Privacy Protection Declaration

The FPS Finance processes your personal data pursuant to the provisions of the General Data Protection Regulation¹, – “GDPR” in short,  the law of 30 July 2018 on the protection of natural persons and the law of 3 August 2012 laying down various provisions regarding the processing of personal data carried out by the Federal Public Service Finance within the framework of its missions.

The purpose of this privacy protection declaration is to provide you with the following information:

• Who is the controller?
• Who is the Data Protection Officer - DPO?
• What personal data are processed?
• Why these personal data are processed?
• How these personal data are secured?
• Who are the recipients of these personal data?
• How long these personal data are kept?
• Which are your rights and how can you exercise them? 

The FPS Finance (Boulevard du Roi Albert II 33,1030 Brussels), represented by the Chairman of the Management Committee, is the controller of personal data within the framework of the execution of its legal objectives².

The law of 3 August 2012, laying down various provisions as regards the processing of personal data carried out by the Federal Public Service Finance within the framework of its missions, has set up a Department of Information Security and Privacy Protection within the FPS Finance, which assists the Data Protection Officer - DPO.³

The Data Protection Officer is the head of the Department of Information Security and Privacy Protection and can be reached via the e-mail address dataprotection@minfin.fed.be.

The Data Protection Officer is the person in charge of answering every question as regards the processing of your personal data as well as the exercise of your rights stipulated in the General Data Protection Regulation. They will answer every question whose answer is not mentioned in the present declaration.

The categories of personal data processed by the FPS Finance are as follows:

• Identification data (for instance, name, first name, birth date);
• Authentication data (e.g. use of the national number via ISTME)
• Contact data (for instance, address, phone number);
• Bank data (for instance, bank account number);
• Financial and patrimonial data (for instance, income, immovable property, leases);
• Legal data (for instance, administrative sanctions);

The FPS Finance collects these personal data by means of declarations among others (tax returns, asset disclosure, declarations of estate...)

Your personal data held by the FPS Finance may be processed in the context of a phone conversation with you, for the exercise of its legal missions.

Besides, the FPS Finance also collects some personal data via other controllers. More information about these external data exchanges.

The FPS Finance processes your personal data in order to be able to carry out its legal missions of general interest⁴ or to comply with legal obligations.⁵

You can find the legal missions of the FPS Finance in the Royal Decree of 17 February 2002 creating the FPS Finance.

It concerns more specifically the following objectives:

• Tax assessment, control, collection and recovery (personal income tax, value added tax, registration and estate duties,...)
• Land register
• Record
• Management of the State’s own real estate and movable assets, including the acquisition, the sale and the expropriation;
• Collection, recovery and transfer to the person(s) entitled of the non-fiscal claims of the public authorities and the tax refunds (legal and administrative fines, unpaid invoices issued by public services, personal income tax, value added tax,...) and individuals (maintenance claims).
• Management of contentious matters;
• Follow-up of authorizations and administrative controls in Customs and Excise matters - Administrative police missions;
• Follow-up of security measures in Customs and Excise matters - Public security;
• Generic service in charge of the management of mandates for the citizens and enterprises on the basis of an independent electronic application e-government for the “self-service mandate” creation;
• Management of the persons entitled by the General Administration of the Treasury;

The law also stipulates that the FPS Finance can carry out targeted controls thanks to data from its various internal administrations within the framework of its missions. On the basis of this law, the FPS Finance can collect these data in a data warehouse that allows it to carry out datamining and datamatching⁶, processes, including profiling.⁷

Your personal data will never be processed by the FPS Finance for commercial or promotional purposes or transmitted to third parties who would use these data for such purposes.

The FPS Finance has implemented technical and organisational measures in order to guarantee the security and the confidentiality of your personal data.

Access to your personal data by employees of the FPS Finance is strictly limited to those who are authorised to do so and is restricted to the data necessary for the performance of their tasks.⁸

The categories of recipients or controllers to whom the FPS Finance provides your personal data on the basis of a legal obligation or within the framework of its general interest missions are as follows: 

• The departments of the FPS Finance⁹
• other federal public services; administrations of communities, regions, provinces and municipalities; judicial bodies; police services; public institutions and establishments; legal entities under public or private law.
• The States with whom Belgian authorities have concluded international conventions or agreements as regards administrative cooperation or information exchange; More information about these international tax information exchanges.

On the page on external data exchanges, you will find more detailed information on transfers of personal data by the FPS Finance to other authorities or private bodies.¹⁰

You have the following rights as regards your personal data¹¹ :

• Right to information and right to access to your data
• Right to consult data
• Right to rectification (adapting/adding data)
• Right to restrict the data processing
• Right to transfer your data
• Right to object to the processing

If you wish to change your address, marital status or account number, you will find more information on this page or you can contact the Contact Center via this link.

Restriction of some rights:

The General Data Protection Regulation provides for the possibility for EU Member States to establish legislation limiting the exercise of certain rights. ¹²

This is the case for the right to information, the right of access to, the right of rectification and the right to restrict processing, for which the Belgian legislator has laid down rules applicable to the FPS Finance in the context of the execution of its legal missions.¹³

When the FPS Finance carries out a tax control, for example, the person concerned, who is the subject of the control, will not be able to exercise their right to information during the investigation period.

Your personal data are kept for the duration of the processing necessary to carry out the legal tasks of the FPS Finance.¹⁴

Personal data resulting from controls and investigations carried out by the FPS Finance are not kept longer than necessary for the purposes for which they are processed, with a maximum period of one year after the final termination of the judicial, administrative and extrajudicial procedures and appeals resulting from these investigations¹⁵

The personal data resulting from the processing operations in the data warehouse shall not be kept longer than necessary for the purposes for which they are processed, with a maximum retention period of one year after the expiry of all actions falling within the competence of the controller and, where applicable, the final termination of administrative and judicial proceedings and appeals.¹⁶

You can find more information about your personal data processed by the FPS Finance via this link: www.myminfin.be

Once you are identified via eID or a digital identity, you only have access to your personal data unless you have a mandate to see specific data (for instance, an accountant who submits the tax return of their client). When you notice on MyMinfin that some of your personal data contain errors or are incomplete or if you wish to exercise your rights, you can submit your request or a form for giving you access [Word format (DOC, 37 KB)  ou  pdf format (PDF, 101.21 KB)] dated and signed: 

by sending an e-mail (with an electronic signature if possible) to the following address: dataprotection@minfin.fed.be

or

By sending a letter to:
FPS Finance
Services du Président
Service de sécurité de l'information et de protection de la vie privée
North Galaxy
Boulevard du Roi Albert II 33, PO Box 10
1030 Brussels;

Your request will  be dealt with within a period of 30 calendar days. If the request is complex or if the department must deal with many requests, this period of time will be extended to 60 days.

Without prejudice to any other administrative or legal appeal, any data subject has the right to lodge a complaint with the competent administrative or judicial bodies. You also have the right to lodge a complaint with the Data Protection Authority, if you consider that your rights are not respected or that the processing of your personal data constitutes a breach of the General Data Protection Regulation.¹⁷

To lodge a complaint, you can send a request to: 

Autorité de protection des données/Data Protection Authority
Rue de la Presse, 35
1000 Brussels

E-mail: contact@apd-gba.be 

The present privacy protection declaration may be updated in the light of new regulations. The adapted privacy protection declaration will always comply with the General Data Protection Regulation.

The present privacy protection declaration was updated on 28.11.2024.

¹ Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR)

² Royal Decree of 17 February 2002 creating the FPS Finance and Articles 2 and 3 of the law of 3 August 2012 laying down various provisions regarding the processing of personal data carried out by the Federal Public Service Finance within the framework of its missions, as amended by the law of 5 September 2018 establishing the comité de sécurité de l'information/Information Security Committee and amending various laws regarding the implementation of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

³ Article 8 of the Law of 3 August 2012, as aforementioned and amended by the Law of 5 September 2018, as aforementioned.

⁴ Royal Decree of 17 February 2002 as aforementioned ; and the law of 3 August 2012 as aforementioned and amended by the aforementioned law of 5 September 2018.

⁵ Pursuant to Article 6, 1 GDPR.

⁶ Article 5, §1st, second paragraph, 1°, 2° and 3° of the law of 3 August 2012, as amended by the aforementioned law of 5 September 2018: “data warehouse”: a data system containing a large amount of digital data that can be analysed;
“datamining”: the advanced search for information in large data files.
“datamatching”: the comparison between several sets of data collected;

⁷ Art. 5, § 1st, first paragraph of the law of 3 August 2012 such as amended by the aforementioned law of 5 September 2018 ; art. 4, 4) GDPR: “Profiling” is any form of automatic processing of personal data which involves the use of personal data to assess certain personal aspects relating to an individual, in particular to analyse or predict matters concerning that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

⁸ Access authentication procedure: “Identity and Access Management” ; Article 10 of the aforementioned law of 3 August 2012, as amended by the aforementioned law of 5 September 2018

⁹ Article 4 of the law of 3 August 2012 as aforementioned as well as the Royal Decree of 27 March 2015 implementing Article 4, 1st paragraph of the law of 3 August 2012 laying down various provisions as regards the processing of personal data carried out by the Federal Public Service Finance within the framework of its missions.

¹⁰ Article 20 of the law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data stipulates that :

¹¹ To find out more about your rights, you can visit the website of the Belgian Data Protection Authority https://www.autoriteprotectiondonnees.be/citoyen/vie-privee/quels-sont-mes-droits-   

¹² Article 23 GDPR

¹³ Art. 11, 11/1, 11/2 and 11/3 of the law of 3 August 2012, as amended by the aforementioned law of 5 September 2018, in conjunction with Article 23 GDPR.

¹⁴ Aforementioned Royal Decree of 17 February 2002

¹⁵ Art. 11, § 1st, third paragraph11/1, § 1st, third paragraph, 11/2 § 1st, third paragraph and 11/3, §1st,third paragraph, of the Law of 3 August 2012, as amended by the Law of 5 September 2018, aforementioned, in addition to Article 23 RGPD

¹⁶ Art. 5, § 1st, third paragraph of the law of 3 August 2012 as amended by the law of 5 September 2018, aforementioned

¹⁷ Art. 77 GDPR