Privacy notice

Version 23.02.2024

Thank you for your interest in Visit Limburg!

The protection of your personal data is extremely important to us. We make every effort to protect your privacy and ensure that you can safely entrust your personal data to us. We always handle personal data in a secure and discrete manner and appropriate protective measures have been taken to avoid loss, changes, unauthorised access and/or any other unlawful processing of your personal data.

We want to be transparent about how we process your personal data and what we do with your personal data. You can read more about this in this privacy statement.

Who are we?

Toerism Limburg VZW, with registered office at 3500 Hasselt, Universiteitslaan 3 and registered in the Kruispuntbank van Ondernemingen under number 0420.092.944 (RPR Antwerp, Hasselt division) (hereinafter, 'TL', 'we' or 'us').

You can contact us using the following contact details:

Data protection officer :
Monard Law BV, acting as independent external DPO
Gouverneur Roppesingel 131| 3500 Hasselt | +32 11 28 15 00

We always process your personal data in accordance with the applicable legal provisions for the protection of personal data, including the Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter, the 'GDPR'), and applicable national implementing legislation.

Some terms explained

For the purposes of this privacy notice, 'personal data' means any information relating to an identified or identifiable natural person ('the data subject'). An identifiable person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more elements characterising the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. In other words, it is any information on the basis of which a person can be identified. This includes, for example, your name, first name, date of birth, telephone number and e-mail address, as well as your IP address. 

The term "processing" is very broad and covers, among other things, the collection, recording, organisation, storage, updating, modification, retrieval, consultation, use, dissemination, combination, archiving and erasure of data.

Controller of your personal data ("controller")

TL is responsible for processing your personal data.

We are, as the GDPR calls it, the "data controller" of your personal data. Specifically, this means that TL, possibly jointly with others, determines the purposes and means of processing your personal data.


We do not aim to collect personal data from individuals under 16 years of age. These young people may not transfer personal data to us without the consent of the person who has parental responsibility or make a declaration of consent.

Your privacy rights

To give you more control over the processing of your personal data, you have many rights. These rights are set out, among others, in Articles 15-22 GDPR.

You have the following rights:

  • The right to access the personal data we process about you (Art. 15 GDPR):

You have the right to find out from us at any time whether or not we are processing your personal data. If we process them, you have the right to inspect these personal data and receive additional information on:

  1. the purposes of processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipients (in particular recipients in third countries);
  4. the retention period or, if that is not possible, the criteria for determining that period;
  5. the existence of your privacy rights;
  6. the right to lodge a complaint with the supervisory authority;
  7. the source of the personal data if we obtain personal data through a third party;
  8. the existence of automated decision-making.

If we cannot give you access to your personal data (e.g. because of legal obligations), we will let you know why this is not possible.

You may also obtain a free copy of the personal data processed in an intelligible form. Please note that we may charge a reasonable fee to cover our administrative costs for each additional copy you request.

  • Right to data erasure ('right to oblivion') (Art. 17 GDPR):

You can ask us to erase your personal data in certain cases. In that case, however, you should bear in mind that we can no longer provide you with a service if you so wish. Please also note that your right to oblivion is not absolute. We have the right to continue storing your personal data when necessary for, among other things, the performance of the contract, the fulfilment of a legal obligation or the establishment and exercise or substantiation of legal claims. We will inform you in more detail in our response to your request.

  • Right to rectification and supplementation (Art. 16 GDPR):

If your personal data is incorrect, outdated or incomplete, you can ask us to have these inaccuracies or incompleteness corrected.

  • Right to transferability of your personal data (Art. 20 GDPR):

Under certain conditions, you also have the right to have us transfer the personal data you have provided to us for the performance of the contract or for which you have given your consent to another data controller. To the extent technically possible, we will transfer your personal data directly to the new controller.

  • The right to restrict processing (Art. 18 GDPR):

If any of the following applies, you may request us to restrict the processing of your personal data:

  1. you dispute the accuracy of those personal data (in this case, their use will be restricted for a period that allows us to verify the accuracy of the personal data);
  2. the processing of your personal data is unlawful;
  3. we no longer need your personal data for the original processing purposes, but you need them for the establishment, exercise or defence of legal claims;
  4. until a decision has been made on the exercise of your right to object to the processing, you may request that we restrict the use of your personal data.
  • The right to object (Art. 21 GDPR):

You may, based on your particular situation, object to the processing of your personal data if such processing is in our legitimate interest or in the fulfilment of a task of public interest. We will cease processing your personal data in this case, unless we can demonstrate compelling and legitimate grounds for the processing which outweigh your interests, or if the processing of the personal data is related to the establishment, exercise or substantiation of a legal claim.

  • The right not to be subject to automated decision-making (Article 22 GDPR):

You have the right not to be subject to a decision made solely on the basis of automated data processing that significantly affects you or has legal consequences and is made without substantial human intervention.

You cannot invoke this right in three situations:

  1. if a law allows it (e.g. to prevent tax fraud);
  2. if the decision-making is based on an explicit consent of the data subject; or
  3. if it is necessary for the conclusion, or performance, of an agreement (please note, here, we always weigh up on a case-by-case basis whether there are less privacy invasive methods to conclude or perform the agreement).
  • The right to withdraw your consent (Art. 7 GDPR):

If your personal data are processed on the basis of your consent, you can withdraw this consent at any time upon simple request.

Exercising your rights

To exercise these rights, please contact us using the contact details under the heading "Who are we?". To verify your identity, we will ask you to send a copy of the front of your identity card.

You can exercise all these rights free of charge, unless your request is manifestly unfounded or excessive (e.g. due to its repetitive nature). In this case, we are entitled to charge you a reasonable fee or refuse to act on your request.

Retention of your personal data

We will retain your personal data for as long as it is necessary to fulfil its intended purpose. You should note that numerous (legal) retention periods result in personal data being (required to be) stored. To the extent no retention obligation exists, data is routinely deleted after the purpose for which it was collected has been achieved.

In addition, we may retain personal data if you have given us permission to do so or if we may need this data in the context of legal proceedings. In the latter case, we need to use certain personal data as evidence. For that purpose, we retain certain personal data in accordance with the statutory limitation period, which may be up to 30 years; the usual limitation period in connection with personal legal actions is 10 years.

Sources of personal data

We process personal data that you provide to us spontaneously. If additional personal data are required, it will be communicated whether or not you are obliged to provide them and what the consequences are if you do not provide them. Failure to provide personal data may result in us being unable to provide our products and services to you.

Categories of recipients

Within our organisation, we ensure that your personal data are only accessible to individuals who need them to fulfil contractual and legal obligations.

We will only disclose your personal data to third parties in accordance with legal provisions or if you have granted consent for such disclosure. In certain cases, our employees are supported by external service providers in performing their tasks.

Furthermore, we do not disclose personal data to third parties unless we are legally obligated to do so (e.g., disclosure to government agencies such as supervisory or law enforcement authorities).

In particular, we identify the following categories of recipients:


(i)         Governments or regulatory authorities when requested in the context of compliance with a judgment or order, legislation, regulation, standard, or legal procedure.

Transfers to third countries outside the European Economic Area ("EEA")

We only transfer your personal data to processors or controllers in third countries to the extent that we are legally entitled to do so or if it is necessary to process a case.

To the extent that such transfers are necessary, we take the necessary measures to ensure that your personal data are highly protected and that all transfers of personal data outside the EEA are carried out lawfully.

Security of your personal data

The security of your personal data is important to us. We have implemented reasonable and appropriate technical and organisational security measures to protect your personal data against accidental or intentional manipulation, loss, destruction, or unauthorised access. We always keep your personal data in a secure location so that third parties do not have access to your personal data.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to us via the internet. Any transmission of personal data is at your own risk. When we transfer or receive your data on our website, we always use encryption technologies that are recognised as proven standards.


We do our utmost to protect your personal data. If you have a complaint about how we process your personal data, you can notify us using our contact details as provided at the beginning of this privacy statement so that we can address it as soon as possible.

You can also file a complaint with the supervisory authority for data protection. The authority overseeing our organisation is the Data Protection Authority, with the following contact details:


Contact details:

Data Protection Authority
Drukpersstraat 35, 1000 Brussel
+32 (0)2 274 48 00
+32 (0)2 274 48 35

Any Further Questions?

Feel free to contact us by phone, email, or mail using the contact details under the heading "Who are we?". We will be happy to answer your questions.


To address feedback or reflect changes in our processing activities, we may amend this privacy statement from time to time. Therefore, we invite you to regularly consult the latest version of this privacy statement on our website.