For Autosécurité SA the protection and confidentiality of your data is very important. The purpose of this document is to inform our customers about how personal data is processed by our company. It applies to various forms of interaction with our services.

By “personal data” we mean any data relating directly or indirectly to an identified or identifiable natural person that is collected in the course of performing the public services for which we are responsible, as well as while using this website and the applications offered.

1. Who is the data controller for your personal data?

The following shall be considered as data controller within the meaning of the General Data Protection Regulation, the national data protection laws of the Member States and the applicable data protection legislation:

Autosécurité S.A.
ZI de Petit Rechain, Avenue du Parc 33,
4800 Verviers
BE 0444.402.332

2. Contact information for the Data Protection Officer

You can contact our data protection officer by e-mail at privacy@autosecurite.be or by post at: Autosécurité S.A. – ZI de Petit Rechain, Avenue du Parc 33, 4800 Verviers.

3. Personal data

3.1 Purposes of the processing of personal data

The data concerning the user is processed in a fair and lawful manner and collected for specific, explicit and legitimate purposes, without being processed further in a manner incompatible with those purposes. In accordance with the minimisation principle, the data requested is adequate, relevant and not excessive for the purposes pursued.

The personal data collected via the channels described below is stored in the databases of Autosécurité SA. It is used in the course of the public service missions described and more generally, to provide you with the services or information requested, for the management of disputes, for the detection of any fraud or offence, whether a breach of applicable regulations or targeting Autosécurité, its employees, customers or suppliers, to improve the quality of services, as well as for the planning and overall organization of our sites and infrastructure.
This personal data is not transferred to a third country, an international organisation, or outside the EEA. It is intended for use by our internal services, our subcontractors within the limits of the service agreements entered into and, if necessary, to be passed on to the competent authorities and specifically identified recipients.

3.1.1 Personal data processed in the course of public service provision for the technical inspection of vehicles

Autosécurité SA is a body specifically approved for the technical inspection of vehicles under the Royal Decree of 23 December 1994 setting out the conditions of approval and the rules for administrative control of bodies responsible for the inspection of road vehicles [M.B. 30-12-1994].

Data provided by the Federal Public Service for Mobility and Transport is drawn from the Crossroads Bank for Vehicles. This data is initially collected by the Federal road traffic service’s vehicle registration directorate (DIV) when each vehicle is registered.

The bodies responsible for technical inspections of vehicles are also associated with the operation of the aforementioned Crossroads Bank for Vehicles, in accordance with articles 13 and 14 of the Law of 19 May 2010 establishing the Crossroads Bank for Vehicles [M.B. 28-06-2010], as well as articles 4, 5 and 7 of the Royal Decree of July 8, 2013 implementing the Law of 19 May 2010 establishing the Crossroads Bank for Vehicles [M.B. 22-08-2013].

Our organisation is considered an authentic source (primary collection) for the following data:

• Data given on the inspection certificate
• Data given on the used vehicle report;
• Data given in the document: “visual inspection of the vehicle”.

Personal data is processed for the following purposes:

a) Providing a public service conducting technical inspection of vehicles

The technical inspection operations are defined in articles 23, 23bis and 23ter of the Royal Decree of 23 March 1968 on the general regulations on the technical conditions to be met by motor vehicles and their trailers, their components and safety accessories [M.B. 28-03-1968].

This purpose also includes, in addition to the unambiguous identification of the vehicle and its correspondence with the information contained in the Crossroads Bank for Vehicles, the delivery and correction, if necessary, of the official documents provided for in law.

The following data is concerned: registration mark and chassis number of the vehicle. In the course of more specific procedures (approval, conformity, etc.), we are required to process the following data: surname, first name, address, telephone number, e-mail address, identity card number.

b) Appointment scheduling through our appointment portal – individuals and professionals

This free service is made available to our private and professional customers, in order to facilitate and optimise access to our facilities.

The data collected allows us to contact the customer, in order to confirm the appointment and to provide any practical information required. This information also allows us to contact the professional customer through a newsletter in the event of closure of our inspection centre or appointment line due to unforeseen circumstances totally beyond our control.

For this purpose, we process the following data: vehicle registration mark, chassis number, e-mail address, telephone number.

c) Technical roadside Inspection Portal

This portal allows the consultation of the documents issued by our organisation, in the framework of a technical roadside inspection (TRI) carried out in accordance with Directive 2014/47/EU and the Walloon Government Order of July 6, 2017, which govern technical roadside inspections of commercial vehicles registered in Belgium or abroad.

The data concerned are the following: vehicle registration mark, surname, first name and home address.

d) Sending out notices, reminders and electronic invitations for technical inspection

This obligation derives from Article 4 of the Royal Decree of 23 December 1994.

To do this, we process the vehicle registration mark, surname, first name, national number and home address.

For professional customers who have subscribed to the electronic invitation service, we process, in the course of the execution of the agreement in question: the vehicle registration mark, the surnames and first names of the representative informed, the surnames and first names of the contact person, e-mail address, telephone number.

e) Customer credit service

For professional customers subscribed to the customer-credit billing service, in the course of performing the agreement in question we process: surname, first name, e-mail address of the contact person, telephone number, registration mark, assigned customer number, VAT number.

3.1.2. Personal data processed for public service provision for the organisation of tests for driving licences.

Our organisation is also specifically approved, in accordance with the provisions of the said Royal Decree of 23 December 1994 and the Royal Decree of 15 March 1998 concerning the driving licence [M.B. 30-04-1998], to organise and assess theoretical, practical and professional aptitude tests for driver licensing, as provided for by the Law of 16 March 1968 on road traffic policy [M.B. 27-03-1968].

The data processed in the course of this activity is drawn from the National Register (initially collected by the FPS Interior – Directorate General Institutions and Population), as well as from the Crossroads Bank for Driving Licences (initially collected by the FPS Mobility and Transport – Directorate General Road Transport and Road Safety). They are also communicated by the candidate during their interactions with our services in the normal course of performing the tests.

The approved bodies are associated with the operation of the Crossroads Bank for Driving Licences and are considered an authentic source for the communication of data relating to the tests taken in order to obtain a driving licence and certificate of professional competence, in accordance with Article 10 of the Royal Decree of 28 November 2011 on the Crossroads Bank for Driving Licences [M.B. 08-12-2011].

Personal data is processed for the following purposes:

a) To organise and assess the theoretical, practical and professional aptitude tests provided for by the regulations in order to obtain a driving licence

The tests are defined in the Royal Decree of 15 March 1998 on the driving licence and the Royal Decrees of 10 July 2006 on the driving licence for category B and of 4 May 2007 on the driving licence, professional aptitude and continuous training of drivers of vehicles in categories C1, C1+E, C, C+E, D1, D1+E, D, D+E.

This purpose also includes, in addition to the need to identify the candidate with certainty, the issue and correction where necessary of the official documents provided for by the regulations.

The following data is concerned (candidates and notified guides): surname, first name, date of birth, address, telephone number, e-mail address, national number.

b) Appointment scheduling through our driving licence appointment portal

This free service is made available to our private customers to facilitate and optimise access to our facilities and to allow them to make an appointment for the statutory tests required to obtain a driving licence.

The data processed allows us to feed our licence management software and to contact the candidate to confirm the appointment, to offer another appointment and, more generally, to provide all practical information required.

For this purpose, we process the following data: surname, first name, title, date of birth, address, telephone number, e-mail address, national number.

c) Invitation, at the request of the Authority, of any person required to take driving licence reinstatement tests following disqualification

This obligation derives from article 69(6) of the aforementioned Royal Decree of 23 March 1998, based on the information provided by the public prosecutor’s office.
To do so, we process the candidate’s surname, first name, national number and home address.

3.1.3 Additional support services

a) Contact with customer service (telephone, mail and e-mail)

When contacting our customer service, through the above channels (for any information on the technical inspection of a vehicle or a test to obtain a driving licence, to seek support for the appointment portal, to make an appointment, etc.), we are likely to process the following data in order to respond usefully to your request: surname, first name, registration mark, chassis number, home address, e-mail address, telephone number, national number.

We also collect data on the use of our services and traffic data for communications over our network. This traffic data includes, in particular, the telephone and mobile phone numbers of calls made, the date, time, and duration of a call or an internet connection.

b) Contact with the claims department (contact forms, mail) – DPO service

In the course of providing additional services, we may process, if necessary, certain personal data, such as surname, first name, home address, national number, e-mail address, telephone number, bank details, a copy of any identity document or a copy of the vehicle registration certificate.

We can also request any other document (technical certificate, specific authorisation, teaching certificate, etc.) deemed necessary to respond to your request. This data will be used exclusively for the purpose of providing the service requested.

c) Claims management/Fraud/On-site incidents

While managing claims and incidents that occur on our sites, we are required to process, if necessary, certain personal data, such as surname, first name, home address, national number, e-mail address, telephone number, bank details, a copy of any identity document or a copy of the vehicle registration certificate.

The processing of this data is also necessary for the detection and repression of any fraud, or to allow any appropriate measure or action to be taken following any indelicate/inappropriate behaviour on the part of one of our customers at one of our sites.

We can also request any other document (technical certificate, specific authorisation, inspection report, etc.) deemed necessary, in order to process the case concerned properly.

d) Customer satisfaction survey
For the satisfaction surveys sent to our customers after they make appointments and use of our dedicated platforms, as well as our quality management policy (ISO 9001 standard), we only process the e-mail address of the customer who has consented to this processing, for the sending of the survey form. This consent can be withdrawn at any time through the link in the satisfaction surveys.

e) Statistics

Within the company we use data from the performance of the public services which we provide for reporting and statistical purposes, including, for example, the number of inspections or tests performed, the types of inspections or tests, the number of people present, etc.

Only anonymized data is used for reporting purposes. This is then aggregated into large groups (DB) in such a way that it is impossible for the recipients of a report to reduce the information to individual customers.

3.2 Processing and legal basis for it

Data processing includes the following operations: any operation or set of operations applied to personal data, such as the collection, recording, organisation, storage, adaptation or amendment, extraction, consultation, use, communication by transmission, dissemination or making available in any other form, alignment or interconnection, as well as blocking, deletion or destruction of personal data.

The legal basis for the processing operations in question, in accordance with article 6(1)a, of the General Data Protection Regulations (GDPR), the explicit consent given by the customer, the fulfilment of a legal obligation on our part (performance of the public services for which we are responsible) in accordance with article 6(1)c, as well as the legitimate interests of the company Autosécurité SA, in accordance with article 6(1)f.

3.3 Data retention period

The criterion determining the length of time that such data is kept varies according to the public service performed and its fulfilment.

4. Recipients

Access to customer data is strictly limited within Autosécurité SA to authorised internal employees only. They are contractually and legally bound to respect the privacy of our customers, as well as the confidentiality of information customers may provide.

The employees of Autosécurité SA are strictly subject to professional secrecy, particularly where they are specifically authorised to process certain categories of personal data.

Subcontractors working on behalf of Autosécurité SA may be authorised to access some of our databases. Their access is strictly limited to the data they need to perform the tasks entrusted to them.

Autosécurité SA does not pass on any personal data to third parties, unless it has received prior express authorisation from the person concerned, or unless it is required to do so by a Belgian or foreign legal or regulatory provision, or if a legitimate interest justifies it, or following an injunction from a supervisory authority, or by a judicial decision.

These third parties who can access your data are listed below:

• Our supervisory authority, the Service Public de Wallonie;
• The Federal Public Service;
• Authorised subcontractors of Autosécurité SA;
• Bodies approved for technical inspections and the organisation of driving tests under the Royal Decree of 23 December 1994, in order to enable them to provide their public services;
• Informex, in the course of its automotive inspection duties;
• Carpass, in the course of its mission to fight against mileage fraud;
• Carfax, in the course of its role as a legal source of vehicle history reports (accidents);
• The vehicle registration directorate (DIV) ;
• Police forces;
• Authorised judicial authorities;

They process your data in compliance with the aforementioned purposes, limiting themselves to what is necessary for the performance of their tasks and in accordance with the provisions of their own confidentiality policies, the law of 30 July 2018 and the General Data Protection Regulation. In addition, each of these recipients agrees not to retain your data longer than is necessary to fulfil the above purposes.

Your personal data is therefore treated in the strictest confidence. However, as the Internet does not offer total security, respect for privacy can only be guaranteed if personal data is transmitted through secure communication channels and noted as such by Autosécurité SA (contact forms, etc.).

In accordance with the applicable provisions of the General Data Protection Regulation, the various processing operations are recorded in a processing register.

5. Rights of the person concerned

In accordance with the provisions of article 15 of the GDPR, customers, as data subjects, have the right to access the data held by the data controller concerning them.

In any circumstance, by submitting a dated and signed written request addressed to the data controller (at the address mentioned in point 2) and proof of identity, customers may obtain from the data controller, free of charge if a reasonable volume is involved, a written statement, if necessary by electronic means, of the personal data concerning them and, where appropriate, the correction, restriction on processing or deletion of data which is inaccurate, incomplete or irrelevant, with the exception of data collected by the data controller to meet a legal obligation. The customer also benefits from a right to data portability, as well as the right, at any time, to object to this processing, with certain exceptions.

If no action has been taken 30 days after submission of the application, it will be considered to have been rejected. The candidate may also address or file a complaint with the Data Protection Authority (Rue de la Presse 35, 1000 Brussels – commission@privacycommission.be) to exercise these rights. The President of the Court of First Instance shall hear any application concerning these rights if an application was rejected.

The customer is not the subject of an automated decision, including profiling, within the meaning of Article 22 of the GDPR.

6. Security

The data controller shall take security measures, whether technical, physical or organisational, to ensure the integrity, confidentiality and availability of data relating to the candidate. They are also intended to protect this data from alteration, access by unauthorised persons, and any other unauthorised processing, as well as from unauthorised or accidental destruction or accidental loss.

7. Updating our privacy policy

We reserve the right to unilaterally amend this data protection declaration in accordance with the law on data protection. We recommend that you consult this privacy policy regularly.

If we consider processing your data for purposes other than those initially intended, we undertake to inform the person concerned in advance, in accordance with the applicable legal provisions.