Kortrijk refers to both the City and its Public Centre for Social Welfare (hereinafter: OCMW)
Date of last update: 6 December 2022
Kortrijk takes the protection of your privacy very seriously.
In this privacy statement, you will learn more about:
- the personal data – digital and paper – that we process about you
- the processing goals and legal grounds on which we process your personal data
- your rights and how to exercise them
- the measures we take to protect your personal data
- ‘Kortrijk’ or ‘we’ means the municipal administrative services of the City of Kortrijk with headquarters at Grote Markt 54, 8500 Kortrijk and OCMW Kortrijk, headquartered at Budastraat 27, 8500 Kortrijk, which are also responsible for processing personal data as included in this privacy statement.
- ‘User’ or ‘you’ means any natural person, legal entity or public body whose data are processed.
- ‘Personal data’: data relating to you as a natural person.
- ‘Processing’: any operation, or set of operations, performed on personal data, whether automated or not, such as e.g. the collection, structuring, storage, consultation, updating, use, combination, erasure or destruction of personal data.
- ‘Cookie’: small text files that a website stores on your computer or mobile device when you visit the website.
Your personal data are handled in accordance with the applicable regulations (as provided for in (EU) Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data). Kortrijk applies this to both computerised and manual data processing.
We ask you to read this privacy statement thoroughly before using our services (physically or digitally) and passing on your personal data to Kortrijk.
Since any future amendments to this privacy statement cannot be ruled out, Kortrijk reserves the right to amend this privacy statement at any time, provided that you are duly informed of this via this website.
Are you a minor (under 16)?
If you are under 16 years old, we would advise you, before providing personal data to Kortrijk when visiting our website and/or when visiting our offices, to:
- read this privacy statement thoroughly together with your parents or legal representative.
- seek the consent of your parents or legal representative for your (online) activities on our website and when you use our services or products.
We ask your parents and legal representatives to:
- be involved in the (online) activities on our website and/or the services or products on offer.
- give explicit consent when providing personal data to Kortrijk.
- give explicit consent when purchasing services or products on offer.
The personal data we process about you
When you avail yourself of our services, purchase services or products, or visit our website, it is likely that you leave certain data with us. This may involve personal data that we have obtained directly or indirectly from you.
The data are used for various processing purposes with variable retention periods.
We only process your data if we have a manifest and legitimate reason for doing so. This can only be:
- to fulfil a legal obligation
- to fulfil our duties of public interest or a mission of public authority
- to execute an agreement
- upon your consent
- to combat a serious threat to your health.
We share your data with agencies only subject to the explicit consent of the party concerned or if legislation requires us to do so.
We use various IT partners to process personal data. As the party responsible for processing, Kortrijk concludes processing agreements with the IT partners in question with a view to guaranteeing the privacy of all those involved wherever possible.
Photo and video
As part of our services, we may take photos or recordings that also show visitors or users of our services (e.g. residents of residential care centres, visitors to community centres, participants in ‘sport plus’ activities, etc.). In this connection, we draw a clear distinction between non-specific and specific photos:
- Non-specific photos do not seek to clearly depict one or a few people, but rather sketch a general atmosphere. The City and OCMW Kortrijk can use these photos for didactic, educational and/or promotional purposes, both in printed and on digital media.
- Specific photos include individual photos or photos in which one person or a few people are highlighted during a group activity, or a posed photo. Permission to use such photos will always be explicitly sought from the people concerned and it will be indicated for which channels the photo(s) will be used. This permission can be withdrawn at any time.
The correspondence you send to the municipal administrative services of the City of Kortrijk and OCMW Kortrijk is digitised by Bpost, and made available digitally to the addressees internally.
The rights and how to exercise your rights as a user
In accordance with Article 7.3 and Articles 13 to 22 of said (EU) Regulation 2016/679, upon written request as mentioned below, you are entitled to:
- withdraw your consent to data processing at any time.
However, withdrawing your consent does not affect the lawfulness of the processing carried out prior to the withdrawal of your consent.
- access or obtain a copy of your personal data.
- have your incorrect personal data corrected or your incomplete personal data completed.
- have your personal data erased, insofar as they do not need to be processed for the fulfilment of a legal or regulatory obligation, the performance of our public interest task, the institution and exercise of legal proceedings or for archiving purposes.
- obtain the restriction of the processing of your personal data.
- obtain the transferability of your personal data, so that your personal data can be transmitted to you or to an organisation named by you, provided this is technically possible and the processing is based on your consent or the processing is necessary for the performance of an agreement to which you are a party and the processing is carried out through automated processes and insofar as the processing is not necessary for the performance of our public interest task.
- object to the processing of your personal data for the purposes of profiling or direct marketing or any decision based solely on automated processing.
The mode of exercise
To exercise these stated rights, we ask you to submit a written request to Kortrijk by sending us a dated and signed letter to the above address for the attention of the Informatieveiligheidscomité (Information Security Committee) or by sending an e-mail to email@example.com.
To ensure that the request has been submitted by the right person, we ask you to send some form of ID (copy) along with the request. In this copy, black out any personal data that are not strictly necessary for your request or that you do not wish to share with us at that time.
Upon receipt of your request, we will respond as soon as possible and in any case within one month. Depending on the complexity of the request, this period may be extended by two months. We will notify you of such extension.
The exercise of the aforementioned rights is free of charge. Nevertheless, we reserve the right to charge you a reasonable fee for the administrative costs that may be involved in providing the information you have requested or taking the action you have requested.
In addition to the rights listed above, pursuant to Articles 77 to 82 of said (EU) Regulation 2016/679, you are also entitled to:
- lodge a complaint with a supervisory authority, in particular in the Member State where you usually reside, have your place of work or where the alleged infringement has been committed, if you consider that the processing of personal data concerning you infringes this Regulation. In Belgium, these are the Gegevensbeschermingsautoriteit (Data Protection Authority) and the Vlaamse Toezichtscommissie (Flemish Supervisory Commission). This can be done by letter or online, as provided in the following link:
- seek a judicial remedy against the Data Protection Authority or the Flemish Supervisory Commission for not handling your complaint or not informing you of the progress or outcome of your lodged complaint;
- bring an action in court against Kortrijk (City or OCMW) for personal data breach.
The measures to protect your personal data
The measures we take
Kortrijk takes appropriate technical and organisational measures to protect your personal data and to ensure an optimum level of security.
Accordingly, we have taken the following measures:
- the appointment of a data protection officer, who can be contacted in case of questions or problems via e-mail at firstname.lastname@example.org.
- granting access to certain personal data obtained from you only to certain persons who need the personal data to perform their duties.
- subjecting those persons to confidentiality commitments.
- keeping a register of processing activities.
- testing, evaluating and adjusting the effectiveness of our security measures at regular intervals.
- enforcing guarantees regarding the application of appropriate technical and organisational security measures, in case of subcontractors processing personal data on behalf of Kortrijk.
- carrying out a data protection impact assessment prior to the processing of personal data involving new technologies that pose a high risk to the rights and freedoms of those involved.
- reporting a breach and other important info to the supervisory authority and, where appropriate, to those involved, if it involves a personal data breach that poses a high risk to the rights and freedoms of those involved.
- cooperating with supervisory authorities when requested and consulting them in the performance of our duties.
The measures we ask you to take
Although we make every effort to protect your personal data, effective protection is only possible if you take the necessary measures yourself.
Accordingly, we ask you to:
- provide complete and accurate information to us.
- take due care to ensure the confidentiality of your personal data and any user data (such as usernames and passwords). After all, these are strictly personal and non-transferable.
The GDPR provides for the obligation to draw up a protocol for any electronic communication of personal data. Below is a list of the applicable protocols concluded between Kortrijk and Flemish bodies and external authorities:
- Protocol for electronic communication of personal data from the Agentschap Binnenlands Bestuur (Domestic Administration Agency) to the City of Kortrijk in the context of the Stadsmonitor voor Centrumsteden (City Monitor for Major Cities) > click here.
- Protocol for electronic communication of personal data from the City of Kortrijk to the Agentschap Binnenlands Bestuur (Interior Administration Agency) in the context of the Stadsmonitor voor Centrumsteden (City Monitor for Major Cities) (GIS) > click here.
- Protocol for the electronic communication of personal data from the Agentschap Zorg en Gezondheid (Agency for Care and Health) to the City of Kortrijk in the context of the transmission of personal data in accordance with Article 34/1 of the Decree of 21 November 2003 on preventive health policy > click here.
- Protocol for the electronic communication of personal data from the City of Kortrijk to Police Zone Vlas in the context of the transmission of personal data in accordance with Article 34/1 of the Decree of 21 November 2003 on preventive health policy > click here.
- Protocol for the electronic exchange of personal data between the West Flanders Provincial Governor and the City of Kortrijk in the context of the river restoration project Leie and meander > click here.
- Protocol for the electronic exchange of personal data between the City of Kortrijk and Meemoo in the context of the (mutual) exchange of Material and Metadata > click here.
- Protocol for the electronic exchange of data between VLAIO and the City of Kortrijk in the context of the inspection of Corona support measures to enterprises > click here.
- FA No 04/2017 9 March 2017 (Recent land registry data)
Deliberation about granting the Flemish cities and municipalities a general authorisation for the electronic receipt of personal data from the Algemene Administratie van de Patrimoniumdocumentatie (hereinafter: AAPD) (General Administration of Patrimony Documentation) for the application of various provisions under the Flemish regulations by the cities and municipalities.
- FA No 18/2015 28 May 2015 (Vehicle Registration Office (hereinafter: DIV) in connection with municipal administrative sanctions (hereinafter: GAS fines)
Deliberation about granting the Cities and Municipalities, the autonomous municipal companies and the Brussels Capital Parking Agency a general authorisation for the electronic receipt of personal data from the DIV for the identification and punishment of violators of municipal regulations or decrees.
- FA No 14/2016 of 21 January 2016 (DIV)
Deliberation on the one-off authorisation to grant municipalities access to the DIV's directory for the identification of persons owing parking fees, taxes or parking charges through the use of a vehicle - Review of deliberation FO No 05/2015 of 19 March 2015 (AF-MA-2015-099).
- NR No 13/2013 13 February 2013 (National Register data of non-residents)
Application by the Association of Flemish Cities and Municipalities (hereinafter: VVSG) for the benefit of municipalities to access information data from the National Register for the purpose of carrying out the tasks entrusted to them.
- NR No 28/2009 18 May 2009 (National Register data for libraries)
Application by Bibnet on behalf of Dutch-language public libraries in Flanders and Brussels to obtain access to National Register information data for the identification and management of their members.
- NR No 38/2009 17 June 2009
Application submitted by the Federal Public Service Information and Communication Technology (Fedict) to be authorised to obtain some data from the National Registry to pass on to citizens’ service points as part of the eBirth application. (RN/MA/2009/016)
Previous versions of this privacy statement can be found below:
- version 221121
- version 221017
- version 220807
- version 220621
- version 220530
- version 220331
- version 210830
- version 210709
- version 210625
- version 210506
- version 210301
- version 210222
- version 210118
- version 200910
- version 200907
- version 190327
Questions and or comments
Should you have any questions or comments after reading this privacy statement, feel free to contact the Data Protection Officer (DPO) for Kortrijk, Mr Nick Vandommele at any time.
T 0473 86 26 19 | email@example.com