Privacy

Who is responsible for collecting and using my data?

We attach great importance to honouring the trust you have placed in us, and protecting your personal data. In this privacy policy we explain exactly what data we need and how we use it. You can also view frequently asked questions relating to privacy. ‘We’ are De Vlaamse Vervoermaatschappij De Lijn (in short ‘De Lijn’), an external autonomous agency governed by public law with its registered office at 2800 Mechelen, Motstraat 20 and registered in the Crossroads Bank for Enterprises under number 0242.069.537 (Antwerp Register of Legal Entities, Mechelen Division). 

In providing your personal data to De Lijn, you confirm that you have read this privacy policy.-

Why does De Lijn collect my data? 

• We collect data for various reasons:

• to enter into a contract with our customers

• to communicate with our customers

• because our company has certain legal duties

• because of particular legitimate interests that we have

You will find more details below, arranged according to subject, on exactly what data we process and what we use it for. -

What data does De Lijn collect?

In summary, we collect the following types of data:

• data that you share in order to register as a passenger when purchasing a ticket or season ticket. For example your name, address and family situation

• contact details we can use to reach you by email or text message

• payment details when you make a purchase on our website or mobile app

• data we need to check your ticket and issue fines if necessary

• information about your use of our website and mobile app

• travel information such as the location and time of your trips with De Lijn

• data you provide to De Lijn on your own initiative. For example, a CV for a job application or a question or complaint made to our customer service department.

We do not collect sensitive data as defined in the General Data Protection Regulation (GDPR), other than in exceptional cases where we need medical data (for example, services for passengers with reduced mobility).-

Who receives my personal data?

The following persons or legal entities may receive your personal data:

• our employees, in order to perform their duties

• subsidiaries of De Lijn

• subcontractors who process your data strictly under our instructions. For example, external administrators of software platforms

• other public transport providers

• payment systems, in order to pay for purchases via our website or mobile app

• commercial or other partners of De Lijn, if you have given your consent

• social media that you log in to or that interact with our website or mobile app

• judicial, police or administrative authorities if required by law or specific circumstances

De Lijn ensures that these recipients only have access to personal data that is strictly necessary for the processing operations in question.-

Does De Lijn share my personal data with countries outside the European Economic Area?

We only share your personal data with persons or legal entities located within the EEA or in countries that offer a similar level of privacy protection to Belgium.-

How does De Lijn deal with sensitive data?

Sensitive data is data that entails an additional risk with regard to the protection of your privacy. This includes data about minors, your social status, your travel data, etc. We incorporate additional technical and organisational measures for all this information. Minors require extra care with regard to privacy protection. If we need the consent of a young person under the age of 13, we will request this through a guardian. That is why young people under the age of 13 cannot create an account. -

Does De Lijn use automated decision-making or profiling?

We do not use your data to make decisions that may have important consequences for you. We do, however, combine different data sources in order to provide you with customised communications and proactive recommendations. Such data includes your customer profile and travel behaviour. We will first ask for your consent for these personalised services.-

How does De Lijn protect my data?

We have appointed a Data Protection Officer who advises us on the privacy rules and whether we are complying with them. We only make your data available to employees or data processors if this is strictly necessary in order for them to carry out their duties. For all new processing processes and for important existing processes we carry out a data protection impact analysis. In this analysis we look at how the privacy rules are complied with in the process, and at the package of measures to be taken to protect your privacy.

In addition, we have taken appropriate technical and organisational measures to protect your data against destruction, loss, unintended alteration, damage or disclosure.-

How can I exercise my rights?

You have the right to view, correct or, in some cases, arrange for the deletion of your personal data. Deletion is not possible in certain circumstances, for example if you have an ongoing contract with De Lijn.  You have the right to obtain a copy (in a structured, commonly used and machine-readable form) of your personal data and to have it transferred to another company (right to data portability). 

You have the right to object to the processing of your data.

You also have the right to oppose automated individual decision-making. If the processing of your personal data is based on your consent, you can withdraw that consent at any time without this affecting the legality of the processing that took place before the withdrawal.  

To exercise your rights, you can contact the Data Protection Officer by submitting customer feedback, either online or by calling De Lijninfo (015 40 88 40).

You also have the right to submit a complaint regarding the processing of your personal data to the Data Protection Authority, Drukpersstraat 35, 1000 Brussels, tel: +32 2 427 48 00, www.dataprotectionauthority.be.

Who can I contact if I have questions or complaints about the protection of my data?

De Lijn has appointed a Data Protection Officer (DPO) who monitors data protection within De Lijn. If you have any questions or complaints, please contact the DPO by submitting customer feedback.

Can De Lijn change this privacy policy?

This privacy policy may change from time to time. In the event of major changes, we will notify you, for example through our website or newsletter. You can always find the latest version of the privacy policy on our website. We always show the date of the last change at the bottom.

Our privacy policy applied to:

Version 4 - Publication date: 17 April 2024