You have certain rights in connection to your personal data. Some of these rights have a very specific scope or are subject to special conditions or exceptions. As a result, you will not be able to benefit from the right of information (under Articles 12 and 13 of the GDPR), access, correction, notification of certain users of the personal data of the exercise of certain rights, or of objection in the cases referred to in Article 54/3 of the Law of 7 December 2016. This is the case, in particular, when:
i. the College exercises its tasks listed in Article 32 of the Law of 7 December 2016 or of other tasks entrusted to it under any other provision of national or European legislation where such data have not been obtained from the person concerned;
ii. the College acts in the context of the procedures for imposing the administrative measures and penalties referred to in Articles 56, 58 and 59 of the Law of 7 December 2016, provided that the personal data concerned be related to the subject matter of the investigation or control.
The derogations referred to in point i. apply as long as you have not obtained, where applicable, legal access to the administrative dossier which the College holds on you and that contains the personal data in question.
Other than in these cases, you may at any time exercise your right to access the personal information about you in order to supplement it, amend it, rectify it, delete it or object to its processing for legitimate reasons in accordance with the applicable laws on data protection.
Furthermore, you may in certain cases ask for a restriction to the processing of your personal data and, in some cases, you may ask us to send your data to you, or (if possible from a technical point-of-view and within the limits of the College’s professional secrecy) to another controller.
Where the processing of your personal data is based on consent, you have the right at all times to withdraw your consent. Where you withdraw your consent, this will have no effect on the validity of the processing of your personal data prior to the withdrawal.
If you wish to exercise these rights, all you have to do is send a request with a copy of the front of your ID card, of your passport or any other proof of ID by e-mail to email@example.com, or in writing to the College’s Data Protection Officer. You will find the contact details of the DPO in the following question ‘How can you contact us?’ of this Data Protection Policy. We ask for a proof of ID in order to be certain that we are respecting your personal data and that we are not sending it to a third party.
We reserve the right not to respond to clearly unfounded or excessive requests. We will send you the information we have about you, or notify you that we do not have any, free-of-charge, within a month of your request. If necessary, this deadline may be extended by two months to take account of the complexity and number of requests. Your request will be kept for as long as legal remedies are possible.
At any time, if you consider that your rights have not been respected, you may also make a complaint to the Data Protection Authority, Rue de la Presse/Drukpersstraat 35, 1000 Brussels, email: firstname.lastname@example.org (see also www.dataprotectionauthority.be).