Privacy policy - Data protection

Although we tend to offer guarantees going beyond the applicable laws on this matter, we have taken organisational and technical measures to meet the provisions of the European Parliament and of the Council of 27/04/2016, commonly known as the General Data Protection Regulations (hereafter GDPR).

• Data subject: a natural person who can be directly or indirectly identified by information. This is a person whose personal data is collected and processed by a data controller or on its behalf. In practice, it means for instance: our visitors; people who fill in contact forms on one of our websites; people who buy tickets for events organised at our site; any other person whose personal data is given to us, etc.

• Personal data: all information relating to an identified or identifiable natural person (= the data subject). This definition is broad because data is considered to be personal as soon as it allows an individual to be identified either directly (surname, first name, photo, etc.) or indirectly (e-mail address, customer number, employee number, etc.). When reference is made to “data” in this charter, we mean personal data.

• Processing: any operation or set of operations, whether or not it is carried out using automated means, applied to personal data or sets of data. Here, too, the definition is broad. Any manipulation of personal data constitutes processing: collection, consultation, storage, disclosure by transmission, adaptation or alteration, erasure, etc.

• Controller: the natural or legal person, public authority, agency or other body which determines the purposes of processing personal data and the means to carry it out. This is the person who decides why your data is collected and processed. It is your point of contact and the person who will be held responsible for complying with the data protection regulations in force.

• Processor: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. The processor does not decide why processing is carried out, it merely carries it out for a controller.

The not-for-profit association Parc des Expositions de Bruxelles, known in abbreviated form as “Brussels Expo”, has its registered address at 1, Place de Belgique, B-1020 Brussels. VAT nº: BE 0406655573.

Each person or organisation processing personal data must determine whether it is processing this data as a controller or a processor. This distinction in the processing of personal data is very important. It seems appropriate for us at this stage to present you with our activities and vision, as well as our relationship with our partners.

Our mission is to promote and develop a meeting venue highlighting economic, commercial, industrial, scientific, cultural, and entertainment activities, particularly through the various sites we have been granted by the City of Brussels. For this purpose, we carry out all activities we consider useful or necessary, particularly providing all services directly or indirectly connected with organising fairs and shows, congresses, conferences, exhibitions, concerts, festivals and other events. Part of our mission is also to continually improve the experience of customers visiting our site. We establish our activities in pursuit of these aims, supported by several partners.

We are always concerned to offer a diversified programme of activities and we also try to offer a full service to event organisers in order to attract diverse events that may be of interest both to the general public and to specific groups. More broadly, in terms of our particular position, we perform an important task coordinating the events and providing an overall strategy with a view to achieving our principal mission. We also have the power to decide on the events to be organised and we try to adopt a strategy coherent with our wish to develop the sites entrusted to us.

As a result of this particular position, when a data subject holds a ticket for an event, that person is always linked both to Brussels Expo and to the organiser of the event he or she wishes to attend. These two different organisations are therefore both data controllers as defined above.

In order to obtain full information, you are therefore invited to read our privacy policy, on one hand, and, on the other, that of the organiser of the event you wish to attend.

The purpose of this privacy policy is to inform you of the data we collect, the way this data is processed and the reason for such processing.  Through this policy, we inform you of our commitments and your rights concerning the protection of your personal data.

This policy covers all personal data collected by Brussels Expo in the context of all its activities: fairs and shows, congresses, conferences, exhibitions, concerts, festivals and other events using the following means: 

Website www.brussels-expo.com
Website  www.tickets.brussels-expo.be
Website  www.bsf.be
Website  www.palais12.be
Website www.la-madeleine.be
Personal data collected when you take part in a survey or competition

When you give us your personal data by one of these means, or by any other means, you must provide us with correct information about yourself.

Your personal data and your privacy are important to us. It is priority for us that you trust us. We try to process your data lawfully, in a transparent manner, faithfully and responsibly. We make every effort to adopt the appropriate organisational and technical measures to protect your data. Finally, we make an effort to collect as little data as possible while still achieving our aims.

We do not process sensitive data in relation to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, health or a natural person’s sex life or sexual orientation. We do not process genetic or biometric data. If the processing of a so-called “sensitive” data is contemplated,  you would be duly informed in advance.

We do not authorise sales to children aged under 16 and we do not process data relating to children.

The data we collect and process is the data that you have voluntarily given us or one of our subcontractors/partners. For certain operations involving orders, you may give data about yourself to third parties via their own services – specifically when you make payments. We do not hold this data: its collection and processing is governed by the conditions of the parties concerned. We invite you to consult their terms and conditions before giving your data. 

• Data collected: when you wish to order a ticket for an event organised on one of our sites for the first time, we offer you the choice of placing an order with or without creating an account. In either case, we collect the following information:
  • Title: Required identification data
  • First name, Surname: required identification data
  • Address: required identification data allowing when necessary the sending of documents by post
  • Language: data necessary to make communication easier
  • E-mail address: required data allowing communication with you by e-mail and the sending of electronic tickets.
  • Telephone number: required data that allows us to communicate with you in case a problem related to the event occurs. This data will not be used for any other reason.
  • Date of birth: required data allowing us to check the age of our customers, preventing sale to children. This data is also essential for achieving our main purpose which is the development of our sites because an overall view of the age groups of people attending each event helps us to adapt our strategy and programme.
  • Etc.: the reasons for any additional request for data will be provided when this data is collected.
• Purposes: Our main mission is to develop our sites, particularly via the organisation of events on our sites. In the context of achieving our corporate purpose, we collect and process the aforementioned data in order to succeed in our different missions and to offer you an experience and a service that meet your expectations. This information is also essential for identifying you and for implementing our contractual relationship. The processing of this data makes it possible for a personalised ticket and, when necessary, other communication concerning the event to be sent by e-mail. This allows us to promote our activities, notifying you of offers and our programme based on our legitimate interest. Finally, it allows us to evaluate the events organised so we can assess our overall strategy: knowing the age of visitors, location, satisfaction survey, etc.
• Processing: The personal data collected is:
  • Used to create an account in your name (except in the case of quick purchasing)
  • Used to issue an admission ticket for the event 
  • Entered in a structured database
  • Used for various security purposes when you visit one of our sites
  • Given to the organiser of the event for which you have booked an admission ticket who processes this data as a distinct data controller
  • Kept that we can carry out evaluations in order to improve our services
  • As the case may be, your data is used in our direct marketing campaigns (= sending our programme, offers and promotions, etc.), provided you do not object to this
  • Used with a view to compiling statistics allowing us to improve our overall event organisation strategy
  • Used to send satisfaction surveys when needed after an event to evaluate your experience and improve our services

• Performance of a contract: When you buy a ticket on our website, you are bound by a contractual relationship. This justifies the collection and processing of your personal data with a view to implementing the contract: giving you your ticket, allowing you access to the event, giving you information about the event when needed, managing venues, etc. You may cancel the contract binding you at any time.
• Legitimate interest: we have a legitimate interest in processing your personal data for purposes going beyond the context of the contract binding us for instance : promoting our activities You may easily object to this processing at any time.
• Legal obligation: it is possible that we may have to process your data in order to comply with a legal obligation in European Union or Belgian law. You cannot object to this processing.
• Consent: We may ask for your consent for some processing of your personal data. You may withdraw your consent at any time.

We have established the necessary technical and organisational measures, proportional to the risk of breach of your rights, in order to protect your personal data.  Our security measures are regularly assessed and adapted in order to ensure a permanently high level of protection.

We promise not to pass on or sell your personal data to third parties other than our subsidiaries, our processors and our direct partners whose intervention is necessary to achieve the aforementioned purposes.

In the context of the organisation of an event, we share your personal data with:

• The organiser of the event for which you have ordered a ticket. The event organiser is also responsible for processing your personal data. We pass your personal data only to the organiser of an event for which you have ordered an admission ticket and we provide you with the organiser’s privacy policy, when available as soon as your data is collected.
• Processors: We use other companies so that we can organise our activities. These companies process your personal data on the basis of our express instructions. We make every possible and reasonable effort to ensure that our processors process your data in accordance with the applicable legal regulations. Access to your personal data is limited to data strictly necessary for them to perform their tasks. All our processors are within the European Economic Area and are subject to the aforementioned data protection laws.

Your personal data will be sent to a third country only if an event organiser has its headquarters in a third country and no representative in the Union. On the day this charter is published, all the organisers we work with have establishments within the European Union. You will be informed of any data transfer outside the European Union when you order your ticket for an event.

The period for which the personal data will be stored depends on the processing carried out. Your data will be kept by Brussels Expo for five years from your last purchase, except for processing based on our legitimate interest (five years from the last contact with you) and processing justified by the legal obligations we are subject to. We do not keep your payment data.

You are in charge of your data and its processing. We make every effort to ensure your rights are respected. So that you can manage your personal data better, you need to know that you have:

• The right to be informed: The right to be clearly and transparently informed about the processing of your personal data and your acknowledged rights concerning this matter. We try to achieve this by publishing this charter and by being available to provide any additional information you need (by sending an e-mail to the address: [email protected]). 

• Right of access: you have the right to obtain confirmation of whether personal data concerning you has been processed by us and to access this data, as well as any other information relevant to its processing.

• Right to rectification: When you can show that the personal data concerning you is inaccurate or incomplete, you have the right to ask us to complete or rectify it as appropriate, by sending us an additional declaration.

• Right to erasure: In certain circumstances, you have the right to ask us to erase personal data concerning you.

• Right to restriction of processing:  In certain situations you have the right to restrict the processing of your personal data to its storage.

• Right to object: when the processing of your personal data is based on the legitimate interest of Brussels Expo, you have the right to object to this processing at any time.

• Right to data portability: When the processing of your personal data is based on your consent or on a contract and it is carried out by automated means, you have the right to ask for this data in a commonly used, structured format readable by a machine. You can ask for this data to be given to another controller.

We try to comply with your requests to exercise your rights as quickly and efficiently as possible. We inform you, though, that, in certain situations described in the applicable laws on this issue, we have the right to refuse to allow you to exercise certain rights when this is justified by the situation. We try to notify you of our refusal immediately, giving reasons, so you can understand why we cannot proceed with your request.

We are trying to establish a dynamic platform allowing you to exercise your rights at all times. While this platform is being developed, we invite you to exercise your rights by sending an e-mail to the address: [email protected].

Important: before giving us your personal data, bear in mind that, if we receive a request to exercise one of your rights, we have no choice but to give out personal data concerning you. For this purpose, our power to check the identity of the data subject behind the request is limited. In accordance with our principle of restricting data collection to the data strictly necessary for achieving our purposes, we try not to collect additional data in order to verify your identity. We therefore consider that any request to exercise your rights coming from your account or your registered e-mail address is sufficient evidence of your identity. We invite you to register with your own e-mail address and urge you to be careful with securing it.

If there is a problem, you can, of course, contact us at the address [email protected] so that we can help you better. You also always have the right to complain to the data protection authority. Further information on www.dataprotectionauthority.be.

Our privacy notice policy may be extended or adapted in future, for example if there are new developments. We advise you to consult this privacy policy regularly.

Date of the last update: 08/01/2019

• Remember your log-in details
• Make sure you are secure when logged-in
• Make sure that the web site looks consistent

• Enhance the performance of the web site
• Enhance the user experience

• remember the items in your shopping cart
• remember the progress of your order

• Allow you to share and “like”

Certaines pages ou sous-sites utilisent d'autres cookies que ceux décrits ici. Dans ce cas, ces cookies sont décrits dans un avis spécifique. Il est possible que vous deviez donner votre accord pour qu'ils soient stockés.

Vous pouvez contrôler et/ou supprimer des cookies comme vous le souhaitez. Pour en savoir plus, consultez aboutcookies.org. Vous avez la possibilité de supprimer tous les cookies déjà stockés sur votre ordinateur et de configurer la plupart des navigateurs pour qu'ils les bloquent. Toutefois, dans ce cas, vous devrez peut-être indiquer vous-mêmes certaines préférences chaque fois que vous vous rendrez sur un site, et certains services et fonctionnalités risquent de ne pas être accessibles.

Tout litige concernant ce site web et/ou son contenu est soumis aux règles du droit belge et à la compétence exclusive des tribunaux bruxellois.

Le présent site du P12 vise à promouvoir l'accès du public, aux informations relatives à ses activités et ses services.

Notre objectif est de diffuser des informations exactes et à jour. Nous nous efforcerons de corriger les erreurs qui nous seront signalées. Toutefois, le P12 n'assume aucune responsabilité quant aux informations que contient le présent site.

Les informations contenues dans le présent site:

• sont exclusivement de nature générale et ne visent pas la situation particulière d'une personne physique ou morale;
• ne sont pas nécessairement complètes, exhaustives, exactes ou à jour;
• renvoient parfois à des sites extérieurs sur lesquels les services du P12 n'ont aucun contrôle et pour lesquels le P12 décline toute responsabilité;
• ne constituent pas un avis professionnel ou juridique (si vous avez besoin d'avis spécifiques, consultez toujours un professionnel dûment qualifié).

Nous souhaitons limiter autant que possible les inconvénients occasionnés par des erreurs techniques. 

P12 décline toute responsabilité quant aux problèmes de ce type pouvant résulter d'une utilisation de ce site ou de tout autre site extérieur auquel il renvoie.

La présente clause de non-responsabilité n'a pas pour but de limiter la responsabilité du P12 de manière contraire aux exigences posées dans les législations nationales applicables ou d'exclure sa responsabilité dans les cas où elle ne peut l'être en vertu desdites législations.

P12 undertakes to adopt all of the appropriate technical and organisational measures to protect your personal data against destruction, loss, unintended modification, damage, disclosure, access or any other unauthorized processing of personal data.

P12 will not sell your details to third parties and will only make your details available to third parties (with the exception of the companies belonging to the Brussels Expo Group) with our explicit permission in advance.

To guarantee this security, P12 uses a number of features, such as encryption of the communication between the server and your computer, encryption of the password and periodic backups.

The personal information collected may include at least some of the following:

• Contact information (such as name, address, e-mail address and telephone number in a non-business capacity); and
• Demographic information (such as gender and communication language)

We use your personal information to:

• Provide you with personalized services and interactive communication;
• Do all the things necessary to administer those services;
• Research, develop, manage, protect and improve those services;
• Advise you about new products and services that may be of interest to you; and
• Develop and maintain our relationship with you and communicate with you

You can help us maintain the accuracy of your personal information by notifying us of any changes to this information. In the event that you have any questions about BRP’s Privacy Policy or if you request access to or correction or update of your personal information you may contact us any one of the following ways: E-mail

The Website is an original creation, the content and structure of which are protected by copyright or other intellectual property rights. The logos, drawings, images and sounds used on the Website are also protected by copyright. The full or partial reproduction, distribution, translation, modification or integration into another website in any form or by any means whatsoever, without the prior express written consent of P12, is prohibited.