B2C Privacy Policy

  1. Introduction

Brussels Expo appreciates your interest in its products, services and website. We want you to know how we collect, process and store your personal data, which we aim to do with respect for your rights. We also want you to be informed of these rights. For this reason, we invite you to read this policy carefully. If you have any questions at all about the processing of your data, we invite you to contact us at the address “privacy@brussels-expo.com”.


  1. What is the legal framework in this matter?

Although we try to offer guarantees going beyond the applicable legal framework in this matter, we have taken organisational and technical measures to meet the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27/04/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter “GDPR”).


  1. What concepts will be useful for you in understanding this policy?

Data subject: a natural person who can be directly or indirectly identified by information. This is a person whose personal data is collected and processed by a data controller or on its behalf. In practice, it means any natural person whose personal data we process: our visitors; people who fill in contact forms on one of our websites; people who buy tickets for events organised at our site or a parking ticket; any other person whose personal data is given to us, etc.

Personal data: all information relating to an identified or identifiable natural person (= the data subject). This definition is broad because data is considered to be personal as soon as it allows a natural person to be identified either directly (last name, first name, picture, etc.) or indirectly (e-mail address, customer number, employee number, etc.). When reference is made to “data” in this policy, we mean personal data.

Processing: any operation or set of operations, whether or not  performed by automated means, applied to personal data or sets of data. Here, too, the definition is broad. Any manipulation of personal data constitutes processing: collection, consultation, storage, disclosure by transmission, alteration, erasure, etc.

Controller: the natural or legal person, public authority, agency or other body which determines the purposes and means  of the processing of personal data. This is the person who decides why your data is collected and processed. It is your point of contact and the person who will be held responsible for complying with the data protection regulations in force.

Processor: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. The processor does not decide why processing is carried out, it merely carries it out for a controller.


  1. Who are we ? 

The not-for-profit association Parc des Expositions de Bruxelles, known in abbreviated form as “Brussels Expo”, has its registered seat at 1, Place de Belgique, B-1020 Brussels. VAT nº: BE 0406.655.573.

Each person or organisation processing personal data must determine whether it is processing this data as a controller or a processor. This distinction in the processing of personal data is very important. It seems appropriate for us at this stage to present you with our activities and vision, as well as our relationship with our partners.

Our mission is to promote and develop a meeting venue highlighting economic, commercial, industrial, scientific, cultural, and entertainment activities, particularly through the various sites we have been granted by the City of Brussels. For this purpose, we carry out all activities we consider useful or necessary, particularly providing all services directly or indirectly connected to the organisation of fairs and shows, congresses, conferences, exhibitions, concerts, festivals and other events. Part of our mission is also to continually improve the experience of customers visiting our site. We establish our activities in pursuit of these aims, supported by several partners.

We are always concerned to offer a diversified programme of activities and we also aim to offer a full service to event organisers in order to attract diverse events that may be of interest both to the general public and to specific groups. More broadly and given  our particular position, we perform an important task of coordinating the events and providing an overall strategy with a view to achieving our main mission. We also have the decision-making power in the choice of the events organised and we try to adopt a strategy coherent with our wish to develop the sites entrusted to us.

As a result of this particular position, when a data subject orders a ticket for an event, that person is linked both to Brussels Expo and to the organiser of the event that he or she wishes to attend. These two separate organisations are therefore both data controllers as defined above.

In order to obtain full information, you are therefore invited to read our privacy policy, on one hand, and, on the other, that of the organiser of the event that you wish to attend.


  1. What does this policy cover?

The purpose of this policy is to inform you which data we collect, the way this data is processed and the reason for such processing.  Through this policy, we inform you of our commitments and your rights concerning the protection of your personal data.

Our policy covers all personal data collected by Brussels Expo in the context of all its activities: fairs and shows, congresses, conferences, exhibitions, concerts, festivals and other events using the following means:

By providing us with your personal data by one of these means, or by any other means, you must provide us with accurate information about yourself.


  1. What are our principles concerning data protection?

Your personal data and your privacy are important to us. It is priority for us that you trust us. We aim to process your data lawfully, in a transparent manner, faithfully and responsibly. We make every effort to adopt the appropriate organisational and technical measures to protect your data. Finally, we strive to collect as little data as possible in order to achieve our purposes.


  1. The data we collect, how do we process it and why ?

7.1We do not process sensitive data in relation to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, health or a natural person’s sex life or sexual orientation. We do not process genetic or biometric data. In the event that the processing of the so-called “sensitive” data proves to be strictly necessary, you would be duly informed in advance.

 7.2 Tickets may only be purchased by legal entities and natural persons having the legal  capacity to enter into a contract or, where applicable, who have the requisite consent from their parents or guardian (or any other individual exercising parental authority).7.3 The data we collect and process is the data that you have voluntarily given to us or one of our subcontractors or partners. For certain operations involving orders, you may give data about yourself to third parties via their own services – specifically when you make payments. We do not hold this data: its collection and processing are governed by the terms and conditions of these parties. We invite you to consult their terms and conditions before giving your.

  • Data collected: when you wish to order a ticket for the first time for an event organised on one of our sites, we offer you the choice of placing an order with or without creating an account. In either case, we collect the following information:
  • Title: Required identification data
  • Last name, first name: required identification data
  • Language: data necessary to make communication with you easier
  • E-mail address: required data allowing communication with you by e-mail and the sending of electronic tickets.
  • Telephone number: required data that allows us to communicate with you in case a problem related to the event occurs. This data will not be used for any other reason.
  • Date of birth: required data allowing us to check the age of our customers, preventing sale to children. This data is also essential for achieving our main purpose which is the development of our sites because an overall view of the age groups of people attending each event helps us to adapt our strategy and programme.
  • Etc: the reasons for any additional request for data will be provided when this data is collected.
  • When purchasing or obtaining a parking ticket on our platform, the following data is also collected: last name, first name, e-mail address and postcode.
  • Purposes: Our main mission is to develop our sites and the Heysel site, particularly via the organisation of events. In the context of achieving our corporate purpose, we collect and process the aforementioned data in order to carry out our different missions and to offer you an experience and a service that meet your expectations. This information is also essential for your identification and for the performance of our contractual relationship. The processing of this data makes it possible for a personalised ticket or not and other communication concerning the event to be sent by e-mail. This allows us to promote our activities, notifying you of offers and our programme . Finally, it allows us to evaluate the events organised as part of our overall strategy: age of visitors, location, satisfaction survey, etc.
  • Processing: The personal data collected is, as the case may be:
  • Used to create an account in your name (except in the case of quick purchasing)
  • Used to issue an admission ticket for the event
  • Used to issue a parking ticket allowing to park your vehicle in one of our car parks
  • Entered in a structured database
  • Used for various security purposes when you visit one of our sites
  • Communicated to the organiser of the event for which you have booked an admission ticket, who processes this data as separate data controller
  • Stored for the purpose of carrying out assessments concerning visits to our site with a view to improving our services
  • As the case may be, your data is used in our direct marketing campaigns (= sending our programme, offers and promotions, etc.), provided you have not objected to this
  • Used with a view to compiling statistics allowing us to improve our overall event organisation strategy
  • Used to send you, where applicable, post-event satisfaction surveys to assess your experience and improve our services.

7.4  Data collected during an event: in the event that Brussels Expo has Wifi sensors and visual sensors installed in order to track, after encryption, the movements of visitors during an event, you will be informed of this processing when you enter the event by means of an information panel. This processing is based on the legitimate interests of Brussels Expo, the organisers and exhibitors, and our visitors. These interests overlap. The aim is to improve the quality of the event by better managing the crowds. This could mean shorter waiting times in queues, facilities adapted to visitors’ needs, greater visibility for exhibitors, better communication of information to visitors based on the number of visitors at specific points, etc. This processing is carried out, among other things, using the equipment of third-party companies.

Where applicable, the data collected is, on the one hand, the Mac addresses of your mobile device which are encrypted almost immediately and, on the other hand, images via visual sensors which do not allow a visitor to be identified as the images are blurred and grey. Please note that the collection of this data does not allow you to be identified. This data is encrypted, aggregated and used to produce a statistical report that enables us to better understand visitor movements and to respond as effectively as possible to their needs and those of the organisers/exhibitors.

You may, of course, object to this processing by registering your MAC address on the following website: https://smart-places.org/mobil...

Please note that some mobile devices use technology that requires the MAC address to be changed regularly. Our opt-out system should allow you to opt-out of your device despite this MAC address change. In any case, you can avoid this tracking by simply switching off your Wifi.


  1. What is the basis for us processing your data?
  • Performance of a contract: When you buy a ticket on our website, you are bound by a contractual relationship which justifies the collection of your personal data for the purpose of performing the contract: giving you your ticket, allowing you access to the event and/or one of our car parks as the case may be, giving you information about the event, managing venues, etc.
  • Legitimate interest: We have a legitimate interest in processing your personal data for purposes going beyond the scope of the contract between us. We have a legitimate interest in promoting our activities in order to achieve our mission. We endeavour to process your data responsibly based on our legitimate interest, minimising the risks of your privacy being breached. For example, we undertake to contact only people who have already bought a ticket for one of the events organised on our site and to offer you the chance to object to this type of processing easily and at any time. To ensure that our direct marketing campaigns do not violate your right to privacy, we have carefully considered and balanced our legitimate interest against the risk of breach of your privacy in order to evaluate whether our interest is legitimate. You may object to this processing at any time.
  • Legal obligationWe may need to process your data in order to comply with a legal obligation under European Union or Belgian law. You may not object to this processing.
  • Consent: We may ask for your consent for some processing of your personal data. You may withdraw your consent at any time.


  1. How do we protect your data ?

We have put in place the necessary technical and organisational measures  necessary for the protection of your personal data and proportional to the risks of breach of your rights.  Our security measures are regularly assessed and adapted in order to ensure a permanently high level of protection.


  1. With whom do we share your data? 

We undertake not to pass on or sell your personal data to third parties other than our subsidiaries, our subcontractors and our direct partners whose intervention is necessary to achieve the aforementioned purposes.

In the context of the organisation of an event, we share your personal data with:

  • The organiser of the event for which you have ordered a ticket. The event organiser is also responsible for processing your personal data. We pass on your personal data only to the organiser of an event for which you have ordered a ticket and we provide you with the organiser’s privacy notice, when available, at the time your data is collected.
  • Processors: we use other companies so that we can organise our activities. These companies process your personal data on the basis of our express instructions. We make every possible and reasonable effort to ensure that our processors process your data in accordance with the applicable legal regulations. Access to your personal data is limited to data strictly necessary for them to perform their tasks. All our processors are within the European Economic Area and are subject to the abovementioned data protection laws.

Your personal data will be sent to a third country only if an event organiser has its registered office in a third country and no representative in Europe. On the day this policy is published, all the organisers we work with have establishments within the European Union. You will be informed of any data transfer outside the European Union when you order your ticket for an event.


  1. How long do we store your data? 

 The storage period depends on the processing carried out. Your data will be stored by Brussels Expo for five years from your last purchase, except for processing based on our legitimate interest (five years from the last contact with you) and processing justified by the legal obligations we are subject to. We do not store your payment data.


  1. What are your rights? 

You are in charge of your data. We make every effort to ensure your rights are respected. So that you can manage your personal data better, you need to know that you have:

Right to be informed: The right to be clearly and transparently informed about the processing of your personal data and your acknowledged rights concerning this matter. We try to achieve this by publishing this policy and by being available to provide any additional information you need.

Right of access: you have the right to obtain confirmation of whether personal data concerning you has been processed or not by us and to access this data, as well as any other information relevant to its processing.

Right to rectification: When you can show that the personal data concerning you is inaccurate or incomplete, you have the right to ask us to complete or rectify it as appropriate, by sending us an additional declaration.

Right to erasure: In certain circumstances, you have the right to ask us to erase personal data concerning you.

Right to restriction of processing: In certain situations you have the right to restrict the processing of your personal data to its storage.

Right to object: when the processing of your personal data is based on the legitimate interest of Brussels Expo, you have the right to object to this processing at any time.

Right to data portability: When the processing of your personal data is based on your consent or on a contract and it is carried out by automated means, you have the right to ask for this data in a commonly used, structured format readable by a machine. You can ask for this data to be given to another controller.

We aim to respond to your requests to exercise your rights as quickly and efficiently as possible. We inform you, though, that, in certain situations described in the applicable laws on this issue, we have the right to refuse to allow you to exercise certain rights when this is justified by the situation. We try to notify you of our refusal immediately, giving reasons, so you can understand why we cannot proceed with your request.

We invite you to exercise your rights by sending an e-mail to the address: privacy@brussels-expo.com.

Important: before you communicate your personal data to us, bear in mind that, if we receive a request to exercise one of your rights, we have no choice but to communicate personal data concerning you. For this purpose, our power to check the identity of the data subject behind the request is limited. In accordance with our principle of restricting data collection to the data strictly necessary for achieving our purposes, we try not to collect additional data in order to verify your identity. We therefore consider that any request to exercise your rights coming from your account or your registered e-mail address is sufficient evidence of your identity. We invite you to register with your own e-mail address and urge you to be careful with securing it.


  1. Where can I complain if my rights are breached?

In the event of a problem, you can, of course, contact us at the address privacy@brussels-expo.com so that we can assist you as best we can. In any case, you have the right to complain to the data protection authority. Further information on https://www.dataprotectionauthority.be.


  1. Updates to our privacy policy

Our privacy policy may be subject to further expansion or adaptation, e.g.,  in the event of new developments. We advise you to consult this privacy policy regularly.


Date of the last update: 06/09/2023

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×