Cookies op delijn.be
Deze website gebruikt cookies en vergelijkbare technologieën om je surfervaring te vergemakkelijken en de website te verbeteren.
Lees meer.
Show the menu
Layout aanpassen:
<Pas uitlijnen afbeelding aan>
<Pas positie afbeelding aan>

Who is responsible for collecting and using my data?

We attach great importance to honouring the trust you have placed in us, and protecting your personal data. In this privacy policy we explain exactly what data we need and how we use it. You can also view frequently asked questions relating to privacy.
‘We’ are De Vlaamse Vervoermaatschappij De Lijn (in short ‘De Lijn’), an external autonomous agency governed by public law with its registered office at 2800 Mechelen, Motstraat 20 and registered in the Crossroads Bank for Enterprises under number 0242.069.537 (Antwerp Register of Legal Entities, Mechelen Division).
 
In providing your personal data to De Lijn, you confirm that you have read this privacy policy.
-
<Voeg downloadbare bestanden toe>
<Voeg knoppen toe>
Layout aanpassen:
<Pas uitlijnen afbeelding aan>
<Pas positie afbeelding aan>

<Voeg een paragraaftitel toe>

Why does De Lijn collect my data? 
  • We collect data for various reasons:
  • to enter into a contract with our customers
  • to communicate with our customers
  • because our company has certain legal duties
  • because of particular legitimate interests that we have
You will find more details below, arranged according to subject, on exactly what data we process and what we use it for. 
-
<Voeg downloadbare bestanden toe>
<Voeg knoppen toe>
Layout aanpassen:
<Pas uitlijnen afbeelding aan>
<Pas positie afbeelding aan>

What data does De Lijn collect?

In summary, we collect the following types of data:
  • data that you share in order to register as a passenger when purchasing a ticket or season ticket. For example your name, address and family situation
  • contact details we can use to reach you by email or text message
  • payment details when you make a purchase on our website or mobile app
  • data we need to check your ticket and issue fines if necessary
  • information about your use of our website and mobile app
  • travel information such as the location and time of your trips with De Lijn
  • data you provide to De Lijn on your own initiative. For example, a CV for a job application or a question or complaint made to our customer service department.
We do not collect sensitive data as defined in the General Data Protection Regulation (GDPR), other than in exceptional cases where we need medical data (for example, services for passengers with reduced mobility).
-
<Voeg downloadbare bestanden toe>
<Voeg knoppen toe>
Layout aanpassen:
<Pas uitlijnen afbeelding aan>
<Pas positie afbeelding aan>

Who receives my personal data?

The following persons or legal entities may receive your personal data:
  • our employees, in order to perform their duties
  • subsidiaries of De Lijn
  • subcontractors who process your data strictly under our instructions. For example, external administrators of software platforms
  • other public transport providers
  • payment systems, in order to pay for purchases via our website or mobile app
  • commercial or other partners of De Lijn, if you have given your consent
  • social media that you log in to or that interact with our website or mobile app
  • judicial, police or administrative authorities if required by law or specific circumstances
De Lijn ensures that these recipients only have access to personal data that is strictly necessary for the processing operations in question.
-
<Voeg downloadbare bestanden toe>
<Voeg knoppen toe>
Layout aanpassen:
<Pas uitlijnen afbeelding aan>
<Pas positie afbeelding aan>

Does De Lijn share my personal data with countries outside the European Economic Area?

We only share your personal data with persons or legal entities located within the EEA or in countries that offer a similar level of privacy protection to Belgium.
-
<Voeg downloadbare bestanden toe>
<Voeg knoppen toe>
Layout aanpassen:
<Pas uitlijnen afbeelding aan>
<Pas positie afbeelding aan>

How does De Lijn deal with sensitive data?

Sensitive data is data that entails an additional risk with regard to the protection of your privacy. This includes data about minors, your social status, your travel data, etc.
We incorporate additional technical and organisational measures for all this information. 
Minors require extra care with regard to privacy protection. If we need the consent of a young person under the age of 13, we will request this through a guardian. That is why young people under the age of 13 cannot create an account. 
-
<Voeg downloadbare bestanden toe>
<Voeg knoppen toe>
Layout aanpassen:
<Pas uitlijnen afbeelding aan>
<Pas positie afbeelding aan>

Does De Lijn use automated decision-making or profiling?

We do not use your data to make decisions that may have important consequences for you. We do, however, combine different data sources in order to provide you with customised communications and proactive recommendations. Such data includes your customer profile and travel behaviour. We will first ask for your consent for these personalised services.
-
<Voeg downloadbare bestanden toe>
<Voeg knoppen toe>
Layout aanpassen:
<Pas uitlijnen afbeelding aan>
<Pas positie afbeelding aan>

How does De Lijn protect my data?

We have appointed a Data Protection Officer who advises us on the privacy rules and whether we are complying with them.
We only make your data available to employees or data processors if this is strictly necessary in order for them to carry out their duties.
For all new processing processes and for important existing processes we carry out a data protection impact analysis. In this analysis we look at how the privacy rules are complied with in the process, and at the package of measures to be taken to protect your privacy.
In addition, we have taken appropriate technical and organisational measures to protect your data against destruction, loss, unintended alteration, damage or disclosure.
-
<Voeg downloadbare bestanden toe>
<Voeg knoppen toe>
Layout aanpassen:
<Pas uitlijnen afbeelding aan>
<Pas positie afbeelding aan>

How can I exercise my rights?

You have the right to view, correct or, in some cases, arrange for the deletion of your personal data. Deletion is not possible in certain circumstances, for example if you have an ongoing contract with De Lijn. 
You have the right to obtain a copy (in a structured, commonly used and machine-readable form) of your personal data and to have it transferred to another company (right to data portability). 
You have the right to object to the processing of your data.
You also have the right to oppose automated individual decision-making. 
If the processing of your personal data is based on your consent, you can withdraw that consent at any time without this affecting the legality of the processing that took place before the withdrawal.  
To exercise your rights, you can contact the Data Protection Officer by submitting customer feedback, either online or by calling De Lijninfo (070 220 200 – 0.30 euros per minute).
You also have the right to submit a complaint regarding the processing of your personal data to the Data Protection Authority, Drukpersstraat 35, 1000 Brussels, tel: +32 2 427 48 00, www.dataprotectionauthority.be.
-
<Voeg downloadbare bestanden toe>
<Voeg knoppen toe>
Layout aanpassen:
<Pas uitlijnen afbeelding aan>
<Pas positie afbeelding aan>

Who can I contact if I have questions or complaints about the protection of my data?

De Lijn has appointed a Data Protection Officer (DPO) who monitors data protection within De Lijn. If you have any questions or complaints, please contact the DPO by submitting customer feedback.
-
<Voeg downloadbare bestanden toe>
<Voeg knoppen toe>
Layout aanpassen:
<Pas uitlijnen afbeelding aan>
<Pas positie afbeelding aan>

Can De Lijn change this privacy policy?

This privacy policy may change from time to time. In the event of major changes, we will notify you, for example through our website or newsletter. You can always find the latest version of the privacy policy on our website. We always show the date of the last change at the bottom.
-
<Voeg downloadbare bestanden toe>
<Voeg knoppen toe>
A number of items of personal data usually need to be processed in order to issue a ticket. The data that is processed depends on the type of ticket.
 
Season tickets
 
What data and why
 
De Lijn season tickets are held on a MOBIB card. We use the following data to create these cards and season tickets:
  • surname, first name
  • gender
  • date of birth
  • address :
  • family situation
  • contact details (mobile phone, email)
  • photo
  • national registration number
  • customer type (if applicable: social status, disability)
All this data is necessary for creating and sending a season ticket, determining the correct charge, checking whether you are entitled to a specific season ticket, fraud control, and managing our customer base and keeping it up to date.
This data is therefore collected in the context of the performance of an agreement.
 
Where the data comes from
 
We collect this data from the purchaser at the point where a season ticket is purchased. 
If you receive a season ticket through a third-party payment system, this data may also be provided to De Lijn by your employer or municipality.
In some cases it is also possible that you will have received a season ticket as part of a specific campaign from De Lijn, with the aim of introducing as many people as possible to public transport. Such campaigns are always part of our public mission, as set out in the management agreement between De Lijn and the Flemish Government. 
The data is supplemented with or checked on the basis of data from an authentic data source, such as the national population register or the Crossroads Bank of Social Security. 
 
Data transfers
 
We may pass this data on to contractors who create or send tickets on behalf of De Lijn.
We may also share it with other providers of transport services or third parties. In this case, we will only pass on data if it is necessary in order to perform the contract, or if you give your explicit consent. An example of this is the sharing of contract information between De Lijn and other Belgian public transport operators if a customer buys a multimodal contract.
 
Data retention period
 
We keep this data for a maximum of five years after the last contact between the customer and De Lijn.
 
M-tickets (m-ticket, m-card 10 or m-daypass)
 
What data and why
 
M-tickets are linked to your account. We therefore also link the data you provide when creating your account to your m-tickets:
  • surname, first name
  • email address
  • date of birth 
We collect this data in connection with the performance of an agreement, namely the purchase of a ticket. 
We also keep a record of your mobile phone number. We use this in the verification process. 
 
Where the data comes from
 
We collect this data at the point when you create an account or purchase an m-ticket.
If you receive an m-ticket via a third-party payment system, your employer may also send your details to De Lijn. 
 
Data transfers
 
Payment for these products is made through a payment provider. If you purchase an m-ticket through a De Lijn partner, this partner may also collect data about you. The partner’s privacy statement applies to such processing.
 
Data retention period
 
We keep this data for a maximum of five years after the last contact between the customer and De Lijn.
 
SMS-ticket or SMS-daypass
 
What data and why
 
If you purchase an SMS ticket, we will record your mobile phone number. This is necessary in order to be able to send an SMS, and we also use it in the verification process.
We therefore collect this data in connection with the performance of an agreement, namely the purchase of an SMS product, and with a view to a task in which De Lijn has a legitimate interest, namely checking the tickets.
 
Where the data comes from
 
We collect this data at the point when you purchase an SMS-ticket. 
 
Data transfers
 
De Lijn uses a partner to send text messages. Payment for these products is made through a payment provider.
 
Data retention period
 
We keep this data for a maximum of five years after the last contact between the customer and De Lijn.
 
Paper tickets
 
When paper tickets are issued we do not collect or process any personal data. You can buy paper tickets through De Lijn, for example at a Lijnwinkel store, but also through partners such as a newsagent or an e-shop. In the latter case, our partners may process personal data in the course of their sale process. De Lijn is not a party to this, and the partner’s terms and conditions apply.
If you travel with a De Lijn ticket, you must activate it before boarding or at the time of boarding. 
It is important for De Lijn to know where passengers are using public transport, for example so that we can adjust our services to demand. De Lijn does not check which individual customer uses public transport where.
We may use this data for payments between public transport operators and to detect any technical problems. For this purpose we may share data with other public transport operators. 
In addition, we may use this data for other purposes, which we will describe later in this statement. 
 
Unless you give your consent (see ‘Contact and services’), we use this data in pseudonymised form. This means that the data can no longer be directly linked to an individual.
We store non-pseudonymised data for a maximum of six months.
Complaints, suggestions and questions

What data and why
 
When you submit customer feedback, we request a number of details:
  • name: we need this to identify you clearly in our systems, so that we can put your complaint, suggestion or question in the right context
  • address: we need this to identify you clearly in our systems, so that we can put your complaint, suggestion or question in the right context
  • telephone number: we need this to provide you with a response in the way you have chosen
  • email address: we need this to provide you with a response in the way you have chosen
  • gender: we need this to address you correctly 
  • date of birth: we need this to identify you clearly in our systems, so that we can put your complaint, suggestion or question in the right context
The collection of your name and address in the context of processing customer feedback is based on the Flemish Governance Decree.
The collection of other data is carried out in order to identify you unambiguously and respond to your feedback.
 
Where the data comes from
 
We collect the data at the point when you submit customer feedback. Comments on social media are also recorded. 
 
Data transfers
 
De Lijn uses its partners (RCA and the Vlaamse Infolijn) to record and respond to customer feedback. 
 
Data retention period
 
We keep this data for a maximum of five years after the last contact between the customer and De Lijn.
 
Functional communication
 
Functional communication is any communication that De Lijn undertakes with its customers in connection with the performance of the contract. This includes matters such as sending renewal offers when your season ticket is coming to an end, general information about services (for example major strike actions), requests to participate in customer satisfaction surveys, etc.
 
What data and why
 
Functional communication takes place by post to your correspondence address or online (by email, through the website, etc.). It takes place in connection with the performance of the agreement between the customer and De Lijn. 
At the bottom of every email you will find a link that you can use to adjust your email preferences.
 
Where the data comes from
 
We collect this data from you when you become a customer or later in your customer relationship with De Lijn. 
 
Data transfers
 
De Lijn may outsource the performance of a customer satisfaction survey to a partner. In this case we will provide email addresses to the partner. A third party may only use this information for this specific survey and may not keep it longer than necessary.
 
Data retention period
 
The data is part of your record in our customer base. We keep this data in accordance with the season ticket details for a maximum of five years after the last contact between the customer and De Lijn.
 
Personalised services  
 
If you wish, you can receive proactively personalised information. Examples of this are arrival times and alternative routes for journeys that you often make or that are of interest to you. To make this possible, De Lijn will build a passenger profile for you.
 
What data and why
 
To build a profile, we collect all the information we have about you. This means data you have provided when purchasing tickets, any customer feedback you may have submitted, the locations and times of your use of De Lijn services (for example, based on records of your MOBIB card, activation of an m-ticket or GPS location).
De Lijn will only build your profile in order to provide you with services proactively with your consent. This consent may be withdrawn at any time. 
 
Where the data comes from
 
We collect this data in the course of your customer relationship with De Lijn.
 
Data transfers
 
We will not transfer this information unless you consent to your data being shared with other public transport operators and/or other companies.
 
Data retention period
 
We keep this profile for a maximum of five years after the last contact. 
 
Commercial offers 
 
If you wish, we can proactively keep you informed about commercial offers that may be of interest to you. This applies to both De Lijn and subsidiaries or other partners of De Lijn. To make this possible, De Lijn will build a passenger profile for you.
 
What data and why
 
To build a profile, we collect all the information we have about you. This means data you have provided when purchasing tickets, any customer feedback you may have submitted, the locations and times of your use of De Lijn services (for example, based on records of your MOBIB card, activation of an m-ticket or GPS location).
De Lijn will only build your profile in order to provide you with services proactively with your consent. This consent may be withdrawn at any time. 
 
Where the data comes from
 
We collect this data in the course of your customer relationship with De Lijn.
 
Data transfers
 
We will not transfer this information unless you consent to your data being shared with other public transport operators and/or other companies,
for example so that you can receive commercial offers relating to other transport services that may be of interest to you.
 
Data retention period
 
We keep this profile for a maximum of five years after the last contact. 
Cookies
 
When you use the De Lijn website, cookies may be installed. All information about cookies can be found in the cookie policy.
 
Location via app and website
 
De Lijn asks if it can access your location when you use the De Lijn app or website. We do this so that you can make use of all the functionalities of the website. For example, this allows you to plan a route from your current location. We only collect this data with your consent.
 
Account
 
You can create an account on our website or app in which you can save your favourites, purchase season tickets, etc.
 
What data and why
 
The following data is linked to your online account:
  • date of birth
  • email address
  • name 
  • favourite lines, stops, addresses, etc.
  • mobile phone number
  • number of your MOBIB card
  • address or addresses
  • profile (e.g. motor or visual impairment) in connection with the accessibility of stops (only with your consent)
  • passenger profile (only with your consent)
  • IP address
The processing of this data and the linking of this data in an account is based on your consent. Granting this consent is a condition for creating an account (apart from profile info). 
 
Where the data comes from
 
You provide this information when you create an account, and we may supplement it with information from our customer base. If you choose to create an account using a social login, the basic data comes from Google or Facebook. In this case, data may also be sent back to Facebook or Google. For more information, consult their privacy policy.
 
Data transfers
 
We do not share this information with any third parties. The account environment is a cloud environment. We therefore do not store the data on our premises, but on a cloud platform. 
 
Data retention period
 
We keep this profile for a maximum of five years after the last contact.
De Lijn carries out inspections during journeys to determine whether passengers have a valid ticket and whether they are using it correctly (for example, whether they have validated a MOBIB card at the time of boarding). In addition, line inspectors may issue fines for causing nuisance on or around the tram, bus or train, or for disrupting the service.
 
What data and why
 
We collect the following information if you receive a fine:
  • surname, first name
  • date and place of birth
  • nationality
  • identity card number
  • national registration number
  • gender
  • vehicle registration number (in the case of a violation involving a vehicle)
  • address :
  • in the case of a minor: surname, first name, parents’ address, date of birth of guardian or persons responsible for the minor
  • mobile phone number 
  • previous violations
  • season ticket details (including from other transport operators)
  • account number (payment of the fine due)
  • decision regarding the alleged violation (case dropped, imposition of a fine, etc.) by DAB (the De Lijn administrative fines department)
  • email address
  • place where the inspection took place (bus number, line number, stop)
This data is necessary to verify your identity and process the fine. This is also described in De Lijn’s General Conditions of Travel (in Dutch). Ticket inspections and the issuing of administrative fines are tasks that fall into the category of De Lijn's legitimate interest and are permissible by decree.
 
Where the data comes from
 
We collect this data by requesting your identity card and verifying and/or supplementing it with data from the national population register. If the fine is for a traffic violation, we are able to find out your identity from the Vehicle Registration Service (DIV).
 
Data transfers
 
We may share this information with the police and the judicial officer.
 
Data retention period
 
The retention period for this data is determined by law. It is five years after a fine case has been closed, unless it has been dealt with by a judicial officer. In this case the data must be stored for up to ten years.
The competent authorities sometimes request information from us in connection with an ongoing police or judicial investigation. This may relate to any data we have about our customers, such as (but not limited to) correspondence address, validations, camera images, etc. We pass on this data if the law allows us to do so.
De Lijn performs research and analyses relating to the passenger population in various different ways. We do so, for example, in order to pursue a target group policy, for the purpose of price differentiation, in order to match our services as closely as possible to demand, etc. In addition, we use the analyses to optimise our transport network. Finally, we are obliged to report to our stakeholders about certain target groups and about the objectives included in the management agreement. In order to achieve these objectives, we use personal data as input for analyses. Naturally the results of these analyses and reports do not contain any personal data.
 
What data and why
 
De Lijn may use any of the data it holds on its customers in its analyses – for example, data from the customer base, data about the use of tickets, etc. 
The analyses are consistent with De Lijn's legitimate interest or based on a legal obligation on the part of De Lijn. It is of course very important for our organisation to ensure that our services match the needs of our customers as closely as possible. In conducting this research, we take the utmost care to protect customer privacy.
 
Where the data comes from
 
We collect this data in the course of your customer relationship with De Lijn.
 
Data transfers
 
De Lijn sometimes uses data processors to carry out market research. In such cases we make appropriate contractual agreements regarding the protection of your personal data.
We sometimes transmit reports and analyses to external bodies, for example to the Flemish government. Such reports never contain personal data relating to individuals.
 
Data retention period
 
Market research and analysis reports do not contain any personal data. There is no maximum period for storing these reports.
We hold data on Dial-a-Bus customers in a separate customer base.
 
What data and why
 
We retain the following information about Dial-a-Bus customers:
  • surname, first name
  • address :
  • telephone number
  • email address
  • where applicable: details about health. E.g. wheelchair type
  • last 10 reservations
This data is required in the context of the contract with the customer, to make the service possible and ensure that a suitable vehicle is available.
We retain the last 10 reservations to enable a new journey to be booked more efficiently. 
 
Where the data comes from
 
We collect this data when you make your first Dial-a-Bus reservation.
 
Data transfers
 
We may pass this information on to parties who perform trips on our behalf.
 
Data retention period
 
We keep this data for a maximum of five years after the last contact between you and De Lijn.
What data and why
 
We collect the following data: 
  • school details (name, address, institution number)
  • student data (first and last name, home address/transport boarding location, date of birth, level of education, type, educational category and programme, wheelchair use) 
  • transport data (start date, number of km, form and frequency of transport)
  • application data (input and processing date, number, decision, deviation, case handler): in the case of special education 
Where the data comes from
 
The data comes from the schools and/or the Agency for Educational Services (AGODI).
 
Data transfers
 
We may pass this information on to parties who perform trips on behalf of De Lijn.
 
Data retention period
 
We retain the data as long as a student is entitled to school transport.
Cameras may be mounted in publicly accessible places on the De Lijn network, including vehicles, Lijnwinkel stores, etc. 
 
What data and why
 
We use cameras for three possible purposes:
  • surveillance (as described in the law on the installation and use of surveillance cameras)
  • to monitor transport flows
  • to count passenger numbers 
This processing takes place in connection with the performance of a task in the public interest, namely promoting safety in and around De Lijn vehicles and buildings.
 
Data transfers
 
We may pass the data on to the police.
 
Data retention period
 
We store the images from cameras on vehicles for up to 72 hours on the camera's hard drive, after which they are overwritten. Cameras at depots store the images for a maximum of 1 month.
 
We only inspect the images and save them if a security incident occurs.
What data and why
 
We collect the following data when you create a profile in order to apply for a job:
  • name
  • date of birth 
  • email address
We collect the following additional data when you apply for a specific position:
  • gender
  • address :
  • telephone number 
  • education and training 
  • cv
  • copy of driving licence if applicable
  • copy of identity card if applicable
  • copy of diploma or certificate if applicable
Where the data comes from
 
You provide the data as an applicant. Temporary employments offices may also send us this information.
 
Data transfers
 
We do not share this information with any third parties.
 
Data retention period
 
We save your data for a maximum of one year after you have applied, unless the application is successful. In that case we transfer the data to our personnel database.
Layout aanpassen:
<Pas uitlijnen afbeelding aan>
<Pas positie afbeelding aan>

<Voeg een paragraaftitel toe>

Version 2 - Publication date: 9 April 2019

<Voeg downloadbare bestanden toe>
<Voeg knoppen toe>