Last modification: 19 July 2023.

BMC, a limited liability company with registered offices at Rue Royale 76, 1000 Brussels, knows that your private life is important to you and is, therefore, doing everything in its power to respect and protect it. If you have questions or comments about this privacy statement, please contact BMC’s data protection officer: dpo@mobib.be.

Please take the time to read this privacy statement carefully. This document explains how BMC processes information which, alone or in combination with other information, pertains to you as a MoBIB cardholder or digital wallet holder (hereinafter “personal data”).

For the application of the present privacy statement, BMC is acting jointly with Belgian public transport operators. These consist of the SNCB, STIB, De Lijn and TEC (hereinafter “PTO’s”), who act as joint processing controllers. This means that BMC and its PTO’s are jointly responsible for following the legislation applicable to the processing of personal data for any processing which falls within the scope of this privacy statement.

 

How does BMC receive personal data?

BMC does not receive any personal data directly from MoBIB cardholders or digital wallet holders. BMC receives and exchanges personal data from and with the PTO’s (and with the PTO’s partners using MoBIB cards and digital wallets) over the platform developed by BMC and the PTO’s (hereinafter the “platform”).

The PTO’s (and their partners) also exchange personal information with each other and process it in accordance with their own privacy statements. BMC cannot be held responsible in any way for the content of these privacy statements nor for the way in which the PTO’s use and process your personal data for their own purposes.

 

What personal data are processed by BMC?

The only personal data BMC receives via the PTO’s consist of the following personal information:

- the MoBIB card or digital wallet (MoBIB number, serial number, expiration data, active or deactivated)

- the PTO’s transport tickets (product number, first and last validation, departure and last stop, class, validity period).

BMC may also process any personal data which you voluntarily provide to BMC when you contact BMC or BMC’s data protection officer.

 

For what purposes does BMC process your personal information?

Your data will only be used by and exchanged between BMC and the PTO’s (and their partners) to ensure the interoperable use of MoBIB cards, digital wallets and the transport tickets of the associated PTO’s.

BMC has developed a computer platform in collaboration with the PTO’s which enables the easy exchange of personal information relating to the MoBIB card and digital wallet (card data and transport ticket data) between BMC and the PTO’s (and their partners) in order to simplify the management of the MoBIB card and digital wallet for the benefit of the holder.

Personal data are exchanged over the platform:

• when loading a transport ticket from a PTO. Thanks to the exchange of information, both their own transport ticket and those of other PTO’s can be loaded. When you buy a new MoBIB card from one of the PTO’s, the other PTO’s (and their partners) are informed through the platform. Thanks to this exchange of information, you can create a MoBIB card through any PTO without having to contact each one of the PTO’s.
• when a MoBIB card or one or more of the transport tickets is blocked separately by each PTO. If you inform one of the PTO’s that you've lost your MoBIB card, the other PTO’s (and their partners) will be informed via the platform. Thanks to this exchange of information, you can block a MoBIB card through any PTO, without having to contact each of the PTO’s individually.
• to support the PTO’s sales and after-sales services.
• to manage shared PTO transport tickets, thanks to which it’s possible to choose between the transport modes of different PTO’s in some areas (for example, Brupass in Brussels). The settlement of transport tickets between PTO’s is possible thanks to the exchange of information over the aforementioned platform.

In all such cases, BMC collects the minimum data necessary to fulfil its obligations.

BMC does not market or sell your personal data to third parties.

 

On what basis does BMC collect your personal data?

BMC collects and processes your personal data within the scope of a public interest mission which consists of exchanging personal data in order to facilitate the interoperability of the MoBIB card and digital wallet and simplify its management by all of the PTO’s individually.

If you provide certain personal information to BMC voluntarily, BMC will process the personal data on the basis of your consent. You can withdraw your consent at any time. However, if you wish to withdraw your consent, the basis on which processing was previously completed will not be called into question.

 

Who does BMC share your personal data with?

Personal data can be shared with natural persons and legal entities, other than the PTO’s and their partners, who act as subcontractors for BMC. These subcontractors provide services such as computer support for the hosting and management of the platform or other support services, the provision of infrastructures and application services, marketing and data analysis. In these cases, the subcontractors can only access the data which they require to complete their tasks and to process your personal data on behalf of BMC in accordance with this privacy statement. BMC has taken all necessary measures to ensure that your personal data are protected in accordance with the requirements of the GDPR.

If BMC needs to transmit your personal data to another natural person or legal entity, it will request your prior authorisation.

 

How long will your personal data be stored by BMC?

If BMC doesn’t need the personal data for processing that requires a longer storage period (for example, in the event of a legal dispute), it will store the personal data mentioned above for the MoBIB card’s validity period, plus three (3) years.

 

International transfer of personal data

Your personal data may be transferred and processed outside of Belgium. More precisely, our servers are located in the European Union and some of our service providers operate worldwide.

However, in the event your personal data is transferred to a country outside of the European Union, BMC has taken the necessary protective measures to ensure that your personal data are protected in accordance with this privacy statement and the GDPR.

 

Security of your personal data

BMC commits to taking all suitable technical and organisational measures to protect your personal data against destruction, loss, unintended modification, damage or dissemination. The measures employed by BMC are designed to ensure a level of security appropriate for the processing risk to which your personal data is exposed.

 

What privacy rights do you have and how can you exercise them?

You have the right to exercise the following privacy rights in accordance with and under the circumstances provided for in the legislation applicable to the processing of personal data:

• right of access: you have the right to access the personal data about you which BMC processes. This can help you decide if you also want to make use of your other rights (for example, your right to modify the data).
• right to rectification: if you determine that the personal data stored by BMC are incorrect or incomplete, you can ask BMC to modify or complete them.
• right to erase data: in accordance with the regulations governing the protection of personal data, you have the right to ask BMC to delete certain data. This is only possible if the data are no longer required to achieve a given objective. For example, we cannot delete your personal data as long as you continue using your MoBIB card or digital wallet.
• right to restrict processing: the regulations governing the protection of personal data give you the right, under certain conditions, to request that BMC restrict the processing of your data to certain purposes.
• right to object: the regulations governing the protection of personal data give you the right, under certain conditions, to object to certain processing of your personal data.
• right to the portability of your personal data: you are entitled to data portability on the basis of the regulations governing the protection of personal data. You can therefore request to receive, from BMC, all of the personal data you provided to BMC in a readable electronic format.

 

Contact information

Given that BMC does not collect personal information directly from MoBIB cardholders and digital wallet holders but rather receives it through the PTO’s, BMC invites you, for more effective processing of your request, to address it to the appropriate PTO(‘s). BMC will carry out the desired actions at their request.

You can send your request to the following email address or use the contact form provided by the PTO’s:

De Lijn: https://www.delijn.be/en/contact/klantendienst/

SNCB: dataprotectionofficer@b-rail.be

STIB: dpo@stib-mivb.brussels

TEC: dpo@letec.be

For more information on how to exercise your privacy rights with the PTO’s, please view the privacy statement of the public transport operator in question.

If you have a complaint or if you are concerned about the way BMC is processing your personal data, BMC will do its utmost to resolve the problem. If you feel that BMC has not sufficiently addressed your complaint or concern, you have the right to lodge a complaint with the data protection authority regarding the collection and use of your personal data by BMC at the following address: Data protection authority, Rue de la presse 35, 1000 Brussels.

This privacy statement may be modified from time to time to take legal, technical or commercial changes into account.

If BMC modifies its privacy statement, it will take the appropriate measures to inform you of the changes made, based on their importance.

You can see when the privacy statement was last modified by viewing the “last modification” date provided above.