Data management - Privacy - GDPR
If you don’t find an answer to your questions there or in the list of questions and answers below, please email your question to [email protected]
The General Data Protection Regulation (GDPR) is a European regulation that entered into force on the 25th May 2018. This regulation lays down rules concerning the “protection of natural persons with regard to the processing of personal data and on the free movement of such data”.
The GDPR replaces the 1995 Data Protection Directive which had become outdated in the technological context (Big Data, Cloud, social networking, etc.).
Since the GDPR came into application, you receive more information from us about how your personal data is processed. You can oppose the processing of your data or obtain an electronic copy of the personal data you have shared with us by contacting us. More importantly, you can now choose whether or not to receive commercial propositions from us, as well as questions relating to our products.
If you gave your consent in the past to receive promotional information or if you consent to the new direct mail opt-in as of 25 May 2018, we may ask your opinion or send you commercial proposals relating to our products and services. You can withdraw your consent at any time by contacting [email protected].
In any case, we will email you basic useful information (e.g. information about Infrabel works in your region that might impact train services, or a warning when your season ticket is about to expire), for your own comfort. If you do not or no longer wish to receive this information, simply let us know at [email protected].
We are taking all technical and organisational measures we deem necessary for the protection of your data against destruction, involuntary theft, and/or disclosure.
The SNCB and HR-Rail (the legal employer of the SNCB and Infrabel employees) each have a appointed a Data Protection Officer (“DPO”). The DPO ensures that these extended privacy rules are applied.
We also make sure that only those persons within the SNCB who effectively need to process your data for their professional activities have access to your personal data.
We carry out a Data Protection Impact Assessment (“DPIA”) for all important existing processing methods and all new processing methods. With the help of our DPO, we will determine whether the privacy regulations are complied with and whether our customers' personal data is sufficiently well protected.
We will do this according to additional measures, inspired by the GDPR, in combination with the existing measures.
You can contact us at [email protected] to:
- request an overview of the data categories we process (“right to access”);
- request the rectification of an error or missing information in the data we process about you;
- inform us that you do not/no longer wish us to use your personal data for a specific purpose or automatically process it (“right to object”);
- inform us that you wish all the personal data concerning you to be erased from our databases (“right to be forgotten”);
- receive an electronically legible copy of your data (“ data portability”).
In the event that we are unable to satisfy any of your requests, we will, of course, explain why.
You can let us know at any time that you no longer wish to receive direct marketing or that you would like to withdraw the consent you previously gave us to process your data. Should you wish to exercise your right of access, or right to rectification or to be forgotten, please attach a scan/copy of your eID or passport so we can be sure you are the person exercising your.
You can manage most of your personal data through your My SNCB account on our website. More specifically, you can amend some of your data (e.g. update your address) and your Marketing Direct preference.
However, you cannot modify all your personal data yourself. Some changes can only be made by sending a request to [email protected], along with a scan of your identity card or passport. We will then make the changes for you.
