Privacy
Online Privacy Declaration
1. Scope of this Privacy
Declaration
This Declaration applies to Alfapass N.V., with its
registered office at Brouwersvliet 33 bus 8, 2000 Antwerp, Belgium
(hereinafter: Alfapass). Alfapass may be contacted by telephone at +32 3 303 28
28 or by email at info@alfapass.be.
This Declaration applies to the processing of personal
data carried out by Alfapass in the context of its activities, including, but
not limited to:
–
The
issuance and management of Alfapass Smartcards;
–
The
online portal https://online.alfapass.be for ordering and managing Alfapass Smartcards;
–
The
online portal https://online.prean.be for creating and managing visitor preannouncements;
–
The
website https://www.alfapass.be and all associated services relating to identification
and authentication of individuals;
–
The
website https://www.prean.be and all associated services relating to the preannouncements
of visitors;
–
The
mobile applications MyAlfapass and MyPrean
–
All
forms of communication and service provision between Alfapass, its users,
customers, terminals, partners, visitors, and other parties involved.
Wherever this Declaration refers to “Alfapass,” this shall
also include the product “Prean,” as this is a service that is fully developed
and managed by Alfapass N.V.
In most cases, Alfapass acts as a processor of
personal data on behalf of its customers (such as terminals and companies
making use of Alfapass and/or Prean services). Alfapass acts as a controller
only for specific processing activities, such as visitor registration at
Alfapass’ offices.
2. Introduction and purpose of this Privacy
Declaration
Alfapass considers the protection of personal data to
be of great importance and is committed to the careful and transparent handling
of the data of users of its products and services, including holders of an
Alfapass account and individuals who make use of the Prean platform (hereinafter
referred to as “Users”).
Through this Privacy Declaration, Alfapass aims to
explain in a clear, transparent and accurate manner how it collects and
processes the personal data of Users, regardless of whether such data are
obtained directly or via a third party. This Privacy Declaration also explains
the purposes for which Alfapass processes Users’ personal data, the categories
of personal data that are processed, the rights Users have in relation to their
personal data, and how Users may exercise those rights.
Alfapass kindly requests that you carefully review
this Privacy Declaration in order to be adequately informed about your rights
and the manner in which you may exercise them.
3. Alfapass and its activities
Alfapass is an organisation responsible for the
development, production and issuance of identification instruments, including
the Alfapass Smartcard, which is specifically used in the context of ports and
other actors in the logistics sector. For this purpose, Alfapass maintains a
central database under its management containing data relating to Users.
Terminals and other organisations that make use of Alfapass’ services remain
fully responsible for access control to their sites or systems. Alfapass
processes the personal data involved solely on behalf of and in accordance with
the instructions of these organisations, which act as data controllers. The
exchange of personal data between Alfapass and these parties is carried out in
a secure manner and in compliance with applicable privacy legislation, thereby
ensuring that the confidentiality and integrity of the data are safeguarded at
all times.
4. What personal
data are collected and processed by Alfapass?
Depending on the relationship with Alfapass and the
specific service used, Alfapass may collect and process different categories of
personal data. Such processing is always carried out in accordance with
applicable data protection legislation and solely for the purposes for which
the data were provided. Alfapass manages its information security management
system in accordance with the ISO 27001 standard.
In concrete terms, the following processing activities
may, inter alia, take place:
–
When
visiting the websites
(www.alfapass.be and www.prean.be): the visitor’s IP address is temporarily recognized
and processed, and used in a non-individual manner for the purpose of analysing
and optimising the websites. In addition, cookies are used on these websites.
More information in this regard can be found in the separate cookie statement,
available on the website.
–
When
contacting Alfapass:
When a person contacts Alfapass directly (by telephone, email, or other
communication channels, etc.), the contact details provided (such as telephone
number, email address, etc.) and any identification details (such as name,
Alfapass or Prean account number, etc.) are processed for the purpose of
handling the request or notification.
–
When
applying for an Alfapass or Prean account: identification and contact details of the applicant’s
representative (such as last name, first name, position, email address,
telephone number and organisation) may be collected and processed.
–
When
using an Alfapass or Prean account: personal data of Users may be processed, including last
name, first name, date of birth, address, telephone number, nationality,
national register number, identity card or passport number, employer, personnel
number, Alfapass account number, colour photograph, biometric template,
subgroups, timestamps, location, and any other data necessary for
identification and authentication within the port and logistics environment.
Alfapass processes these personal data solely for the
purpose of providing its services and in accordance with the agreements
concluded with terminals and organisations that make use of its products. In
this context, Alfapass acts as a data processor, while the relevant terminal or
organisation acts as the data controller.
For certain processing activities, such as the
processing of personal data of visitors who register at Alfapass’ offices,
Alfapass acts as a data controller. For security reasons, Alfapass is required
to register the identity details of all visitors to its buildings. Visitors
register via the digital visitor registration module of Prean. During this
registration, limited identification data are processed, such as last name,
first name, organisation, contact details, time of arrival and departure, and
the person being visited. Such processing is carried out solely for the
purposes of visitor management, access control and the security of Alfapass’
buildings.
5. Why does Alfapass collect and process personal data?
Alfapass collects and processes the personal data of
Users and other individuals referred to above for the following purposes:
–
To
correctly respond to enquiries and communications from individuals who contact
Alfapass. For this purpose, Alfapass relies on its legitimate interest in
processing personal data.
–
To
improve the performance and operation of Alfapass’ services, processes and
applications. For this purpose, Alfapass relies on its legitimate interest in
processing personal data.
–
To
provide and perform the services offered by Alfapass, as agreed in one or more
agreement(s). For this purpose, Alfapass processes personal data in the
performance of the relevant agreement(s).
–
To
register and manage visitors to Alfapass’ offices via the digital visitor
registration module of Prean. This processing is carried out for the purposes
of access control and security, and is based on Alfapass’ legitimate interest
in ensuring the security of its buildings and employees.
–
To
comply with instructions from the police and/or judicial authorities when these
require Alfapass to process data. Such
processing is carried out in order to comply with a legal obligation.
6. With whom does
Alfapass share personal data?
6.1 Internally –
Alfapass
Alfapass takes the necessary technical and
organizational measures to ensure that access to personal data, including that
of Users, within the organization is strictly limited to those employees who effectively
require such access in the context of their job function.
All employees are granted access solely on a
“need-to-know” basis.
6.2 Externally –
third parties
Alfapass only discloses personal data to carefully
selected third parties, and exclusively where this is necessary for the
performance of its services or in order to comply with legal or regulatory obligations.
This may include, inter alia, the following categories of recipients:
·
Terminals
and/or organisations that make use of Alfapass’ services and to whom personal
data are securely transferred for the purpose of facilitating access control. These
parties act as data controllers for the personal data they process in this
context;
·
Organisations
and/or individuals to whom Alfapass has outsourced certain services and/or
functions, such as suppliers of IT systems, software, IT support services,
secure destruction of confidential documents, etc.,…
·
Organisations
and/or individuals who form an integral part of Alfapass’ operational
activities, including external consultants and contractors;
·
Technology
service providers, such as Google (in the context of cookies);
·
Competent
authorities, such as the police, judicial authorities or supervisory
authorities, where Alfapass is legally required to disclose personal data;
·
Service
providers responsible for security, building management and reception services,
in the context of visitor management at Alfapass’ offices, solely for the
purposes of access control and security.
7. How long does
Alfapass retain personal data?
As a general principle, Alfapass does not retain the
personal data it collects and processes for longer than is necessary to achieve
the purposes for which the data is collected. Furthermore, Alfapass will delete
or anonymize personal data without undue delay at the request of the data
subjects, insofar as this is legally and contractually possible.
The personal data of Users relating to the services
provided by Alfapass, and more specifically their Alfapass account, will be
retained for the entire period during which the Alfapass account remains active,
with a standard validity period of three (3) years. Following the cancellation
or expiry of the validity period, this data will be retained for a maximum period
of two (2) years for administrative and security purposes (such as audit activities
and dispute management).
Personal data processed in the context of Prean,
including pre-registrations, may be retained in the system logs for audit
purposes for a period up to five (5) years, in accordance with the applicable
contractual terms and conditions.
Upon expiry of the applicable retention periods, the
personal data are permanently deleted.
8. Rights relating to personal data
8.1 Rights of data subjects
Users and other data subjects have the right at all
times to know which personal data Alfapass processes about them and to exercise
the rights granted to them under applicable data protection legislation,
including the following:
The right to submit a request to Alfapass for access
to their personal data:
Alfapass will confirm whether or not personal data relating
to the data subject are being processed. If personal data are being processed,
the relevant User may request access to and a copy of such personal data. Where
multiple copies are requested, Alfapass may charge a reasonable fee based on
administrative costs.
The right to submit a request to Alfapass for
rectification of their personal data:
If the personal data processed by Alfapass are
inaccurate or incomplete, Users may request that such data be corrected or completed.
At the request of the Users, Alfapass may inform them of the third parties to
whom the inaccurate and/or incomplete data have previously been disclosed.
To right to submit a request to Alfapass for
restriction of the processing of their personal data:
Users may request Alfapass, in certain circumstances, to
restrict the processing of some or all of their personal data. At the request
of the Users, Alfapass may inform them of the third parties to whom the
personal data have previously been disclosed.
The right to submit a request to Alfapass for the
erasure of their personal data:
Users may request Alfapass to erase their personal
data. This right is limited to situations in which such personal data are no
longer necessary for Alfapass to perform its services. At the request of the Users,
Alfapass may inform them of the third parties to whom the personal data have
previously been disclosed.
The right to submit a request to Alfapass to object to
the processing of their personal data:
Users have the right to object to the processing of
their personal data by Alfapass where such processing is based on Alfapass’
legitimate interest, provided that the Users demonstrate that their interests
or fundamental rights and freedoms override Alfapass’ legitimate interest, or
where the personal data are processed for direct marketing purposes.
The right to submit a request to Alfapass for the
portability of their personal data:
Depending on the circumstances, Users may request
Alfapass to transfer personal data that the Users have provided to Alfapass to
a third party of the Users’ choosing, or to make such data available for use
elsewhere. The transferred personal data will be provided by Alfapass in a
structured, commonly used and machine-readable format.
The right to submit a request to Alfapass to withdraw
consent for the processing of their personal data:
In situations where the processing of personal data by
Alfapass is based on the data subject’s consent, Users may withdraw this
consent at any time. Once Users have withdrawn their consent, Alfapass will no
longer process the relevant personal data.
In situations where the processing of personal data by
Alfapass is based on the data subject’s consent, Users may withdraw such
consent at any time. Following the withdrawal of
consent, Alfapass will no longer process the personal data concerned, without
prejudice to the lawfulness of processing carried out prior to such withdrawal.
8.2 How to
exercise your rights
Questions or requests regarding the processing of your
personal data may be addressed to our Data Protection Officer, accompanied by a
justification for your request, by email to prisec@alfapass.be, or by post to
Alfapass N.V., Data Protection Officer, Brouwersvliet 33 box 8, 2000 Antwerp,
Belgium.
Your request will be handled within four (4) weeks,
unless this period cannot reasonably be met due to additional complexities, or
where compliance would conflict with the rights and freedoms of other
individuals or where the disclosure of the information is prohibited by law. In
such cases, you will in any event receive a reasoned response within four (4)
weeks.
The handling of requests from data subjects may be
subject to certain procedural requirements. Alfapass can only process requests
directly in relation to processing activities for which Alfapass acts as a data
controller. For processing activities related to an Alfapass account or card,
Alfapass acts as a data processor. Accordingly, Alfapass encourages Users to
address such requests to their employer, who acts as the data controller.
In accordance with data protection legislation,
Alfapass will first verify any direct request with the relevant data controller
before processing the User’s request. In all cases, Alfapass must be able to
verify the identity of the requesting individual before complying with any
request.
8.3 Unsubscribing
from the newsletter
Users may unsubscribe from the newsletter by disabling
the newsletter subscription option in their profile at
https://online.alfapass.be under “My settings”.
Alfapass undertakes to limit the content of such
communications to information that is related to and relevant for users of an
Alfapass account or card. Accordingly, information or messages that Alfapass
considers strictly necessary for the use or management of the Alfapass account
or card will continue to be sent for as long as the User maintains an active
account.
8.4 Submitting a
complaint
If you believe that Alfapass is processing your
personal data unlawfully or is otherwise failing to comply with applicable data
protection laws and regulations, you have the right to submit a complaint with
the Belgian Data Protection Authority.
Before taking these steps, you may also contact
Alfapass directly. Alfapass can be contacted by telephone at +32 3 303 28 28 or
by email at info@alfapass.be. Security or privacy incidents should preferably be
reported via prisec@alfapass.be.
If you are not satisfied with the response and/or the solution
provided by Alfapass, you may submit a complaint to the Belgian Data Protection
Authority.
GBA – Drukpersstraat 35, 1000
Brussels, Belgium
https://www.dataprotectionauthority.be/citizen
9. Security of
personal data
Alfapass makes significant efforts to prevent misuse,
loss, unauthorised access and other unlawful or undesirable processing of
Users’ personal data. To this end, Alfapass implements appropriate technical
and organisational measures to ensure that its processing activities comply
with the requirements of applicable national and European legislation. By doing
so, Alfapass also safeguards the rights of Users.
Alfapass ensures that these measures are regularly
reviewed, evaluated and, where necessary, updated.
10. Transfer of
data outside the EEA
Alfapass does not transfer personal data to
individuals or organisations where such transfer would result in the personal
data leaving the European Economic Area (“EEA”). All IT infrastructure used by
Alfapass is located within the EEA.
Alfapass endeavours to limit any transfer of personal
data to third parties outside the EEA to the greatest extent possible.
Where such a transfer would nevertheless take place,
Alfapass ensures that it is carried out in full compliance with the GDPR,
including, where applicable, on the basis of an adequacy decision for the
country concerned or the implementation of appropriate safeguards, and, where
required, supplementary measures.
11. Changes to
this Privacy Declaration
Alfapass may amend this Privacy Declaration from time
to time, in accordance with the limitations imposed by applicable privacy and
data protection legislation. Any updates or amendments shall take effect
immediately upon publication. Alfapass therefore encourages you to review this
Privacy Declaration periodically when you visit our website or make use of our
services.
For any questions regarding personal data or their
processing, you may contact our Data Protection Officer, whose primary
responsibility is to ensure the protection of your rights. You can reach the
Data Protection Officer at the following email address: prisec@alfapass.be.
Version: 15/01/2026