Privacy policy

Feel the heartbeat of history

Gaasbeek Castle is a local service of the Flemish Government.

Gaasbeek Castle may process your personal data in the public interest for the purpose of providing our services. If you do not want us to process your data, would like to know what personal data we process or would like to correct or delete your personal data, please email our data controller, Tess Thibaut. Our data processing policy can be found below.

For more information regarding the privacy policy of the Flemish government, please contact the Data Protection Officer of the Department of Culture, Youth and Media.

General policy on data processing and protection

Gaasbeek Castle respects your rights when processing your personal data. This statement sets out how we collect, process and use your personal data. This privacy statement indicates the general data processing and data protection policy of:

Gaasbeek Castle
Kasteelstraat 40
B-1750 Gaasbeek (Lennik)

Who processes your personal data?

Gaasbeek Castle processes your personal data. In this privacy statement, we use the personal pronoun 'we' to refer to Gaasbeek Castle. Gaasbeek Castle is responsible for processing your personal data as described and explained in this statement. We only process personal data and we only allow personal data to be processed if it is necessary for our operations. We always process the data in accordance with the provisions of the General Data Protection Regulation (GDPR), and with the provisions of federal and Flemish legislation on the protection of natural persons with regard to the processing of personal data.

If you have general questions about how we process your personal data, you can contact the data controller at Gaasbeek Castle by emailing Tess Thibaut. You can also contact this officer with comments and suggestions and to exercise your rights.

When do we collect and process your personal data?

We collect and process your personal data when you request one of our services or contact us in the context of the services we provide. We may also process your personal data if you submit a general question to us.

What data do we process on you?

We process your personal data. Personal data are data that identify you or establish a link with you as a natural person. The specific data we process depends on the services we offer and provide. We only request data necessary for our operations. In addition, we process your identification data so that we can provide our service to you.

How do we collect and process your personal data?

We may request data directly from you, by phone, digitally or through a form or other document to be filled in by you. In the context of cooperation with third parties, we may also receive data if you have given your consent.

What do we process your personal data for?

We process your personal data to provide a service you request from us. In particular, this concerns the services we provide as a recognised museum. More information regarding these services can be found in the Cultural Heritage Decree of 24 February 2017.

What are the principles for processing your personal data?

We process your personal data for our public interest tasks set out in the Cultural Heritage Decree of 24 February 2017. We may process data for non-public activities if you give your explicit consent, if such processing results from a contract you have entered into, or if we have a legitimate interest in doing so. We will then explicitly state the basis on which we process that data.

How long do we keep your personal data?

As a general rule, we are only allowed to keep your personal data for the period during which they are necessary for the provision of certain services. We therefore keep your data for as long as you use our services. After that, we keep your data for the period during which we must be able to account for the services provided. That period is two years. After this period of limitation, the data are deleted, unless they are of historical, cultural or public interest. When keeping data, a distinction is made between the period in which your file is active and the period in which it becomes passive. Your file is active as long as you use the service provided. In this case, staff who need your data in order to be able to perform their task have access to your data during that period. Afterwards, your file becomes passive and only a limited number of staff from the competent service have access to your data.

Do we share your personal data with others?

Your data are mainly processed internally by our staff. We are occasionally required by law or decree to transfer your personal data, and public authorities have the right to request data from us. They must have an authorisation to do so.

Are your personal data transferred outside the European Union?

We do not transfer your data to countries outside the European Union or international organisations. These are countries or organisations located outside the territory of the European Economic Area (European Union + Iceland, Norway and Liechtenstein). We may however do so if we use a cloud service provider. In that case, we will take all possible measures to ensure that your data is protected as stipulated in European, federal and Flemish regulations.

What are your rights?

If we process your personal data in the public interest, you can oppose the processing of your data at any time. In this case we assess whether your individual interests outweigh the public interest we are pursuing with the processing. If we are no longer allowed or able to process your data, it will also no longer be possible to provide you with the service or the benefit you are claiming.

You can always review the data we process about you and, if necessary, have it corrected. To do so, please contact Gaasbeek Castle's data controller, Tess Thibaut. We will ask for proof of your identity to ensure your data are not disclosed to anyone who is not entitled to it. You can also contact this person if you feel that your data is no longer relevant and should therefore be deleted.

If you disagree with the way we process your data, please contact our data controller (Tess Thibaut). You can also contact her if you wish to file a complaint.

Image right

If you attend a Gaasbeek Castle activity, there is a chance that you will be captured on a photograph that will be taken and can be used in a Gaasbeek Castle publication (online or offline). We hereby respect your image rights. For activities for -12-year-olds, we will always seek parental and/or guardian consent.

Camera surveillance

For security reasons, the buildings on Gaasbeek Castle grounds are monitored by cameras in accordance with the law of 21 March 2007 regulating the installation and use of surveillance cameras. The images captured are processed solely for this purpose and are not made available to third parties under any circumstances, except to the police in the cases stipulated by law. Except in specific circumstances provided for in this law or in the implementing decrees, the images will not be kept for more than one month. Any filmed visitor has the right to view the images taken of him and may send a request to

General information

We have the right to change and modify the policy. We shall at all times report changes and modifications via the website.