Contactless and online payments

This page supplements the main page of the privacy policy. Information about your rights and how to exercise them can be found there.

For contactless and online payments, De Lijn registers the following data for: processing payment transactions and related support services; fraud detection; and defending chargebacks. These processes are based on the execution of the agreement you enter into at the moment you purchase a ticket or subscription, or consent when you choose to store a payment method.

What data and why

For contactless payments, De Lijn registers the following data:

Your payment card number, in a fully encrypted and thus unreadable format, and the expiration date of your payment card
Information about the payment itself, which payment service providers use to process the transaction. This may include data about the card scheme used, card issuer, payment attempts, whether a card appears on a “hotlist” and accompanying reasons for decisions made regarding the payment, such as acceptance or refusal.
Travel history of your journeys with contactless payments, which you can always consult yourself thanks to our portal.
Additionally, line number, vehicle number, time, stop number, type of card (physical or digital), fare zone, terminal token, and terminal number are recorded anonymously. This data is linked to a token generated at the time of payment.

For online payments, De Lijn registers the following data (these are only encrypted and transmitted to the payment service provider and not stored by De Lijn):

For credit cards or debit cards: card details such as CVC, expiration month, expiration year, cardholder’s name, card number, and issue number
For fraud detection: IP address.

Your email address is also processed within the scope of an online payment.

If you choose to save a payment method, your card details are securely stored with our payment service provider. At that moment, we only link a unique ID to you that we receive from the payment service provider, allowing future payments to be executed. We do not store the card details ourselves.

Origin of the data

For contactless payments, we collect this data at the moment you validate a journey with your payment card. For online payments, we collect this data when you pay online or when you save a payment method.

Transfer of the data

For payments, we collaborate with payment service providers. To correctly process your payment, we pass on the data mentioned above to our payment service providers. De Lijn does not share additional information, such as details about your purchase or journey, with these parties.

Data retention period

For contactless payments, we retain your payment data and travel information based on contactless payments for up to 13 months after using your card, unless you have an outstanding debt or for our accounting or other legal obligations. After this period, the link between your card number and other transaction data is disconnected. Based on your right to deletion (see ‘how can I exercise my rights?’), we can disconnect this link between card number and transaction data earlier. Note: at that point, you will lose the ability to dispute a charge.

The same applies to online payments. If you choose to save a payment method, the card data will, of course, be stored for as long as you choose to retain them.

It is possible that the payment service providers retain your data longer based on legal obligations that may apply to them.

Contactless payment on buses and trams

You can pay contactlessly at the white terminal on all De Lijn buses and trams.* It’s easy and quick, and means you always have a valid ticket with you.

Tickets and passes