Policy of FPS Finance in regard to privacy protection and the personal data processing

1. Main information


The present document describes the way according to which the FPS Finance processes your personal data as well as your rights during the personal data processing by the FPS Finance. 
In order to comply with its legal objectives, the FPS Finance is required to process your personal data pursuant to the provisions of the Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
The FPS Finance makes sure to process your personal data appropriately and relevantly, the processing being limited to what is necessary for the objectives for which they have been collected.  
 

2. Security and confidentiality of the data

The FPS Finance takes the necessary measures in order to guarantee the securing of your personal data.  It makes sure that your data are protected among others from unauthorized access, unjustified use, loss or unauthorized changes.  The FPS Finance has implemented technical and organisational measures in order to guarantee the security and the confidentiality of your personal data. 
The FPS Finances has implemented among others an access approving system (Identity and Access Management) for its servants. This system is designed so that processed personal data and the relevant processing system are only available to persons and applications explicitly authorized on the basis of the functional requirements. 

3. What are personal data? 


Within the meaning of Article 4 (1) of the General Data Protection Regulation – GDPR, ‘personal data’ means “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;”

4. Who is the controller and the data protection officer?


The FPS Finance, located at the following address: boulevard Albert II 33,1030 Brussels and represented by the President of the Steering Committee, is in charge of the processing of personal data within the framework of the execution of its legal objectives.  This implies that it determines, alone or with others, the purposes of and the means of processing these personal data.

The data protection officer is Mrs Frédérique Malherbe, General Advisor, Department of Information Security and Privacy Protection, FPS Finance (dataprotection@minfin.fed.be). The representative for the data protection is the person in charge of answering every question as regards the processing of your personal data as well as the exercise of your rights mentioned in the General Data Protection Regulation. 

5. Which personal data are processed by the FPS Finance and for which purposes are they processed?


The categories of personal data processed by the FPS Finance are as follows: 
  • Identification data (for instance, name, first name, birth date);
  • Contact information (for instance, address, phone number);
  • Bank information (for instance, bank account number);
  • Financial and proprietary data (for instance, income, real estate, leases);
  • Legal data (for instance, administrative sanctions);

The FPS Finance collects these personal data by means of declarations among others (tax returns, proprietary declarations, declarations of estate...).
Besides, the FPS Finance also collects some personal data via other organisations in charge of data processing. More information about these external data exchanges.
The FPS Finance processes your personal data in order to fulfil its legal objectives.Your personal data cannot be used by the FPS Finance to other ends than the execution of its legal objectives.
 
The processing of these personal data is carried out by the FPS Finance within the framework of the following purposes:
  • Tax assessment, control, collection and recovery (personal income tax, value added tax, registration and estate duties,...)
  • Land register;
  • Registration;
  • Management of the State’s own real estate and movable assets, including the acquisition, the sale and the expropriation;
  • Collection, recovery and transfer to the person(s) entitled of the non-fiscal claims of the public authorities and the tax reimbursements (legal and administrative fines, unpaid invoices issued by public services, personal income tax, value added tax,...) and private individuals (maintenance claims).
  • Management of the contentious matters;
  • Follow-up of authorizations and administrative controls in Customs and Excise matters - Administrative police missions;
  • Follow-up of security measures in Customs and Excise matters - Public security;
  • Generic service in charge of the management of mandates for the citizens and enterprises on the basis of an independent electronic application e-government for the self-service mandate creation;
  • Management of the persons entitled by the General Administration of the Treasury;
  • eHR – electronic human resources management;
  • Staff management;
  • Suppliers’ management.

In accordance with the General Data Protection Regulation as well as Article 4 of the law of August 3rd 2012[1] and the Royal Decree of March 27th 2015[2], the FPS Finance can process later for the execution of another legal objective every personal data legitimately collected within the framework of the execution of one of its another legal missions.   
Your personal data will never be processed by the FPS Finance for commercial or promotional purposes or transmitted to third parties who would use these data for such purposes. 
 

6. Who are the recipients of your personal data?

Within the framework of the execution of its legal objectives, the FPS Finance can be led to receive or communicate your personal data among others to the following recipients:
  • Yourself;
  • Other recipients according to the obligations and legal authorizations as regards information and information exchange, notably:
    • Other services of the FPS Finance,
    • Other Federal Public services, including Justice, police services, the Financial Intelligence Processing Unit and social security departments;
    • The State’s administrative services, including the public prosecutor's offices, the registries of the Courts of Justice and every jurisdiction, the administrations of the Communities, the Regions, the provinces, the municipal conglomerations, the federations of municipalities, the municipalities and public institutions and organisations; 
    • The states with whom Belgian authorities have concluded international conventions or agreements as regards administrative cooperation or information exchange; 
    • The FPS Finance’s servants, who, pursuant to Article 5 of the aforementioned law of August 3rd 2012, carry out the processing of data in order to carry out on one hand targeted controls on the basis of risk indicators and on the other hand analyses on relational data in order to for instance assess a given tax policy, to inform a category of taxpayers of a legitimate tax advantage or to prepare a change in the taxable base, taxes, royalties and other duties. 

7. Transfers to a third country or an international organisation


In accordance with Belgium’s international obligations and pursuant to the regulations in force, the FPS Finance is required to forward to the tax authorities of the States concerned tax information, among which personal data. 

8. Keeping your personal data


Your personal data cannot be kept for a longer time than the necessary period of time, which takes into account the purposes for which the data are processed.  The period of time allowed for keeping the personal data cannot exceed the period of limitation for infringements which should be handled by the FPS Finance and the complete extinction of every administrative and legal appeal.

9. What are your rights as regards personal data processed by the FPS Finance?

You have certain rights as regards your personal data[3].  Some of these rights only apply in limited cases.
 
  • You have the right to access to your personal data processed by the FPS Finance.
  • You have the right to see as soon as possible your personal data, which would be inaccurate, being rectified.  Taking into account the processing’s purposes, you have the right to see your personal data, which would be incomplete, being completed.
  • In some cases provided for in the General Data Protection Regulation[4], you have the right to require that the processing of your personal data will be restricted.
  • In some cases provided for in the General Data Protection Regulation[5] you have the right to oppose at any time to the processing of your personal data for reasons related to your specific situation.
  • You have the right not to be subject to a decision on the sole basis of an automated processing, including the profiling, which would result in legal consequences for you, unless this decision is necessary for the conclusion or the execution of an agreement, is legally authorised or is based on your consent.
  • In some cases provided for in the General Data Protection Regulation[6], you have the right to see your personal data being deleted as soon as possible. 

In some circumstances, the exercise of your rights can be suspended.  That’s the case notably for processing personal data managed by the FPS Finance during the period when the person concerned is subject to a control, an investigation or preparatory acts to those carried out by the FPS Finance within the framework of its legal missions[7].
 

10. How can you exercise your rights?


You can obtain more information as regards your personal data processed by the FPS Finance on www.myminfin.be. 
Once you are identified via eID or a digital identity, you only have access to your personal data unless you have a mandate to see specific data (for instance, an accountant who submits the tax return of his/her client). 
When you notice on MyMinfin that some of your personal data are wrong or incomplete or if you wish to exercise your rights, you can submit your request or a form for giving you access ( Word (DOCX, 16.31 KB)or  PDF (PDF, 101.45 KB)format, dated and signed): 
  • By mail for the attention of the FPS Finance, President’s Services, Department of Information Security and Privacy Protection, North Galaxy, boulevard du Roi Albert II 33 PO Box 10, 1030 Brussels.
  • By e-mail, electronically signed if possible, to:  dataprotection@minfin.fed.be  

Please send a copy of your identity card enclosed with your request.  
Your request will be processed within a period of 30 calendar days. If the request is complex or if the department must deal with many requests, this period of time will be extended to 60 days. 

11. Appeal 

Without prejudice to any other administrative or legal appeal, you have the right to file a complaint to the Data Protection Authority and to file a legal appeal if you consider that your rights have not been respected or that a processing of your personal data constitutes a breach of the General Data Protection Regulation[8].

To file a complaint, send your request to: 

Data Protection Authority
Rue de la Presse 35
1000 Brussels
E-mail address: contact@apd-gba.be
 

12. Update of the policy as regards the privacy protection 


The present policy may be subject to possible updates.  Therefore, it is recommended to read it again regularly in order to be properly informed. The updated policy will always be in accordance with the General Data Protection Regulation.

 
[1] Law of August 3rd 2012 laying down various provisions as regards the processing of personal data carried out by the Federal Public Service Finance within the framework of its missions.  
[2] Royal Decree of March 27th 2015 implementing Article 4, 1st paragraph of the law of August 3rd 2012 laying down various provisions as regards the processing of personal data carried out by the Federal Public Service Finance within the framework of its missions. 
[3] See Articles 15, 16, 17, 18, 21 and 22 of the Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
[4] See Article 17, ibid.
[5] See Article 6, ibid.
[6] See Article 17, ibid.
[7] See Article 11, law of August 3rd 2012, ibid. 
[8] See Article 77, General Data Protection Regulation, bid.