Privacy declaration

Privacy Statement

For the purpose of this Privacy Statement, the following terms have the meanings ascribed to them below :

  • ‘NGI’ or ‘we’: the National Geographic Institute, with statutory office at Avenue de Cortenbergh 115, 1000 Brussels, which is the provider of this website, these services and products. The NGI is also responsible for the processing of the personal data as described in this Privacy Statement ;
  • ‘User’ or ‘you’: every natural person, legal entity or government agency using this website, the services and/or products offered ;
  • ‘Personal data’: data referring to you as a natural person and which you share with the NGI or which we obtain through your use of this website, the services and/or products offered ;
  • ‘Processing’: any operation or set of operations which is performed on personal data, either or not by automated means, such as the collection, structuring, storage, consultation, updating, use, combination, deletion or destruction of personal data ;
  • ‘Cookies’: small text files stored on your computer or mobile device by this website the moment you visit it.

The NGI cares about your privacy. Through this Privacy Statement, we wish to inform you – when you use this website, including the services and/or products offered – about :

  • the personal data relating to you that we process ;
  • the processing purposes and legal grounds for processing your personal data ;
  • your rights and the way in which you can enforce them as a user ;
  • the measures taken to protect your personal data.

Your personal data is managed in accordance with applicable legislation (as provided by the Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the Law of 30 July 2018 on the protection of privacy in relation to the processing of personal data). The NGI applies this practice to both automated and manual data processing.

You should carefully read this Privacy Statement and accept its contents before using this website and transmitting personal data to the NGI.

This Privacy Statement may undergo changes from time to time. The NGI reserves the right to modify this Privacy Statement at any time, provided that you have been informed thereof through this website.

Are you a minor (under 16 years of age)?

If you are under 16 years of age we encourage that prior to providing personal data to the NGI when visiting this website and/or our offices, you :

  • read this Privacy Statement carefully together with your parents or legal representative ;
  • ask your parents’ or legal representative’s consent for performing any (online) activities.

We ask your parents and legal representatives to :

  • be involved in the (online) activities ;
  • explicitly give their consent for providing personal data to the NGI ;
  • explicitly give their consent for purchasing the services and/or products offered.

Your personal data processed by the NGI

During your use of our website and the purchase of services and/or products you may provide us with certain data. This may involve personal data.

Depending on the services and features that you use on this website and/or in our offices, we may process categories of personal data, including :

  • Your contact details and other important information :
    • surname and first name ;
    • address details ;
    • telephone number ;
    • e-mail address ;
    • IP address and cookies ;
    • company identification number (CBE number), if applicable ;
    • company details such as number of employees and annual turnover, if you reuse CartoWeb for commercial reasons ;
    • ID card number ;
    • means of transport ;
  • Images captured by the security cameras on the NGI’s premises ;

 

  • Other data you share with the NGI ;

 

We do not intend to :

  • process other and/or special and/or sensitive personal data ;
  • apply automated decision-making, including profiling.

NGI’s processing purposes and legal grounds for processing your personal data

In the scope of the performance of our legal powers in the public interest, the NGI only processes personal data for realising one or more of the following purposes (depending on the services and features that you use on this website and/or at our offices).

  • Your contact details and other data you share with the NGI are processed in view of :
    • customer administration management, providing an answer to your question(s), processing of your order; the ability to deliver our services and/or products, the performance of an agreement to which you are a party, as the case may be, sending invoices for purchased services and/or products ;
    • providing you the opportunity to use and/or purchase our services and/or products ;
    • dealing with your query or complaint ;
    • our communication with you (via e-mail, regular post or telephone) ;
    • informing you about changes to our website, about the promotion and renovation of our services and/or products; the transmission of our newsletter; selecting a winner in competitions in which you participated ;
    • improvements to our website and service provision ;
    • observance of the statutory and regulatory obligations that apply to us ;
    • performing our assignments in the public interest, such as they were entrusted to us by the Law of 8 June 1976 establishing the NGI.

 

  • The images captured by the security cameras on the NGI’s premises are processed in view of :
  • the prevention, identification and detection of crimes against persons or goods ;
  • the prevention, identification and detection of nuisance in the meaning of section 135 of the new Municipal Law, monitoring compliance with the municipal regulations or maintaining public order.
  • When you enter as a visitor into the building, we ask you to identify yourself with your e-ID, whereby some of the data discussed above are being used. Our request relies on the legitimate interest for the following purposes :
  • The enforcement of (information) security and fire safety ;
  • The management of the administration and proper working of our organisation, in this case the correct identification of the person in order to confirm the validity of the appointment ;
  • The making of a visitor’s badge giving access to the building ;
  • We ask you which means of transport you take as part of statistical mobility data for the city of Brussels. These data are anonymized and are legally justified by the needs of scientific research.   

 

Your rights and the way in which you may enforce your rights as a user

Rights

In accordance with Article 7.3 and Articles 12 to 22 of the aforementioned Regulation (EU) 2016/679, following your written request as indicated below, you have the right :

  • to withdraw your permission for the data processing at any time. Withdrawing your permission does not affect the lawfulness of the processing based on your consent prior to your withdrawal ;

 

  • to be have access to your personal data or receive a copy of it ;

 

  • to have your incorrect personal data corrected or your incomplete personal data completed by sending us a correction and/or completion of your personal data together with your request ;

 

  • to have your personal data deleted[1] ;

 

  • to have the processing of your personal data restricted[2] ;

 

  • to exercise your right of portability, so that your personal data is transmitted to you or an organisation assigned by you[3] ;

 

  • to object to the data processing for the purposes of e.g., direct marketing, by sending us the grounds relating to your particular situation together with your request[4].

 

Mode of exercise

To exercise the rights described above, we ask that you submit a written request to the NGI in the form of a dated and signed letter sent to the above-mentioned address for the attention of the Information Security Committee, or that you send an email to privacy@ngi.be.

To ensure that the request is submitted effectively by the correct person, we ask that you attach a copy of your ID card to your request. In said copy, you need to black out your photo, date and place of birth, gender, nationality, card number, signature and national registry number. You must do this to protect your privacy.

Upon receipt of your request we will respond as soon as possible, but in any case within one month. Depending on the complexity of the request, this term may be extended by two months. You will be informed of any such extension.

Exercising your rights is free of charge. Nevertheless, we reserve the right to charge a reasonable compensation for the administrative costs that may be involved in providing the requested information or taking the measures requested.

In addition to the above-mentioned rights, in accordance with Articles 77 to 82 of the Regulation (EU) 2016/679 you also have the right to :

 

  • introduce a judicial remedy before the competent national court against the supervisory authority (The Belgian Data Protection Authority) for failure to act on your complaint or to inform you of the progress or the outcome of your complaint ;

 

  • introduce a judicial remedy before the competent national court against the NGI for personal data breach.

Measures taken to protect your personal data

Measures implemented by the NGI

The NGI takes adequate technical and organisational measures to protect your personal data and ensure a level of security appropriate to the risk.

 

These measures include the following :

 

  • cooperation with a Data Protection Officer appointed by the NGI, who in case of queries or issues may be contacted by email at DPO@ngi.be ;

 

  • granting access to certain personal data received from you only to specific people who require it to carry out their task within the NGI; subjecting those people to confidentiality agreements ;

 

  • keeping records of all the processing activities ;

 

  • testing, evaluating and adjusting the efficiency of our security measures on a regular basis ;

 

  • enforcing warranties with regard to the application of adequate technical and organisational security measures from any subcontractors who process personal data on behalf of the NGI ;

 

  • performing a data protection impact assessment prior to processing personal data with the use of new technology that presents a high risk to the rights and liberties of the data subject(s) ;

 

  • reporting any personal data breach and any other important information to the supervisory authorities and, as the case may be, to the data subject(s) if the personal data breach involved presents a high risk to the rights and liberties of the data subject(s) ;

 

  • cooperating with supervisory authorities as requested and consulting supervisory authorities in the fulfilment of our tasks.

 

Measures the NGI asks you to take

Although the NGI makes every possible effort to protect your personal data, effective protection is possible only if you also take the necessary measures.

For this reason, we ask that you :

  • provide complete and accurate information to the NGI ;

 

  • take the necessary care as regards the confidentiality of your personal data and any user data (such as user name and password). After all: these are strictly personal and non-transferable.

Additional information

The category of receivers

The personal data received can be processed by the NGI within its own organisation or within the organisation of the processor(s) assigned by the NGI. This means that the personal data is processed by NGI staff or by staff of the subcontractor(s) appointed by the NGI, who will process the data exclusively for the purpose of carrying out their duties within or for the NGI and in view of dealing with your query, delivering the products ordered by you, providing the services requested by you and optimising our service provision.

The NGI staff, the assigned processor(s) and staff of the processor(s) assigned by the NGI are bound by confidentiality agreements. In addition, the assigned processor(s) must observe the applying rules and regulations and guarantee the application of adequate technical and organisational measures.

We do not intend to transmit the personal data to any third party or any international organisation. However, the NGI reserves the right to transmit personal data to a third party if that is required to fulfil a statutory or regulatory obligation, or in the scope of a police investigation or judicial inquiry, or for carrying out our duty in the public interest as described in the Law of 8 June 1976 establishing the NGI.

Should the NGI intend to transmit certain personal data to a third party, it will not do so before informing you accordingly.

The storage period

The NGI does not store your personal data longer than is strictly necessary for realising the indicated purposes.

In accordance with the Public Records Law, the NGI applies the following storage terms for the indicated personal data categories :

  • contact details and other important information used for managing your purchase or for performing an agreement to which you are a party: 15 years, following which the files are transferred to the State Archives ;

 

  • contact details and other important information used for dealing with your complaint: 10 years, following which the files are transferred to the State Archives ;

 

  • images captured by the security cameras on the NGI’s site: 1 month, after which the data is destroyed ;

 

  • the contact details  collected during registration with your e-ID (name, first name and ID card number) are kept for one day ;

 

  • Your choice of means of transport is kept for 2 years for scientific research purposes.

 

Use of cookies

The cookies are used to optimise the functionality of and the user experience on this website.

The cookies are not transmitted to third parties.

Overview of the cookies that we use :

This website uses several types of cookies :

I. Essential cookies

Essential cookies are cookies that are required for (better) functioning of a website, for instance to manage the web page load time.

II. Functional cookies

Functional cookies record information about the user’s choices and preferences and may store language settings, for instance.

III. Analytical or performance cookies

These cookies collect information about the user’s behaviour to measure the performance of the website and improve the user experience.

IV. Targeting or advertising cookies

These cookies follow the user’s browsing behaviour in order to compose customer profiles or user profiles.

These profiles are commonly used to show relevant and personalised ads that match the user’s interests.

They are also used to measure the effectiveness of promotions and to conduct market analyses.

Specific overview :

Below is an overview of the different cookie categories that are in use on this website :

Cookie name

Type

Purpose

Expiry

_ga

Statistics,

HTTP

Registers a unique ID that is used to generate statistical data on how the visitor uses the website

2 years

_gat

Statistics, HTTP

Used By Google Analytics to throttle request rate

1 day

_gid

Statistics, HTTP

Registers a unique ID that is used to generate statistical data on how the visitor uses the website

1 day

r/collect

Marketing, Pixel

This cookie is used to send data to Google Analytics about the visitor’s device and behavior. It tracks the visitor across devices and marketing channels

Session

Ckan

Basic functionality

This cookie is used for the basic functionalities of the website

Session

Transportdata_cookies

Basic functionality

This cookie is used to store the users preferences

1 year

 

Cookie management

You can always disable cookies in your browser settings. Below are the instructions to do so for :

Please bear in mind that if you disable cookies, certain graphics may fail to appear and the website may not work properly.

Questions and/or comments

Should you have any questions or comments after reading this Privacy Statement, please don’t hesitate to email the NGI at: privacy@ngi.be.

 


[1] If any of the following applies: 1) you withdraw your consent; or 2) you object to the processing; or 3) the processing is illegal; or 4) the personal data is no longer required for the purpose for which it was processed; or 5) a regulatory obligation requires its deletion. Insofar as the processing is not required for compliance with a legal/regulatory obligation, for fulfilling our task in the public interest, for bringing or enforcing a legal claim, or in view of storage in the public interest.

[2] If any of the following applies: 1) you contest the accuracy of the personal data; or 2) you object to the data processing; or 3) the data processing is unlawful and you oppose the erasure of the personal data and request restriction of its use instead; or 4) the NGI no longer needs the personal data for the data processing purposes, but you need it for establishing, exercising or defending a legal claim.

[3] If technically feasible and if the data processing relies on your consent or on an agreement to which you are a party and the processing is performed by automated means. Insofar as the data processing is not required for the performance of our task in the public interest.

[4] Insofar as the NGI does not demonstrate compelling legitimate grounds for the processing which override your interests or which relate to the establishment, exercise or defence of a legal claim and processing is not required to carry out our task in the public interest.