Privacy - Data Protection Regulation (GDPR)

Data controller

The Federal Agency for Occupational Risks (hereinafter referred to as Fedris) is charged by the law of 3 July 1967 on compensation for damages resulting from occupational accidents, accidents while travelling to or from work and occupational illnesses in the public sector, the law of 10 April 1971 on occupational accidents, and the coordinated laws of 3 June 1970 on the prevention of occupational illnesses and compensation for damages resulting from these illnesses with actively contributing to the protection and promotion of the health of workers in the workplace, in terms of prevention, proper compensation for work-related damage, professional reintegration and monitoring of the proper application of the law on occupational risks, as well as paying compensation to asbestos victims in accordance with Title IV, Chapter VI, of the programme law (I) of 27 December 2006. 

Fedris, located at Avenue de l'Astronomie 1, 1210 Brussels, company number 0206.734.318, acts as data controller of the data processed within the framework of its missions.

In accordance with the European Data Protection Regulation of 27 April 2016 ("GDPR"), Fedris has appointed a Data Protection Officer. The latter can be reached by e-mail at the following address: privacyatfedris.be or by mail to the following address:

Service Sécurité de l'information
Avenue de l'Astronomie 1
1210 Bruxelles
 

Why are your data processed?

Within this framework, Fedris processes all personal data necessary to implement the following main missions and purposes:

  • To follow up your application and process your file;
  • To determine and pay the social benefits to which you are entitled at the expense of Fedris;
  • To monitor insurance companies and employers in terms of occupational risks;
  • To manage disputes: challenges against decisions made by Fedris, recovery of undue payments, recovery of benefits paid to the liable third party;
  • To inform and support people (proactively or not), in order to enable them to fully exercise their rights and to promote their physical, psychological and social well-being;
  • To manage your contacts with our services, regardless of the channel used;
  • For the proper management and improvement of our services and of the social security and public health system, for the suppression of fraud, through audits, surveys, studies and scientific, statistical and historical research, as well as for the security and protection of data, goods and persons;
  • To comply with our legal obligations, in particular with the Crossroads Bank for Social Security.

What is the legal basis for the processing of your data?

In the context of the management of the compensation and the prevention of occupational risks, the data processed by Fedris are processed on the basis of articles 6.1. a), c), d), e), f), 9.2 b), c), g), h), i) and j), as well as 87 of the European Regulation. In doing so, we rely in particular on the following specific legislation and its implementing decrees:

  • Law of 3 July 1967 on compensation for damages resulting from occupational accidents, accidents while travelling to or from work and occupational illnesses in the public sector 
  • Belgian Law on occupational accidents of 10 April 1971 
  • Coordinated laws of 3 June 1970 on the prevention of occupational illnesses and compensation for damages resulting from these illnesses
  • Law of 15 January 1990 concerning the establishment of a Crossroads Bank for Social Security, the Royal Decree of 4 February 1997 and other implementing decrees;
  • Law of 8 August 1983 organising a National Register of Natural Persons and the Royal Decree of 5 December 1986 on its use in sickness and invalidity insurance;
  • Law of 21 August 2008 on the eHealth platform;
  • Law of 11 April 1995 implementing the Charter of the Socially Insured;
  • Law of 22 August 2002 on patients' rights.
  • Programme law (I) of 27 December 2006

What data do we process?

Depending on the services you use or the information you provide, Fedris may process the following personal data: identification data (name, address, phone number, etc.), financial data, physical data (height, weight, etc.), psychological data (personality, character, etc.), education and training, image recordings (via surveillance cameras in our premises), personal characteristics (age, sex, marital status), lifestyle habits, household composition, organisations relevant to the processing of your application or the payment of your benefits (mutual health funds, trade unions), housing characteristics, profession and employment.

Depending on the services you use or the information you provide, Fedris may also be aware of or process the following specific data:

  • data from the National Register: national register number and identification data (surname, first names, date and place of birth, sex, nationality, principal residence, date and place of death, civil status, household composition, legal cohabitation, type of registration register);
  • data provided from the Crossroads Bank for Social Security;
  • health-related data: physical and mental health, risk situations and behaviours;
  • judicial data: legal actions (seizures);

What are our sources of information?

The data that concern you mainly come from:

  • yourself, your legal representative or any person mandated by you;
  • the care providers (hospitals, doctors, etc.) that you have consulted;
  • the Crossroads Bank for Social Security and any other public administration active in the field of social security;
  • insurance companies active in the field of occupational accidents;
  • external prevention services;
  • judicial institutions and the intermediary mandated by them.

Who processes your data?

All this data is processed by authorised personnel who are bound by bound by law or by contract to professional secrecy. IT and organisational security measures are also taken to guarantee the confidentiality, integrity and availability of your data.

To whom can your data be communicated?

Your personal data may be communicated:

  • to yourself and/or your representatives (including a temporary administrator, lawyer, mediator, medical advisor, etc.) in possession of a mandate or judicially appointed as such, directly or through a healthcare professional;
  • to the social security bodies, in particular: the Belgian National Intermutualist College, the Crossroads Bank for Social Security, the Belgian National Employment Office, the mutual health funds, the Auxiliary Fund for Sickness and Invalidity Insurance, the Control Office of the mutual health funds and the NIHDI, within the framework of their legal missions;
  • to our company auditor, our internal and external auditors, all of whom are bound by an obligation of confidentiality;
  • to our lawyers and the judicial system in the event of a dispute;
  • to any institution to give you an advantage if you have a privileged status;
  • to bpost for sending our mail;
  • to a duly authorised third party (law, contract, consent);
  • to your creditors within the framework of the enforcement procedure.

Who are our subcontractors?

Fedris mainly uses the following subcontractors: 

  • SMALS, Avenue Fonsny 20,1060 Saint-Gilles, our IT supplier;
  • BNP FORTIS PARISBAS and bPost, our payment institutions;
  • Fedris' collaborating doctors.

To a lesser extent, Fedris also uses other subcontractors to carry out its legal obligations and missions of public policy.

Are your data transferred to countries outside the EEA?

Your data may be transferred abroad if it is:

  • necessary to protect your vital interests;
  • necessary for the execution of an international agreement to which Belgium is a party;
  • necessary for the conclusion or execution of a contract concluded or to be concluded with a third party, in your interest.
  • Or if you have given your unambiguous consent, or at your request.

How long are your data kept?

Your identification data are kept from the moment your file is opened within our institution until its closure, such as when you or your beneficiaries are no longer granted pensions or reimbursements, or at your death.

In general, your data are kept for 7 to 30 years depending on the applicable legislation, directives and circulars that we receive, the starting point of this period may differ from one legislation to another.

As an exception, and in accordance with medical ethics, your medical data collected by Fedris’s doctors are always kept for 30 years after your death.

What are your rights?

In accordance with the legislation, you have the right to obtain confirmation that your data are processed by Fedris and the right to access them. To do so, you can send a written, dated and signed request to our Data Protection Officer, enclosing a copy of both sides of your identity card (for contact details, please refer to the data controller section).

Insofar as your rights do not conflict with the legal obligations to which Fedris is subject, you are also entitled, for the data that concern you: 

  • to the rectification of any incorrect or incomplete data;
  • to the deletion of any data;
  • to object to the processing of data;
  • to the right to be forgotten (right to erasure);
  • to limit the processing of your data;
  • not to be subject to an automated decision, including profiling (see below).

In case of disagreement, you can always contact the Supervisory Authority, located at rue de la Presse 35, 1000 Brussels or via the website https://www.dataprotectionauthority.be

Can you withdraw your consent?

Considering the legal basis for the processing is your consent, you have the right to withdraw said consent at any time and without justification.

Fedris is nevertheless legally obliged to manage personal data in the context of the execution of its legal missions.

Are you subject to automated decisions, including profiling?

You are subject to an automated decision in the following case: calculation of the basic salary to determine the amount of the replacement income granted.