Privacy policy

This privacy policy applies to all personal data that are processed by Haven Oostende NV, a public law limited liability company (“NV van publiek recht”), with registered office at Slijkensesteenweg 3A, 8400 Oostende, Belgium, with company number and VAT number BE 0259.978.212, which is the controller of this website.

The Controller attaches great importance to your privacy and processes your personal data in accordance with European Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter “GDPR”), as well as any future or additional legislation implementing it, insofar as applicable.

For any further questions or comments regarding the way in which we handle your personal data, you can always contact us by e-mail at info@portofoostende.be or by post at the above-mentioned postal address (with the reference “for the attention of the DPO”).

The processing of personal data (hereinafter “data”) includes any operation performed on data that can identify you as a natural person. You can read which data this concerns in this Privacy Policy. The concept of “processing” is very broad and covers, among other things, the collection, storage, use of your data, or the sharing thereof with third parties. 

Below we clarify which data we may process about you. Depending on the specific situation, your preferences and the way in which you contact us, we do not process all of the data listed below for every individual. 

General

From all our contacts we may process the following data:

• Electronic identification and usage data (e.g., IP address, browser type, location data);
• Identification data;
• Contact details (e.g., name, first name, address, email address, etc.);
• Contact history (e.g., email messages, messages sent via web forms, etc.);
• Images captured by security cameras (e.g., for monitoring and safeguarding our facilities);
• Vessel identification data (e.g., vessel name, registration and flag data, IMO number, home port, navigation routes);
• Visitor or access registration data (e.g., badge usage, time of registration, vehicle registration).

Operational and commercial relationships

In the context of our commercial and operational activities, we may additionally process the following data:

• Order, reservation and payment data (e.g., invoicing information, payment details, order references);
• After-sales service data (e.g., complaints, requests, incident reports);
• Feedback, testimonials and promotional content such as photos and videos.

Suppliers – service providers

From our suppliers and service providers, we may additionally process the following data:

• Contractual data (e.g., company name, address, VAT number, agreements, etc.);
• Payment and invoicing data (e.g., payment card details, invoices, etc.);
• Platform account data (e.g., registration details for creating an account);
• Feedback, testimonials, quotes and promotional content such as photos and videos (e.g., reviews and experiences related to our collaboration, testimonials, quotes, presence at events, etc.).

Job applicants

From job applicants, we may additionally process the following data. Naturally, this depends largely on the information you choose to provide to us as part of your application:

• Personal details;
• Work-related information;
• Personality-related information;
• Photographs.

Directors and members of the Board of Directors

From members of the Board of Directors and other governing bodies of Haven Oostende, we may additionally process the following personal data:

• Identification and contact details (e.g., name, first name, address, email address, telephone number);
• Professional information (e.g., positions, professional qualifications);
• Images and audiovisual material (e.g., photos and videos taken during official events or for publication purposes);
• Information relating to board mandates (e.g., start and end date of the mandate, meeting minutes).

Port Oostende Charity Run 

In the context of organising the Port Oostende Charity Run, we may additionally process the following data of participants, volunteers and other involved individuals:

• Identification and contact details (e.g., name, first name, date of birth, address, email address, telephone number);
• Registration data (e.g., chosen distance, team name, T-shirt size);
• Payment details (e.g., proof of payment, invoicing data);
• Health information (only if voluntarily provided, e.g., for medical support during the event);
• Images and audiovisual material (e.g., photos and videos taken during the event for promotional purposes).

Invitation-only events and seminars 

In the context of organising business events, port visits, networking moments, seminars or expert meetings (such as the Interactive Forum Circular Industry) organised or co-organised by Haven Oostende, we may process personal data of participants, speakers and network partners. This may include:

• Identification and contact details (e.g., name, first name, position, organisation, (professional) email address, telephone number);
• Registration data (e.g., confirmation of participation, session preferences, dietary requirements, attendance status);
• Logistical data (e.g., parking needs, access registration, badge information);
• Professional data (e.g., area of expertise, business sector or field of work, if relevant for the event theme);
• Images and audiovisual material (e.g., photos and videos taken during the event);
• Feedback data (e.g., evaluation forms or comments and suggestions after the event).

During our events, photos and video recordings may be taken for reporting and promotional purposes. We strive for maximum transparency and respect for the privacy of participants.

To provide participants with a clear choice, some events may use coloured lanyards (for example, a red lanyard) indicating that the participant does not wish to appear recognisably in visual material. This visual indicator is actively respected by our photographers and videographers.

In addition, we always provide the option to object to the use of specific images in which you are recognisably visible. Such an objection can be submitted to the organisation via the contact details listed in this Privacy Policy. In accordance with the right to erasure (right to be forgotten), such images can be removed or blurred upon request, unless there is a legitimate reason to refuse this. For more information about your rights, see section 10 of this Privacy Policy.

Rental of infrastructure or sites 

For temporary or long-term rental of port infrastructure (such as quay walls, warehouses, land plots or event locations), Haven Oostende processes personal data of tenants, concession holders or organisers. This includes, among others:

• Identification and contact details (e.g., company name, representative, address, email, telephone number);
• Contractual data (e.g., agreement, rental conditions, location, duration, invoicing details);
• Financial data (e.g., bank account number, payment history, invoices);
• Correspondence and contact history (e.g., email communication regarding reservations, complaints or technical support);
• Technical and operational data (e.g., plans, connection requirements, safety information, badge requests).

Security and ISPS protocols

For areas falling under the International Ship and Port Facility Security Code (ISPS), Haven Oostende is required to process specific personal data in the context of access control, risk prevention and compliance with international security standards. This processing applies to visitors, crew members, drivers, suppliers and other external parties accessing ISPS zones:

• Identification data (e.g., name, date of birth, nationality);
• Verification data (e.g., identity card or passport number, driver’s licence, photo for access badge);
• Work-related data (e.g., employer, function, purpose of visit);
• Access logs (e.g., date and time of access, visited zone, vehicle registration);
• Security camera footage (for surveillance and traceability purposes).

These data are processed solely in accordance with the legal obligations under ISPS regulations and retained only as long as necessary for control and auditing purposes.

Participation in the ENSOR and eRIBa platforms

In the context of digital registration and processing of maritime and inland navigation activities via the ENSOR and eRIBa platforms, we may process personal data of crew members, operators, agents, carriers and other involved parties. This processing is necessary for accurate maritime administration and smooth logistical operations. This includes, among others:

• Identification and contact details (e.g., name, function, telephone number, email address of the notifier or representative);
• Vessel and voyage data (e.g., vessel name, registration number, IMO number, navigation routes, cargo type, expected arrival and departure times);
• Technical and operational data (e.g., berth information, supply needs, waste handling, customs information);
• Login and usage data from the platforms (e.g., username, login time, modification history).

ENSOR is the electronic notification system of Haven Oostende linked to the Belgian Maritime Single Window and used for sea vessel notifications. eRIBa is a notification platform for inland vessels that streamlines digital communication with various waterway authorities.

These data are processed solely for the purpose of handling legally required notifications, operational planning of the port, and compliance with international maritime and safety regulations.

Public communication, newsletters and operational mailings 

In the context of our external communication via digital and social channels, we process personal data of individuals who contact Haven Oostende, subscribe to updates, or publicly interact with our communication. This includes, among others:

• Identification and contact details (e.g., name, email address, function, organisation, language preference);
• Communication content (e.g., messages or questions sent via email, contact forms or social media channels);
• Usernames or profiles on social media (e.g., Facebook, LinkedIn, Instagram);
• Feedback and reactions to published posts;
• Subscription and interest data for newsletters or invitations (e.g., preferred topics or event types);
• Usage behaviour (e.g., email opening and click behaviour, if tracking is enabled).

The personal data we collect are processed exclusively within the scope of the operations of Haven Oostende, with the aim of ensuring correct, safe and transparent service delivery. More specifically, we process your data for the following purposes:

• Operational and commercial functioning of the port
  • Managing vessel visits, berths and logistical operations;
  • Digitally processing maritime and inland navigation notifications via the ENSOR and eRIBa platforms;
  • Facilitating access to port infrastructure and secured zones (including ISPS);
  • Handling reservations, requests and customer files;
  • Performing technical, administrative and financial follow-up (such as invoicing and contract management).
• Organisation of events and public activities
  • Planning and organising public and professional events, such as the Port Oostende Charity Run; port visits, networking events and seminars; Interactive Forum Circular Industry;
  • Registering participants, guests and speakers;
  • Communicating about and reporting on these activities, including photography and videography (with consent where required).
• Participation in fairs and external representation
  • Managing contacts with stand visitors and partners at fairs;
  • Creating contact databases based on business cards or registrations received;
  • Sending follow-up communication or invitations based on expressed interest.
• Communication and informational messaging
  • Sending newsletters, press releases, invitations and updates;
  • Sending operational notifications (such as traffic measures, closures or changes in services);
  • Managing public communication via social media and other digital channels;
  • Collecting and analysing feedback for quality improvement.
• Administrative, legal and fiscal obligations
  • Complying with national and international regulations regarding safety, ISPS, environmental legislation and port management;
  • Maintaining accurate accounting and fiscal administration;
  • Retaining data in the context of audits or legal proceedings;
  • Reporting and recording incidents or accidents.
• Recruitment and selection of employees
  • Receiving and processing job applications;
  • Managing selection procedures and communication with candidates;
  • Retaining data in a candidate database (with consent).
• Security, monitoring and risk management
  • Registering visitors and contractors on site;
  • Camera surveillance in and around port zones, buildings and access roads;
  • Following up on incidents, complaints or reports;
  • Performing fraud detection and security analyses.

We process your data only insofar as it is based on one of the legal grounds listed in the GDPR, as outlined below.

Legal obligation 

Certain data are processed in order to comply with legal or regulatory obligations that apply to us. Examples include obligations relating to maritime safety and port management (e.g., mandatory notifications via ENSOR or eRIBa); fiscal and accounting obligations; employment and social security legislation; environmental and port regulations; compliance with security and ISPS protocols; processing requests from supervisory authorities or judicial bodies.

Necessary for the performance of a contract 

Certain data are processed because it is necessary for entering into, performing or terminating a contract with you as the data subject. This includes contacting you, scheduling appointments, responding to a request, or gathering information as part of establishing a contractual relationship, as well as the effective execution of a contractual assignment within the scope of our core activities, in order to provide our services to you or receive services from you. 

Legitimate interest

Certain data are processed based on our legitimate interest, which in specific cases outweighs any potential impact on your rights. For example, to promote our activities to business contacts; to improve the quality of our services; to train staff and evaluate or maintain statistics related to our activities more broadly; to retain and use evidence in the context of liability, proceedings or disputes, and for archiving purposes; and to ensure security, both online on this website and in our facilities.

Consent

Certain data are processed based on your consent. Examples include promoting activities to potential business contacts; the use of certain analytical or marketing cookies; the publication of photos containing personal data on our website. Data of job applicants after the recruitment process will only be retained with consent.

Most of the personal data we process about you are obtained directly from you—via forms, registrations, emails, telephone calls or physical interactions (e.g., access to our port area or participation in an event).

In addition, in some cases we may also obtain personal data from other sources, such as:

• External service providers or (sub)contractors, in the context of joint assignments or service delivery;
• Government institutions or port authorities, for example via notification platforms such as ENSOR or eRIBa;
• Public sources, such as social media, company websites or public databases (e.g., business registers, ship registries);
• Partnerships in port or innovation networks, where personal data are shared on the basis of cooperation agreements.

In all cases, we limit ourselves to data that are relevant and necessary for the intended purpose.

We do not disclose your data to third parties unless this is strictly necessary in view of the purposes described above, or if we are legally required to do so.

Where necessary, we rely on external service providers (processors) to support our operational activities, such as managing our websites and IT systems. These processors always act on our behalf and under strict contractual conditions.

This means that we may share your data, insofar as relevant to your situation, with the following third parties for the following purposes, with some of these parties acting as processors on our behalf:

• Postal services, transport and delivery companies if we need to send you items by mail;
• Payment service providers when we receive payments from you, or vice versa;
• External representatives and consultants or any other involved parties in the context of our core or supporting activities;
• Processors assisting us in the operation of our organisation’s IT infrastructure, ensuring secure and efficient digital data management;
• Government bodies, judicial authorities and regulated professionals such as accountants and lawyers, for the purpose of complying with legal obligations and defending our interests, where required.

Additionally, your data may be shared with affiliated or associated companies of Haven Oostende when necessary for joint projects, shared services or internal operational coordination. This always takes place in compliance with applicable privacy legislation and on the condition that adequate contractual and organisational safeguards are in place.

We do not retain your data longer than necessary for the purpose for which the data were collected or processed. Since the appropriate retention period depends on the purposes for which the data were collected, the retention period may vary in each situation. In some instances, specific legislation may require us to retain data for a certain duration.

Our retention periods are always based on legal requirements and a balancing of your rights and expectations with what is useful and necessary to fulfil the stated purposes. After the retention period expires, your data are deleted or anonymised. 

We implement appropriate technical and organisational security measures to prevent, within the scope of our activities, the destruction, loss, alteration, unauthorised access to, or unlawful disclosure of your data, as well as any other unauthorised processing. These measures include, among others, physical access restrictions, digital access control, encryption, logging, and training for staff and processors. Camera footage and other sensitive data are only accessible to authorised individuals.

We also ensure that the processors we engage take appropriate security measures to minimise the risk of incidents as much as possible.

If your data are processed outside the European Economic Area (EEA) through the use of specific services or software tools, this will only occur in countries for which the European Commission has confirmed an adequate level of data protection, or appropriate safeguards will be implemented to ensure the lawful processing of your data in these third countries.

You have various rights regarding the data we process about you. If you wish to exercise any of the rights listed below, please contact our GDPR officer using the contact details provided under the first section of this Privacy Policy.

Right of access and copy

You have the right to access your data and obtain a copy of them. This right also includes the ability to request further information regarding the processing of your data, including the categories of data processed about you and the purposes of the processing.

Right to rectification

You have the right to have your data corrected if you believe that we hold inaccurate information.

Right to erasure (right to be forgotten)

You have the right to request that we erase your data without undue delay. However, we may not always be able to honour such a request, for example when the data are still required for an ongoing contract, or when we are legally obliged to retain certain data for a specific period.

Right to restriction of processing

You have the right to request the restriction of the processing of your data. In this case, processing is temporarily halted, for example until the accuracy of the data has been verified.

Right to withdraw consent

When processing is based on your consent, you have the right to withdraw this consent at any time by contacting us. For marketing messages you receive by email based on your consent, you may easily withdraw this consent by clicking the unsubscribe link at the bottom of the message.

Right to object

You have the right to object to the processing of your data that is based on legitimate interest. This must be based on reasons relating to your particular situation. You may also object to the use of your data for direct marketing purposes. Email marketing communications will always include an opt-out option.

Right to data portability

You have the right to obtain your data that you have provided to us with your consent or in the performance of a contract, in electronic form. This allows you to easily transfer them to another organisation. You also have the right to request that we transfer your data directly to another organisation, where technically feasible.

Right to lodge a complaint with your supervisory authority

If you believe that we are processing your data incorrectly, you always have the right to lodge a complaint with your supervisory authority for data protection.

Belgian Data Protection Authority (GBA)
Drukpersstraat 35
1000 Brussels

contact@apd-gba.be

You may exercise your rights by contacting us either by email at info@portofoostende.be or by post at Slijkensesteenweg 3A, 8400 Oostende, accompanied by a copy of the front side of your identity card or another document that enables us to identify you. The copy will only be used to verify your identity in accordance with the GDPR.

We reserve the right to amend this Privacy Policy. The most recent version will always be available on our websites. The date on which this Privacy Policy was last updated can be found at the top. In the event of a substantial change to the Privacy Policy, we will, where possible, directly inform the individuals affected by the change.