Gehören Sie zu einer Regierungsorganisation und können nicht auf die Beam-App zugreifen?
Mehr erfahrenUnsere Datenschutzerklärung und Datenschutzinformationen für BEAM Benutzer.
BEAM government secure communications
Last modified: 22/02/2026
Your privacy is important to us. All personal data we receive from you is processed in accordance with the applicable data protection regulations, in particular the General Data Protection Regulation 2016/679 of 27 April 2016 ("GDPR"), as well as this privacy statement.
This privacy statement provides you with further information regarding which personal data we process, why we process it, how we obtain it, how long we retain it, and with whom we share it. In this privacy statement, you will also find more information on how you can exercise your rights.
The data controller for your personal data is the following legal entity: Belgian Secure Communications ("BSC").
Should you have any questions regarding the processing of your personal data, you can contact our Data Protection Officer (DPO) at any time:
We may process your personal data in the context of:
Below you can find, for each of these purposes, which personal data we process, why we process it, how we obtain it, how long we retain it, and with whom we share it.
In the context of using the BEAM government secure communications application, we process personal data of users that are necessary for registration, access to, and use of BEAM government secure communications, as well as for the periodic re-verification of the access conditions. This includes identification and contact data such as (first) name, professional email address, phone number (for validation via SMS code), username, and BeamID. If desired, an image can be set as a profile picture.
Additionally, we also process cryptographic keys, the full name of the linked server, and your encryption password. The latter, however, is not stored on the servers. We may also process metadata (specifically BeamID, profile name and photo, timestamps, account type, names and topics of chat groups, and event ID) at rest, as well as device data (specifically IP addresses, App and OS versions, browser data, device model, and session ID).
The content of private and group communications is encrypted both at rest and in transit; in other words, it is not accessible to BSC.
The processing of these personal data aims to identify and authenticate users, to verify whether they meet the access conditions (including the required status as an employee of government agencies in Belgium), to create and manage accounts, to enable secure private and group communication, to send push notifications, to prevent abuse, and to ensure the security, integrity, and correct operation of BEAM government secure communications.
The legal basis for this processing is the performance of a task carried out in the public interest with which BSC is entrusted, specifically facilitating secure communication between Belgian government employees and ensuring information security, as provided for in the Royal Decree of 17 July 2024 regarding the establishment and missions of Belgian Secure Communications (Article 6, §1, (e) GDPR). To the extent that certain processing operations are additionally necessary for the performance of the user agreement with the user, the processing is also based on Article 6, §1, (b) GDPR. For processing operations necessary to guarantee the security of the application and prevent abuse, we process personal data because we need them to perform our legally mandated tasks. These processing operations are based on Article 6, §1, (e) GDPR.
We obtain these personal data directly from the user upon registration and during the use of the application, or through processes in the context of re-verification and security.
Personal data are retained according to their nature and the purpose of the processing. Account data are retained for as long as the account is active and are deleted within 30 days after the termination of the account. In the event of temporary deactivation (e.g., sick leave), access can be blocked and the status "deactivated" is displayed.
Registration and validation data (such as email and telephone verification) are retained for 1 year after unsubscription. The content of communication and associated metadata and log data are automatically deleted after 10 years. Data for push notifications are not stored after transmission.
If legally required or necessary in the context of security incidents or disputes, personal data may be stored for a longer period.
We share these personal data exclusively on a need-to-know basis with third parties involved in the technical management, hosting, and security of BEAM government secure communications, as well as with competent government agencies or judicial authorities if legally required. Additionally, solely for verification purposes, we may share your registration status with the competent government agencies to verify whether you meet the required status to use BEAM government secure communications.
For the purposes of the phonebook function within BEAM government secure communications, we process personal data of users who choose to be (fully or partially) findable by other users. This concerns identification and contact data such as username (display name), professional email address, BeamID, and basic profile information, depending on the visibility settings chosen by the user.
The processing of these personal data aims to allow users to search for and contact each other within BEAM government secure communications, to facilitate internal communication between users, and to support the correct and secure operation of the application, taking into account the visibility chosen by the user (public, discreetly findable via email address, or hidden). The choice not to be publicly visible has no adverse consequences during the use of BEAM government secure communications. It does, however, mean that a person can only be involved in a conversation with difficulty unless their exact email address or user ID is known.
The legal basis for this processing is the user's prior consent for inclusion in the phonebook or for findability via email address (Article 6, §1, (a) GDPR). The user can change or withdraw this consent at any time via the settings of the BEAM government secure communications application.
We obtain these personal data directly from the user.
Personal data are retained as long as the user has an active account and has enabled the relevant visibility option. Upon modification or withdrawal of consent for visibility, the data will be adjusted or deleted accordingly without unreasonable delay.
We do not share the personal data processed for the purposes of the phonebook function with third parties, except for IT and service providers involved in the technical management of BEAM government secure communications, and exclusively on a need-to-know basis.
In the context of the contact and reporting point for BEAM government secure communications, we may process personal data of users and other persons (e.g., authorities) who wish to contact BSC or report (suspected) abuse, illegal content, violations of the terms of use, or other irregularities related to the use of BEAM government secure communications. This includes identification and contact data (such as name, email address), the content of the report or the contact request, any supporting evidence, as well as technical and contextual data necessary for handling the report or following up on the contact request.
The purpose of processing these personal data is to receive, register, investigate, and handle reports and contact requests, to prevent and combat the abuse of BEAM government secure communications, to comply with obligations arising from applicable regulations, including the Digital Services Act, and to ensure the secure, integral, and lawful operation of the application.
The legal basis for this processing is compliance with a legal obligation, specifically the Digital Services Act (Article 6, §1, (c) GDPR), as well as the performance of a task carried out in the public interest regarding secure digital services (Article 6, §1, (e) GDPR).
We obtain these personal data directly from the reporter, or via the application, email, or other communication channels made available by BSC.
Personal data are retained for as long as necessary for the handling and follow-up of the report or complaint, and thereafter for a maximum period of 5 years.
We share these personal data exclusively on a need-to-know basis with persons or parties involved in handling the report, including IT service providers and, if legally required or justified, competent government or judicial authorities.
When you visit our website https://beam.belgium.be, or use the BEAM government secure communications application, we process your personal identification data (IP address and cookies). This processing allows us to ensure the operation and security of our website and application, including the prevention of abuse and spam.
In the context of technical management, troubleshooting, and the security of BEAM government secure communications, BSC may also process telemetry data, including technical information about the functioning of the application, such as error messages, crashes, used functionalities, system configuration, and network performance. These data are processed exclusively to ensure the security, stability, and correct operation of BEAM government secure communications.
Additionally, BSC may analyze usage and telemetry data in aggregated and anonymized form, for the sole purpose of improving the performance, reliability, and security of the website and the BEAM government secure communications application.
The legal basis for placing essential and functional cookies is our legitimate interest in offering and improving a well-functioning and user-friendly website (Art. 6, §1, (f) GDPR). Analytical cookies are only placed if you have given your consent (for more information, see our Website Cookie Statement or BEAM government secure communications).
We obtain these personal data directly from you as a result of using our website or the BEAM government secure communications application.
The expiration date varies per cookie, and you can change your cookie preferences at any time (for more information, see our Website Cookie Statement or BEAM government secure communications).
We only share these personal data with IT and software vendors with whom we collaborate for our website and the BEAM government secure communications application. Third-party cookie providers may also have access to information processed through their cookies.
In the context of managing potential disputes, we may process your personal identification data (name, address, email address), professional data, and any other information that may be relevant to the management of a (potential) dispute.
The processing of these personal data allows us to defend our legitimate interests in all forms of dispute resolution and to handle the administration thereof.
The legal basis for processing your personal data is based on our legitimate interest in safeguarding our rights (contractual and non-contractual, legal, and others) (Article 6, §1, (f) GDPR).
We obtain these personal data directly from you or through third parties.
For dispute management purposes, we retain your personal data for up to 5 years after the expiry of the last period for appeal, plus a verification period of 1 year.
We only share these personal data with third parties with whom we collaborate in the context of dispute management (external legal advisors, debt collection agencies) and with other parties if necessary (authorities, courts and police services, judicial officers). Additionally, third parties with whom we collaborate for the storage and management of our data also have access to these personal data (IT providers).
BEAM government secure communications is hosted and managed within the European Economic Area (EEA). All communication content is end-to-end encrypted, ensuring that neither BSC nor third parties have access to this content.
BSC has implemented appropriate technical and organizational measures to guarantee the confidentiality of your personal data and to protect your data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. This includes, among other things, end-to-end encryption of all messages, attachments, and calls exchanged via BEAM government secure communications, managed keys, audits and patch management, access restrictions, logging, and awareness-raising of BSC employees regarding information security, data protection, and related internal procedures.
Data exchange with third parties only takes place if and to the extent necessary for the operation of BEAM government secure communications or if legally required, for example, in the context of judicial proceedings or the legal investigative powers of competent authorities. Your personal data will under no circumstances be shared with third parties for marketing or other commercial purposes.
A transfer to a third country may only take place if a legal obligation requires it. In such cases, BSC ensures that this transfer occurs in accordance with Chapter V of the GDPR, so that your data enjoys an equivalent level of protection there as well.
Although reports may be automatically generated via system rules, decisions regarding the restriction, suspension, or termination of accounts are made exclusively manually by authorized administrators. Consequently, there is no automated decision-making involved.
The aforementioned personal data may be shared in the context of an organizational or administrative restructuring of the government, when another government agency or entity takes over the relevant tasks and the associated processing operations for the same purpose.
You can always contact us to exercise the following rights:
If you wish to exercise the aforementioned rights, we may ask you to justify your request and/or provide us with proof of identity.
You can contact us at any time via the following channels:
We respect all rights regarding your personal data to which you are entitled under applicable law. Given the secure nature of BEAM government secure communications and its exclusive professional use by employees of government agencies in Belgium, it is, however, technically and operationally impossible to transfer a user account and the associated communication data to another communication application.
If you believe that BSC has not processed your personal data in accordance with applicable regulations, you have the right to lodge a complaint with the Data Protection Authority:
Data Protection Authority Rue de la Presse 35 1000 Brussels contact@apd-gba.be https://www.dataprotectionauthority.be
This privacy statement may be amended from time to time, within the limitations of applicable data protection regulations. You always have access to the most current version via our website and application.