Skip to main content
Belgian government logo

Privacy statement

Back to Homepage

Privacy Statement MyGov.be  - 1.0 – 11 January 2024

1. General

The app MyGov.be and the MyGov.Be website are developed by the FPS Policy and Support (“FPS BOSA”).

MyGov.be is an application or App that you can install on your mobile device.

The aim of MyGov.be is to facilitate access to public services through a simple and secure identification tool. The App also allows you to request and receive documents from the government easily via the function Loket (Counter), store them securely and communicate securely with the government via My eBox, the mobile version of My eBox.

MyGov.be is also a digital key that allows you to authenticate yourself online to access government services. You can prove that it is you with a reliably high confidence level. More information about digital keys can be found here: https://csam.be/en/egov-profile.html .

In the future, the App will allow for the possibility to apply qualified electronic signatures.

The MyGov.be website is used in the context of activation of the MyGov.be application. You can also manage your activated MyGov.be application(s) via the website and contact the helpdesk for support.

The functionalities of MyGov.be are being further developed. We will inform you via service announcements of the arrival of new features in a timely manner.

The most up-to-date information about the operation and functionalities of the app Mygov.be  can be found on the website : www.mygov.be .

For the operation of the MyGov.be application and website, it is necessary to process personal data. FPS BOSA takes your rights regarding data processing seriously and processes your personal data according to the provisions prescribed by the GDPR and other regulations on the protection of the processing of personal data.

In this privacy statement, FPS BOSA explains data processing in the context of MyGov.be application and website.

For information and general questions about how FPS BOSA processes your personal data, you can always contact the data protection officer of FPS BOSA at dpo@bosa.fgov.be.

2. Access to MyGov.be

Application MyGov.be

  • Download the App from the Apple App Store or the Google Play Store.
  • To activate MyGov.be, follow the activation procedure. You will have to identify yourself via the Federal Authentication Service, using your electronic identity card or the itsme application, according to your own choice.

Website MyGov.be :

3. Data processing

There are seven basic processes involved in activating and using the MyGov.be application:

  1. Installation and activation (mandatory part of activating and using the MyGov.be application).
  2. Logging in via the Federal Authentication Service (FAS) using the digital key (optional - only if the user chooses to do so with their MyGov.be application).
  3. Receipt of eBox messages (optional - only if the user chooses to do so with their MyGov.be application).
  4. Receipt of documents or data via the Counter (Loket) (optional - only if the user chooses to do so with their MyGov.be application).
  5. Use of the "Documents" functionality to store data and documents in the application on the user's device (optional - only if the user chooses to do so with their MyGov.be application).
  6. Managing the activated MyGov.be applications via the MyGov.be website (optional – only if the user chooses to do so).
  7. Support from the helpdesk by sending a contact form via the MyGov.be website (optional – only if the user chooses to do so).

4. For what purposes are personal data processed?

Processing is necessary for the following purposes:

  1. Installation and activation of the MyGov.be application on the mobile device and use of the website MyGov.be.
  2. MyGov.be functions as the user's mobile identity, with which they can connect to services (digital key).
  3. MyGov.be allows users to read their messages in their eBox (if they have chosen to activate an eBox).
  4. MyGov.be is a Loket/Counter that gives users access to government digital services and enables them to communicate with them (Counter).
  5. The MyGov.be application is also a secure safe on the device where the user can store digital documents.
  6. You can manage your activated MyGov.be applications yourself via the MyGov.be website.
  7. You can request support from the helpdesk via the MyGov.be website using a contact form

The overall aim is to offer citizens a secure, reliable and mobile application that gives them access to existing services and enables them to store the documents they receive securely on their own device and under their own control.

The application is also linked to an ongoing European initiative: Regulation (No. 910/2014) on electronic identification and trust services will soon require Member States to offer a digital wallet to all citizens, residents and businesses in the European Union. In this “European digital identity wallet”, the national digital identity can be linked to personal “attributes”, such as driving licence, diplomas and the like.

The Belgian government wishes to make a proactive commitment to achieving this objective through the Belgian digital wallet in the form of the MyGov.be application. The MyGov.be application should also go on to play the role of European digital identity wallet in Belgium. The architecture and privacy protection measures therefore already take maximum account of the European guarantees required in terms of confidentiality and security.

5. What personal data are processed?

As part of the installation, activation, use and management of the MyGov.be application (for authentication, My eBox, the Counter and the 'Documents' function), the following personal data are processed by the various players:

  • Identification data
    • Technical identification numbers
    • National register number
  • National register data
  • Digital key
  • Declaration of agreement to the general terms and conditions and privacy policy
  • Profile settings (language selection)
  • Type of mobile device
  • Data regarding the management of the activated MyGov.be application via the MyGov.be website
    • Crash report data regarding the MyGov.be application (if consented to by user)
    • Logging data

Analytical and functional logging data regarding the MyGov.be application (if consented to by user)

Logging data relating to the installation, activation and use of the MyGov.be application (audit trail)

If a user activates his eBox, the following categories of personal data are also processed:

  • eBox activation and status (i.e. whether the user has an active eBox)
  • Messages and documents accessible via the eBox function, both the metadata and the content of these messages.
    • Messages, containing all possible categories of personal data, are exchanged in accordance with the terms and conditions of the eBox system. The categories of personal data, as for eBox in general and for any other generic communication platform, cannot be determined further, as they depend on the content of the communication. This potentially also concerns sensitive categories of personal data.
    • The content of messages and documents is accessible only to the sender and the recipient (= user of the MyGov.be application). The MyGov.be data centre services have no mandate or capacity to read, analyse or process the content in any other way.

Insofar as the user uses the Loket/Counter function, the following categories of personal data are also processed:

  • All possible categories of personal data may be exchanged, both the metadata and the content of these messages, in accordance with the terms of the data provider's online application. As with eBox, the categories of personal data cannot be determined further, as they depend on the nature of the Counter services and the data concerned.  This potentially also applies to sensitive categories of personal data.
  • The content of the data is only accessible to the communicating organisation (i.e. the organisation that makes the data and any services available via the Counter) and to the user of the MyGov.be application. The MyGov.be data centre services have no mandate or capacity to read, analyse or process the content in any other way.

Insofar as the user uses the Documents function to store data and documents, the following categories of personal data are also processed:

  • All possible categories of personal data can be processed and stored, both the metadata and the content of these messages, since the "Documents" function makes it possible to store data from the Counter (which does not limit the scope of personal data). This potentially also concerns sensitive categories of personal data. The content of the data, once stored in the "Documents" function, is only accessible to the user through their PIN code. No party without the PIN code can decrypt the data.

Finally, to the extent that the user uses the contact form via the website MyGov.be to ask a question to the helpdesk, the following categories of personal data are additionally processed:

  • Identification and contact data
  • Data about the request and any other data that is passed on

6. Who is responsible for processing?

The MyGov.be application is accessible to all citizens who wish to install and use the application. These citizens have therefore explicitly opted for the application and have given their explicit consent to the activation and use of the application for the purposes indicated above.

Installation, activation and use of the MyGov.be application are entirely voluntary, according to the user's choice, unless a particular regulation imposes an obligation to use the MyGov.be application. Apart from this particular situation, government services remain available via channels other than the MyGov.be application.

Citizens choose the information/documents they wish to consult and save via the MyGov.be application.

The MyGov.be application and the personal data present on the MyGov.be application are entirely under the citizen's control. No MyGov.be partner has the procedures or technical tools to read the personal data contained in the application. From this point of view, the MyGov.be application is a local tool that citizens can use as they wish.

The data centre components of the MyGov.be application are coordinated by FPS BOSA as service integrator, which acts as data controller for this integration and for the processing required to initialise and activate the application.

The interfaces (other than data centre components) through which the data are received by the partners at the request of the citizen, as well as all subsequent processing, are the responsibility of the respective public authorities who organise these transfers of personal data and their subsequent processing as part of their mandate (as for other e-government initiatives).

The specific responsibilities per processing operation can be described as follows:

Processes 1 and 2 - Installation, activation and digital key generation

The processing of personal data in connection with onboarding and the creation of the digital key takes place as part of the operation of FAS/CSAM (https://csam.be/fr/egov-profiel.html). The data are processed with the explicit consent of the person concerned, who must accept the conditions of use and read the privacy statement.

Activation of the application requires the creation of a digital key.

FPS BOSA is responsible for processing the data for the purposes of identifying and authenticating the holder of the digital key (Article 9 of the Law of 18 July 2017 on electronic identification).

Processing 3 - eBox

FPS BOSA is responsible for the processing of personal data necessary for the management and proper functioning of the eBox it offers (Article 9 of the Act of 27 February 2019 on the electronic exchange of messages via the eBox).

With regard to the processing necessary for each individual supply of documents, the users/senders who make documents available via the eBox are the data controllers. (Art. 10 of the Act of 27 February 2019 on the electronic exchange of messages via the eBox)

Activation of the eBox functionality requires the consent of the data subject.

Processing 4 - Counter

The body responsible for managing the data source (possibly an authentic source) which makes information, or other services, available to the user via the Counter, is the controller of the data processing operations consisting of the collection, storage, management and communication of the personal data contained in its sources to the user of the MyGov.be application.

FPS BOSA acts as an integrator of federal services and is responsible for the processing necessary to make the data available.

Use of the Counter functionality requires the initiative and consent of the data subject.

Processing 5 - Documents

The data subject chooses whether or not to use the "Documents" function, including the storage, management and use of personal data stored in the Documents function. Measures are always taken to protect the user against incidents, as will be explained below. The data subject is responsible for the data they store and process in the MyGov.be application. However, the data subject is not responsible for the data processing as such, since the storage of their own documents on their own device must be considered as processing for purely personal or domestic purposes, to which the GDPR does not apply (pursuant to Art. 2.2). c) of the GDPR).

Processing 6 - Management of the activated MyGov.be applications via the MyGov.be website

The functionality of managing the activated MyGov.be applications via the MyGov.be website is offered by FPS BOSA as controller for the processing of data for the purpose of identifying and authenticating the holder of the digital key (Article 9 of the law of 18 July 2017 on electronic identification).

The management of the activated MyGov.be applications requires the initiative and decision of the person concerned.

Processing 7 – Helpdesk support

The possibility of support from the helpdesk via a contact form on the website is offered by FPS BOSA as controller for the processing of data in the context of offering digital keys for identification and authentication of the data subject (Article 9 of the law of 18 July 2017 on electronic identification).

The request for support requires the initiative and decision of the person concerned.

7. Retention period

Citizens can independently determine how long they want to keep the data they store on their device, and can choose at any time to delete certain data or completely remove the MyGov.be application, including all stored data, from their device.

Local storage of data on the MyGov.be application is also device-specific: if the user loses or replaces the device, they will have to activate a new MyGov.be application (if they so wish) and load new data. It is up to the owner of the MyGov.be application to save the eBox or Counter data in the 'Documents' functionality.

These are therefore only stored on a specific device, without synchronisation or storage in a central storage location. Consequently, the retention period is determined by the holder (if they delete the data or the Application) or is in practice linked to the average period of ownership of a specific smartphone (if it is faulty or replaced).

The data necessary for the proper technical functioning of the MyGov.be application, in particular technical identification numbers, activation and installation data and profile data, are only kept by the data centre components for the duration of the activation of the application.

The retention period for data processed by the Federal Authentication Service (specifically the National Register number and the digital key) and by the eBox system is determined by the rules applicable to these systems. For more information on FAS/CSAM: https://csam.be/en/egov-profile.html  and eBox: https://myebox.be/fr.

The data processed by FPS BOSA as federal service integrator for access via the Counter function are not stored centrally and are only kept for the time necessary to allow technical access, in accordance with the legal mandate of the federal service integrator.

Data processed to check the stability of the application and to take corrective measures is kept in anonymised form for a maximum period of 6 months.

Logging data relating to the installation, activation and use of the MyGov.be application is kept for a period of 10 years, as evidence in the event of a dispute.

The data processed in the context of a request for support from the helpdesk via the contact form on the website will only be retained for the duration of the processing of the request for support. They will be deleted after 2 years after the request has been processed.

8. Forwarding

Data are exchanged between the parties concerned in accordance with this privacy statement. FPS BOSA uses subcontractors for the processing of personal data, more specifically subcontractors who provide our ICT infrastructure. These subcontractors are obliged to comply with the applicable regulations regarding the protection of natural persons with regard to the processing of personal data.

The personal data processed in the context of MyGov.be will not be passed on to other parties by the FPS BOSA.

9. Use of cookies

The MyGov.be application that is installed on your mobile device does not use cookies. Analytical and functional log data will only be processed if the person concerned has given his consent, see above.

The MyGov.be website does use cookies. For more information about the cookie policy, see: (https://mygov.be/help/cookie-policy).

10. Data security

FPS BOSA commits to taking all appropriate technical and organisational measures to protect your personal data against destruction, loss, inadvertent alteration, damage or disclosure.

MyGov.be has a privacy-by-design architecture:

  1. FPS BOSA discloses third-party data to MyGov.be without interpreting its content.
    • FPS BOSA communicates with external sources, but data from these sources are not stored centrally. They are only processed temporarily to enable posting. They are only stored in the application on your device.
    • The same approach applies to all functions, including identity functions. Based on MyGov.be, it can be determined that you are still the same user but not who you are.
    • External sources can offer users services based on a technically neutral identification number within MyGov.be or obtain identification through the Federal Authentication Service.
  2. The mobile application offers safeguards to maximise end-user privacy:
    • The user decides which data and services they wish to access from the application.
    • Communication with the application is via predetermined components that are also secured for this purpose.
    • Data on the phone is encrypted, guaranteeing that it can only be read again with the right application on the right device, and by the right user.

11. Your rights as a user

You have several rights when processing personal data, particularly:

  • the right to access your personal data;
  • the right to correct your personal data;
  • the right to have your personal data deleted;
  • the right to withdraw your consent and the right to object to processing.

Any request to exercise your rights should be addressed to the relevant data controller. Please note that exercising certain rights may result in the application no longer being able to be used.

In MyGov.be, FPS BOSA is only responsible for specific processing operations. Requests to exercise your rights can be addressed to the data protection officer of FPS BOSA. This can be done by emailing dpo@bosa.fgov.be. FPS BOSA may ask you for proof of your identity to ensure the right person is being helped.

For other processing operations for which other government bodies or institutions are data processing controllers, FPS BOSA cannot determine whether or not your request can be acted upon.

The information found on MyGov.be may be inaccurate, outdated or incomplete. This means that the government service or body managing this information does not have accurate information. You can submit a request to the competent body to correct this information.

12. Changes

FPS BOSA reserves the right to change the Privacy Statement at any time to provide you with the necessary information about processing personal data. Changes to the Privacy Statement will be announced via MyGov.be.  This Privacy Statement was last amended and reviewed on 11 January 2024.

13. Complaints

If you have a complaint, question or concern regarding our processing of your personal data, please contact our data protection officer (DPO):

DPO – FPS BOSA
Simon Bolivarlaan 30
1000 Brussels
dpo@bosa.fgov.be

If you consider it necessary, you can lodge a complaint with the Data Protection Authority (APD-GBA), Drukpersstraat 35, 1000 Brussels. www.gegevensbeschermingsautoriteit.be