At the Institute of Tropical Medicine, we therefore make every effort to comply with privacy legislations, such as the General Data Protection Regulation (GDPR), and take the necessary security measures. ITM also describes in its data protection policy how it implements the GDPR and Belgian Data Protection Act.
With this privacy statement, we want to inform you about how we handle your personal data and which rights you can exercise yourself. This privacy statement describes the general processing of personal data.
Date of last update: 1 January 2023
What does ITM process your personal data for?
ITM only processes personal data about you when there is a legitimate purpose for doing so, such as:
In the context of a service requested by you (e.g. making an appointment and creating a medical record in the case of a medical consultation, creating a student record if you attend a course, inclusion in a file for newsletters, etc.).
A legal obligation to process or share data (e.g. in the context of public health reporting, public authorities, tax certificates, etc.).
When you give us explicit consent for a particular processing (e.g. to participate in a clinical scientific study).
When there is a balanced public or legitimate interest.
ITM has installed security cameras in various areas of the campuses and outpatient clinic to enhance security. These cameras capture images where it is possible that you as a visitor, student or patient may be filmed. ITM collects this data based on its legitimate interest to provide for the security of everyone on ITM premises. These recordings are kept for 30 days and are not passed on, except to court or police forces in the context of an investigation or court case (assault, burglary, etc.).
When you visit the ITM website, certain data will be stored. This mainly involves browsing behaviour and the setting of cookies.
Using the Wi-Fi network
ITM provides free Wi-Fi internet connection for its visitors. When using the Wi-Fi network, the following data is collected: IP address and browsing behaviour. This data is not linked to your identity.
This data is collected to prevent possible misuse of the network. Should illegal activities take place from our Wi-Fi network, we may block access to the device you use to use our network. In principle, this data is not shared with others, unless the network is being used illegally. In that case, the data may be passed on to the judicial authorities and, if necessary, our professional advisers.
Registration of visitors
Persons visiting ITM for a short period of time are registered as visitors in an electronic system. This allows ITM to know which and how many persons are present in the ITM buildings at any time, which may be important in case of emergencies such as a fire outbreak, an attack or the like. The data processed for this purpose are your name and, if applicable, the company or organisation you work for. For this, ITM relies on the legal basis of legitimate interest.
Possible personal data that ITM processes from its donors are: Identification data such as name and first name, , financial data such as account number and amount of donation, and contact data such as home address, telephone number and e-mail address.
These personal data are processed in order to issue tax certificates if necessary and to promote the legitimate interests of the ITM by creating and optimising a relational bond.
Donors' personal data are not passed on to third parties (with the exception of government bodies for legal or tax reasons).
Public disclosure on the homepage and/or via institutional media channels of a donor's personal data (e.g. for promotional purposes) will only occur after written and revocable consent of the donor himself.
Reports of complaints
In the case of reports of complaints by data subjects, ITM will - depending on what is necessary to handle the complaint - possibly process the following data: Identification data of the reporter (and defendant), data about the complaint (possibly including personal data such as health data, data relating to care and other services provided, possibly financial data).
The ITM collects this data in order to handle your complaint adequately. Data may thereby be passed on, depending on the complaint, to the central complaints handling department, the chief physician (for complaints about medical care), the education ombudspersons, but also external insurers e.g. in the context of a professional liability claim or ITM's civil liability.
How long does ITM keep your data?
In principle, we do not keep your personal data for longer than necessary to correctly perform and handle the requested service. There may be statutory minimum retention periods (e.g. 30 years for medical records, 25 years for clinical trial data, 7 years for tax certificates or invoices, etc.).
In certain cases, personal data are analysed and stored completely anonymously or in an aggregated manner (e.g. research on epidemic outbreaks, evolutions in vaccinations, participation and satisfaction in training courses, visitor numbers). This information is then no longer linkable to your identity.
Will your personal data be passed on?
Your personal data will only be passed on to third parties if this is in line with a legal obligation or a well-considered legitimate transfer, or if you have given your consent to the transfer. We are therefore always careful to ensure that we only pass on your data to organisations and for activities where this is authorised or otherwise permitted.
For scientific research, it is also possible that pseudonymised (i.e. coded and with no indication of your name or other directly identifiable information) or anonymised data (which can no longer be linked back to your identity) about you will be used and passed on to researchers. Such research is always approved in advance by an Ethics Committee and any processing of pseudonymised medical data is also always carried out under the responsibility of a physician.
Is your data stored securely?
ITM makes every effort to keep your data as confidential and secure as possible. To this end, we take the necessary security measures to minimise the risk of unauthorised access, loss or disclosure (e.g. through hacking). To this end, ITM implements a strict data protection policy for its employees and all employees sign a declaration of confidentiality.
What are your rights?
You always have the right to know what data we process about you, the purposes of the processing, and to whom we transfer it. You can also access this data and have it corrected where necessary. In some cases, you can also have your personal data deleted (the 'right to be forgotten'). To do so, or in case of complaints, contact Information Security by sending an e-mail to firstname.lastname@example.org or calling to +32 (0)3 247 07 43.
If you believe that ITM is not processing your data appropriately, you also always have the right to lodge a complaint with the Belgian Data Protection Authority.