Privacy policy

Policy governing the protection of privacy and of personal data

1. Principles

The BRIC is keen to adapt to the new digital realities and the latest provisions of European law.

This My Brussels portal complies with Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

This Regulation strengthens the rights of European citizens and gives them greater control over their personal data, in particular by providing a unified legal framework.

As the publisher of the My Brussels portal, the BRIC has defined a clear, precise policy on the protection of personal data that complies with the legal provisions applicable in this area.

This section provides answers to the following questions on the use of your personal data:

2. Which personal data are collected and for what purpose?

The BRIC only collects the items of personal data that are required in order to fulfil a specific function. That information will not be reused for other purposes.

The data collected are as follows:

  • identity data: your name, email address and all information contained on the contact form submitted by yourself on the My Brussels portal
  • data relating to your requests, whenever you contact a department of the BRIC These items of personal data are collected and processed in order to fulfil the following legitimate purpose:
  • when receiving and responding to your requests whenever you contact a department of the BRIC

3. Who can give their consent?

Users confirm their agreement and give their clear, explicit and unequivocal consent to the processing of their data.

Users are entitled to withdraw their consent at any time.

By making use of the services on this site, the user declares, in accordance with Belgian and European civil law, that he/she is competent to exercise his/her rights, or – if he/she is a minor – that he/she has obtained the prior, valid consent of his/her parents or legal representatives.

The BRIC protects the privacy of minors and encourages parents or legal representatives to be actively involved in their children’s online activities.
Minors below the age of 13 years may not, under any circumstances, give their consent to the processing of their personal data for the purpose of using this site.
The BRIC cannot be held liable if the services are used without the above-mentioned supervision and permission.

4. Who receives the personal data?

The personal data that are collected and processed are for the exclusive use of the Data Controller, as described in Article 5.5. Under no circumstances will that data be transferred to a third party or to a State that does not form part of the European Union.

5. Who is the Data Controller?

Brussels Regional Informatics Centre


6. How are your personal data processed?

Data concerning the user are used legally, honestly and transparently for the direct processing of his/her requests, messages or inherent actions performed on the My Brussels portal. They are processed in a way that guarantees a level of security that is appropriate when processing personal data, including protection against unauthorised or illegal processing and theft.

7. What rights can you exercise over your data?

In accordance with the European Regulation on the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR), users have full readability over the processing of their data. A user can assert his/her rights listed below by sending the data controller a signed, dated request accompanied by a copy of both sides of their identity card, either in person or by post, to the following address – BRIC, Avenue des Arts, 21, 1000 Brussels – or by email to If the request is submitted in person, the recipient will immediately issue a signed, dated confirmation of receipt to the applicant. If you do not receive a satisfactory response to a request concerning your personal data, you can contact our Data Protection Officer by email at dpo@cirb.bussels or by post at the following address: Data Protection Officer, BRIC, Avenue des Arts,21, 1000 Brussels, Belgium.

7.1. Right of access

Users of the My Brussels Internet portal have the right to obtain from the data controller intelligible information regarding the data being processed, as well as any available information on the origin of that processing.

The information will be provided without delay and within one month following receipt of the request at the latest.

7.2. Right to rectification

Users may, free of charge, have any inaccurate personal data about them corrected, and ensure the erasure or deletion of any personal data about them which, taking account of the purpose for which they are processed, are incomplete or irrelevant, or whose recording, communication or conservation is prohibited, or that have been stored for longer than the authorised period.

Within the month following submission of the request, the data controller must notify the user and the persons to whom the incorrect, incomplete and irrelevant data have been communicated of any corrections to or erasure of such data, unless notifying those persons proves impossible or involves disproportionate effort.

7.3. Right to object

For serious and legitimate reasons relating to a specific situation, users have the right to object to their data being processed, unless the data are collected to comply with a legal obligation, are necessary for the execution of a contract to which the user is a party or are used for a purpose for which the user has given his/her consent. In the event that such an objection is justified, the processing undertaken by the data controller may not involve those data.

7.4. Right to data portability

Users have the right to receive the personal data about them provided to the data controller, in a structured, currently used and machine-readable format, and have the right to send those data to another data controller without the controller to which the personal data was sent being able to prevent this if a) the processing is based on consent or on a contract; b) the processing is carried out with the aid of automated processes.

7.5. Right to be forgotten and the right to restriction of processing

Users have the right to have their personal data deleted. They also have the right to ensure that the use of their personal data is restricted. In both cases, the conditions stipulated in the regulation must be met. The Data Protection Policy does not prejudice the rights of the BRIC with regard to certain users with regard to whom a contract, the law or any other contractual, regulatory or legal document authorises the BRIC to carry out more extensive operations. In such cases, the standard most favourable to the BRIC will apply.

8. What use is made of cookies?

The BRIC intends to inform visitors to its Internet portal of the use of what the law describes as “information stored in the terminal equipment of an end user”, more commonly referred to as “cookies”.

A cookie is a file sent by the BRIC server that is saved on the hard disk of your computer; it keeps track of the Internet site visited and contains a certain amount of information about that visit.

Users can refuse to install cookies on their computer by configuring their browser in the appropriate way. However, this refusal may prevent access to some of the Internet portal’s services or may reduce its functionalities.

8.1. Functional cookies:

The cookies specific to the “My Brussels” website are used to enable the functionalities on the site that allow the site to manage users’ convenience. The following data are saved by our cookies:

In a cookie, we save information regarding the language used by the user on his/her visit to the site, so as to enable us to reload the site in the language selected by the user on his/her previous visit. That cookie remains valid for one year.

Whenever the site is consulted in another language, we also save in a cookie the reference language used to display the map selected, so that we can re-offer the map in the language selected. That cookie remains valid for one year.

In a cookie, we record details when the banner relating to cookies has been closed, so that it is not displayed again each time the user visits the site. That cookie remains valid for one week.

8.2. Statistical cookies:

The My Brussels internet site uses Google Analytics to analyse the frequency of visits by and the behaviour of users on its website.

Statistical cookies allow the My Brussels portal to find out items of information such as the number of visitors, their geographical location, their route they follow through the site (how they accessed it, via which page, the pages the subsequently viewed during their visit and the page via which they left the site), the time of the visit, etc. These cookies are anonymous and do not make it possible to identify the user. Their lifespan can be up to 2 years.

9. What security measures are taken to protect your data?

9.1. Quality

The BRIC makes every effort to rectify or delete data that are imprecise, incomplete, irrelevant or prohibited of which it becomes aware and would have collected.

9.2. Confidentiality

The BRIC ensures on the one hand that persons working under its authority have access to and can process only the data that they need in order to perform their duties or that which is essential for the requirements of the service and, on the other hand, that those persons are informed of the principles and requirements of the privacy protection law with regard to the processing of personal data, and of its implementing orders.

9.3. Security

To guarantee the security of personal data, the BRIC has set up the appropriate technical and organisational security measures to prevent the accidental or unauthorised destruction, accidental loss, modification, access and any other unauthorised processing of the information received on its My Brussels Internet portal.

These measures provide an adequate level of protection in view of the costs involved in their application, the state of the art in this area, the nature of the data to be protected and the potential risks.

10. How long are personal data stored?

Personal data are currently stored for a period of two years. After that, the data are deleted. If applicable, users may always request that personal data concerning them be erased, by sending an email to the Brussels Regional Informatics Centre:

11. Record of processing activities involving personal data

The BRIC maintains a record of processing activities involving personal data in accordance with Article 30 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

12. What remedies are available?

If users consider that personal data concerning them has been processed in a way that does not comply with the European Regulation, they may send a complaint, free of charge, to the supervisory authority if they encounter problems in exercising the above-mentioned rights or in the event of non-compliance with the obligations contained in the Regulation (Data Protection Authority – – – +32 (0)2 274 48 00 or +32 (0)2 274 48 35).

Users also have the right to effective legal remedies with regard to certain actions and decisions by the supervisory authority if it makes a legally binding decision or fails to inform users within three months of the progress made or the conclusion of their claim.

Dispute resolution, jurisdiction and applicable law

The present Terms and Conditions of Use are governed by Belgian law and by the European Regulation. Any dispute arising from or relating to the use of this service shall be settled by conciliation. If this is unsuccessful, the dispute will be submitted to the jurisdiction of the courts of the judicial district of Brussels (Belgium).

A printed version of this agreement and any notice of default issued in electronic form shall be accepted in any judicial or administrative proceedings arising from or relating to this agreement, on the same basis and under the same conditions as other business documents and records created and stored in printed form.