A number of items of personal data usually need to be processed in order to issue a ticket. The data that is processed depends on the type of ticket.
Season tickets
What data and why
De Lijn season tickets are held on a MOBIB card. We use the following data to create these cards and season tickets:
- surname, first name
- gender
- date of birth
- address :
- family situation
- contact details (mobile phone, email)
- photo
- national registration number
- customer type (if applicable: social status, disability)
All this data is necessary for creating and sending a season ticket, determining the correct charge, checking whether you are entitled to a specific season ticket, fraud control, and managing our customer base and keeping it up to date.
This data is therefore collected in the context of the performance of an agreement.
Where the data comes from
We collect this data from the purchaser at the point where a season ticket is purchased.
If you receive a season ticket through a third-party payment system, this data may also be provided to De Lijn by your employer or municipality.
In some cases it is also possible that you will have received a season ticket as part of a specific campaign from De Lijn, with the aim of introducing as many people as possible to public transport. Such campaigns are always part of our public mission, as set out in the management agreement between De Lijn and the Flemish Government.
The data is supplemented with or checked on the basis of data from an authentic data source, such as the national population register or the Crossroads Bank of Social Security.
Data transfers
We may pass this data on to contractors who create or send tickets on behalf of De Lijn.
We may also share it with other providers of transport services or third parties. In this case, we will only pass on data if it is necessary in order to perform the contract, or if you give your explicit consent. An example of this is the sharing of contract information between De Lijn and other Belgian public transport operators if a customer buys a multimodal contract.
Data retention period
We keep this data for a maximum of five years after the last contact between the customer and De Lijn.
M-tickets (m-ticket, m-card 10 or m-daypass)
What data and why
M-tickets are linked to your account. We therefore also link the data you provide when creating your account to your m-tickets:
- surname, first name
- email address
- date of birth
We collect this data in connection with the performance of an agreement, namely the purchase of a ticket.
We also keep a record of your mobile phone number. We use this in the verification process.
Where the data comes from
We collect this data at the point when you create an account or purchase an m-ticket.
If you receive an m-ticket via a third-party payment system, your employer may also send your details to De Lijn.
Data transfers
Payment for these products is made through a payment provider. If you purchase an m-ticket through a De Lijn partner, this partner may also collect data about you. The partner’s privacy statement applies to such processing.
Data retention period
We keep this data for a maximum of five years after the last contact between the customer and De Lijn. The Payment Service Provider keeps records of payments for 7 years.
SMS-ticket or SMS-daypass
What data and why
If you purchase an SMS ticket, we will record your mobile phone number. This is necessary in order to be able to send an SMS, and we also use it in the verification process.
We therefore collect this data in connection with the performance of an agreement, namely the purchase of an SMS product, and with a view to a task in which De Lijn has a legitimate interest, namely checking the tickets.
Where the data comes from
We collect this data at the point when you purchase an SMS-ticket.
Data transfers
De Lijn uses a partner to send text messages. Payment for these products is made through a payment provider.
Data retention period
We keep this data for a maximum of five years after the last contact between the customer and De Lijn.
Paper tickets
When paper tickets are issued we do not collect or process any personal data. You can buy paper tickets through De Lijn, for example at a Lijnwinkel store, but also through partners such as a newsagent or an e-shop. In the latter case, our partners may process personal data in the course of their sale process. De Lijn is not a party to this, and the partner’s terms and conditions apply.
If you travel with a De Lijn ticket, you must activate it before boarding or at the time of boarding.
It is important for De Lijn to know where passengers are using public transport, for example so that we can adjust our services to demand. De Lijn does not check which individual customer uses public transport where.
We may use this data for payments between public transport operators and to detect any technical problems. For this purpose we may share data with other public transport operators.
In addition, we may use this data for other purposes, which we will describe later in this statement.
Unless you give your consent (see ‘Contact and services’), we use this data in pseudonymised form. This means that the data can no longer be directly linked to an individual.
We store non-pseudonymised data for a maximum of six months.
Complaints, suggestions and questions
What data and why
If you submit customer feedback, we ask for your email address so that we can identify you clearly and respond.
Where the data comes from
We collect the data at the point when you submit customer feedback. Comments on social media are also recorded.
Data transfers
De Lijn uses its partners (RCA and the Vlaamse Infolijn) to record and respond to customer feedback.
Data retention period
We keep this data for a maximum of five years after the last contact between the customer and De Lijn.
Cookies
When you use the De Lijn website, cookies may be installed. All information about cookies can be found in our cookie policy (see separate section).
Location via app and website
De Lijn asks if it can access your location when you use the De Lijn app or website. We do this so that you can make use of all the functionalities of the website. For example, this allows you to plan a route from your current location. We only collect this data with your consent.
Account
You can create an account on our website or app in which you can save your favourites, purchase season tickets, etc.
What data and why
The following data is linked to your online account:
- date of birth
- email address
- name
- favourite lines, stops, addresses, etc.
- mobile phone number
- number of your MOBIB card
- address or addresses
- profile (e.g. motor or visual impairment) in connection with the accessibility of stops (only with your consent)
- passenger profile (only with your consent)
- IP address
The processing of this data and the linking of this data in an account is based on your consent. Granting this consent is a condition for creating an account (apart from profile info).
Where the data comes from
You provide this information when you create an account, and we may supplement it with information from our customer base. If you choose to create an account using a social login, the basic data comes from Google or Facebook. In this case, data may also be sent back to Facebook or Google. For more information, consult their privacy policy.
Data transfers
We do not share this information with any third parties. The account environment is a cloud environment. We therefore do not store the data on our premises, but on a cloud platform.
Data retention period
We keep this profile for a maximum of five years after the last contact.
The business portal makes it possible for third-party payers such as businesses, schools and municipalities to request and manage De Lijn users’ travel passes.
What data and why
Business portal users create an account using the following data:
- Screen name
- Country
- Work contact details (mobile phone, email)
We only use this data to make the portal services available and to authenticate users.
For an overview of the data of travel pass holders who benefit from third-party payment, see the section on ‘Issuing tickets and managing the customer base’.
Where the data comes from
Users share this data when creating an account.
Data transfers
We do not share this information with any third parties. The account environment is a cloud environment. We therefore do not store the data on our premises, but on a cloud platform.
Data retention period
We keep this data for a maximum of five years after the last contact between the business portal user and De Lijn.
What data and why
De Lijn registers the following data when you make a contactless payment:
- Your payment card’s number, in a fully encrypted and hence illegible format, and expiry date
- Information about the payment itself, to be used by payment service providers to process the payment
- The history of your trips made using contactless payments, which you yourself can check on our portal at any time
Where the data comes from
We collect this data when you pay for a journey with your payment card.
Data transfers
As with any payment made with your card, payment service providers are sent information about your payment in order to process it correctly. De Lijn does not share additional information with these parties, such as the details of your journey. Our employees are supported by subcontractors who only process your data under our strict instructions and subject to De Lijn conditions.
Data retention period
We keep your payment and travel information relating to contactless payments for up to 13 months after the use of your card, unless you have an outstanding debt. After this period, the link between your card number and other transaction details will be severed. On the basis of your right to deletion (see ‘How can I exercise my rights?’) we can also perform this severance between card number and transaction details sooner. Please note: you will then lose the possibility of disputing a bill.
De Lijn carries out inspections during journeys to determine whether passengers have a valid ticket and whether they are using it correctly (for example, whether they have validated a MOBIB card at the time of boarding). In addition, line inspectors may issue fines for causing nuisance on or around the tram, bus or train, or for disrupting the service.
What data and why
We collect the following information if you receive a fine:
- surname, first name
- date and place of birth
- nationality
- identity card number
- national registration number
- gender
- vehicle registration number (in the case of a violation involving a vehicle)
- address :
- in the case of a minor: surname, first name, parents’ address, date of birth of guardian or persons responsible for the minor
- mobile phone number
- previous violations
- season ticket details (including from other transport operators)
- account number (payment of the fine due)
- decision regarding the alleged violation (case dropped, imposition of a fine, etc.) by DAB (the De Lijn administrative fines department)
- email address
- place where the inspection took place (bus number, line number, stop)
This data is necessary to verify your identity and process the fine. This is also described in De Lijn’s General Conditions of Travel (in Dutch). Ticket inspections and the issuing of administrative fines are tasks that fall into the category of De Lijn's legitimate interest and are permissible by decree.
Where the data comes from
We collect this data by requesting your identity card and verifying and/or supplementing it with data from the national population register. If the fine is for a traffic violation, we are able to find out your identity from the Vehicle Registration Service (DIV).
Data transfers
We may share this information with the police and the judicial officer.
Data retention period
The retention period for this data is determined by law. It is five years after a fine case has been closed, unless it has been dealt with by a judicial officer. In this case the data must be stored for up to ten years.
The competent authorities sometimes request information from us in connection with an ongoing police or judicial investigation. This may relate to any data we have about our customers, such as (but not limited to) correspondence address, validations, camera images, etc. We pass on this data if the law allows us to do so.
De Lijn performs research and analyses relating to the passenger population in various different ways. We do so, for example, in order to pursue a target group policy, for the purpose of price differentiation, in order to match our services as closely as possible to demand, etc. In addition, we use the analyses to optimise our transport network. Finally, we are obliged to report to our stakeholders about certain target groups and about the objectives included in the management agreement. In order to achieve these objectives, we use personal data as input for analyses. Naturally the results of these analyses and reports do not contain any personal data.
What data and why
De Lijn may use any of the data it holds on its customers in its analyses – for example, data from the customer base, data about the use of tickets, etc.
The analyses are consistent with De Lijn's legitimate interest or based on a legal obligation on the part of De Lijn. It is of course very important for our organisation to ensure that our services match the needs of our customers as closely as possible. In conducting this research, we take the utmost care to protect customer privacy.
Where the data comes from
We collect this data in the course of your customer relationship with De Lijn.
Data transfers
De Lijn sometimes uses data processors to carry out market research. In such cases we make appropriate contractual agreements regarding the protection of your personal data.
We sometimes transmit reports and analyses to external bodies, for example to the Flemish government. Such reports never contain personal data relating to individuals.
Data retention period
Market research and analysis reports do not contain any personal data. There is no maximum period for storing these reports.
We hold data on Dial-a-Bus customers in a separate customer base.
What data and why
We retain the following information about Dial-a-Bus customers:
- surname, first name
- address :
- telephone number
- email address
- where applicable: details about health. E.g. wheelchair type
- last 10 reservations
This data is required in the context of the contract with the customer, to make the service possible and ensure that a suitable vehicle is available.
We retain the last 10 reservations to enable a new journey to be booked more efficiently.
Where the data comes from
We collect this data when you make your first Dial-a-Bus reservation.
Data transfers
We may pass this information on to parties who perform trips on our behalf.
Data retention period
We keep this data for a maximum of five years after the last contact between you and De Lijn.
What data and why
We collect the following data:
- school details (name, address, institution number)
- student data (first and last name, home address/transport boarding location, date of birth, level of education, type, educational category and programme, wheelchair use)
- transport data (start date, number of km, form and frequency of transport)
- application data (input and processing date, number, decision, deviation, case handler): in the case of special education
Where the data comes from
The data comes from the schools and/or the Agency for Educational Services (AGODI).
Data transfers
We may pass this information on to parties who perform trips on behalf of De Lijn.
Data retention period
We retain the data as long as a student is entitled to school transport.
Cameras may be mounted in publicly accessible places on the De Lijn network, including vehicles, Lijnwinkel stores, etc.
What data and why
We use cameras for three possible purposes:
- surveillance (as described in the law on the installation and use of surveillance cameras)
- to monitor transport flows
- to count passenger numbers
This processing takes place in connection with the performance of a task in the public interest, namely promoting safety in and around De Lijn vehicles and buildings.
Data transfers
We may pass the data on to the police.
Data retention period
We store the images from cameras on vehicles for up to 72 hours on the camera's hard drive, after which they are overwritten. Cameras at depots store the images for a maximum of 1 month.
We only inspect the images and save them if a security incident occurs.
What data and why
We collect the following data when you create a profile in order to apply for a job:
- name
- date of birth
- email address
We collect the following additional data when you apply for a specific position:
- gender
- address :
- telephone number
- education and training
- cv
- copy of driving licence if applicable
- copy of identity card if applicable
- copy of diploma or certificate if applicable
Where the data comes from
You provide the data as an applicant. Temporary employments offices may also send us this information.
Data transfers
We do not share this information with any third parties.
Data retention period
We save your data for a maximum of one year after you have applied, unless the application is successful. In that case we transfer the data to our personnel database.
