Privacy (GDPR)

  • Privacy (GDPR)
    • Please check our Privacy Policy page first !
      Do refer to our Privacy Policy in which we provide further information about how we process your personal data.

      Below are a set of answers to some frequently asked questions.

      If you cannot find the answer to your questions regarding the protection of personal data in our privacy policy or in the below list, kindly send your question to

    • What is the GDPR?
      The General Data Protection Regulation is a European Regulation that came into force on 25 May 2018. The regulation lays down rules concerning the 'protection of natural persons with regard to the processing of personal data and on the free movement of such data'.

      The GDPR replaces the outdated Data Protection Directive of 1995, which is no longer technologically relevant (Big Data, Cloud, Social Media, …). Moreover, each Member State interpreted this Directive differently, resulting in fragmentation and ambiguity.

    • How will the GDPR affect me?
      You will receive more information from us about how we process your personal data. In addition to the rights you already had based on the existing privacy rules, you can now also contact us to have your personal data deleted or to request an electronically legible copy of the personal data you provided to us.

      More specifically, you can now choose whether you wish to receive or not commercial proposals (‘Direct Marketing opt’).

      Previously you indicated (in My SNCB for example) whether you agreed to SNCB contacting you with:

      • information;
      • promotional information; and/or
      • requests to participate in surveys.

      Now you can choose whether you wish to receive proposals and questions pertaining to our products.

      If you gave your consent in the past to receive promotional information or if you consent to the new direct mail opt-in as of 25 May 2018, we may ask your opinion or send you commercial proposals relating to our products and services. We will obviously stop doing this as soon as you revoke your consent.

      In any event, we will e-mail you basic information (e.g. information about Infrabel works in your region which may impact services). Should you not/no longer wish to receive this information, then you can always inform us by sending an e-mail to Please bear in mind that we will no longer notify you that your subscription is about to expire.

      You can (always) re-register to receive promotional and/or basic information. There are various channels at your disposal for this.

    • Your privacy policy states that you will retain my personal data for a limited period of time. How does this work?
      We effectively do not retain your data any longer than necessary for the purpose for which they were collected. In some cases, the law enforces a minimum retention period. We try to apply this rule where possible, but in some cases, we are required to retain your data for a longer period of time. You can find further information about the duration that specifically applies to your situation in our privacy policy.

      If your personal data were collected before the GDPR came into force on 25 May 2018, then the retention period will effectively commence on this date. We will do our utmost to delete any personal data that have been in our possession for quite some time as soon as possible. In so doing, we will take due account of the retention period, to be calculated from the time that we collected your data, based on the risk associated with your personal data.

      For personal data collected from 25 May 2018 onwards, the term will start on the day the data was collected.

      We may need several business days to delete this data as it must be deleted from our active databases and from the copies and back-ups of these databases.

    • Which (additional) confidentiality/security measures were taken (GDPR)?
      We undertake to take all the reasonable and appropriate technical and organisational measures needed to protect your personal data from unwanted destruction and/or loss, involuntary modifications, deterioration or disclosure.

      SNCB and HR-Rail (the legal employer of SNCB and Infrabel employees) have each appointed a Data Protection Officer (“DPO”). They will ensure that these extensive privacy rules are implemented.

      SNCB also ensures that only those individuals who effectively need to process these personal data for their professional activities at SNCB, have access to your data.

      SNCB will conduct a Data Protection Impact Assessment (“DPIA”) for all important existing methods and all new processing methods. With the help of our Data Protection Officer, we will determine whether the privacy regulations are complied with and whether our customers' personal data is sufficiently protected at all times. We will immediately take action, dealing with any issues that are raised as a result of this, as we may not process your data otherwise.

      We will do this according to additional measures, inspired by the GDPR, in combination with the existing measures.

    • Which privacy-related questions can I ask you (GDPR)?
      You can contact us by e-mail to (or using any other means of written communication) to
      • receive an overview of the categories of data we process (‘right to access’);
      • have incomplete or inaccurate personal data rectified;
      • inform us that you do not/no longer wish us to use your personal data for a specific purpose or automatically process it (‘right to object’);
      • to inform us that you wish all the personal data concerning you to be erased from our databases (‘right to be forgotten’); and/or
      • receive an electronically legible copy of your data (‘data portability’).
      We will not always be able to fulfil your requests. In that case, we will also explain why we were unable to do so.

      You can always inform us that you no longer wish to receive direct marketing or that you wish to revoke the consent you previously gave us to process your data.

      Please note: The applicable response periods will only begin after you have submitted a complete request. Should you wish to exercise your right to access, or your right to rectification or to be forgotten, then kindly append a scan/copy of your eID so we can be certain that you are effectively exercising the rights to your personal data!

      Changes to incorrect journey or passenger data when you purchase online tickets (not to subscriptions or Go Unlimited) are not allowed.
    • Which aspects of your privacy (GDPR) can you manage yourself using My SNCB?
      You can also manage most of your personal data with your My SNCB account on our website. In that case, you select a unique login e-mail address.

      After your account is confirmed and after receipt of a password, you can use this account to renew seasonal tickets, request certificates for tax purposes, … and manage your own data (change of address) and Direct Marketing preference.

      You cannot modify all your personal data yourself however. We will do this for you, after your submit the required documents (proof of identity) and send us a clearly-worded request at

      Please note: If you registered for our My SNCB service, then we automatically assume that you are using this account – until you notify us to the contrary at Deleting this account will affect our service to you. Over time, some of this My SNCB data will no longer be useful for other processing purposes.

    • Do I require further GDPR-related information?
      If you were unable to find a satisfying answer to your question in our Privacy Policy, then you can e-mail your question to You can also use this e-mail address if you wish to file a complaint about how we process your personal data. And if you find these answers unsatisfactory, you can also lodge a complaint with the Belgian Data Protection Authority (the former Privacy Commission).

Cookie Policy

By using the NMBS/SNCB website you consent to the use of cookies in accordance with our cookie policy. For more information about the cookies we use and manage, please read our full cookie policy.