Mise à jour : le «12/06/2024»
Contents
3 Purposes of the data processing.. 2
6 Where are your data stored?. 4
7 What are the retention criteria for your personal data?. 4
8 Security of the data processed.. 5
9 What are your rights and who to contact in the case of necessity?. 5
1 Introduction
This policy provides the information required concerning the way in which the Brussels University Hospital (hereinafter the H.U.B, the Hospital or the Institution) processes the personal data it collects and that concern you as a job applicant (hereinafter the “Applicant”).
The Brussels University Hospital consists of:
- The Brussels University Clinics – Erasmus Hospital, this including:
- The Trauma and Rehabilitation Centre (CTR);
- The Geriatric Rehabilitation Centre (CRG) ;
- The Lothier Polyclinic;
- The Brussels Hospital Association – Jules Bordet University Hospital;
- The Brussels Hospital Association – Queen Fabiola Children’s University Hospital (Huderf)
Candidates include persons applying for a job at the H.U.B or at one of the member structures as presented hereunder.
The H.U.B attaches great importance to protecting your personal data.
The Institution undertakes to respect the confidentiality of your private life. It undertakes to ensure that the processing of personal data shall comply with the General Data Protection Regulation (GDPR) and the applicable Belgian legslation on the protection of private life.
The Hospital processes your personal data on an appropriate legal basis, defined in accordance with the data processing and its purpose and with reference to article 6§1 of the GDPR. Depending on the case, the Hospital bases the processing on:
- The execution of a contract or precontractual measures;
- Respect for legal obligations incumbent upon the Hospital;
- The pursuit of the legitimate interests of the Hospital (while respecting the interests of the person concerned);
- Consent (when it is necessary).
Data processing includes the collecting, use, storage, protection and erasure of these data.
This document also sets out your rights in regard to these personal data and how you can exercise these rights.
2 Data controller
The Institution to which you apply is legally responsible for processing your personal data:
- Brussels University Hospital (H.U.B)
50, Avenue Franklin Roosevelt 1050 Brussels
Company No.: 0775.387.613
- Erasmus Hospital– Brussels University Clinics
808, route de Lennik, 1070 Brussels
Company No.: 0941.792.893
- Brussels Hospital Association – Jules Bordet University Hospital
90, Rue Meylemeersch, 1070 Anderlecht
Company No.: 0257.981.101
- Brussels Hospital Association – Queen Fabiola Children’s University Hospital
15, Avenue Jean Joseph Crocq, 1020 Brussels
Company No.: 0260.238.627
In accordance with the General Data Protection Regulation (GDPR), the H.U.B has appointed a data protection officer. The data protection officer can be contacted for any questions concerning the protection of your personal data at the following address: dpo@hubruxelles.be and this irrespective of the H.U.B institution to which you apply.
3 Purposes of the data processing
The Hospital processes your personal data in connection with your job application. The aim is to permit the procedures necessary for considering your application. The purposes of the data processing are as follows:
The purposes of the data processing are as follows:
- Recruitment and administrative management of applications;
- To make contact with applicants and organise the various stages of the application (interviews, sending out of replies, etc.);
- To make available computing tools in connection with the application;
- To assess the capacities and skills of applicants in relation to the position applied for;
- To compile statistics (possibly, and while respecting the legal conditions of a use based on legitimate interests);
- To respect the legal obligations to which the Hospital is subject and compliance with the applicable regulations;
There is no automated decision-making. Your personal data are always treated with the greatest care and respect.
This means that the Institution only processes your data if it has an appropriate legal basis to do so and provided it informs you of the purposes for which they are to be used.
The Institution uses cookies. Please refer to the cookies policy for more information on this subject.
If the Institution decides to employ you, your data will be processed in the framework of an employer-employee relationship. You will be provided with a copy of the specific policy concerning the protection of the private life of members of staff.
4 What data are processed?
The Hospital is careful to ensure that the only data processed are data that are adequate and pertinent in relation to a purpose.
The data processing concerns the following data:
- Identification and contact data (last name, first names, gender, date and place of birth, civil status, nationality, postal address, email address, telephone number, etc.)
- Data concerning training and previous employment (diplomas, training, previous professional experience, references, etc.)
- Records of criminal convictions if this is legally permitted or justifiable.
Some data are obligatory for submitting your application.
5 Who has access to your data and what categories of recipients can your personal data possibly be transmitted to?
The Hospital recognises the confidential nature of your personal data and does not disclose them or make them accessible unless absolutely necessary by virtue of the “need to know” principle.
Internally, access to your data is therefore restricted to members of the Human Resources Department (hereinafter the “HR department”) and to members of the selection committees who participate in the recruitment activities. They are all obliged to be familiar with and to apply correctly internal data protection and security policies and therefore to respect data confidentiality and the conditions of legitimate use. This implies:
- The obligation not to access or seek to access data that are not strictly necessary for the execution of their mission;
- A ban on divulging personal data of which they have knowledge unless this is strictly necessary for exercising their functions.
In some cases your data are made accessible to external service providers who process them on behalf of the Institution in connection with sub-contracting agreements. These external service providers may only use your data in connection with the service they are requested to provide, such as the provision of an application or sharing platform. They are bound to a duty of confidentiality and under no circumstances are they authorised to retain or use your data on their own behalf.
When the Institution is so required by law (obligatory communication or legal ruling) it can communicate your data to official bodies
The Hospital does not sell your personal data or hire them out, share them with or make them commercially available to third parties, subject to that which is set out above or your prior consent.
6 Where are your data stored?
The transfer of your data to third parties or to servers outside the European Economic Area is avoided as much as possible.
If, however, for the requirements of a processing, the transfer of your data outside the EEA has to be considered, this will only be to a country that guarantees an adequate level of protection by virtue of an adequacy decision of the European Commission. If this is not the case, the Hospital will ensure that your data are protected by the recipients in question by requiring the appropriate guarantees as provided for by article 46 of the GDPR.
7 What are the retention criteria for your personal data?
The Hospital retains your personal data during the period required for the purposes as described above, taking into account any legal retention periods and any limitation period applicable in civil and criminal law.
The exact retention period is therefore evaluated on a case-by-case basis according to the processing activity.
Data are in principle retained during the period of the working relationship, failing any legal or regulatory provision to the contrary. They can also be retained after the execution of the contract (generally during 5 years), if the hospital has a legal obligation to do so (for example, to comply with accounting, social or fiscal obligations) or if it wishes to constitute proof in relation to a dispute and this within the applicable limitation period.
If your application does not result in your employment, the Institution can retain your application data for a period of 2 years in recruitment reserve.
8 Security of the data processed
Attentive to the security of your data, the Hospital implements appropriate measures (whether physical, technological, related to persons, administrative or organisational) to prevent as much as possible any destruction, loss, modification or corruption, as well as any unauthorised access, and this whether accidental or intentional.
The Institution is careful to require an equivalent level of security on the part of its sub-contractors.
9 What are your rights and who to contact in the case of necessity?
Any person concerned who justifies his or her identity by sending a copy of both sides of their identity card (or equivalent poof of identity) is entitled to:
- Obtain, free of charge, a copy of their personal data that is the subject of processing by the Hospital and, if applicable, any available information on the purposes, origin and destination of the data processing;
- Obtain, free of charge, the correction of any incorrect personal data concerning them as well as the completion of incomplete data;
- Obtain, subject to the provisions as provided by the regulations and free of charge, the erasure of their personal data;
- Obtain, subject to the provisions as provided for by the regulations and free of charge, the limitation of processing of their personal data;
- Obtain, free of charge, the portability of their personal data they communicated to the Hospital, that is, to receive free of charge data in a commonly used structured format, provided that the processing is based on consent or a contract and is effected with the assistance of automated processes;
- Oppose, subject to the conditions provided for by the regulations and free of charge, for reasons pertaining to their personal situation, the processing of their personal data.
It is important to note that, in accordance with the GDPR, some of your rights may be limited in the special conditions set by the Regulation.
The rights as set out above can be exercised by sending an electronic mail to the Hospital’s Data Protection Officer at the address dpo@hubruxelles.be
In accordance with the legislation, a reply will be provided within 30 days following submission of the request. This period can be extended by 2 months depending on its complexity and the number of requests.
For any questions concerning the processing of your personal data you are entitled to contact the Institution’s Data Protection Officer at the address dpo@hubruxelles.be
If you are not satisfied with the way your data are processed you are entitled to submit a complaint to the control authority using the following contact details:
Data Protection Authority
Rue de la Presse,35
1000 Brussels
E-mail : contact@apd-gba.be
Tel. : +32 (0)2 274 48 00
https://www.autoriteprotectiondonnees.be/introduire-une-requete-une-plainte
10 Terms and definitions
- Personal data: Any information relating to an identified or identifiable natural person; is deemed to be an “identifiable natural person” any natural person who can be identified, directly or indirectly, notably by reference to an identifier, such as a name, identification number, location data, an online identifier or one or more specific elements relating to the person’s physical, physiological, genetic, mental, economic, cultural or social identity;
- Processing: Any operation or set of operations which is performed on personal data or on sets of personal data whether or not by automated means, such as collection, recording, organisation, structuring, storage, updating, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- Data Controller: The natural or legal person, public authority, service or other body that, alone or jointly with others, determines the purposes and means of processing; when the purposes and means of processing are determined by Union law or the law of a Member State, the controller may be appointed or specific criteria applicable to the controller’s appointment can be provided for by the law of the Union or of a Member State.
- Sub-contractor: A physical or natural person, institution, service or any other body that processes personal data for the controller.
- Violation of personal data: A violation of the security of personal data that results, either accidentally or illegally, in the destruction, loss, modification or unauthorised disclosure of personal data transmitted, conserved or processed in another manner, or unauthorised access to such data.
- Members of staff: All persons working at the Hospital, including interns, self-employed persons, early retirees, retirees and voluntary workers.