You have certain rights in connection to your personal data. Some of these rights have a very specific scope or are subject to special conditions or exceptions. As a result, you will not be able to benefit from the rights, referred to in Article 54/3 of the Law of 7 December 2016, to information (under Articles 12 and 13 of the GDPR), access, correction, notification of data users of the exercise of certain rights, or of your right to object. This is the case, in particular, when:
i. the Board performs its tasks listed in Article 32 of the Law of 7 December 2016 or of other tasks entrusted to it under any other provision of national or European legislation where such data have not been obtained from the person concerned;
ii. the Board acts in the context of the procedures for imposing the administrative measures and penalties referred to in Articles 56, 58 and 59 of the Law of 7 December 2016, provided that the personal data concerned are related to the subject matter of the investigation or verification.
The derogations referred to in point (i) apply as long as you have not obtained, where applicable, legal access to the administrative dossier which the Board holds on you and that contains the personal data in question.
Other than in these cases, you may at any time exercise your right to access the personal information about you in order to supplement it, amend it, rectify it, delete it or object to its processing for legitimate reasons in accordance with the applicable laws on data protection.
Furthermore, you may in certain cases ask for a restriction to the processing of your personal data and, in some circumstances, you may ask us to send your data to you or (if possible from a technical point of view and within the limits of the Board’s professional secrecy) to another controller.
Where the processing of your personal data is based on consent, you have the right at all times to withdraw your consent. If you withdraw your consent, this will have no effect on the validity of the processing of your personal data prior to the withdrawal.
If you wish to exercise these rights, you have to send a request with a copy of the front of your ID card, your passport or any other proof of ID by email to dataprotection@fsma.be, or in writing to the Board’s Data Protection Officer. You will find the contact details of the DPO in the question 'How can you contact us?' of this Data Protection Policy. We ask for a proof of ID in order to be certain that we are respecting your personal data and that we are not sending it to a third party.
We reserve the right not to respond to clearly unfounded or excessive requests. We will send you the information we have about you, or notify you that we do not have any, free of charge, within a month of your request. If necessary, this deadline may be extended by two months to take account of the complexity and number of requests. Your request will be kept for as long as legal remedies are possible.
At any time, if you consider that your rights have not been respected, you may also make a complaint to the Data Protection Authority, Rue de la Presse/Drukpersstraat 35, 1000 Brussels, email: contact@apd-gba.be (see also www.dataprotectionauthority.be).