Last updated on: 2^nd April 2019

1. To whom does this Privacy Statement apply to?

The Council of Bureaux is an international organisation operating under the aegis of the United Nations Economic Commission for Europe (UNECE) and coordinates the Green Card System. The Green Card System is an international recognition scheme of Motor Third Party Liability (MTPL) insurance, linked to an authorisation for National Motor Insurers' Bureaux to handle claims resulting from road traffic accidents caused by foreign vehicles. The CoB is also acting as a Secretariat for the entities organised in accordance with European Union law: Compensation Bodies, Guarantee Funds and Information Centres in 31 Member States of the European Economic Area (EEA).

The CoB is the controller for the data regarding the website visitors and the CoB’s events participants and the processor for the personal data displayed regarding some of the claims representatives in accordance with Article 21 of Directive 2009/103/EC[1]. The CoB is processing the personal data as safely and reasonably as possible and in strict compliance with the applicable data protection legislation, including the General Data Protection Regulation (GDPR).

This Privacy Statement covers:

• The Claims Representatives, the contact details of which are displayed on the CoB’s website;
• CoB’s website visitors; and
• CoB’s events participants (CoB Academy Basic, CoB Academy Advanced or IMIC).

We recommend that you read this Privacy Policy in full to ensure you are fully informed. If you have any questions about this Privacy Policy or CoB’s data collection, use, and disclosure practices, please contact us via at privacy@cobx.org.

2. What is the scope of this Privacy Statement?

The CoB has created this document to describe how the CoB processes personal data, what and why it processes, to whom this data is disclosed, what are your rights and who to contact for more information or inquiries.

3. What personal data does the CoB collect and why?

• Contact details of claims representatives and their relationship with the insurers;

The processing of this data is in accordance with Article 21 of the Directive 2009/103/EC. This data is collected and disclosed to the CoB by the Information Centres.

• Contact details of the CoB’s events participants for the CoB Academy Basic and CoB Academy Advanced;

The collection of these contact details is necessary for the organisation of the event.

With reference to the cookies used by the website of the CoB, more information is available here.

4. When and how is the personal data shared and what are the locations of processing?

The CoB will only share personal data with others when it is legally permitted to do so. When the CoB will share data with others, it is under contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.

Personal data held by the CoB may be transferred to:

• Third party organisations that provide applications/functionality, data processing or IT services to us

The CoB uses third parties to give support in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services.

• Law enforcement or other government and regulatory agencies or to other third parties as required by law, and in accordance with, applicable law or regulation

Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

5. Data subject’s individual rights

Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights.  Where/when?wheter? the CoB decides how and why personal data is processed, the CoB is a data controller according to Article 4(7) of the GDPR and include further information about the rights that individuals have and how to exercise them below.

5.1. Right of access

You have the right to obtain from us confirmation as to whether or not personal data concerning you/your personal data? are processed, and, where that is the case/in that case/if so?, you have the right to request and get access to that personal data in accordance with applicable law. We will aim to respond to any requests for information promptly, and in any event within the legally required time limits (which is currently set for 30 days). You can do this by sending an e-mail to as at: privacy@cobx.org.

5.2. Right to rectification

You have the right to obtain from us the rectification of inaccurate personal data that was submitted to us and you have the right to provide additional personal data to complete any incomplete personal data. You can do this by sending us an e-mail at: privacy@cobx.org.

5.3. Right to erasure

In certain cases, you have the right to obtain from us the erasure of your personal data. You can do this by sending us an e-mail at: privacy@cobx.org.

5.4. Right to withdraw your consent

Where we process personal data based on consent, individuals have the right to withdraw consent at any time. We do not generally process personal data based on consent (as we can usually rely on another legal basis). To withdraw consent to our processing of your personal data please email us at privacy@cobx.org.   

5.5. Right to filing complaints

You have the right to file complaints with the applicable data protection authority on our processing of your personal data.

You have the right to lodge a complaint with the Belgian data protection regulation, which is the Belgian Privacy Commission. You can find more information about it at the following address: https://www.privacycommission.be

6. Security

The CoB takes the security of all data it holds very seriously. The CoB has a framework of policies, procedures and training in place covering professional secrecy, data protection, confidentiality and security and regular review of the appropriateness of the measures it has in place to keep the data secure.

The CoB may update or modify the security measures periodically provided that such updates and modifications do not result in the degradation of the overall security of the services.

7. Data retention

The CoB will retain the personal data for as long as it is necessary to fulfil the purposes we collected it for, including for purposes of satisfying any legal, accounting or reporting requirements.

8. Changes to this statement

The CoB recognises that transparency is an ongoing responsibility so this privacy statement will be kept under regular review.

The CoB encourages you to periodically review it to be informed of how the CoB is protecting your information. For your questions please contact us at: privacy@cobx.org.