MOBIB card details:

• Identification data such as title, surname, first name, language, gender, date of birth, postal address, photo, national registration number, MOBIB card number, ...
• Electronic identification data such as telephone number and e-mail address.

Personalised ticket data:

• Financial data such as data relating to payment by bank card: last digits of bank card number, period of validity of card, ...
• Personal data such as ‘RIS/BIM’ status, student status, family composition, …
• Transactional data such as data relating to purchased transport ticket, applicable fare, current contract, …

Data linked to any digital account that may have been created:

• Identification data such as surname, first name, language, date of birth etc.
• Electronic identification data such as e-mail address, IP address.

• Maximum 8 years, calculated as follows:
  • 5 years: card validity,
  • 1 to 18 months: contract validity,
  • 18 months: after-sales service
• If you pay by bank card, we will keep your data for 1 year after you have validated your last journey using your bank card.
• If you pay by mobile phone, we keep your identification data for as long as your digital account is active, your transactional data is kept for 1 year from the date of payment and your bank details for a maximum of 7 years.

• The person concerned.
• If you benefit from a third-party payment system, the legal entity making the payment.
• The Crossroads Bank for Social Security.
• Other public transport companies.

• MOBIB card number.
• Tickets loaded on the card.
• First and last validation data.

• Validity period of the MOBIB card + 3 years (except for validation data which are kept for 6 months, starting from the month following validation).

• The person who validated the ticket.
• Belgian Mobility Company (BMC) or other     relevant public transport companies.

• Identification data such as the MOBIB card number, the last digits of the credit card in case of contactless credit card validation, or the status of the MOBIB card (expired or not).
• Sales contract data: contract start and end date, contract type, contract identifier, place of sale, date of creation.
• Validation data: place of validation, line and vehicle number, number of validators used, date, time, number of journeys remaining, type of validation (entry, correspondence, exit), journeys remaining.

• 6 months, starting from the month following validation.

• The person who validated the ticket.

• Identification data (see ‘MOBIB card data’ above).
• Electronic identification data (see ‘MOBIB card data’ above).
• Contract details (for TaxiBus).
• Financial data (for TaxiBus).
• Disability data (to verify eligibility for the Taxibus service, to provide an adapted vehicle or adapted support in the station).
• Transactional data (use of the service).

• Data related to the TaxiBus service. 5 years.
• Data related to accompaniment in the station: 6 months.

• The person himself or his representative.

You have created a user account:

• Identification data such as surname, first name and date of birth.
• Electronic identification data such as e-mail address.
• Addresses saved in the application.
• Personalisation data that you have saved in the application (language, start-up screen etc.).
• Device identification data.
• Routes saved for notification.

With or without a user account:

Geolocation data, if you have enabled this feature.

• Favourites (lines and stops) saved in the application.

You have created a user account:

• The whole period your account is active. 
• The history of the lines and stops consulted is kept for a maximum of 18 months.
• See above for duration of the data related to the MOBIB card.
• Until the notification is sent.

With or without a user account:

• The data used for geolocation is used for the time to respond to your trip requests and is not kept any longer.
• Device favourites are retained as long as the application remains installed.

• The person concerned.

• Identification data, such as surname, date of birth, postal address, MOBIB card number etc.
• Personal details such as photos, films and testimonials.
• Electronic identification data such as e-mail address and telephone number.
• Transactional data such as the type of ticket.
• Specific marketing action replies such as replies concerning the contest.

• We keep your data only as long as you remain a STIB-MIVB customer or as long as you have not withdrawn your consent (this can be done at any time).
• Contests: unless otherwise specified, we keep your data for 1 month after the contest has ended.

• The person concerned.

• Data that is displayed by default on the related social network.  
• Identification data such as first and last name or pseudonym.
• Profile picture or avatar.
• Personal details such as presentation message, publications or any data made public by the user.
• Transactional data with STIB-MIVB such as exchanged messages.
• Platform usage data for the creation of       anonymous statistics.

• For the whole period the account on the social network exists.

• The person concerned.

• Identification data such as title, surname, first name, language, e-mail address, telephone number, MOBIB card number etc.
• Data necessary to process the application (e.g. To issue a certificate).
• Validation data in the event of questions or disputes if the person requests this from Data Protection.

• 5 years after making contact.

• The person concerned.

• To carry out the above-mentioned analyses, STIB-MIVB may use all the data it holds on its customers; data that has been gathered in aggregated, pseudonymised, or anonymised (depending on the circumstances) fashion.  This includes, for example, data contained in the customer database (in aggregated fashion), anonymised validation data etc.
• Answers collected as part of market research or satisfaction surveys.

• Maximum 1 year. As soon as possible, the data are kept in aggregated form: this way persons concerned can no longer be identified.

• The person concerned.

• Data included in the fine drawn up by STIB agents, as well as in the incident management systems: where applicable, identification data, such as civility, surname, first name, language, status of the person (victim, witness etc.).
• Information about the facts and their consequences, as well as any useful documents (sound recordings, camera images, police reports etc.).

• The whole period the pursued purpose requires it.

• The person concerned, STIB-MIVB agents, and the police.

• Images from the cameras

• One month. In the event of an accident or incident, recordings are collected and kept for a period of 5 years.
• In files related to state security (e.g. terrorist offences), these images can be kept for 10 years.

• The related camera.

• Processing starts with personal data (passenger images) and results in anonymised count data. The conversion process is carried out in the camera, using software. Under no circumstances are the images stored, transferred or displayed.

The anonymised data that is processed consists of:

• Number of passengers in a defined area.
• Location of passengers (e.g. beginning or end of platform).
• Related route.

• For predictive models of changes in our passenger numbers, sample size is one of the main factors influencing the quality of predictions.  For this reason, we keep this (anonymised) data for a period of 20 years.

• The related camera.

• Identification data such as first and last name, gender, place and date of birth, postal address, photo, ID number, national registration number etc.
• For minors: the identification data of the persons responsible for the minor.
• Electronic identification data such as telephone number and e-mail address.
• STIB-MIVB transactional data such as season ticket data (including that of other public transport companies).
• Data relating to inspections such as location (vehicle number, line number, stop), validation data (in the event of a complaint about the additional fare), offences recorded, etc.
• Data on past offences (considering recidivism).
• Photo of the offence (taken automatically) in the case of certain specific frauds detected at the gates of metro and pre-metro zones, via sensors

• 5 years from the date of the offence.
• Photo of specific frauds: 30 minutes on the STIB-MIVB server and 2 minutes on the inspection agent's tablet random access memory (RAM).

• The person concerned
• The national registration number

• Identification data such as surname, first name, language and postal address.
• Electronic identification data such as e-mail address.
• Data relating to the offence, such as report, possible objections, number plate and vehicle’s make.

• 5 years.

• The DIV, to obtain the identity of the owner of the vehicle to whom the penalty notice is sent, based on the number plate.
• The person concerned, if present.

• Identification data such as first and last name.
• Electronic identification data such as telephone number and e-mail address.
• Urban data such as parcel number, cadastral plans, involved property rights.
• Financial data such as the individual's bank account number.

• We keep the data for the duration of the works or for as long as the person remains the owner (in the case of vegetation extending over the ‘transport corridor’).

• The person concerned.
• The cadastre.

• Identification data such as surname, first name and address.
• Electronic identification data such as telephone number and e-mail address.
• Professional data such as information about your company, your professional skills (such as CV, recommendations etc.).
• Financial data or data relating to the eligibility of the partner.
• Data related to the contract(s) concluded with STIB-MIVB.

• 10 years, starting from the end of the contractual relationship or 5 years, starting from the end of the contractual negotiation.

• The person concerned or the company that employs the latter.

• Identification data such as surname, first name and address.
• Financial data such as your account number and previous payments.
• Transactional data such as your purchase history.

• 2 years, starting from the transaction.

• The person concerned.

• Identification data of those involved in the accident, witnesses, authorised representatives (lawyers, insurers), such as surname, first name, address, national register number etc.
• Electronic data: e-mail address and (mobile) telephone number.
• Personal details such as household composition.
• Financial data.
• Health-related data (required when applying for compensation).
• Images from surveillance cameras.
• Customer account data such as MOBIB card number and validation data.

• 20 years after the case is closed by service Claims. The retention period of this data also depends on the applicable limitation periods.

• The person concerned.
• Experts, insurance companies, insurance brokers, lawyers, court bailiffs, notaries etc.
• Public authorities.
• STIB-MIVB agents.

• Identification data of the persons involved.
• Electronic data: (mobile) telephone number and e-mail address.
• Data relating to the alert and its processing.

• 10 years.

• The whistleblower.