1. General Data Protection Regulation (GDPR)
For the Agreement between the client and Belnet to be performed, a number of essential processing operations must be carried out on personal data. In compliance with the General Data Protection Regulation, processing of personal data must be transparent and secure. Alongside the general policy for the processing of personal data of the client's official contacts published on the Belnet Website, this processing policy encompasses the information pertaining to the client's registered users of the eduVPN.
As the provider of the service, Belnet will fulfil the role of controller of the personal data pertaining to the client's registered users as designated below.
Belnet is a State service with separate management, established within the Federal Science Policy. Its registered offices are located at Boulevard Simon Bolivar 30, 1000 Brussels, Belgium, tel. +32 (0)2 790 33 33, fax +32 (0)2 790 33 34.
Data Protection Officer
The Data Protection Officer at Belnet will be the point of contact for all matters relating to the processing of personal data in general and for this policy for the processing of personal data pertaining to the client's registered users in particular. The Data Protection Officer can be contacted via email@example.com.
Purposes of Processing and the Legal Basis for Processing
(i) Purposes of Processing
- The specific service purchased by the client
- The Belnet Service Desk and NOC
- Security services (access to infrastructure, such as datacentres)
- Incident handling
- Access to the Belnet portal
- Distribution of surveys commissioned by Belnet
- Mailings from Belnet that relate to the service being provided
- Invitations to events organized by Belnet
(ii) Legal Basis for Processing
The collection and processing of the personal data of registered users on behalf of the client are necessary for the performance of the Agreement.
Categories of Personal Data of Registered Users on Behalf of the Client
- Business e-mail address
- Business postal address
- Work telephone number
Recipients of Personal Data
Belnet will restrict access to personal data by employees, subprocessors or others to the necessary minimum. In accordance with that policy, Belnet will grant access solely to those employees for whom accessing the personal data is a necessity.
To provide the agreed service, Belnet has recourse to third-party service providers. Third-party contractual partners may be granted access to personal data whenever this is necessary for performance of the Agreement but only within the scope of the purposes of processing referred to above.
Belnet undertakes not to retain the personal data collected and processed for any period exceeding that which has been legally and contractually stipulated and agreed on.
Rights of the Data Subject and the Exercise There of
(i) Rights of the Data Subject
The data subject is entitled to submit a request to Belnet to view, modify or delete personal data or to restrict the processing of data pertaining to him or her. The data subject is also entitled to object to processing and enjoys the right of data portability.
(ii) Exercising Data Subjects’ Rights
Data subjects can exercise the rights referred to above by sending an e-mail to firstname.lastname@example.org.
In accordance with the procedures laid down under the Regulation, Belnet will comply with such a request within one month. Depending on the complexity and number of requests submitted, this period may be extended a further two months, if necessary.
Withdrawal of Consent
Whenever a data subject has given consent him- or herself for the processing of his or her personal data for one or more purposes, he or she is entitled to withdraw consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on the consent given before its withdrawal.
Source by Which the Personal Data Were Disclosed
If a data subject did not give consent him- or herself for the processing of his or her personal data, the personal data will be deemed to have originated from the client.
Submission of a Complaint by the Data Subject
To submit a complaint, the data subject can contact the Data Protection Authority at the following address:
Data Protection Authority
Rue de la presse, 35
No Automated Individual Decision-making
No automated decision-making will occur while the relevant personal data are being processed by Belnet.
Technical and Organizational Measures
Belnet will take appropriate technical and organizational measures when collecting and processing personal data to ensure a level of security appropriate to the risk, in accordance with the principles of the General Data Protection Regulation.
In assessing the appropriate level of security for personal data, which are transmitted, stored or otherwise processed, potential risks posed will be taken into account, such as accidental or unlawful destruction, loss, alteration or unauthorized access.
2. Amendments to the Processing policy
Belnet reserves the right to amend this policy for the processing of personal data pertaining to the eduVPN clients registered users if necessary and to ensure that such amendments comply with the General Data Protection Regulation.