Privacy Policy

1. Your privacy matters

Your privacy is very important to us. We want to process your personal data in a legal, correct and transparent manner. In this privacy statement, we explain which personal data we collect and process from you as a natural person. From now on, we always refer to data of you as a citizen, or as another data subject, such as beneficiary, contact person in a company, etc. In whatever capacity, your rights remain the same and our administration will handle your data with equal care.

The administration of Kalmthout is a local authority. The seat of the municipal administration is located at Kerkeneind 13, 2920 Kalmthout, the seat of the CPAS-administration is located at Heuvel 39, 2920 Kalmthout. More information about the activities of the municipal and the CPAS-administration can be found at https://kalmthout.be/.

The administration is the controller of personal data processing.

In addition, the administration also processes personal data on behalf of the Flemish and Federal governments. In doing so, it follows the instructions of that other entity.

You must be able to trust the administration to handle personal data carefully and securely. To ensure this, the board has an approved information security policy. This policy is in line with relevant legislation.

2. Why does the admnistration process personal data?

The local administration is committed to providing efficient and quality services to improve the well-being of all residents of our municipality. The administration is committed to managing your personal information securely at all times. Here, you may wish to supplement the text with a personalised statement based on the mission or core values of your municipal administration.

3. May the administration process personal data?

As a public authority, we are careful to process your data only if we have a valid legal basis for doing so. Largely, the administration processes personal data in the context of a legal mandate or in the public interest. In a limited number of cases, we do so on the basis of a contractual obligation or to protect the vital interests of a natural person. In all other cases, we will ask you to consent to the processing of your data. This includes:

• Use of cookies on the website
• Use of contact details for newsletters you subscribe to
• You can further add to this list with known examples where you request consent. The list should not be exhaustive but it naturally provides greater transparency.
• Processing targeted photos and videos: close-ups, portrait

Besides targeted images, the administration also takes atmospheric images (non-targeted) of its activities, events and of the public domain. These images can be published as illustrative material through the administration's official communication channels. No explicit permission is required for this. However, you do have the right to removal (see point 9).

4. How does the administration collect personal data?

The collection of personal data is done in three ways:

• The administration requests your personal data directly from you.
• The administration consults supralocal authentic government data sources, such as the national register, the crossroads bank for social security, the vehicle registration service, patrimony documentation, etc.
• The administration receives your personal data from other government agencies, healthcare institutions, etc. in the context of your application.

5. Who processes personal data?

The processing of personal data is done by employees of the administration. All employees are covered by legal professional secrecy and sign a confidentiality declaration. We make every effort to continuously train our employees on the importance of privacy and data protection.

The staff uses automated systems purchased from third parties. Besides IT suppliers, the administration also has contracts in function of personnel management, legal assistance... These suppliers are processors who handle personal data on behalf of the administration. To ensure privacy, a processing agreement has been concluded with these suppliers. These suppliers are bound by the same legal grounds and security measures as those applicable to the administration itself.

The administration may cooperate with other government agencies. These parties may also exchange personal data. To ensure privacy, we always make contractual agreements on finality, proportionality, confidentiality and security of data exchange.

The board may also disclose your personal data: (i) if we are required to do so by law or another legal process; (ii) to law enforcement or other government authorities in accordance with their legal powers; (iii) where we believe that disclosure is necessary or appropriate to prevent bodily harm; or (iv) in connection with an investigation of suspected or actual fraudulent or illegal activity.

6. Transfer of data

The municipal and CPAS-administration store and processes your data primarily within the European Union. The board will also only use IT systems operating within the European Union.

If there is no equivalent alternative within the zone, the administration may use applications that process data in countries outside the European Union, provided that these applications give sufficient guarantees that they comply with the European regulation, preferably because they are located in so-called safe countries.

7. Does the administration retain personal data?

The municipal and CPAS-administration retain personal data, basing itself on the statutory retention periods. Personal data are not kept longer than necessary. After expiry of these periods, personal data are destroyed according to the procedure described in the information security policy.

8. How does the administration secure personal data?

The municipal and CPAS-administration take appropriate administrative, technical and physical security measures to protect personal data against accidental or unlawful deletion, accidental loss, unauthorised modification, unauthorised disclosure or access, misuse and any other unlawful form of processing of the personal data in our possession. The level of security is determined by a data protection impact assessment.

9. Your rights and choices

You can access your data.

If you want to inspect the data the administration processes about you, please let us know. You can access some data yourself via, for example, the environment counter.

If you exercise your right of inspection, the administration will give you as complete an overview as possible of your data.

You can have your data corrected.

It may happen that certain data that the administration has stored about you is not or is no longer correct. You can always ask to have that data corrected or completed to the extent permitted by law.

You can have your data deleted.

You can always request that data held by the administration be deleted to the extent permitted by law.

You can oppose certain uses of data.

If you disagree with the way the administration processes certain data, you can oppose it. Opposition we will comply with unless there are legal or compelling reasons not to do so, which is the case, for example, if we process data to ensure public safety.

You can oppose automatic profiling.

The administration does not use profiling based on automatic processing (algorithms).

You can ask for your data to be transferred to a third party.

You have the right to request that personal data, that you have provided to the administration yourself, be transferred to you or directly to a third party.

The privacy legislation does provide some restrictions on this right, so it does not apply to all data.

10. Updates regarding this privacy notice

The municipal- and CPAS-administration may amend this privacy statement. The most recent version can always be found at https://kalmthout.be/privacy-policy. For any significant change in content, the administration will inform you via its website or other communication channels.

11. How to contact us?

The municipal- and CPAS-administration has appointed a data protection officer. This officer monitors the application of the legal obligations on data protection. You can speak to the officer if you have any questions in exercising the rights you enjoy listed above.

This can be done via: C-smart
E-mail: privacy@c-smart.be
Website: www.c-smart.be

If you have any questions or comments about our ‘personal data protection’ policy, or if you wish to exercise your rights or update the information we hold about you, please contact us at:

Gemeente Kalmthout
Address: Kerkeneind 13, 2920 Kalmthout
Tel.: +323 376 49 00
E-mail: privacy@kalmthout.be

OCMW Kalmthout
Address: Heuvel 39, 2920 Kalmthout
Tel.: +323 620 15 60
E-mail: privacy@kalmthout.be

To avoid someone else exercising your rights, the administration may verify your identity. Always be as specific as possible when you want to exercise your rights. Then the administration can handle your request specifically and correctly.
Do you  want more information or you don't agree with the administration's position? Then be sure to surf to

• dataprotectionauthority.be (Belgian Data Protection Authority).
• vtc.corve.be (Flemish Supervisory Commission for the Processing of Personal Data)

You can also file a complaint there.