Privacy statement (GDPR)
What does Reprobel do?
Reprobel is a collective management organisation (CMO). It manages copyrights and legal remuneration rights of copyright holders on behalf of authors, publishers and (in some cases) other right holders.
Reprobel does so within the framework of ‘legal licences’ or on the basis of mandates from other management companies or individual beneficiaries (usually authors and editors). Reprobel currently manages the following legal licences: remuneration for photocopying and the related legal remuneration of publishers for photocopies; remuneration for education and scientific research (paper copies and certain electronic uses); and remuneration for public lending which public libraries must pay for their collections and loans. Reprobel also offers an additional licence for prints and digital re-use in the private and public sectors on a mandate basis.
Reprobel provides licences for professional users in the private sector (companies, non-profit associations, copy centers, the self-employed, liberal professions, etc.), the public sector and the education and scientific research sector.
Reprobel distributes all the remunerations it receives among the beneficiaries (usually through their CMOs), after deduction of its operating costs and provisions and reserves which it must establish legally or on the basis of its own organic documents.
Reprobel acts according to a strict regulatory framework and under the supervision of the Monitoring Department for collective management organisations that is part of the Federal Ministry of Economy.
Within the framework of its legal and statutory mission, Reprobel processes the personal data of natural persons.
They can be natural persons who are users or beneficiaries, for instance, but also natural persons acting as a contact for a legal person (company, public institution, educational establishment, scientific research institute, etc.).
What personal data does Reprobel process?
Reprobel processes personal data that is reasonably necessary to accomplish its mission under a legal licence, and for the preparation or execution of licence contracts (users), mandate agreements (Belgian CMOs/beneficiaries) and representation agreements (foreign CMOs).
For instance (for natural persons / self-employed), it could be your surname, first name and contact details, your Reprobel customer number, your choice of language, your company number or your VAT number, your bank account number, your login for Reprobel portals, etc. However, it could also be Reprobel’s communications with you as a user or beneficiary. Reprobel does not process any sensitive personal data (except for its own staff members) in terms of the GDPR.
Within the framework of legal licences, users are generally obliged to send Reprobel certain contact details. Other personal data aren’t legally compulsory, but if you don’t provide them, this can seriously delay or be detrimental to the processing of your declaration or the execution of your contract and even mean that you don’t fulfill, or not completely or within the time limit, your legal or contractual obligations.
Legal basis and purpose of the processing
Processing within the framework of envisaged contracts or existing contracts (licence contracts, mandate agreements, representation agreements, etc.) is the main legal basis of Reprobel’s processing of data.
In some cases, Reprobel also processes personal data on the basis of the law itself, chiefly within the framework of declarations and contracts relating to the legal licences it manages (i.e. your contact details and the basic parameters required for the calculation of the remuneration).
If necessary, Reprobel shall request your additional, explicit and specific consent to process your personal data in accordance with the GDPR. If consent is given, it can in principle be electronically removed free of charge, unless there is of course another legal basis for the processing.
In some cases, Reprobel can also process your data on the basis of a ‘legitimate interest’. For instance, Reprobel can inform you of new licences – issued by itself or other CMO partners – that may be of interest to you. Reprobel shall always do so within reasonable limits and never aggressively or if you don’t wish to be informed.
More generally, Reprobel only processes personal data that relates directly or indirectly to the collection and distribution of the remunerations it manages, and to its statutory and legal mission as a (central) CMO.
Personal data source
Reprobel primarily receives the personal data it processes from the natural persons concerned.
However, Reprobel can legally request information from public authorities such as the VAT administration and the Federal Department of Social Security (ONSS / RSZ).
Reprobel also consults private sources, for instance, specific company databases, but only if they are useful to its mission and operation.
Reprobel can also receive personal data from partner CMOs in Belgium and abroad and process them with a view to collecting and distributing remunerations.
Duration of processing
Reprobel doesn’t keep the personal data it processes longer than necessary for the purposes of processing.
In principle, Reprobel doesn’t keep personal data for more than five years as of the date it received the data, unless it is the subject of an ongoing contract.
In any case, personal data are deleted within the legal time limit and conservation period of 10 years which is applied to the collective management of copyright, or after three years as of the date of the final settlement of a dispute for which the data were kept, depending on which period is the longest.
Reprobel doesn’t keep the personal data of its members of staff for more than five years after the end of the employment contract, unless there is a dispute concerning the latter. If this is the case, the three-year time limit referred to in the previous paragraph shall apply.
At most, Reprobel keeps the personal data it processes up to date and deletes or rectifies them if necessary.
Security of personal data
Reprobel guarantees the integrity, security and confidentiality of personal data, both on a technical and organisational level.
As a CMO, Reprobel is legally bound by the obligation of professional secrecy.
Reprobel saves important/sensitive personal data on its own secure servers or the secure servers of a third party.
Processing by/transferring to external partners
Reprobel primarily processes personal data itself (both internally and externally for the purposes of information and communication). Reprobel only transfers personal data to external partners if necessary to accomplish its legal and statutory mission. For instance, these are its IT service providers, consultants/lawyers, representative, Belgian and foreign CMOs and official authorities such as the Monitoring Department for collective management organisations.
Transferring personal data to foreign CMOs (also outside the EU) within the framework of concluding and executing representation agreements is absolutely necessary for Reprobel to execute its mission and the mandates in its power. It is also in the interest of the beneficiaries whom Reprobel represents directly and indirectly.
Here you will find a list of Reprobel’s foreign partner CMOs that can process personal data on its behalf. If Reprobel transfers personal data to a partner CMO outside the EU which isn’t on the list of ‘secure countries’ (within the framework of the GDPR), it shall impose all the appropriate security guarantees in this respect.
Reprobel shall ensure to the greatest possible extent that the external partners processing personal data on its behalf, or that are (jointly) responsible for processing the data, respect the GDPR provisions. For this purpose, it shall conclude ‘processing agreements’ with the most important partners.
Your rights under the GDPR
Reprobel guarantees and facilitates the exercising of your rights under the GDPR as the natural person concerned (right to be informed, right of access, right to a copy, right to rectification, right to erasure, right to restrict processing, right to object, right to data portability).
You can exercise your rights free of charge and electronically using the contact information provided below. Reprobel shall only charge you administration costs if the request is disproportionate.
A complaint or a question about your personal data?
Your point of contact at Reprobel for any questions, requests or complaints on the processing of your personal data is: Ramon Diaz-Peres – firstname.lastname@example.org.
If you have a complaint about Reprobel, you can also submit it to the supervisory authority. In Belgium, this is the Data Protection Authority or DPA. This is the new name of the former privacy commission. You can also always file an appeal with the national courts.
Version of this privacy statement
This page was last updated on 11 March 2020.