State Archives of Belgium

Our collective memory!

FR | NL | DE | EN
Menu

Protection of personal data

Texte petit  Texte normal  Texte grand

Legal framework

The State Archives manages archives from various origins that are intended for long-term preservation. We process personal data in order to carry out our tasks. The State Archives commits itself to processing personal data concerning you safely and responsibly. These are the kinds of data we receive from you and that allow us to identify you: photo, first name, last name, address, e-mail address, IP address, etc. Furthermore, personal data are also contained in the archives transferred to our services on the basis of our statutory tasks, but these data were not received from the data subjects themselves and their identification is not necessary for our activities.

Personal data is protected by:

With the present statement the State Archives fulfils the obligations arising from:

  • The principle of transparency (art. 5.1.a GDPR)
  • The principle of accountability (art. 5.2 GDPR)
  • The obligation to provide transparent information to data subjects (art. 12-14 GDPR)

Legal basis

The State Archives is the federal scientific institute in charge of archive management. This extensive assignment comprises among others the destruction or acquisition, preservation, intellectual control and valorisation of archives, and scientific research. The State Archives also exercises archive supervision and provides advice about appraisal and preservation of archives created by public authorities. 

The missions of the State Archives are stipulated in the following laws and decrees:  

  • Archives Act of 24 June 1955 (Belgian Official Journal of 12-08-1955) amended by the law of 6 May 2009 (Belgian Official Journal of 19-05-2009)
  • The Royal Decree of 3 December 2009 establishing the missions of the National Archives and State Archives in the Provinces (Belgian Official Journal of 15-12-2009)
  • The Royal Decree of 18 August 2010 about the execution of articles 1, 5 and 6bis of the Archives Law of 24 June 1955 (Belgian Official Journal 23-09-2010)
  • The Royal Decree of 18 August 2010 about the execution of articles 5 and 6 of the Archives Law of 24 June 1955 (Belgian Official Journal of 23-09-2010)
  • The Royal Decree of 23 May 2016 establishing the rules for the integration of CegeSoma into the National Archives and State Archives in the Provinces (Belgian Official Journal of 08-06-2016)
  • The Royal Decree of 16 January 2018 about the transfer of the personnel, the assignments “Archives and Documentation”, and the goods as well as all related rights and duties of the Directorate-General for War Victims of the Federal Public Service Social Security to the National Archives and State Archives in the Provinces (Belgian Official Journal of 29-01-2018)

As a public archives service the State Archives processes personal data mainly “for the performance of a task carried out in the public interest” (art. 6.1.e GDPR) which is laid down by law (art. 6.3 GDPR). We may also process personal data on the basis of contracts (art. 6.1.b GDPR), for example business contracts with private companies, or of legal obligations (art. 6.1.c GDPR), for example as employer within the framework of social laws. We also process personal data (anonymised if possible) for statistical or qualitative purposes, with the aim of improving our services and work processes (art. 6.1.e GDPR). Furthermore, we may request your consent to process your personal data for specific purposes, such as sending you our newsletter (art. 6.1.a GDPR).

Purposes

Personal data are only processed in the particular situation for which they were collected. Further processing is prohibited (principle of “purpose limitation”, art. 5.1.b GDPR). However, further processing “for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes” is explicitly considered as compatible with the initial purposes and is subject to derogations (art. 89.1 GDPR). In any case, the derogations “for archiving purposes in the public interest” apply to the further processing of personal data contained in archives transferred to a public archive service by virtue of legal obligations, such as the Archives Act for example (recital 158 of the GDPR).

Data

Only the necessary minimum of personal data is processed. If possible, we process less personal data or none at all (principle of “data minimisation”, art. 5.1.c GDPR). We keep our databases of personal data up-to-date and delete obsolete data (principle of “accuracy”, art. 5.1.d GDPR). However, the State Archives is not responsible for the application of these principles with regard to personal data contained in transferred archives.

The table below lists the most common situations in which your personal data are processed.

Situation Personal data processed

You make an on-line donation or purchase via our webshop

Name, contact information, bank details

You contact us

Name, contact information

You register as a visitor at the reception desk

Name, affiliation or address, purpose of visit, time of arrival and departure

You register in one of our reading rooms and request access to documents

Name, main place of residence, photograph, place and date of birth, sex, identity card number, contact information, profile information (not mandatory)

You subscribe to our newsletter

E-mail address

You register for our events and activities

Name, contact information

You apply as a volunteer or applicant

Name, contact information, CV, personal interests and family information (not mandatory)

You provide us with paid services or products

Name, contact information, bank details

You rent one of our meeting rooms

Name, contact information

You work together with us on a national or international project

Name, contact information, affiliation and function, bank details (if applicable)

You are an archive creator who transfers archives to our institution or deposits them with us

Name and details of contact person

 

All processing of personal data carried out in our daily work is recorded in a GDPR register containing the following information: purpose of processing, categories of data subjects and of personal data, categories of recipients, retention period, security measures (art. 30 GDPR). All processing activities carried out on archive holdings are recorded in the archives management system (SAM).

Web analytics and cookies

We manage several websites: arch.be, archief-democratie.be, archive-demokratie.be, archives-democratie.be, cegesoma.be, dataverse.arch.be, expocongo.be, goaaal.arch.be, pauvresdenous.arch.be, 14-18-wallonie.be

These websites may use functional cookies to improve your user experience. This enables us to save your preferences regarding:

  • Choice of language (FR / NL / DE / EN)
  • User profile (researcher, genealogist, civil servant, journalist, teacher, notary / land surveyor) 

We may use analytical cookies in order to collect data through Matomo or Google Analytics and establish statistics that we publish in our annual reports and online. In this process, personal data are anonymised (IP address, location) and all collected information is deleted afterwards.

Mainly the following elements are analysed:

  • Number of unique visitors (browser-based)
  • Number of visitor sessions
  • Total number of pages visited

For the development of new websites and features, we may also analyse the following:

  • Device, browser, screen resolution
  • Location (country, region or municipality) and time data (time and duration of visit)
  • Referring website

No personal profiles are created and user data is not shared. You can adjust the settings for accepting and saving cookies in your web browser.

Retention period

The retention period of documents that the State Archives produces in the exercise of its missions are established in the records schedule for our institution. Personal data contained in documents or holdings not mentioned in this schedule are deleted or destroyed once they are no longer needed. Indeed, personal data may not be kept longer than absolutely necessary (principle of “storage limitation”, art. 5.1.e GDPR). The remaining files are destroyed once their administrative or legal retention period has expired, unless they are destined for permanent preservation based on a records schedule. The documents and personal data they contain are conserved “for archiving purposes in the public interest”, for which a derogation is foreseen (art. 89.1 GDPR). The same applies to personal data contained in archives that are transferred by other archive creators to the State Archives for permanent preservation.

Measures and safeguards

The State Archives provides for appropriate technical and organisational measures to ensure the security, integrity and confidentiality of personal data (art. 24 GDPR). We keep a GDPR record of the processing activities we carry out (art. 30 GDPR). Using technical security measures, we protect the data against unauthorised access, unlawful use, loss and unauthorised alteration (art. 32 GDPR). We record and adequately monitor personal data breaches (art. 33-34 GDPR). If necessary, we carry out a risk analysis or a ‘data protection impact assessment’ (art. 35 GDPR). Our in-house data protection officer (DPO) monitors our institution’s compliance with the GDPR and provides support to the personnel in this matter (art. 37-39).
The State Archives also provides appropriate safeguards regarding the processing of personal data “for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes” (art. 89.1-3 GDPR, art. 190-208DPL). Archive holdings containing personal information about living persons are specifically marked and protected in the archives management system (SAM) and are only given access to under particular conditions, such as a personal interest, provided that the data subject has given his or her authorisation, or for scientific research purposes. Researchers must sign and abide by the stipulations of the research declaration. We never publish special categories of personal data (the so-called ‘sensitive data’ - art. 9-10 GDPR) and we only publish nominative personal data if they are publicly available information about historic persons or events, or if we are duly authorised to do so by the data subject.

Recipients and transfers

We only transfer personal data within the framework of legal obligations or for processing undertaken within our assignment. We take appropriate measures to ensure the security of personal data, for example by concluding contracts (art. 28 GDPR).  For transfers of archives to our services there is no obligation to conclude a contract (art. 194 DPL).

Exercise of rights

You can exercise a number of rights with regard to your personal data that we process in the course of our daily work.  For personal data contained in archives transferred to the State Archives, derogations to all of these rights are possible in the Belgian context, provided that archive services  foresee appropriate measures and safeguards as determined by law (art. 89.1 and 89.3 GDPR, art. 190, 192, 194-196, 205-208 DPL).

  • Right of access (art. 15 GDPR): You may request that we verify and inform you whether or not we process your personal data and how, unless your request cannot reasonably be met. For archive services that manage large volumes of personal data collected by other organisations, it is indeed often neither possible nor necessary to know which personal data are contained in the archives. In addition, specific access modalities may apply that restrict the right of access, for example regarding civil status registers.
  • Right to rectification (art. 16 GDPR): If you consider that your personal data are not or no longer accurate or that they are incomplete, you may request a rectification. No modification can be made to transferred archives however. Indeed, for archive services - that need to safeguard the authenticity and integrity of archive holdings - modifications to the information they manage are contrary to their code of ethics and the Universal Declaration on Archives.
  • Right to erasure or “right to be forgotten” (art. 17 GDPR): You may request that we erase your personal data from our records, unless a legal retention period applies or the data is contained in documents that are destined for permanent preservation according to a records schedule. This latter type of documents must indeed be kept in their entirety, thus a derogation is foreseen in the GDPR (art. 17.3 GDPR).
  • Right to restriction of processing (art. 18 GDPR): You may request the restriction of the processing of your personal data if and as long as there is doubt about data accuracy or rightfulness of processing, or if you have filed an objection. Data preservation is allowed. Indeed, the permanent conservation of records for archiving purposes in the public interest cannot be temporarily suspended.
  • Right to data portability (art. 20 GDPR): You may request to receive your personal data in a commonly used machine-readable format, provided that the processing is carried out by automated means and is based on your consent or on a contract. This does not or no longer apply to records transferred to an archive service based on a legal obligation. 
  • Right to object (art. 21 GDPR): You may object to the processing of your personal data carried out for purposes of public interest or for legitimate interests, unless compelling legitimate grounds are demonstrated which override your individual interests, rights and freedoms. This applies to archives kept in the public interest and also in cases where the exercise of this right by a data subject is likely to render impossible all the usual processing we carry out and services we provide, that is to say preserving, digitising, cataloguing and making documents accessible, etc. 

If you wish to exercise your rights, please send a written request by e-mail or letter to our data protection officer. We will treat your request within 30 calendar days. If your request is too complex or our services receive too many requests at the same time, this period may be extended by 60 days. If you consider that the State Archives has not sufficiently treated your request, you may file a complaint with the Data Protection Authority:

Data Protection Authority
Rue de la presse 35
1000 Brussels
contact(at)apd-gba.be

Complaints must be filed through the online complaint form on their website.

Contact

If you wish to exercise your rights as a data subject or if you have further questions about the processing of personal data by the State Archives, you can contact our data protection officer:

Data Protection Officer
National Archives

rue de Ruysbroeck 2-6
1000 Brussels
dpo(at)arch.be

 

Version 01 (February 2020). The present statement may be subject to revisions or amendments.

www.belspo.be www.belgium.be e-Procurement