Last modification: 19 July 2023.
BMC, a limited liability company with registered offices at Rue Royale 76, 1000 Brussels, knows that your private life is important to you and is, therefore, doing everything in its power to respect and protect it. If you have questions or comments about this privacy statement, please contact BMC’s data protection officer: dpo@mobib.be.
Please take the time to read this privacy statement carefully. This document explains how BMC processes information which, alone or in combination with other information, pertains to you as a MoBIB cardholder or digital wallet holder (hereinafter “personal data”).
For the application of the present privacy statement, BMC is acting jointly with Belgian public transport operators. These consist of the SNCB, STIB, De Lijn and TEC (hereinafter “PTO’s”), who act as joint processing controllers. This means that BMC and its PTO’s are jointly responsible for following the legislation applicable to the processing of personal data for any processing which falls within the scope of this privacy statement.
How does BMC receive personal data?
BMC does not receive any personal data directly from MoBIB cardholders or digital wallet holders. BMC receives and exchanges personal data from and with the PTO’s (and with the PTO’s partners using MoBIB cards and digital wallets) over the platform developed by BMC and the PTO’s (hereinafter the “platform”).
The PTO’s (and their partners) also exchange personal information with each other and process it in accordance with their own privacy statements. BMC cannot be held responsible in any way for the content of these privacy statements nor for the way in which the PTO’s use and process your personal data for their own purposes.
What personal data are processed by BMC?
The only personal data BMC receives via the PTO’s consist of the following personal information:
- the MoBIB card or digital wallet (MoBIB number, serial number, expiration data, active or deactivated)
- the PTO’s transport tickets (product number, first and last validation, departure and last stop, class, validity period).
BMC may also process any personal data which you voluntarily provide to BMC when you contact BMC or BMC’s data protection officer.
For what purposes does BMC process your personal information?
Your data will only be used by and exchanged between BMC and the PTO’s (and their partners) to ensure the interoperable use of MoBIB cards, digital wallets and the transport tickets of the associated PTO’s.
BMC has developed a computer platform in collaboration with the PTO’s which enables the easy exchange of personal information relating to the MoBIB card and digital wallet (card data and transport ticket data) between BMC and the PTO’s (and their partners) in order to simplify the management of the MoBIB card and digital wallet for the benefit of the holder.
Personal data are exchanged over the platform:
In all such cases, BMC collects the minimum data necessary to fulfil its obligations.
BMC does not market or sell your personal data to third parties.
On what basis does BMC collect your personal data?
BMC collects and processes your personal data within the scope of a public interest mission which consists of exchanging personal data in order to facilitate the interoperability of the MoBIB card and digital wallet and simplify its management by all of the PTO’s individually.
If you provide certain personal information to BMC voluntarily, BMC will process the personal data on the basis of your consent. You can withdraw your consent at any time. However, if you wish to withdraw your consent, the basis on which processing was previously completed will not be called into question.
Who does BMC share your personal data with?
Personal data can be shared with natural persons and legal entities, other than the PTO’s and their partners, who act as subcontractors for BMC. These subcontractors provide services such as computer support for the hosting and management of the platform or other support services, the provision of infrastructures and application services, marketing and data analysis. In these cases, the subcontractors can only access the data which they require to complete their tasks and to process your personal data on behalf of BMC in accordance with this privacy statement. BMC has taken all necessary measures to ensure that your personal data are protected in accordance with the requirements of the GDPR.
If BMC needs to transmit your personal data to another natural person or legal entity, it will request your prior authorisation.
How long will your personal data be stored by BMC?
If BMC doesn’t need the personal data for processing that requires a longer storage period (for example, in the event of a legal dispute), it will store the personal data mentioned above for the MoBIB card’s validity period, plus three (3) years.
International transfer of personal data
Your personal data may be transferred and processed outside of Belgium. More precisely, our servers are located in the European Union and some of our service providers operate worldwide.
However, in the event your personal data is transferred to a country outside of the European Union, BMC has taken the necessary protective measures to ensure that your personal data are protected in accordance with this privacy statement and the GDPR.
Security of your personal data
BMC commits to taking all suitable technical and organisational measures to protect your personal data against destruction, loss, unintended modification, damage or dissemination. The measures employed by BMC are designed to ensure a level of security appropriate for the processing risk to which your personal data is exposed.
What privacy rights do you have and how can you exercise them?
You have the right to exercise the following privacy rights in accordance with and under the circumstances provided for in the legislation applicable to the processing of personal data:
Contact information
Given that BMC does not collect personal information directly from MoBIB cardholders and digital wallet holders but rather receives it through the PTO’s, BMC invites you, for more effective processing of your request, to address it to the appropriate PTO(‘s). BMC will carry out the desired actions at their request.
You can send your request to the following email address or use the contact form provided by the PTO’s:
De Lijn: https://www.delijn.be/en/contact/klantendienst/
SNCB: dataprotectionofficer@b-rail.be
STIB: dpo@stib-mivb.brussels
TEC: dpo@letec.be
For more information on how to exercise your privacy rights with the PTO’s, please view the privacy statement of the public transport operator in question.
If you have a complaint or if you are concerned about the way BMC is processing your personal data, BMC will do its utmost to resolve the problem. If you feel that BMC has not sufficiently addressed your complaint or concern, you have the right to lodge a complaint with the data protection authority regarding the collection and use of your personal data by BMC at the following address: Data protection authority, Rue de la presse 35, 1000 Brussels.
This privacy statement may be modified from time to time to take legal, technical or commercial changes into account.
If BMC modifies its privacy statement, it will take the appropriate measures to inform you of the changes made, based on their importance.
You can see when the privacy statement was last modified by viewing the “last modification” date provided above.