Privacy statement CM
CM respects your privacy in accordance with applicable legislation.
The Christian Mutuality (hereinafter: CM) respects your privacy in accordance with applicable legislation, regardless of whether you are a member or not, a healthcare provider, interested in working at CM or a visitor to the website www.cm.be. CM strives to inform you in a transparent and clear manner about:
- What is processing of personal data? Some definitions.
- As controller, for what purposes does CM process your personal data?
- Which personal data does CM process about you and how?
- What are your rights regarding your personal data and how can you exercise them?
- And how can you contact us?
- What is a processing of personal data? Some clarifying terms.
- Who is responsible for processing your data?
- For what purposes does CM process your personal data (general)?
- For what purposes does CM process your personal data in the context of compulsory health insurance and social security?
- What are the legal provisions for the processing of your data in the context of compulsory insurance and social security?
- How long do we keep your data in the context of mandatory insurance?
- For what purposes does CM process your personal data in the context of the supplementary insurance: Services and Benefits
- What are the legal provisions for the processing of your data in the context of the supplementary insurance?
- How long do we keep your data in the context of supplementary insurance?
- For what purposes does CM process your personal data in the context of optional insurance?
- For what purposes does CM process your personal data in the context of promotion, direct marketing and membership recruitment?
- For what purposes does CM process your personal data in the context of profiling?
- For what purposes does CM exchange your personal data with other entities or third parties subject to your permission?
- For what purposes does CM process your personal data in the context of chat and telephone conversations?
- For what purposes does CM process your personal data in the context of camera surveillance?
- For what purposes does CM process your personal data in the context of the recruitment of new employees?
- For what purposes does CM process your personal data using artificial intelligence?
- For what purposes does CM process your personal data in the context of your disability file or professional reintegration file?
- Which personal data does CM process about you?
- From whom or from what source does CM receive data about you?
- Which employees process your personal data?
- Processing personal data based on automated decision-making
- To whom does CM pass on your personal data?
- In which cases can CM also process your data?
- Transfer of data outside the European Economic Area (EEA)
- How is your data secured?
- What are your rights with regard to personal data?
- How can you exercise your rights?
- How can you contact us or file a complaint?
What is a processing of personal data? Some clarifying concepts
- Personal data
Any information about an identified or identifiable natural person ("data subject") (for example not a company); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person;
- Processing
An operation or set of operations performed on personal data or on sets of personal data, whether or not carried out by automated means, such as collecting, recording, organizing, structuring, storing, updating or modifying, retrieving, consulting, using, providing by means to transmit, disseminate or otherwise make available, align or combine, restrict, erase or destroy data;
- Controller
A natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
- Processor
A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Who is responsible for processing your data?
Your personal data is processed:
- by the National Association of Christian Mutualities, Haachtsesteenweg 579, box 40, 1031 Schaarbeek, Belgium with company number 0411.702.543;
- by the Christian Mutuality Flanders, Haachtsesteenweg 579, box 40, 1031 Schaarbeek, Belgium, with company number 0874.853.490;
- by the Mutualité Chrétienne, Haachtsesteenweg 579, box 40, 1031 Schaarbeek, Belgium, with company number 0411.784.794;
- by the Regional Mutual Assistance Societies (RMOB) Brussels, Haachtsesteenweg 579, box 40, 1031 Schaarbeek, Belgium, with company number 0713.670.669;
- or by the Regional Mutual Assistance Societies (RMOB) Wallonia, Rue de Fernelmont 42, 5020 Champion-Namur, Belgium, with company number 0713.671.758.
Members who join CM become members of their chosen health insurance fund, or on the French-speaking side of the Regional Mutual Assistance Societies, as well as of the National Association of Christian Mutualities.
For what purposes does CM process your personal data (general)?
Processing your personal data is necessary to:
- to identify you, contact you and advise you correctly;
- for the management of your file;
- for good social security.
As a health insurance fund, CM has the following main tasks:
- carrying out the compulsory insurance for medical care and benefits (law of 14 July 1994);
- the financial intervention for their members in the costs of the prevention and treatment of illness and disability or the granting of benefits in the event of incapacity for work or when a condition occurs that promotes physical, psychological or social well-being (this is the supplementary insurance, the CM services and benefits);
- providing help, information, guidance and assistance with a view to promoting physical, psychological or social well-being, including in fulfilling the above-mentioned tasks (Article 3. Act of 6-8-1990 regarding health insurance funds and national associations of health insurance funds).
For what purposes does CM process your personal data in the context of compulsory insurance and social security?
In the context of the mandatory insurance for medical care and benefits, CM processes all necessary personal data to properly carry out the following main tasks and objectives:
- For the insurability of members: management of your rights to reimbursement of healthcare (maximum bill, increased reimbursement), as a beneficiary or dependent;
For the intervention in healthcare costs in Belgium and abroad, as a member or healthcare provider: management of all preventive or healthcare services and supplies, whether or not reimbursable, provided by recognized healthcare providers and care institutions in Belgium or abroad and communicated to CM; - For authorizations by the consulting physician for certain healthcare or supplies and for functional rehabilitation;
- For the management of benefits files: disability, pregnancy, evaluation, payments, socio-professional reintegration process;
- For the management of disputes: challenges to the decisions of CM and/or the RIZIV, recoveries of undue payments, recoveries of health costs and benefits caused by a liable third party;
- For the information and guidance, proactively or otherwise, of people, if necessary through the Social Work Department, to allow them to fully exercise their rights and to promote their physical, psychological or social well-being;
- To manage your contacts with our services through any channel used: face to face, letter, telephone, SMS, e-mail, chat, website, etc.;
- For the proper management and improvement of our services, the social security system and public health and the fight against fraud, through audits, surveys, studies, scientific, statistical or historical research and through security and protection measures for individuals , goods and data;
- To comply with our legal obligations, including as an insurance institution towards the Inspection Service of the Health Insurance Funds, the RIZIV and the Crossroads Bank for Social Security.
What are the legal provisions for the processing of your data in the context of compulsory insurance and social security?
For the management of the mandatory insurance, CM processes the data on the basis of the following articles in the General Data Protection Regulation:
- Article 6.1 c: to comply with a legal obligation incumbent on CM;
- Article 6.1 e: task of general interest;
- Article 6.1 f: legitimate interests (safety, protection);
- Article 6.1 d and article 9.2 c: vital interests of the data subject;
- Article 9.2 b: social security and social protection law;
- Article 9.2 f: the processing is necessary for the establishment, exercise or defense of legal claims;
- Article 9.2 g: reasons of important public interest based on Belgian law;
- Article 9.2 h: assessment of work capacity, health or social care, health care management or social protection services;
- Article 9.2 i: for reasons of general interest in the field of public health;
- Article 9.2 j and article 89: archiving, scientific or historical research or statistics;
- Article 87: national identification number/national register number.
CM bases itself on, among other things, the following specific laws and implementation decisions:
- Act of 8 August 1983 regulating a National Register of Natural Persons, and Royal Decree of 5 December 1986 on its use in health and disability insurance;
- Act of 15 January 1990 on the establishment of the Crossroads Bank for Social Security, Royal Decree of 4 February 1997 and others;
- Act of 6 August 1990 on health insurance funds and national associations of health insurance funds regarding compulsory insurance and supplementary insurance;
- Act on compulsory insurance for medical care and benefits, coordinated on July 14, 1994, Royal Decree of July 3, 1996 and others;
- Act of 11 April 1995 introducing the Charter of the Socially Insured;
- Act of 22 August 2002 on patient rights;
- Act of 13 December 2006 containing various provisions regarding health;
- Act of 21 August 2008 on the eHealth platform;
- Decree of 9 February 2018 regarding local social policy;
- Decree of 18 May 2018 on Flemish social protection;
- Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data;
- Decree of 8 November 2018 on insurance institutions and amending the Walloon Code of Social Action and Health;
- Decision of the Flemish Government of 30 November 2018 regarding local social policy;
- Ordinance of 21 December 2018 regarding the Brussels insurance institutions in the field of healthcare and assistance to persons.
How long do we keep your data in the context of mandatory insurance?
CM will store and use your personal data to the extent necessary for compliance with legal obligations and within the context of our activities. CM is bound by legal retention periods for storing certain personal data. If the law does not prescribe a period, the personal data may be retained for a period that CM itself considers necessary for the efficient implementation of the mandatory insurance.
For what purposes does CM process your personal data in the context of the supplementary insurance: Services and Benefits?
CM offers an extensive package of services and benefits in addition to your mandatory health insurance. Here too, CM must be able to collect and process certain personal data:
- to assess whether your file is in order to enjoy the services and benefits;
- to organize these services and benefits for you, if necessary with the help of CM processors ;
- to inform and guide you, proactively or otherwise, to fully exercise your rights and to promote your physical, psychological or social well-being;
- to manage your contacts with our services through any channel used: face to face, telephone, SMS, e-mail, chat, website, letter, etc.;
- for the good management and improvement of our services, the social security system and public health and for the fight against fraud, through audits, surveys, studies, scientific, statistical or historical research and through security and protection measures for individuals , goods and data;
- for compliance with our legal obligations, including as an insurance institution vis-à-vis the Health Insurance Fund Control Service.
What are the legal provisions for the processing of your data in the context of the supplementary insurance?
For the management of the supplementary insurance, CM processes the data on the basis of the following articles in the General Data Protection Regulation:
- Article 6.1c: to comply with a legal obligation incumbent on CM;
- Article 6.1 e: task of general interest;
- Article 6.1 f: legitimate interests (safety, protection);
- Article 6.1 d and article 9.2 c: vital interests of the data subject;
- Article 9.2 b: social security and social protection law;
- Article 9.2.f: the processing is necessary for the establishment, exercise or defense of legal claims;
- Article 9.2 g: reasons of important public interest based on Belgian law;
- Article 9.2 h: for the purposes of preventive or occupational medicine, for the assessment of the employee's fitness for work, medical diagnoses, the provision of health care or social services or treatments or the management of health care systems and services or social systems and services;
- Article 9.2 i: for reasons of general interest in the field of public health;
- Article 9.2 j and article 89: archiving, scientific or historical research;
- Article 87: national identification number/national register number;
CM relies, among other things, on the following specific laws and their implementation decrees:
- Act of 8 August 1983 regulating a National Register of Natural Persons, and Royal Decree of 5 December 1986 on its use in health and disability insurance;
- Act of 15 January 1990 on the establishment of the Crossroads Bank for Social Security, Royal Decree of 4 February 1997 and others;
- Act of 6 August 1990 on health insurance funds and national associations of health insurance funds regarding compulsory insurance and supplementary insurance;
- Act on compulsory insurance for medical care and benefits, coordinated on July 14, 1994, Royal Decree of July 3, 1996 and others;
- Act of 11 April 1995 introducing the Charter of the Socially Insured;
- Act of 22 August 2002 on patient rights;
- Act of 13 December 2006 containing various provisions regarding health;
- Act of 21 August 2008 on the eHealth platform;
- Act of 26 April 2010 containing various provisions regarding the organization of supplementary health insurance;
- Decree of 18 May 2018 on Flemish social protection;
- Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data;
- Decree of 8 November 2018 on insurance institutions and amending the Walloon Code of Social Action and Health;
- Ordinance of 21 December 2018 regarding the Brussels insurance institutions in the field of healthcare and assistance to persons.
How long do we keep your data in the context of supplementary insurance?
CM will store and use your personal data to the extent necessary for compliance with legal obligations and within the context of our activities. In certain cases CM is bound by legal retention periods for storing certain personal data. Doesn't the law prescribe a term? The personal data can then be kept for a period that CM deems necessary for the efficient implementation of the supplementary insurance.
For what purposes does CM process your personal data in the context of optional insurance?
- CM-MediKo Plan, CM-Hospitaalplan, CM-Hospitaalfix and Fix Extra
If you are a CM member, you can take out optional CM insurance upon payment of a premium: CM-MediKo Plan, CM-Hospitaalplan, CM-Hospitaalfix and Fix Extra. These insurances are organized by the Mutual Assistance Company (MOB)–Insurance CM-Vlaanderen with registered office at Haachtsesteenweg 579, box 40, 1031 Schaarbeek, Belgium. The latter is therefore the controller of the personal data for these optional insurance policies. The Christian Mutuality Flanders, as an insurance agent, processes these personal data on the instructions of the MOB Insurance CM-Vlaanderen. Here is the link to the CM insurance privacy statement . - MC Assure
If you are a CM member, you can take out optional CM insurance upon payment of a premium: Hospi + 100, Hospi + 200, Dento +. These insurances are organized by the 'mutual assistance insurance company MC Assure' with registered office at Haachtsesteenweg 579, box 40, 1031 Schaarbeek, Belgium. The latter is therefore the controller of the personal data for these optional insurance policies. Mutualité Chrétienne, as an insurance agent, processes these personal data on the instructions of MC Assure. Here is the link to MC Assure's privacy statement .
For what purposes does CM process your personal data in the context of promotion, direct marketing and membership recruitment?
CM collects and processes your personal data on the basis of your consent that you have given directly to CM or to a third party (address file brokers, etc.): in connection with a competition, a trade fair, in the context of an App, registration for a newsletter, activity, etc.
Retention period
- CM processes your data for these purposes for a maximum of 3 years for non-members, from receipt of “opt-in” and for ex-members from the date of change.
- If you are registered for the newsletters (for example CM-Zine and/or CM-Information and/or MC-news), these 'opt-ins' will be kept for longer than three years after mutation. You have given your consent to receive these newsletters. You can of course always unsubscribe so that you no longer receive these newsletters.
For what purposes does CM process your personal data in the context of profiling?
CM can process your personal data to create a profile of you. CM can derive useful information from this to improve the relationship with you.
For what purposes does CM exchange your personal data with other entities or third parties subject to your permission?
To the extent that you have given your permission for this, CM exchanges data, for example, with the MOB Insurance CM-Vlaanderen, MC-Assure or universities. This is to ensure that your file is processed more smoothly or for other purposes for which you have given your consent (participation in surveys, etc.).
For what purposes does CM process your personal data in the context of chat and telephone conversations?
In some cases, CM can listen to, record and analyze the information through its telephone or chat conversations. This is to improve our services or in the context of providing evidence in the event of a dispute. You will always be informed about this in advance.
Retention period
- Telephone: three months for training and coaching of employees and improvement of services. Eighteen months in the context of complaints.
- Chat: three months for training and coaching of employees and improvement of services. Twenty-four months in the context of complaints.
For what purposes does CM process your personal data in the context of camera surveillance?
CM can use cameras in and around the offices and buildings where it operates.
Retention period
- Image recordings from surveillance cameras in and around CM buildings (indicated by a sticker) are kept for a maximum of one month. This period can be extended if it turns out that the images can be useful and have some evidentiary value for, for example, a crime.
For what purposes does CM process your personal data in the context of the recruitment of new employees?
There is a separate privacy policy for this.
For what purposes does CM process your personal data using artificial intelligence?
CM uses artificial intelligence to optimize its services and processes. CM uses this for example for:
- data analysis (e.g. chat),
- script recognition (certificates, quotations),
- processing member changes.
For what purposes does CM process your personal data in the context of your disability file or professional reintegration file?
For the management of your disability file or vocational reintegration file, the data from your medical file is processed by the consulting physician responsible for your file. If necessary, this data will be shared with the employee(s) of the advising doctor or with other advising doctors of the health insurance fund. These persons (consulting physicians and employees) are also subject to professional secrecy. This delegation of authority to the employees takes place on the basis of Art. 153 § 4 of the Act of 14 July 1994 on compulsory insurance for medical care and benefits.
Which personal data does CM process about you?
Depending on the data you provide and in function of the various objectives as a national association and health insurance fund, CM processes the following categories depending on the type of people involved:
- Ordinary personal data:
- Identification data: name, first name, address, telephone number, e-mail address, etc.
- Electronic identification data: IP addresses, cookies, connection times, etc.
- Personal characteristics: age, gender, date of birth, place of birth, marital status, nationality.
- Family composition.
- Financial details: account number, payments, etc.
- Physical data: size, weight…
- Psychic data: personality, character…
- Lifestyle: tobacco, alcohol consumption, travelling, etc.
- Leisure activities and interests.
- Memberships.
- Consumption habits.
- Home features.
- Education and training.
- Profession and employment.
- Image recordings: camera surveillance, photos, videos.
- Sound recording: call centers.
- Special personal data:
- Data from the National Register and the National Register number of CM members: surname, first name, official principal residence, date and place of birth, date and place of death, gender, marital status, nationality, family composition;
- Social data: data from the Crossroads Bank for Social Security or data that are necessary for the implementation of social security. History of contribution vouchers employee, unemployed, pension, affiliation, insurability, RIZIV number of healthcare providers, etc.;
- Personal data relating to health is data that provides information about a person's health status. Medical reports and diagnoses, hospital data, degree of need for care, reimbursement of healthcare services, disability, pregnancy, medicines, genetic data, etc.;
- In the context of disputes, CM will also process criminal and administrative convictions and offences: recoveries of healthcare and benefits caused by a liable third party, fraud;
- In the context of scientific research, CM can indirectly derive sensitive data from the data it processes, such as race, ethnic origin, political opinions, religious or philosophical beliefs, sexual behavior or sexual orientation;
From whom or from what source does CM receive data about you?
This mainly concerns data that comes from:
- from yourself, your legal representative, or someone who has received a mandate or your approval for this;
- from the healthcare providers (hospitals, doctors, nurses, etc.) that you have consulted, including via the third-party payment scheme;
- of the Crossroads Bank for Social Security, of social security institutions and of government services (Federal Public Service Finance, etc.);
- from RIZIV, VAZG, COCOM, AVIQ, MDG, ONE, COCOF ...;
- from data suppliers (purchase prospect data);
- of the core actors in the integrated broad welcome (CAW, OCMW).
Which employees process your personal data?
Your personal data is processed carefully and confidentially by the authorized employees to perform their tasks in the context of the described activities. The employees are bound by professional secrecy and must comply with the duty of discretion. This is imposed legally (Crossroads Bank Act, National Register Act, art. 458 Criminal Code, Labor Code, ) and deontologically. In addition, CM requires its employees to sign a confidentiality agreement.
Processing personal data based on automated decision-making
Certain data processing is done in a fully automated manner without the intervention of an employee. This is done on the basis of the criteria as provided for in the context of the mandatory and supplementary insurance. For example: pricing of reimbursements, person entitled to increased compensation, maximum invoice, etc.
To whom does CM pass on your personal data?
Your personal data may be passed on to:
- You, your legal representative (administrator, mediator, etc.), your representative (professional counselor, lawyer, etc.) or someone who has received a mandate or your agreement for this, directly or through the intervention of the healthcare professional of your choice;
- An authorized third party (person, institution, government) solely on the basis of a law, contract, existing authorization from the Information Security Committee, formerly Sectoral Committee (Social Security, and Health, National Register);
- Your healthcare providers (hospitals, doctors, nurses, etc.), at your request or in the context of our legal assignments (insurability, global medical file, third-party payment scheme, etc.) via secure channels (eHealth platform, MyCarenet, Refac, etc.);
- MOB Insurance CM-Vlaanderen (or, if necessary, SMA MC Assure) for your optional insurance, subject to your permission or authorization from the Sectoral Committee of Social Security and Health and from the National Register;
- CM-Care Fund for Flemish Social Protection;
- Social security institutions through the National Intermutualist College (NIC) and the Crossroads Bank for Social Security:
- National Social Security Office (NSSO);
- National Social Insurance Agency for the Self-Employed (RSVZ);
- National Employment Office (RVA);
- National Institute for Health and Disability Insurance (RIZIV);
- National Office for Annual Vacation (RJV);
- National Pension Service;
- FEDRIS (Federal Agency for Occupational Risks);
The National Intermutualistic College works as a filter so that third parties do not know which health insurance fund you are affiliated with. For more information about the operation of the Crossroads Bank for Social Security : what does the CBSS do and how does it do it?
- The RIZIV and the Inspection Service of the Health Insurance Funds in the context of their statutory audit tasks;
- To the agencies designated by the federation for specific tasks, for example to the Flemish Agency for Care and Health, AVIQ, etc.
- Our auditors who are bound by a duty of confidentiality;
- Opposing parties, their lawyers, bailiffs, experts and the Justice Department in the event of disputes;
- All institutions to grant you a benefit based on a privileged status (increased compensation, etc.);
- Your creditors and their bailiffs in the context of an enforcement procedure (seizure, transfer, etc.);
- An heir or notary in the event of death if the personal data are necessary for the settlement and distribution of the estate and insofar as the conditions for this transfer are met;
- Joint controllers. At your request, the essential content of mutual agreements can be made available to you;
- Our processors;
CM mainly uses the following processors:- MUTAS in case of urgent care and assistance abroad;
- The Intermutualist Agency (IMA): statistics for the management of social security and public health;
- Some CM entities including non-profit organizations insofar as they organize or carry out CM services and benefits for you: Kazou, Intersoc, Samana, Okra, Goed, Wiegwijs, CM recovery accommodations, Ocarina, Altéo, Enéo, Qualias ...
- Doccle as a digital platform mainly for document storage. With your permission (Doccle account and activation CM link), you can also consult your documents and use the Doccle functionalities;
- ICT processors;
- Mailing companies;
- Our lawyers and bailiffs, experts;
- Carefully selected suppliers who must process your personal data in the context and execution of the assignment assigned to them.
In which cases can CM also process your data?
- Visit CM website
- When completing a form on the website, the data communicated will be processed depending on the context-specific purposes for which it was requested (for example, a request for information, registration for an activity, information about volunteer work, etc.).
You can log in to My CM (or some other CM applications) with your eID via CSAM or Itsme, in which case personal data (national register number) is also processed to identify you, authenticate you and to retrieve your data from our systems . Your eID may also be requested and read (with your permission) during a visit to one of our offices. - What CM processes and the user does not see (for example your IP address, browser type, operating system of your computer and the number of visits and pages visited). More information about this can be found in the Cookie Policy .
- When completing a form on the website, the data communicated will be processed depending on the context-specific purposes for which it was requested (for example, a request for information, registration for an activity, information about volunteer work, etc.).
- You want to work for CM
See separate privacy statement . - You are a healthcare provider
In that case, CM only processes personal data relating to your activities as a healthcare provider and this in the context of the objectives described above. We are particularly authorized to publish your name and address that we receive from the RIZIV to inform our members about your convention. If you wish to correct this data: www.cm.be/zorgproviders .
Transfer of data outside the European Economic Area (EEA)
Your data can be sent outside the EEA (=European Union, Norway, Lichtenstein and Iceland) if:
- is determined in the compulsory insurance (reason of general interest art 49 1.d);
- is necessary for the implementation of measures that must be taken before concluding the contract and at your request;
- is necessary for your vital interests;
- it is in your interest to conclude a contract with a third party or to execute a contract concluded or yet to be concluded with a third party;
- a processing agreement has been provided in which the required contractual clauses have been included;
- is expressly with your permission.
How is your data secured?
- We take appropriate measures to ensure the security, integrity and availability of your data, taking into account the state of the art, the scope and context of the processing purposes and the type of personal data.
- CM takes appropriate physical, administrative, organizational and technical security measures to protect your personal data against loss, unauthorized access, unauthorized use and unauthorized disclosure.
- CM contractually imposes the same security measures on its processors.
What are your rights with regard to personal data?
The data subject has certain rights with regard to his personal data insofar as these do not conflict with the legal obligations to which CM is subject or the public interest tasks entrusted to CM.
- Right of access
As a data subject, you have the right to inspect the data relating to you that is processed by CM. If you request this, a copy of your personal data can be delivered. You can request a copy of your personal data as long as this does not infringe the rights and freedoms of others. - Right to rectification or amendment of your data
You can request at any time to correct incorrect data or to complete your data. To adjust your data regarding your marital status, please contact the population department of your municipality in the first place. However, CM cannot change the data of the National Register, which is the authentic source of social security. Please remember to inform us as soon as possible of any change in your situation. - Withdraw your consent
If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time without providing a reason. Withdrawing your consent does not change the validity of the processing that took place before that withdrawal. - Automated individual decision-making (profiling)
You have the right not to be subject solely to automated decision-making, including profiling. After all, some data processing is completely automated without the intervention of the employee. If you do not agree with the course of a fully automated process, you can contact CM. This way you can still request intervention from a CM employee or let them know why you dispute this. - Right to object
Do you disagree with the way CM processes certain data? Then you can resist it.- Without reason, in case of opposition to treatment for direct marketing and prospecting purposes;
- If your data is processed in the context of a task of general interest, you must justify your specific situation. CM may still process this data if there are compelling legitimate grounds for that processing that override your interests or the exercise of a legal claim;
- If your data is processed for scientific or historical research purposes or for statistical purposes, you can object on grounds relating to your particular situation. Unless the processing is necessary to fulfill a task carried out in the public interest.
- Right to erasure (right to be forgotten)
You have the right to delete your personal data if it appears that CM is processing this data unlawfully:- If the data is no longer necessary for the purposes of the treatment;
- If you have withdrawn your consent and there is no other legal basis for this treatment;
- If your objection to the processing is well-founded;
- If the treatment is illegal;
- If erasure is required by law;
- If the data relates to a child under the age of 16 and is collected through an application or website ("Information Society Service").
- Right to restriction of processing
You can limit the use of your personal data:- Until the time to check the accuracy of the data you dispute;
- If you oppose the illegal deletion of data processed by CM;
- If you object to the deletion of data that CM no longer needs, but which is necessary to establish, exercise or defend a right in court;
- Until the time to check whether CM's legitimate reasons override yours in case you oppose the treatment of this data by relying on your specific situation.
CM will then have to limit the processing of such personal data to their storage. Any other processing is permitted with your consent, or for the establishment, exercise or defense of a right in legal proceedings or to protect a third party, or for important reasons of public interest. If this is the case, CM will notify you before this restrictive treatment is lifted.
- Right to data portability
You have the right to have the personal data you have provided to CM transferred to you or directly to a third party. This is possible insofar as it is not limited by privacy legislation or other legal rules. This right can only be exercised if your data has been processed exclusively on the basis of your consent or a contract and if this processing is done using automated processes. This therefore does not concern compulsory insurance or supplementary insurance. In the event of a change, CM will forward the legally required information to the new insurer.
How can you exercise your rights?
If you wish to exercise any of the above privacy rights, you can always contact us.
Always be as specific as possible if you want to exercise your rights. Only in this way can CM handle your question specifically and correctly. To ensure that the data subject wishes to exercise his own privacy rights, CM may request a copy of the identity card for identification purposes.
Right of access
Would you like to receive an overview of your personal data that we have? You can exercise your right of access (art. 15 GDPR-2016/679) and request an overview by completing the request form .
How can you contact us or file a complaint?
- General
You can always contact us with a question, comment or request to exercise your rights:- Via the online contact form or application form for your right of access ;
- Via the 'My CM' module for the rectification of member data;
- By letter to the National Association of Christian Mutualities, Haachtsesteenweg 579, 1031 Schaarbeek, Belgium;
- By calling the service center of your health insurance fund ;
- By making an appointment with your health insurance fund;
- By visiting your CM consultant .
- Data Protection Officer
If you feel that the above channels cannot help you, you can also contact our “Data Protection Officer”. This can be either:- In writing: by sending a letter to the attention of the data protection officer to Landsbond der Christian Mutualheden, Haachtsesteenweg 579, 1031 Schaarbeek, Belgium.
- By email: to [email protected]
- Data Protection Authority
You can contact us directly or you can contact the Data Protection Authority.
Contact details: www.gegevensbeschermingsautoriteit.be/contact , Data Protection Authority Drukpersstraat 35, 1000 Brussels.