Privacy Statement
In this Privacy Statement, the following terms have the meanings ascribed to them below:
- ‘NGI’ or ‘we’: the National Geographic Institute, with registered office at Avenue de Cortenbergh 115, 1000 Brussels, which is the provider of this website, and of services and products. The NGI is also responsible for the processing of the personal data as described in this Privacy Statement;
- ‘User’ or ‘you’: any natural person, legal entity or government agency using this website or the services and/or products offered;
- ‘Personal data’: data referring to you as a natural person and which you share with the NGI or which we obtain through your use of this website or of the services and/or products offered;
- ‘Processing’: any operation or set of operations that is performed on personal data, such as the collection, structuring, storage, consultation, updating, use, combination, deletion or destruction of personal data, whether or not by automated means;
- ‘Cookies’: small text files stored on your computer or mobile device by this website the moment you visit it.
The NGI cares about your privacy. By issuing this Privacy Statement, we wish to inform you – when using this website, including the services and/or products offered – about:
- the personal data about you that we process;
- the purposes of processing and the legal grounds for processing your personal data;
- your rights and the way you can exercise them as a user;
- the measures taken to protect your personal data.
Your personal data are managed in accordance with applicable legislation (as provided by Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the Act of 8 December 1992 on the protection of privacy in relation to the processing of personal data). The NGI applies this handling method to both automated and manual data processing.
You should read this Privacy Statement carefully and accept its contents before using this website and transmitting personal data to the NGI.
This Privacy Statement may undergo changes from time to time. The NGI reserves the right to modify this Privacy Statement at any time, provided that you have been informed thereof via this website.
Are you a minor (under 16 years of age)?
If you are under 16 years of age, we encourage you, before providing personal data to the NGI when visiting this website and/or our offices, to:
- read this Privacy Statement carefully together with your parents or legal representative;
- ask your parents’ or legal representative’s consent to perform the activities you intend to carry out (online).
We ask your parents and legal representatives to:
- be involved in the (online) activities;
- explicitly give their consent to provide personal data to the NGI;
- explicitly give their consent to purchase the services and/or products offered.
Personal data about you that are processed by the NGI
While using our website or purchasing services and/or products, you may possibly provide us with certain data. These may take the form of personal data.
Depending on the services and features that you use on this website and/or in our offices, we may process the following categories of personal data, including:
- Your contact details and other important information:
- Surname and first name;
- Address details;
- Telephone number;
- Email address;
- IP address and cookies;
- Company identification number (CBE number), if applicable;
- Company details, such as the number of employees and annual turnover, if you reuse CartoWeb for commercial reasons;
- Identity card number;
- Means of transport;
- Images captured by the security camera on the NGI site;
- Other data you share with the NGI.
We do not intend to:
- process other and/or special and/or sensitive personal data;
- apply automated decision-making, including profiling.
The purposes of processing and the legal basis on which the NGI processes your personal data:
Within the scope of performing our legal powers in the public interest, the NGI only processes personal data to achieve one or more of the following purposes (depending on the services and features you use on this website and/or at our offices).
- Your contact details and other data you share with the NGI are processed for the purpose of:
- customer administration management; providing an answer to your question(s); processing your order; the ability to deliver our services and/or products; the performance of a contract to which you are a party, as the case may be; sending invoices for services and/or products purchased;
- providing you with the opportunity to use and/or purchase our services and/or products;
- handling your query or complaint;
- communicating with you (by email, post or telephone);
- informing you of changes to our website, about the promotion and renewal of our services and/or products; sending out our newsletter; selecting a winner during competitions in which you took part;
- improving our website and the services provided;
- observing the statutory and regulatory obligations that apply to us;
- performing our tasks in the public interest, such as those entrusted to us by the Act of 8 June 1976 establishing the NGI.
- The images captured by the security camera on the NGI’s site are processed for the purpose of:
- preventing, identifying and detecting crimes against persons or goods;
- preventing, identifying and detecting nuisance in the meaning of Article 135 of the new Municipal Act; monitoring compliance with the municipal regulations or maintaining public order.
- On entering the building, we ask visitors to identify themselves with eID, during which some of the data referred to above will be used. To that end, we invoke the legitimate interest for the following purposes:
- safeguarding security (including information security) and fire safety
- managing the administration and proper functioning of our organisation, including correctly identifying the person in order to confirm the validity of the appointment;
- creating a visitor’s badge to gain access to the building;
- To collect statistical data on mobility for the city of Brussels, we will ask you which means of transport you chose to travel to our building. Such data will be anonymised and the legal basis for their collection is that of scientific research;
Your rights and the way in which you can exercise them as a user
Rights
In accordance with Article 7.3 and Articles 12 to 22 inclusive of the aforementioned Regulation (EU) 2016/679 and after submitting a written request as indicated below, you have the right:
- to withdraw your permission for the processing of data at any time. Withdrawing your permission does not affect the lawfulness of the processing carried out with your consent before you withdrew that consent;
- to be given access to your personal data or receive a copy of them;
- to have any incorrect personal data corrected or incomplete personal data completed by sending us a correction and/or completion of your personal data together with your request;
- to have your personal data deleted[1];
- to have the processing of your personal data restricted[2];
- to exercise your right of data portability, such that your personal data are forwarded to you or to an organisation assigned by you[3];
- to object to the processing of your personal data for the purposes such as direct marketing, by providing us with the grounds relating to your particular situation together with your request [4];
Manner of exercise
To exercise the rights described above, we ask that you submit a written request to the NGI in the form of a dated and signed letter sent to the above-mentioned address for the attention of the Information Security Committee, or that you send an email to privacy@ngi.be.
To ensure that the request is actually being submitted by the correct person, you are kindly requested to attach a copy of your ID card to your request. On that copy, you need to black out your photo, date and place of birth, gender, nationality, card number, signature and national registry number. You must do this to protect your privacy.
After receiving your request, we will respond as soon as possible, but in all cases within one month. Depending on the complexity of the request, that period may be extended by two months. You will be informed of any such extension.
Exercising your rights stated above is free of charge. Nevertheless, we reserve the right to charge reasonable compensation for the administrative costs that may be involved in providing the requested information or taking the measures requested.
In addition to the rights referred to above and in accordance with Articles 77 to 82 inclusive of the Regulation (EU) 2016/679, you also have the right to:
- lodge a complaint with the Supervisory Authority (the Data Protection Authority (DPA)) regarding a breach of personal data. This can be done by letter or email, as provided in the following link: https://www.dataprotectionauthority.be/citizen/actions/lodge-a-complaint;
- initiate an effective judicial remedy before the competent national court against the Supervisory Authority (the Data Protection Authority (DPA)) for failure to act on your complaint or to inform you of the progress or the outcome of your complaint;
- initiate an effective judicial remedy before the competent national court against the NGI for personal data breach.
Measures to protect your personal data
Measures used by the NGI
The NGI takes adequate technical and organisational measures to protect your personal data and ensure a level of security appropriate to the risk.
The measures taken in that regard include the following:
- cooperating with a Data Protection Officer appointed by the NGI, who, in case of queries or issues, can be contacted by email at DPO@ngi.be;
- granting access to certain personal data obtained from you only to specific individuals who require those personal data in order to carry out their task within the NGI. Subjecting those persons to confidentiality agreements;
- keeping records of processing activities;
- testing, evaluating and adjusting the effectiveness of our security measures on a regular basis;
- enforcing warranties with regard to the application of adequate technical and organisational security measures from any subcontractors who process personal data on behalf of the NGI;
- performing a data protection impact assessment before processing personal data using new technology that presents a high risk to the rights and liberties of the data subject(s);
- reporting any breach of personal data and any other important information to the supervisory authority and, as the case may be, to the data subject(s) if the breach of personal data involved presents a high risk to the rights and liberties of the data subject(s);
- cooperating with supervisory authorities as requested and consulting supervisory authorities in the fulfilment of our tasks.
Measures that the NGI expects of you
Although the NGI makes every possible effort to protect your personal data, effective protection is only possible if you too take the necessary measures.
For this reason, we ask that you:
- provide the NGI with complete and accurate information;
- take the necessary care to maintain the confidentiality of your personal data and any user data (such as user name and password). After all, these are strictly personal and non-transferable.
Additional information
Category of recipients
The NGI processes the personal data obtained from you within its own organisation or within the organisation of the processor(s) assigned by the NGI. This means that the personal data are processed by NGI staff or by members of staff of the subcontractor(s) appointed by the NGI, who will process the data exclusively for the purpose of carrying out their duties within or for the NGI and for the purpose of dealing with your query, delivering the products ordered by you, providing the services requested by you and optimising our service provision.
The NGI staff, the assigned processor(s) and the members of staff of the processor(s) assigned by the NGI are bound by confidentiality agreements. In addition, the assigned processor(s) must observe the applying rules and regulations and ensure that suitable, technical and organisational measures are used.
We do not intend to transmit the personal data to any third party or any international organisation. However, the NGI reserves the right to transmit personal data to a third party if that is required in order to fulfil a statutory or regulatory obligation, or within the scope of a police investigation or judicial inquiry, or in order to carry out our tasks in the public interest as described in the Act of 8 June 1976 establishing the NGI.
Should the NGI intend to transmit certain personal data to a third party, it will not do so before informing you accordingly.
Retention period
The NGI does not store your personal data longer than is strictly necessary for the realisation of the indicated purposes.
In accordance with the Public Records Act, the NGI applies the following retention periods for the categories of personal data indicated:
- Contact details and other important information used in order to process your purchase or for performing a contract to which you are a party: 15 years, following which the files will be transferred to the State Archives;
- Contact details and other important information used while handling your complaint: 10 years, following which the files will be transferred to the State Archives;
- Images captured by the security camera on the NGI’s site: one month, after which the data will be destroyed;
- The contact details that we collect when you register with eID (name, first name and ID number) are kept for one day;
- The mode of transport you chose will be retained for two years for statistical research purposes.
Use of cookies
Cookies are used to optimise the functionality of and the user experience on this website.
The cookies are not transmitted to third parties.
Overview of the cookies that we use:
This website uses several types of cookies:
-
- Essential cookies
Essential cookies are cookies that are required to enable a website to function (or function better), for instance, to manage the loading time of the webpage.
-
- Functional cookies
Functional cookies record information about the user’s choices and preferences and make it possible to store language settings, for instance.
-
- Analytical or performance cookies
These cookies collect information about the user’s behaviour to measure the performance of the website and improve the user experience.
-
- Targeting or advertising cookies
These cookies follow the user’s browsing behaviour in order to compile customer profiles or user profiles.
These profiles are commonly used to show relevant and personalised ads that match the user’s interests.
They are also used to measure the effectiveness of promotions and to conduct market analyses.
Specific overview:
Below is an overview of the different categories of cookies in use on the NGI website:
| Application | Name of the cookie | Purpose of the cookie | Type of cookie | Retention period |
| Google Universal Analytics | _ga | Keeping statistics on how you and other visitors use our website. This information is anonymised | Analytical | 2 years |
| _gid | Keeping statistics on how you and other visitors use our website. This information is anonymised | Analytical | 24 hours | |
| _gat | Used by Google Analytics to slow down the request rate. | Analytical | 1 minute | |
| www.ngi.be | JSESSIONID | Session management | Functional & Essential | End of session |
| LANG | Manages the user’s language | Essential | 1 month | |
| sc_simpleCart_1 | Manages the user’s shopping basket in the web shop | Essential | 1 month | |
| Sc_simpleCart_chunks | Manages the user’s shopping basket in the web shop | Essential | 1 month | |
| www.ngi.be/gdoc | JSESSIONID | Session management | Essential | End of session |
| https://ac.ngi.be (NGI Download Portal) |
JSESSIONID | Session management | Essential | End of session |
| ac_basketData | Items that have been added to the basket; this list is essential for finalising orders | Essential | No longer than is strictly necessary for realising the purposes indicated. | |
| ac_filters | Filters applied to a result list | Functional | No longer than is strictly necessary for realising the purposes indicated. | |
| ac_device_settings_touch_screen | Setting for touch screens (e.g. customers with touch-screen PCs can change to mouse mode) | Functional | No longer than is strictly necessary for realising the purposes indicated. | |
| ac_openData | The list of available ‘open access codes’. With this type of access code, the customer gets access to a specific ‘open data set’ and as a result no longer has to accept the terms of use each time they visit the website. | Functional | No longer than is strictly necessary for realising the purposes indicated.
If necessary, the codes are replaced automatically upon expiry. |
|
| ac.ngi.be_profile_nt_customDataSets_ac_* | When a customer downloads files, this is where all the downloads from that specific page are temporarily stored (if the customer refreshes the page, any files already downloaded will remain visible) | Functional | End of session | |
| http://www.ngi.be/topomapviewer | JSESSIONID | Session management | Essential | End of session |
| mouseProjection | Info about the projection system used for the coordinates tool | Functional | Until the user clears the cache | |
| language | Active language of the interface | Functional | Until the user clears the cache | |
| routehistory | A list of the routes that the user last opened and/or modified | Functional | Until the user clears the cache | |
| routedata-[timestamp] | All data needed to display and manage a route on the map (line, POIs, title, description); this is also used to reload an old route when the user reopens the page | Functional | Until the user clears the cache | |
| cookiePolicyAccepted | Added when the user clicks on the OK button of the privacy alert | Functional | Until the user clears the cache |
Cookie management
You can disable cookies in your browser settings at any time. Below, you can find instructions about how to do this in:
Please bear in mind that if you disable cookies, certain graphics may fail to appear and the website may not work properly.
Questions and/or comments
Should you have any questions or comments after reading this Privacy Statement, please do not hesitate to email the NGI at: privacy@ngi.be.
[1]If any of the following applies: 1) you withdraw your consent; or 2) you object to the processing; or 3) the processing is unlawful; or 4) the personal data are no longer needed for the purpose for which they were processed; or 5) a statutory/regulatory obligation requires their deletion. In so far as the processing is not needed in order to comply with a legal/regulatory obligation, for fulfilling our task in the public interest, for bringing or enforcing a legal claim, or for the purpose of retention in the public interest.
[2] If any of the following applies: 1) you contest the accuracy of the personal data, or 2) you object to the processing of the data, or 3) the processing of the data is unlawful and you oppose the erasure of the personal data and request restriction of its use instead or 4) the NGI no longer needs the personal data for data processing purposes, but you need the personal data in order to establish, exercise or substantiate a legal claim.
[3] If technically feasible and if the data processing relies on your consent or on a contract to which you are a party and the processing is performed by automated methods. In so far as we do not need to process the data in order to perform our task in the public interest.
[4] In so far as the NGI does not demonstrate compelling legitimate grounds for the processing which override your interests or which relate to the establishment, exercising or substantiation of a legal claim and processing is not needed in order to carry out our task in the public interest.