Other information and services: www.belgium.be

Privacy Protection – General Data Protection Regulation (GDPR)

  1. Data Controller
  2. Why are your data processed?
  3. What is the legal basis for processing your data?
  4. Which data are processed?
  5. What are our sources of information?
  6. Who processes your data?
  7. To whom may your data be communicated?
  8. Who are our subcontractors?
  9. Are your data transferred to countries outside the EEA?
  10. How long are your data stored?
  11. What are your rights?
  12. Can you withdraw your consent?
  13. Are you subject to automated decision-making, including profiling?

 

1. Data Controller

The Federal Agency for Occupational Risks (hereinafter referred to as Fedris) is responsible for implementing the Law of 3 July 1967 on the prevention and compensation of occupational accidents and occupational diseases in the public sector, the Law of 10 April 1971 on occupational accidents, and the coordinated laws of 3 June 1970 on the prevention of occupational diseases and compensation for the damage resulting from them. Fedris seeks to make an active contribution to the protection and promotion of workers’ health in the workplace—both in terms of prevention, correct compensation of work-related damage, professional reintegration, and supervision of the proper application of legislation on occupational risks, as well as payment of compensation to asbestos victims pursuant to Title IV, Chapter VI of the Programme Law (I) of 27 December 2006.

Fedris, headquartered at Avenue de l’Astronomie 1, 1210 Brussels, company number 0206.734.318, acts as the data controller for data processed in the context of its missions.

In accordance with the European General Data Protection Regulation of 27 April 2016 (“GDPR”), Fedris has appointed a Data Protection Officer. The Data Protection Officer can be contacted by email at privacy@fedris.be or by post at:

Fedris  - Information Security Department
Avenue de l’Astronomie 1
1210 Brussels

 
 

2. Why are your data processed?

In this context, Fedris processes all personal data required to carry out the following main tasks and purposes:

  • To follow up your request and process your file;
  • To determine and pay the social benefits to which you are entitled from Fedris;
  • To supervise insurance companies and employers regarding occupational risks;
  • To manage disputes: contesting Fedris decisions, recovering unduly paid amounts, recovering benefits from liable third parties;
  • To inform and support people (proactively or not) so they can fully exercise their rights and promote their physical, mental, and social well-being;
  • To manage your contacts with our services, regardless of the channel used;
  • To ensure proper management and improvement of our services and of the social security and public health system, and to combat fraud through audits, surveys, studies, and scientific, statistical and historical research, as well as through security measures protecting data, property and persons;
  • To comply with our legal obligations, particularly those related to the Crossroads Bank for Social Security.

3. What is the legal basis for processing your data?

In the context of managing the institution and preventing occupational risks, the data processed by Fedris are processed based on Articles 6.1 (a), (c), (d), (e), (f), 9.2 (b), (c), (g), (h), (i) and (j), as well as Article 87 of the GDPR. We rely in particular on the following specific legislation and implementing decrees:

  • Law of 3 July 1967 on the prevention and compensation of occupational accidents, commuting accidents and occupational diseases in the public sector;
  • Law of 10 April 1971 on occupational accidents;
  • Coordinated laws of 3 June 1970 on the prevention of occupational diseases and compensation for the resulting damage;
  • Law of 15 January 1990 establishing and organising the Crossroads Bank for Social Security, the Royal Decree of 4 February 1997, and other implementing decrees;
  • Law of 8 August 1983 establishing a national register of natural persons and the Royal Decree of 5 December 1986 concerning its use in health and disability insurance;
  • Law of 21 August 2008 establishing and organising the eHealth platform and setting various provisions;
  • Law of 11 April 1995 establishing the Charter of the Socially Insured;
  • Law of 22 August 2002 on patients’ rights;
  • Programme Law (I) of 27 December 2006.

4. Which data are processed?

Depending on the services you use or the information you provide, Fedris may process the following personal data: identification data (name, address, phone number, etc.), financial data, physical data (height, weight, etc.), psychological data (personality, character, etc.), education and training, image recordings (via security cameras in our offices), personal characteristics (age, gender, civil status), lifestyle, family composition, organisations relevant for processing your request or for paying your benefits (health insurance funds, trade unions), housing characteristics, profession, and employment.

Depending on the services you use or the information you provide, Fedris may also know or process the following special categories of data:

  • Data from the National Register: national registration number and identification data (name, first names, place and date of birth, gender, nationality, main residence, place and date of death, civil status, household composition, legal cohabitation, type of registration);
  • Data from the Crossroads Bank for Social Security;
  • Health data: physical health, mental health, risk situations and behaviours;
  • Judicial data: judicial measures (seizures);

5. What are our sources of information?

The data concerning you originate mainly from:

  • Yourself, your legal representative, or a person authorised by you;
  • Healthcare providers (hospitals, doctors, etc.) you have consulted;
  • The Crossroads Bank for Social Security and all other public services active in the field of social security;
  • Insurance companies active in the field of occupational accidents;
  • External prevention services;
  • Judicial authorities and intermediaries mandated by them.

6. Who processes your data?

All data are processed by authorised staff who are legally or contractually bound by professional secrecy. IT and organisational security measures are also in place to guarantee the confidentiality, integrity, and availability of your data.

7. To whom may your data be communicated?

Your personal data may be communicated to:

  • Yourself and/or your representatives (including temporary administrators, lawyers, mediators, medical advisors, etc.) who hold a mandate or are appointed by the court, directly or through a healthcare professional;
  • Social security bodies, notably: the National College of Health Insurance Funds, the Crossroads Bank for Social Security, the unemployment office, health insurance funds, the Auxiliary Sickness and Disability Insurance Fund, the Supervisory Office for Health Insurance Funds, and the NIHDI, within the framework of their legal missions;
  • Our auditor, our internal and external auditors, all bound by confidentiality obligations;
  • Our lawyers and the judicial system in case of a dispute;
  • An institution with the intention of granting you an advantage if you hold a privileged status;
  • bPost for the dispatch of our mail;
  • A duly authorised third party (law, contract, consent);
  • Your creditors in the context of enforcement proceedings.

8. Who are our subcontractors?

Fedris mainly relies on the following subcontractors:

  • SMALS, Avenue Fonsny 20 in 1060 Saint-Gilles, our IT provider;
  • BNP Fortis Paribas and bPost, our payment institutions;
  • Medical collaborators of Fedris.

Fedris also occasionally relies on other subcontractors to fulfil its legal obligations and public-service missions.

9. Are your data transferred to countries outside the EEA?

Your data may be transferred abroad if they are:

  • Necessary to protect your vital interests;
  • Necessary for implementing an international agreement to which Belgium is a party;
  • Necessary for concluding or performing a contract with a third party in your interest;
  • Or if you have given your explicit consent, or at your request.

10. How long are your data stored?

Data forming part of your file may be kept for up to 10 years following your death, or up to 10 years after the expiration of rights or the death of any beneficiaries.

11. What are your rights?

Under the law, you have the right to obtain confirmation that your data are being processed by Fedris and the right of access to those data. For this purpose, you may submit a written, dated, and signed request to our Data Protection Officer. You must also attach a copy of both sides of your identity card (contact details provided in the “Data Controller” section).

Provided that your rights do not conflict with the legal obligations to which Fedris is subject, you also have the right, regarding the data concerning you:

  • To request the correction of inaccurate or incomplete data;
  • To request the deletion of data;
  • To object to the processing of your data;
  • To request digital erasure (right to be forgotten);
  • To restrict the processing of your data;
  • Not to be subject to automated decision-making, including profiling (see below).

In case of dispute, you may always contact the Data Protection Authority located at Rue de la Presse 35, 1000 Brussels, or via its website www.privacycommission.be.

12. Can you withdraw your consent?

If the processing of your data is based on your consent, you have the right to withdraw this consent at any time and without justification.

Fedris is nevertheless legally obliged to manage personal data as part of its statutory tasks.

13. Are you subject to automated decision-making, including profiling?

You are subject to an automated decision in the following case: calculation of the basic salary to determine the amount of replacement income granted.