The City of Ghent processes your personal data with respect for your privacy.
We observe the provisions of the General Data Protection Regulation or GDPR, as your privacy and the protection of your personal data are of the utmost importance to us. The purpose of this privacy policy is to explain the way we process your data.
What are personal data?
Personal data are any data by which the City of Ghent can identify you, either directly or indirectly. On the basis of your name or national register number, we immediately know it’s you (directly), but we are also able to identify you by a combination of your address, age and gender (indirectly). This means that the latter are personal data as well. In short, personal data are all data that can be linked to you in any way, such as your email address, your telephone number or even your IP address (your computer's internet address).
What is the General Data Protection Regulation?
The GDPR is nothing but the new European Privacy Act.
The “Act of 8 December 1992 on the protection of privacy in relation to the processing of personal data”, also known as the “Privacy Act” used to protect your personal data. On 25 May 2018, this old Privacy Act was replaced by a new European Privacy Act: the GDPR or General Data Protection Regulation. This legislation still relates to the “processing” of personal data. The term “processing” is a very broad concept according to that legislation. Everything we do with your personal data falls within the scope of “processing”: we store, consult, forward, sort, distribute, update them, etc.
Who has access to your personal data?
The City of Ghent is the "controller". This means that we determine which data we collect and for what purpose. In legal terms, we determine the "purpose of the processing". But that doesn’t mean that all employees of the City of Ghent have access to everything. Your personal data are only accessible to the departments and employees who need them for their work.
For the processing of personal data, we cooperate with our IT partner Digipolis. They are responsible for the IT of the City of Ghent and as such provide support (in the capacity of "processor") for the processing of your personal data. Digipolis always observes the instructions given by the City.
Digipolis is our main, but not our only data processor. Other companies and organisations can process data on our behalf as well. We have strict agreements with all these processors in order to ensure that they apply the same high privacy standards.
Sometimes the City of Ghent is not the only “controller”. This is for instance the case if projects are undertaken together with other organisations. Often we also have the legal obligation to forward certain data to other public authorities, like the Flemish or federal government. And we also regularly exchange personal data with other authorities and organisations in order to support you and automatically grant you certain services and benefits to which you are legally entitled. This way we can serve you even better.
We will never forward your personal data or make them available to third parties without a valid reason. We only do that with your prior consent or if we are required by law to do so. In those cases we have clear legitimate grounds.
Legal basis to “lawfully” process personal data.
The City of Ghent never uses your personal data without a valid reason. We only use them for purposes for which we have clear legitimate grounds, also called "lawfulness". Our 4 main legitimate grounds are the following:
- You give us your consent to use your personal data for a specific purpose. We will first give you details on what this consent means exactly, how you can easily revoke your consent, with whom we will share your data and how long we are planning to keep your data. This will enable you to give your consent with full knowledge of the facts. An example: You give us permission to use your personal data if you subscribe to a newsletter.
- We process your personal data because you entered into an agreement with the City of Ghent. An example: You call upon the services of one of the residential care facilities of OCMW Gent (public social welfare centre). You are required to conclude an agreement in advance. This agreement states the purposes for which we will use your personal data during your stay in the facility.
- We process your personal data in order to meet a legal obligation or order pursuant to European legislation, federal laws or Flemish decrees and the corresponding implementing decrees. Sometimes the GDPR itself constitutes the legal basis, for instance for statistical or scientific research and for archiving in the general interest. An example: The Civil Affairs department of the City has the obligation to enter data of every Ghent citizen in the population register.
- We use your data in order to perform a task of general interest or to exercise public authority. An example: The City of Ghent gives residents who are entitled to a social benefit free household refuse bags or waste collection credit. There is no law that compels us to do so. The city just does it in the general interest of the residents of Ghent.
In specific cases, we can also process your personal data to protect you. However, we only do this in highly exceptional life-threatening emergency situations or in case of disasters.
Soon you will receive a general overview via this page, which will mention:
- the purposes for which we can use your personal data
- the personal data required for each of those purposes
- the manner in which we lawfully process your personal data
- the period during which we will retain your data
This overview also lists all purposes for which we do need or cannot ask for your permission, and of which we therefore do not inform you in advance.
Sometimes we archive your personal data in accordance with the archival legislation. It is for instance possible that we keep your personal data in our archive for a longer period than the retention period first indicated. In that case the purpose of the processing changes to “archiving in the general interest” and is no longer the purpose for which we first used your data. These archived data will be inaccessible and unreadable for a long time (120 years). During this period, we will not process them in any manner other than strictly required for their retention.
What are your rights?
According to the General Data Protection Regulation, you have a number of rights with respect to the processing of personal data.
Right of access and data portability
You have the right to have access to your personal data and the purposes for which we process them. We will ask you to prove your identity, so as to be certain that we give the right person access to your personal data.
If you request access to your data, you can collect them at the counter in digital form. We will provide them to you in a commonly used format (e.g. pdf or Word). At your request we can provide them in a machine-readable format (e.g. Excel). We can also send a printed version of your data to your place of residence.
You are then entitled to transmit your personal data to another controller, but we are also prepared to take care of the transmission if you want us to and if it is technically possible.
Right to rectification
If you notice that personal data held by the City of Ghent are incorrect or incomplete, you have the right to have them rectified.
Right to be forgotten
In a number of cases you have the right to have your data erased. These cases include:
-
cases where we no longer need your personal data for the purposes for which we processed them originally
- cases where we need your consent to process them and you decide to revoke your consent
- cases where you object to the processing and there are no other justified reasons to continue the processing
- cases where we process your personal data in an unlawful manner in spite of all our efforts
- cases where we are required by law to erase your data
Please note: We often have the obligation to retain your data for a specific period of time and cannot comply or can only partially comply with your request to be forgotten. For instance, you cannot be deleted from the population register.
The right to restriction of processing, the right to object and the right not to be subject to automated decision-making.
You have the right to restrict the processing:
-
if you contest the accuracy of your personal data for a period that allows us to check the accuracy of your data
- if we process your personal data in an unlawful manner in spite of all our efforts, but you prefer that we do not erase your personal data
- if we no longer need your personal data, but you do need them for legal proceedings
- if you object to the processing and there are no other justified reasons to continue the processing
You have the right to object if we process your personal data for the performance of our tasks in the general interest or to exercise public authority. If your interests, rights and liberties outweigh the legitimate grounds of the City of Ghent, we will stop processing your personal data.
The public authorities often determine purely on the basis of a number of characteristics whether you qualify for something (a scholarship, for instance). You are entitled to request human intervention if this may have major consequences for you, unless:
- we have to process your personal data in that manner pursuant to an agreement we concluded with you
- it is legally allowed and your rights and liberties are protected
- you give us your explicit consent
How can you exercise your rights?
You can exercise your rights in different ways:
-
You can submit a request through an email at privacy@stad.gent.
- You can also send us your request by post, to this address:
Data Protection Officer Stad Gent Botermarkt 1 9000 Gent
We will send you a reply as soon as possible: at the latest 30 days after receipt of your request and the proof of your identity. Exercising your rights is normally free of charge. If your request is excessive or if you often make the same request, the City is entitled to charge a fee or refuse your request.
Questions, remarks or complaints?
For any questions, remarks or complaints with respect to your privacy, you can contact the Data Protection Officer of the City:
-
by email at: privacy@stad.gent.
- by letter to:
Data Protection Officer Stad Gent Botermarkt 1 9000 Gent
Furthermore, you always have the right to file a complaint with the Flemish Supervisory Committee.