This is the privacy statement of the law firm Van Eeckhoutte, Taquet & Clesse, drawn up in accordance with the Regulation (EU) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, abbreviated as General Data Protection Regulation (GDPR).
With this privacy statement, we want to provide clear information on how we handle personal data and that we undertake to handle it with care and guarantee your privacy. This means that we will in any case
- process your personal data in accordance with the purpose for which it was provided, as described in further detail below,
- limit the processing of your personal data only to the data that is needed for the purposes for which it is processed,
- ask for your express consent where necessary,
- have taken appropriate technological and organisational measures to protect your personal data,
- not pass on personal data to third parties, unless this is required for the purposes for which it was provided or to comply with a legal obligation,
- be aware of your rights, intend to inform you about them in plain language and respect them.
1. General Information
The controller of your personal data is the lawyer or lawyers of the firm contacted by you. You can, of course, contact your lawyer(s) at any time if you have any questions concerning the data processing.
2. Purpose and grounds for processing
In the context of your request for legal advice and/or assistance in court, your lawyer must process a certain amount of data from and about you. This is data that is necessary for the proper performance of the assignment(s) and assignments that are necessarily closely related to the assignment.
Subject to your consent, your personal data will also be processed for the purpose of sending newsletters and for publicity purposes.
In the context of the client relationship, personal data is processed lawfully on the following grounds:
- the consent of the client (Art. 6.1a GDPR),
- the processing is necessary for the performance of the contract (Art. 6.1b GDPR),
- the processing is necessary for compliance with a legal obligation (Art. 6.1c GDPR).
With regard to the first-mentioned ground for processing, we would like to point out that, according to the GDPR, your consent must be a freely given, specific, informed and unambiguous indication of your intention by which you accept, by means of a statement or an unambiguous active act the relevant processing of your personal data.
If the processing is based on consent, it must be possible to prove that you have given your consent for the processing of your personal data.
The request for consent must be presented in a comprehensible and easily accessible form and in clear and simple language, where appropriate with a clear distinction between each item.
You have the right to withdraw your consent at any time. The possible withdrawal of your consent will not affect the lawfulness of the processing based on the consent before the withdrawal.
3. Personal data that we process
We collect only the personal data that you yourself communicate to us, directly or indirectly (e.g. through the intervention of another lawyer or the trade union).
We will at least collect and process your personal identification data (surname, first name, date of birth and gender), your contact data (address, e-mail address, work/private telephone number), your invoicing data and your national register number and/or company number.
If you fall within the scope of the money laundering legislation, we are obliged to identify you and to request, verify and retain a number of documents proving your identity by means of a copy of your identity card. Where appropriate, we are obliged to ask you about the origin of funds or assets. In case of a company, we are obliged to request the list of its directors (natural person). For more information on money laundering legislation, please refer to our general terms and conditions.
Furthermore, all data is collected that is necessary for a proper execution of the assignment(s) entrusted to Van Eeckhoutte, Taquet & Clesse. This may include data relating to your employment relationship or your family situation. We need your bank account number to process your payments.
If necessary, this may also include so-called "sensitive data", such as medical images, laboratory reports, biological sample data, letters and written reports from the doctors who treated you, data relating to your criminal record or criminal offences, or data relating to your race, sexual orientation, union membership or religious, philosophical or other convictions.
If our order concerns a minor, we can only process the personal data if there is written consent from the parent(s), guardian or legal representative.
Of course, the data entrusted to us is collected and used with your consent and in compliance with the GDPR.
4. Passing on your personal data to third parties
If required within the framework of the performance of the assignment, your personal data will be passed on to third parties, such as government authorities, individuals of the legal profession, opposing parties and their counsel(s), insurance companies (e.g. legal aid), other lawyers, etc.
We do not sell or trade your personal data to third parties, nor do we pass it on to third parties for commercial purposes.
We have concluded a processor's agreement with companies that process your data on our behalf in order to ensure the same level of security and confidentiality for your data.
5. Method of processing and security
There is no question of automated decision-making regarding your personal data. In concrete terms, this means that no decisions are made on the basis of automated processing (by computer programs or systems, without human intervention) about matters that could have (considerable) consequences for people.
Van Eeckhoutte, Taquet & Clesse has taken appropriate technical and organisational measures to protect your personal data against unlawful processing.
For example, all lawyers, as well as other members of the firm, are informed about the importance of protecting personal data and are bound by confidentiality. We have a user and password policy on all our systems, and we make backups of personal data which can be restored in case of technical incidents.
Personal data is stored on paper and digitally. Access to the office is secured and only members of the office have access to the building. The digitally processed data is also subject to security: it is contained in a database to which a username and password are linked and that database can only be consulted by accessing the office's network system, which is also secure.
6. Retention period
Your personal data is logically stored until the conclusion of the assignment and subsequently for a period of at least ten years.
After the expiry of a period of ten years after the file has been closed, the paper documents are, in principle, destroyed.
The digitally processed data is, however, retained on the basis of a legitimate interest (e.g. client database). This mainly concerns the minimally processed personal data.
7. Your rights and our obligations
In accordance with articles 13 to 15 of the GDPR, you have the following rights:
- right to information and access to, inter alia, the processing purposes and the legal basis of the processing, the recipients or categories of recipients of the personal data, the period during which the personal data will be kept, the rights to which you are entitled,
- right to rectification (i.e. correction, if your data is incorrect or incomplete),
- right to data erasure (also called "forgetfulness"),
- right to restriction of processing,
- right to data portability,
- right to object on grounds relating to your specific situation,
- right not to be subjected to a decision based solely on automated processing.
The aforementioned rights are not absolute and Van Eeckhoutte, Taquet & Clesse reserves the right to determine whether your request is justified. Your right to be informed does not apply if you already have (or could reasonably have) this information, if this data must remain confidential by virtue of professional secrecy and if providing this information proves impossible or would require a disproportionate effort, in particular when processing for archiving in the public interest, scientific or historical research or statistical purposes. Your right to update and/or delete your data does not apply if a legal obligation requires the retention of this data or if the data is necessary for the exercise of the right to freedom of expression and information or for the establishment, exercise or substantiation of legal claims.
The above rights can be exercised in a written and substantiated manner by sending a request to your lawyer.
Your lawyer will provide you with information on how the request was handled without delay but at least within one month of receiving it.
Depending on the complexity of the requests and the number of requests, this one-month period may be extended by two months if necessary.
Your lawyer will notify you of such an extension within one month of receipt of the request. If you make your request electronically, the information will be provided electronically where possible, unless you request otherwise.
If your lawyer does not comply with your request, he/she will inform you of this immediately, but not later than within one month of receipt of the request, of the reasons for non-compliance and how to lodge a complaint to a supervisory authority and an appeal to a court of law.
When requests are clearly unfounded or excessive, especially due to their repetitive nature, your lawyer will refuse to comply with the request. If necessary, the lawyer reserves the right to charge a reasonable fee for the administrative costs involved in fulfilling the request(s).
You also have the right to lodge a complaint with a supervisory authority, more specifically with the Belgian Data Protection Authority (being the successor of the Privacy Commission), with its registered office at rue du Mail 35, 1000 Brussels (tel.: 02/274.48.00).