1. General Data Protection Regulation (GDPR)
For the Agreement between the client and Belnet to be performed, a number of essential processing operations must be carried out on personal data. In compliance with the General Data Protection Regulation, processing of personal data must be transparent and secure. This processing policy contains information, as required by the General Regulations, with regard to the processing of personal data.
2. Connectivity convention
In the connectivity convention (including annexes) concluded between the customer and Belnet, the delivery of connectivity and basic services are described. In the annexe two of the general conditions, it is requested to designate seven official contact persons who will be in charge of communication between the customer and Belnet. In accordance with the Regulations, the processing of personal data of the customer's seven official contact persons is described in this policy.
Controller: Belnet
As the provider of the service, Belnet will fulfil the role of controller of the personal data pertaining to the client's registered users as designated below.
Belnet is a State service with separate management, established within the Federal Science Policy. Its registered offices are located at Boulevard Simon Bolivar 30, 1000 Brussels, Belgium, tel. +32 (0)2 790 33 33, fax +32 (0)2 790 33 34.
Data Protection Officer
The Data Protection Officer at Belnet will be the point of contact for all matters relating to the processing of personal data in general and for this policy for the processing of personal data pertaining to the client's registered users in particular. The Data Protection Officer can be contacted via dpo@belnet.be.
Purposes of Processing and the Legal Basis for Processing
i) Purposes of Processing
- connectivity and basic services
- the specific services that the customer has taken and which are not included in the basic services of the connectivity convention and for which the customer has signed a separate agreement with Belnet.
- the Belnet Service Desk and NOC
- security services (access to infrastructure, such as datacentres)
- incident handling
- access to the Belnet portal
- Distribution of surveys commissioned by Belnet
- Mailings from Belnet that relate to the service being provided
- Invitations to events organized by Belnet
ii) Legal Basis for Processing
The collection and processing of personal data from official customer contact persons is necessary for the performance of the convention.
Categories of Personal Data of Registered Users on Behalf of the Client
- Name
- Work address
- Business e-mail address
- Private phone number (only for the contact persons 24/7)
- Work telephone number
- Function
- A code (password)
Recipients of Personal Data
Belnet will restrict access to personal data by employees, subprocessors or others to the necessary minimum. In accordance with that policy, Belnet will grant access solely to those employees for whom accessing the personal data is a necessity.
To provide the agreed service, Belnet has recourse to third-party service providers. When necessary for the implementation of the connectivity agreement, personal data may be delivered to these providers so that they comply with the processing objectives. This includes:
- Private and public dark fiber operators
- The Service Desk provider and the NOC provider
- Surveillance companies, ...
Retention Limit
Belnet undertakes not to retain the personal data collected and processed for any period exceeding that which has been legally and contractually stipulated and agreed on.
Rights of the Data Subject and the Exercise There of
(i) Rights of the Data Subject
The data subject is entitled to submit a request to Belnet to view, modify or delete personal data or to restrict the processing of data pertaining to him or her. The data subject is also entitled to object to processing and enjoys the right of data portability.
(ii) Exercising Data Subjects’ Rights
Data subjects can exercise the rights referred to above by sending an e-mail to dpo@belnet.be.
In accordance with the procedures laid down under the Regulation, Belnet will comply with such a request within one month. Depending on the complexity and number of requests submitted, this period may be extended a further two months, if necessary.
Withdrawal of Consent
Whenever a data subject has given consent him- or herself for the processing of his or her personal data for one or more purposes, he or she is entitled to withdraw consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on the consent given before its withdrawal.
Source by Which the Personal Data Were Disclosed
If a data subject did not give consent him- or herself for the processing of his or her personal data, the personal data will be deemed to have originated from the client.
Submission of a Complaint by the Data Subject
To submit a complaint, the data subject can contact the Data Protection Authority at the following address:
Data Protection Authority
Rue de la presse, 35
1000 Bruxelles
E-mail: contact@apd-gba.be
No Automated Individual Decision-making
No automated decision-making will occur while the relevant personal data are being processed by Belnet.
Technical and Organizational Measures
Belnet will take appropriate technical and organizational measures when collecting and processing personal data to ensure a level of security appropriate to the risk, in accordance with the principles of the General Data Protection Regulation.
In assessing the appropriate level of security for personal data, which are transmitted, stored or otherwise processed, potential risks posed will be taken into account, such as accidental or unlawful destruction, loss, alteration or unauthorized access.
3. Amendments to the Processing policy
Belnet reserves the right to amend this policy for the processing of personal data pertaining to official customer contact persons and to ensure that such amendments comply with the General Data Protection Regulation.