Privacy notice – visiting a SAC department
Privacy notice – visiting a SAC department
This notice is intended to inform you about how your personal data is collected, processed and used when you visit a Sexual Assault Centre (SAC) department. Your data will be processed only as necessary to carry out the tasks assigned to the Sexual Assault Centres and the Institute for the equality of women and men (the Institute).
The data controller and processors
The data controller
The processing of your personal data by the Sexual Assault Centres is done under the responsibility of the Institute, which provides the necessary guidelines to the Sexual Assault Centres for this purpose.
The Institute is a public service (parastatal B) with legal personality and was established pursuant to the Law of 16 December 2002 establishing the Institute for the equality of women and men (BS 31-12-2002). The registered office of the Institute is Place Victor Horta 40, B-1060 Brussels.
- is committed to ensuring and promoting gender equality and combating all forms of discrimination and inequality based on gender or sex.
- was commissioned by the Federal Government to coordinate, monitor and evaluate the Sexual Assault Centres nationwide.
- was designated by the Belgian State as the co-ordinating body within the meaning of Article 10 of the Istanbul Convention and its task is to collect statistical data on cases of forms of violence falling within the scope of the Convention, as well as to support research into all of these forms of violence.
The Institute takes all necessary measures to ensure that your rights are respected when processing personal data. In doing so, it may use processors within the meaning of Article 28 of the General Data Protection Regulation (GDPR). A processor agreement is entered into with all processors. For example, the Institute uses the following processors, among others:
- The hospital where an SAC unit is present. The hospital staff working in the SAC department processes personal data of the victims who physically present themselves at the Sexual Assault Centre and potentially of the perpetrators of sexual violence or of members of the victims' support circle.
- Healthdata, which is responsible for transferring the data from the hospital to Healthdata, pseudonymising the data and storing the data in a secure database.
- The National Institute of Crime and Criminalistics, which is responsible for analysing the pseudonymised data and processing them into anonymous reports.
Data processing by the Institute
Data processing is carried out in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data (Belgian Privacy Act).
Basis for data processing
The Institute's processing operations are based on:
- the performance of a task carried out in the public interest (Art. 6.1(e) and Art. 9.2(i) GDPR)
- the performance of the obligation with regard to the Institute contained in Article 10 of the Istanbul Convention ratified by Belgium (Art. 6.1(c), Art. 9.2(j) and Art. 89 GDPR).
Purposes of data processing
Belgium established the Sexual Assault Centres within the framework of ratification of the Istanbul Convention (implementation of Article 25). To ensure the best possible care of victims of sexual violence, the operation of the Sexual Assault Centres should be evaluated periodically and closely monitored. In addition, it is also important to monitor effectiveness of the implementation of the Sexual Assault Centres (e.g. investigation into the prosecution of SAC cases, as well as whether the target audience or more vulnerable groups are able to find and use the Sexual Assault Centre).
The Istanbul Convention further mandates that research is conducted into all forms of violence (Article 11). Data from the SAC department enables the quality of academic research into sexual violence to be improved, statistical data on sexual violence to be collected (in addition to the police statistics in force today) and sexual violence in Belgium to be epidemiologically monitored. Thus, prevention and care policies based on evidence-based research in Belgium can be optimised.
The purposes of processing can be summarised as follows:
- To conduct academic or statistical studies on the phenomenon of sexual violence with a view to developing new policy initiatives in the fight against sexual violence;
- To monitor and evaluate the operation of the Sexual Assault Centres.
|monitoring, evaluation and academic research into the operation of the SAC||the performance of a task carried out in the public interest: Art. 6.1(e) GDPR; processing for reasons of public interest in the area of public health: Art. 9.2(i)|
|academic research and/or dissemination of statistical data relating to sexual violence||the performance of a task carried out in the public interest: Art. 6.1(e) GDPR; processing for reasons of public interest in the area of public health: Art. 9.2(i)|
The transfer of these data from the hospital with an SAC department to the Institute, and their retention, is done via e-health and Healthdata, through the healthdata.be collection software HD4DP 2.0.
Healthdata receives the data via:
- Direct input into the Healthdata application;
- Csv upload from the electronic patient record;
- System2System through the electronic patient record.
Transfers take place according to two streams:
- Stream 1, which includes medical data with a technical identification number (technical ID). The data are transferred via SFTP to the data repository healthdata.be (DWH HD). Since this file does not include data to be pseudonymised, the file is sent directly from the data providers to the DWH HD via SFTP or any other transfer method.
- Stream 2, with the patient's social security identification number (NISS) and the same technical identification number. Data are transferred via eHealth (for pseudonymisation of patient identification data by coding eHBox) to the data repository healthdata.be (DWH HD). The technical ID is encrypted by the sender while the NISS is pseudonymised by eHealth as TTP.
Within Healthdata, the data are made available in pseudonymised form to the Institute and its processor(s).
Data processing in Healthdata
Your data will be processed, after pseudonymisation, by the Institute and its processor(s) for the following purposes:
- monitoring and evaluating the operation of the SAC;
- academic research into the operation of the SAC;
- academic research and/or dissemination of statistical data relating to sexual violence.
The results of processing obtained in the context of monitoring and evaluation of the SAC, or academic research on the operation of the Sexual Assault Centres or on sexual violence are always published anonymously.
Retention of data
Your data will be kept in pseudonymised form for 30 years. After this time limit expires, the data will be completely anonymised. Retention is based on the hospital's minimal retention of your data in the electronic patient record, as well as the ability to identify epidemiological shifts regarding sexual assault reports in the Sexual Assault Centres (with the opportunity to detect repeat victimisation over a longer time frame).
Access to and use of data
Only the employees associated with the SAC department of the hospital, the Institute or the processor(s) designated by the Institute, under the control of the Institute, have access to data.
The Institute shall take the necessary measures to ensure that the data cannot or must not be processed for purposes other than those stated above.
Your data, in addition to the processors used by the Institute, will not be disclosed to other third parties, except with your consent, nor will they be transferred to countries outside the European Union.
Data processing by the hospital with a SAC department
If you present yourself in a SAC department, your personal data will be processed by the hospital for the purpose of providing healthcare and social services, including forensic services, assistance in filing a report with the police (if desired) and providing police and judicial support.
The processed data listed in the table below are kept in the electronic patient record of the SAC department. In accordance with the Belgian Quality Healthcare Practice Act of 22 April 2019, patient record data will be kept for a minimum of 30 years and a maximum of 50 years. You can request access to these records through the hospital.
Each hospital with an SAC department records these data, to the extent they have the necessary information, in a uniform manner. The Institute issues guidelines for this.
|General personal data|
|Police data recorded by the SAC department:||
|Special categories of personal data|
|Data related to sexuality and gender experience:||
|Data related to sexual violence:||
|Data concerning perpetrator of sexual violence:||
You have the right to inspect or correct (or complete) your personal data (inspection and copy) if you believe the data is incomplete or inaccurate. This is free of charge.
You have the right to invoke a restriction on processing ("pause" processing) or to object to processing. In some situations, the right to restricted processing does not apply, or the objection to processing may be bypassed because of legitimate grounds which outweigh the interests, rights and freedoms of the data subject or which are related to the establishment, exercising or support of a legal claim.
Since the project collects pseudonymised data, it is impossible for the Institute to identify which data belongs to which person. In order to link the data to the requester, our organisation would have to obtain additional data from the requester. In that case, it may be easier to request access to records directly from the hospital where the SAC department is located.
However, you can always submit a request to the Institute, along with proof of your identity to firstname.lastname@example.org.
Data protection officer
The Institute has designated a data protection officer (DPO). The DPO can be reached at the email address: email@example.com if 'DPO Question' is included in the subject line.
If you disagree with the way the Institute treats your data, you can contact the Data Protection Authority (email – firstname.lastname@example.org, Tel. – +32 (0)2 274 48 00, Post – Rue de la Presse 35, B-1000 Brussels).
The Institute for the equality of women and men makes great efforts to ensure that the information made available is complete, correct, accurate and up to date. Despite these efforts, inaccuracies may occur in the information made available.
Should the information provided on or via the website contain inaccuracies or should certain information on or via the website be unavailable, the Institute will make the utmost effort to rectify this as soon as possible.
The Institute also makes great efforts to minimise interruptions due to technical errors. However, the Institute cannot guarantee that the website would be completely free of interruption or would not be affected by other technical problems.
Furthermore, the Institute cannot be held liable for any direct or indirect losses arising from the use of the website or the information made available on or through the website.
Should you find inaccuracies in the information made available on or via the website, please contact the site administrator.
The website may contain links to other websites of authorities, agencies and organisations over which the Institute exercises some technical or content control. Therefore, the Institute cannot provide any guarantee as to the completeness or accuracy of the content or the availability of these websites.
The Institute for the equality of women and men accepts no liability for any direct or indirect losses resulting from consulting or using the websites or the information made available on the websites to which you are referred on or via the site.