people, but rather to provide a general impression of the atmosphere. The City and OCMW Kortrijk can use these images for didactic, training and/or promotional purposes, both in printed media and on digital media.
  • Targeted images are individual images or images in which one or a few people are highlighted during a group activity or an image for which a person is posing. For the use of such images, explicit permission will always be requested from the person concerned and it will be indicated for which channels the photo(s) will be used. You can also withdraw this permission at any time.

Correspondence

The correspondence you send to the services of the City and OCMW of Kortrijk is digitised by Bpost and made available internally to the recipient in digital format.

Personalized election messages

Following the elections, electoral rolls are drawn up.

The electoral rolls contain the names, date of birth and main residence of Belgian and non-Belgian voters. 

When political parties or candidates meet the conditions set out in the electoral legislation to obtain an electoral roll, cities and municipalities are obliged to provide them with this list.

The applicants can only use this list for the sole purpose for which it is intended, i.e. direct marketing electoral purposes.

Since the electoral legislation requires the provision of this electoral roll, citizens cannot ask their municipal authorities to delete their personal data from the electoral roll.

If citizens do not want their personal data to be used by political parties for electoral purposes, they can report this to the city council. Their data will then be marked in the electoral roll to indicate to the recipients that they object to the use of their data for direct marketing purposes.

You can do this by sending an email to verkiezingen@kortrijk.be or by appointment at the reception desk of the city hall.

Chatbot / Virtual assistant

The Kortrijk.be website has a public chatbot that offers 24/7 assistance on specific topics. This chatbot only provides generic answers and does not register any personal data. Citizens are not expected to provide personal data in their questions. These conversations are kept for 90 days for analytical and technical purposes. During this period, they can be consulted by the administrator in case of problems.

If the citizen does not receive a satisfactory answer from the chatbot, he can create a ticket via the chatbot for further follow-up by the city of Kortrijk. Personal data of the citizen are registered in this ticket. In that case, the contact details and question are registered. This data is consulted by team 1777 for further processing of the question/report.

The rights and how you can exercise your rights as a user

The rights

In accordance with Article 7.3 and Articles 13 to 22 of the aforementioned Regulation (EU) 2016/679, you have the right, upon written request as stated below, to:

  • withdraw your consent to data processing at any time. However, the withdrawal of your consent does not affect the lawfulness of the processing that took place before the withdrawal of your consent.
  • access your personal data or obtain a copy thereof.
  • have your incorrect personal data corrected or your incomplete personal data completed.
  • have your personal data erased, insofar as the processing is not necessary for compliance with a legal or regulatory obligation, the performance of our task in the public interest, the establishment and exercise of legal proceedings or for archiving purposes.
  • obtain the restriction of the processing of your personal data
  • obtain the portability of your personal data, so that your personal data is forwarded to you or to an organisation named by you, if this is technically possible and the processing is based on your consent or the processing is necessary for the performance of an agreement to which you are a party and the processing is carried out via automated procedures and to the extent that the processing is not necessary for the fulfilment of our task of general interest.
  • object to the processing of your personal data for the purpose of profiling or direct marketing or a decision based solely on automated processing.

The method of exercising

In order to be able to exercise these rights, we ask you to submit a written request to Kortrijk by sending us a dated and signed letter to the above-mentioned address for the attention of the Information Security Committee or by sending an e-mail to privacy@kortrijk.be.

In order to ensure that the request is effectively submitted by the correct person, we ask you to send a (copy of an) identity document with the request. In this copy, black out any personal data that is not strictly necessary for your request or that you do not wish to share with us at that time. 

After receiving your request, we will respond as soon as possible and in any case within one month. Depending on the complexity of the request, this period may be extended by two months. We will inform you of any such extension. 

The exercise of the rights mentioned is free of charge. However, we reserve the right to charge you a reasonable fee for the administrative costs that may be associated with providing the information or taking the measures you request. 

In addition to the rights mentioned above, you also have the right, in accordance with Articles 77 to 82 of the aforementioned Regulation (EU) 2016/679, to:

  • lodge a complaint with a supervisory authority, in particular in the Member State of his habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes this Regulation. In Belgium, these are the Data Protection Authority and the Flemish Supervisory Commission. This can be done by letter or online, as provided in the following link:
  • file a legal remedy against the Data Protection Authority or the Flemish Supervisory Commission for not handling your complaint or not informing you of the progress or outcome of your filed complaint;
  • file a legal remedy with the court against Kortrijk (City or OCMW) for personal data infringement.

The measures to protect your personal data

The measures we use

Kortrijk takes appropriate technical and organisational measures to protect your personal data and to ensure an optimal level of security.

For example, we have taken the following measures:

  • the appointment of a data protection officer, who can be contacted by email at privacy@kortrijk.be in the event of questions or problems;
  • only granting access to certain personal data obtained from you to certain persons who need the personal data to perform their duties;
  • subjecting those persons to confidentiality obligations;
  • keeping a register of processing activities;
  • testing, evaluating and adjusting the effectiveness of our security measures at regular intervals;
  • enforcing guarantees regarding the application of appropriate technical and organisational security measures, in the case of subcontractors who process personal data on behalf of Kortrijk;
  • carrying out a data protection impact assessment prior to processing personal data involving the use of new technologies that pose a high risk to the rights and freedoms of the data subject(s).
  • reporting a breach and other relevant information to the supervisory authority and, where appropriate, to the data subject(s), if it concerns a personal data breach that poses a high risk to the rights and freedoms of the data subject(s);
  • cooperating with the supervisory authorities upon request and consulting the supervisory authorities in the performance of our tasks.

The measures we ask of you

Although we make every effort to protect your personal data, effective protection is only possible if you yourself also take the necessary measures.

We therefore ask you to:

  • provide us with complete and accurate information
  • take the necessary care to ensure the confidentiality of your personal data and any user data (such as username and password). After all, these are strictly personal and non-transferable.

Protocols

The GDPR provides for the obligation to draw up a protocol for each electronic communication of personal data. Below you will find a list of the applicable protocols concluded between Kortrijk and Flemish authorities and external governments:

  • Protocol for the electronic communication of personal data from the Agency for Internal Affairs to the City of Kortrijk in the context of the City Monitor for City Centres > click here.
  • Protocol for the electronic communication of personal data from the City of Kortrijk to the Agency for Internal Affairs in the context of the City Monitor for City Centres (GIS) > click here.
  • Protocol for the electronic communication of personal data from the Agency for Care and Health to the City of Kortrijk in the context of the transfer of personal data in accordance with article 34/1 of the decree of 21 November 2003 on preventive health policy > click here.
  • Protocol for the electronic communication of personal data from the City of Kortrijk to PZ Vlas in the context of the transfer of personal data in accordance with article 34/1 of the decree of 21 November 2003 on preventive health policy > click here.
  • Protocol for the electronic exchange of personal data between the provincial governor of West Flanders and the City of Kortrijk in the context of the Leie and Meander river restoration project > click here.
  • Protocol for the electronic exchange of personal data between the City of Kortrijk and Meemoo in the context of the (mutual) exchange of Material and Metadata > click here.
  • Protocol for the electronic exchange of data between VLAIO and the City of Kortrijk in the context of the control of corona support measures for companies > click here.
  • Protocol to frame the electronic communication of personal data between the Agency for Justice and Enforcement and the City of Kortrijk in the context of access to the Flemish Enforcement Platform > click here.
  • Protocol for the mutual electronic communication of personal data between the Agency for Home Affairs, the Agency for Housing in Flanders, the City of Kortrijk and the OCMW of Kortrijk, in the context of the Flemish Housing Tool and the housing of temporarily displaced persons from Ukraine, in order to map the Flemish supply of shelter places > click here.

Deliberations

  • FO no. 04/2017 9 March 2017 (Recent land registry data) Deliberation on granting a general authorisation to the Flemish cities and municipalities to receive personal data electronically from the General Administration of Heritage Documentation ("AAPD") for the application of various provisions under the Flemish regulations by the cities and municipalities.
  • FO no. 18/2015 28 May 2015 (DIV in connection with GAS fines) Deliberation on granting a general authorisation to the cities and municipalities, the autonomous municipal companies and the Brussels Capital Parking Agency to receive personal data electronically from the Vehicle Registration Directorate (hereinafter referred to as the "DIV") for the identification and punishment of offenders of municipal regulations or ordinances.
  • FO no. 14/2016 of 21 January 2016 (DIV) Deliberation on the one-off authorisation to grant municipalities access to the DIV register for the identification of persons who, through the use of a vehicle, are liable to pay a parking fee, tax or parking charge - Revision of the deliberation
  • FO no. 05/2015 of 19 March 2015 (AF-MA-2015-099). RR no. 13/2013 of 13 February 2013 (National register data of non-residents) Application by the VVSG on behalf of municipalities to gain access to the information data of the National Register with a view to carrying out the tasks entrusted to them.
  • RR no. 28/2009 18 May 2009 (National Register data for libraries) Application from Bibnet on behalf of the Dutch-language public libraries in Flanders and Brussels to obtain access to the information data of the National Register for the identification and management of their members.
  • RR no. 38/2009 17 June 2009 Application submitted by the Federal Public Service Information and Communication Technology (Fedict) to be authorised to obtain certain data from the National Register in order to pass them on to the population services in the context of the eBirth application. (RN/MA/2009/016)

Revisions

Questions and comments

If you have any questions or comments after reading this privacy statement, you can always contact the Data Protection Officer (DPO) for Kortrijk, Mr. Nick Vandommele. T 0473 86 26 19 | privacy@kortrijk.be

Cookie Statement

Cookies are used to optimize the functionality and user experience of a website. The cookies are not passed on to third parties.

All information regarding the used cookies and our cookie policy can be found here.