Privacy statement regarding personal data
Iriscare is in charge of managing the Brussels public child benefit fund “Famiris”.
Iriscare ensures compliance with the protection of natural persons with regard to the processing of personal data, pursuant to both the European Regulation 2016/679 of 27 April 2016, better known as GDPR (General Data Protection Regulation), and the Belgian GDPR implementation law of 30 July 2018.
This privacy statement applies to any processing of personal data by Famiris, any customer, any visitor of our website or the myFamiris Portal and any visitor to our offices.
2. Who is the controller of your personal data?
Iriscare is the controller of your personal data:
Rue Belliard 71, boîte 2
If you have any questions regarding the processing of your personal data, please contact our Data Protection Officer (DPO) whose contact details are mentioned in the “How to exercise your rights” section of this privacy statement.
3. Why are your personal data processed?
Iriscare collects and processes your personal data exclusively for the purpose of applying the legislation on family benefits in the bilingual region of Brussels-Capital.
4. How are your personal data protected?
Your personal data will be processed in compliance with the GDPR and the Law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data.
The data collected are limited to what is necessary for the purposes for which they were collected and are treated with the utmost respect.
Iriscare has taken all appropriate technical and organisational measures to ensure the protection of your personal data. Our employees are trained to process your personal data in accordance with the applicable legal requirements and have also signed a confidentiality agreement.
5. What personal data are processed by Iriscare?
The processed data are classified into different categories:
Identification data which allow you to be identified, such as your surname, first name, user identification, national registration number, etc.
Contact data which allow us to communicate with you, such as your telephone number, physical address, email address, etc.
Personal characteristics data which also allow you to be identified, such as your date of birth, civil status, etc.
Family data, for example necessary for the calculation of family benefits, such as your family, professional and financial situation, the composition of your household, the identity of your spouse or partner, etc.
Data regarding the physical or mental health status, for example necessary for the calculation of child benefit supplements, etc.
Financial data which allow us to pay you the amounts due to you such as your bank account number, income, etc.
Data relating to the management and monitoring of your prepaid payment card which enables us to pay you the amounts due to you, such as the cardholder’s name, unique card identification number, cardholder status, card balance, loading and unloading history, card creation date, card expiry date, card status, etc.;
Connection data: information collected during the use of web services and applications for the purpose of securing these online tools or for your convenience, such as your user name, IP address, language preference, etc.
Video surveillance data, for security reasons, when you visit our offices.
6. How do we collect your personal data?
These data are collected in different ways:
- Either directly from you, for example when you register for or request our services in our offices and/or on our website. With the exception of certain personal data that are required by law, you are free to either provide us with personal data or not. However, it is possible that if you do not provide us with certain information, we will not be able to fulfil the purposes of the envisaged processing.
- Or from third parties who are official bodies and external authentic sources that possess data concerning you. These data may originate from the National Register, the Crossroads Bank for Social Security, the Crossroads Bank for Enterprises or any other public administration whether it is active in the field of social security or not, the FPS Finance, etc. These sources are always lawful, controlled and reliable.
7. What are your rights as a data subject in relation to the processing of personal data?
The European General Data Protection Regulation has explicitly established various rights for natural persons whose personal data are processed:
- Right of access to your personal data: you may contact Iriscare at any time to request access to your personal data.
- Right to rectification of your personal data: It may happen that some of the data we possess concerning you are not or no longer accurate. You can always request that these data be rectified or completed unless we are not the authentic source of these data.
- Right to erasure of your personal data: you can ask Iriscare to stop using your personal data. Please note, however, that we can only erase your data if they are no longer required for the processing of the child benefit cases involving you. “Being involved in a child benefit case” means that your data are required for processing the child benefit for children in whose case(s) you are directly or indirectly involved.
- Right to restriction of processing of your data: you have the right to obtain the restriction of the processing of your data in the following cases: when you contest the accuracy of your data and we need time to verify the accuracy of your personal data or when the processing is unlawful and you do not request the erasure of your personal data but a restriction of their use.
- Right to portability: you have the right to receive all information concerning you that is registered in a portable and readable format and to have your data transmitted to another body.
- Right to object to processing on the basis of a legitimate interest, processing for direct marketing and profiling purposes and processing for scientific or historical research purposes or statistical purposes which are not in the public interest.
- Right to refuse automated processing of your data: some data processing and certain procedures are carried out in a fully automated way, without human intervention. At Iriscare, we have chosen to restrict automated processing.
The rights to erasure, data portability and to object are not applicable to the processing of personal data carried out in the context of a legal obligation or necessary for the performance of a task carried out in the public interest.
8. How to exercise your rights?
Either contact Iriscare’s DPO
If you wish to exercise any of your rights listed above, you may send your request by post to:
Service Protection des Données
Rue Belliard 71, box 2
Or by e-mail to: email@example.com
The request must be accompanied by a copy of both sides of your identity card to prove your identity in order to prevent anyone else from exercising your rights in your place.
The response period is one month. In exceptional cases, this period may be extended (up to a maximum of three months), but we will provide you with the reason for it within one month.
Or contact the Data Protection Authority (DPA)
You have the right to lodge a complaint with the Data Protection Authority at any time if you believe that Iriscare is not processing your personal data in accordance with the applicable regulations.
Data Protection Authority:
Rue de la Presse 35
9. Can you withdraw your consent?
Iriscare is legally obliged to process and manage personal data in the context of carrying out its legal tasks as a public body responsible for the payment of child benefit in the bilingual region of Brussels-Capital.
Although certain processing of your personal data is based on your consent, you do have the right to withdraw your consent at any time and without justification. In this case, all you have to do is to submit a request to our DPO, whose contact details are given in the “How to exercise your rights” section of this privacy statement.
10. Are your personal data transmitted to third parties?
Your personal data will only be transmitted to third parties if this is necessary for the processing of your case or if this is required by the legislation. In this case, Iriscare will only transmit the data necessary to fulfil the intended purposes.
Your personal data will never be used for advertising purposes nor will it be transferred or sold to third parties who would use the data for such purposes.
11. Disclosure of personal data within the EU?
Most data disclosed to third countries is disclosed to EU or European Economic Area (EEA) countries.
If your data are shared with other countries outside the European Union, we ensure, by means of bilateral agreements and the tools put in place by Articles 45 and 46 of the GDPR, that these countries provide appropriate guarantees for the protection of your personal data.
In any case, Iriscare always applies the European regulations regarding the international transfer of personal data.
12. How long are your personal data stored?
Iriscare will store your personal data for as long as it is necessary to carry out its legal missions and to process your requests.
When visiting our website, cookies may be stored automatically on the hard drive of the visitor’s computer, mobile device or tablet. These data help Iriscare to better tailor its site to the wishes and preferences of its visitors.