Personal data are kept in the Individual Credit Register (ICR) for the purposes of:
- providing lenders with information to assist them in assessing the creditworthiness of potential borrowers;
- providing the National Bank of Belgium (NBB) with data in its capacity as the supervisory authority, so that it can properly assess financial sector risks; and
- scientific, statistical and other activities of the NBB pursuant to the Act of 22 February 1998 on the fundamental organisation of the Bank (such as monetary and other policies and prudential supervision).
Data subject rights
Individuals recorded in the Individual Credit Register (ICR) are informed of the processing of their data as follows:
- an express mention in the loan or credit agreement itself;
- a letter from the National Bank of Belgium upon inclusion on the “blacklist” for the first time.
Data subjects have the right to:
- consult the data pertaining to them in the ICR free of charge;
- request that lenders rectify data relating to them in the ICR which they can prove are incorrect; a lender is required by law to correct erroneous data;
- contact the Economic Inspectorate of the FPS Economy or the Data Protection Authority (if they believe that their data are being processed in violation of the data protection legislation).
The NBB cannot make any changes to the information contained in the ICR. Any modifications must be made by lenders.
Data protection officer
The NBB has a data protection officer.
You can contact the DPO should you, for example, wish to exercise your rights or if you have questions about the protection of your data.
National Bank of Belgium
c/o Data Protection Officer
Boulevard de Berlaimont 14
Processing of personal data
The NBB processes personal data in accordance with the following legislation:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or GDPR);
- Articles VII.148 to VII.157 of the Code of Economic Law (“CEL”);
- the royal decree of 23 March 2017 governing the Individual Credit Register (ICR).