Privacy policy
INTRODUCTION
This privacy policy is drawn up by SRL FRÉDÉRIC DECHAMPS, whose registered office is at Rue de Wansijn 53, 1180 Uccle, registered with the Banque Carrefour des Entreprises under No. 0470.550.661 (hereinafter “we“, “us”, “Lex4u”).
This policy is part of our desire to act transparently, in compliance with the Law of 30 July 2018 on the protection of individuals with regard to the processing of personal data and Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter, the “GDPR“).
The purpose of this policy is to explain how we collect, use and store your personal data. It is important for you to understand that data protection and respect for your privacy are essential values for us, and that we are committed to processing and protecting everyone’s personal data.
By “personal data” we mean all personal data about you, i.e. any information that enables you to be identified directly or indirectly as a natural person.
This policy applies when you visit our website hosted at https://lex4u.com (hereinafter the “website”), when you contact us or when you entrust us with a file.
We reserve the right to modify the provisions of this policy at any time. Any changes will be posted directly on our website.
If you wish to react to any of the practices described below, you can contact us at the address given in the “How to contact us” section of this policy.
WHO IS AFFECTED BY THE PROCESSING OF PERSONAL DATA?
The data subjects of the processing activities (hereinafter, “you”) are all persons whose personal data are processed. In the context of such data processing, Lex4u will always have the capacity of “data controller”, within the meaning of Article 4.7 of the GDPR.
During our business, we may process personal data about several types of people:
- Our clients: The data you send us and the data we receive from opposing parties concerning you are processed as part of the management of your case and certain personal data processing activities;
- Other parties to a case: In the course of managing a case, we may need to process your personal data;
- Candidates: If you send us your CV or contact us to apply for a job, we may also process your personal data;
- Website users: When you visit or interact with our website, we process personal data for various purposes;
- Our suppliers: when we use your services, we need to process certain personal data in order to manage this relationship.
PROCESSING OF PERSONAL DATA AND LEGAL BASIS
“Processing” is “any operation or set of operations which is performed upon personal data or sets of data, whether or not by automatic means“.
Such processing covers the following actions: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The GDPR authorises the processing of personal data provided that it is based on one of the legal bases set out in Article 6.
We have four legal bases for the processing of your personal data:
- Consent: the data subject has consented to the processing of his/her personal data for one or more specific purposes;
- Contract: processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the data subject’s request;
- Legal obligation: processing is necessary to comply with a legal obligation to which the controller is subject;
- Legitimate interests: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail, in particular where the data subject is a child.
FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?
The GDPR also requires that personal data be processed only for specified, explicit and legitimate purposes (Article 5.1, b.).
We process your personal data for the following purposes:
1. FILE MANAGEMENT contractual representation or consultancy |
Data concerned Surname, first name, image, profession, domicile or residence, telephone number, e-mail address, date and place of birth, marital status, national register number and identity card number, bank account number, correspondence, various supporting documents, procedural documents, criminal convictions, criminal offences or related security measures, etc. |
Legal basis The processing is necessary for the performance of the contract, i.e. the mission entrusted to us, or for the performance of pre-contractual measures taken when you intend to entrust us with this assignment (art. 6.1, b) of the GDPR). The processing of certain data is also necessary for the performance of some of our legal and ethical obligations, such as verifying the absence of conflicts of interest (art 6.1, c) of the GDPR). The processing of sensitive data may be necessary for the establishment, exercise or defence of legal claims (article 9.2, f) of the GDPR). If you are a party to a case other than our customer, the processing of your data is necessary to comply with our legal obligations (art 6.1, c) of the GDPR), or is based on our legitimate interest and that of our customer to ensure the defence of its interests (art 6.1, f) of the GDPR). |
Retention period Data relating to your file is kept for a period of 5 years after completion of our mission. |
Recipients This data may be communicated to the other parties or their lawyers, the courts, experts, notaries, advisors, mediators, arbitrators, bailiffs, banking or insurance organisations. In addition, this data is communicated to our service providers (IT service providers and others) and subcontractors. |
2. SUPPLIER CONTRACT MANAGEMENT |
Data concerned Identification data (surname, first name, e-mail, address, telephone number, company number, VAT number), invoices issued and payments and your financial data (bank, account number), and any other data that you transmit as part of the management of our contractual relationship. |
Legal basis The processing of this data is essential for the performance of the contract (article 6.1.b) GDPR). |
Retention period Your data relating to our supplier contracts is kept for a period of 10 years after the end of the last contract between us. |
Recipients This data may be communicated to the tax authorities. In addition, this data is communicated to our service providers (IT service providers and others) and sub-contractors. In the event of a dispute, they may be entrusted to a lawyer, to the other parties or their lawyers, to the courts, to experts or technical advisers, notaries, mediators, arbitrators, bailiffs, banking or insurance organisations. |
3. ACCOUNTING Administrative, accounting and tax management of your file |
Data concerned Identification data (surname, first name, e-mail, address, telephone number, company number, VAT number), invoices issued and payments and your financial data (bank, account number). |
Legal basis The processing of this data is essential for the performance of the contract (article 6.1.b) GDPR), in particular the invoicing of our services. The processing of this data is also necessary for the fulfilment of our legal obligations, in particular under the Code of Economic Law and the VAT Code in tax and accounting matters (article 6.1.c) GDPR). |
Retention period Data concerning you relating to our tax and accounting management is kept for a period of 10 years after completion of the assignment or file. |
Recipients This data may be communicated to the tax authorities. In addition, this data is communicated to our service providers (IT service providers and others) and sub-contractors. |
4. RECRUITMENT Application management |
Data concerned Identification data (surname, first name, e-mail, address, telephone number, date of birth) and any other personal data communicated as part of the application process (CV, covering letter, etc.). |
Legal basis The processing of this data is essential for the performance of the contract and for pre-contractual measures (art. 6.1.b) GDPR). The storage of this data may also be based on your consent (art. 6.1.a) GDPR). |
Retention period Your application details will be kept for a maximum of 3 months. If you expressly give your consent, we may keep this data for a maximum of 2 years. |
Recipients This data may be communicated to the tax authorities. In addition, this data is communicated to our service providers (IT service providers and others) and sub-contractors. |
5. PROMOTION Information to (former) customers about our latest news, training courses and other services |
Data concerned Identification details (surname, first name, e-mail address, address) and occupation. |
Legal basis This data is processed on the basis of our legitimate interest in promoting our services to our customers and persons accessing our services (art. 6.1.f) of the GDPR). |
Retention period Your personal data will be kept until you exercise your right to object (see below). |
Recipients This data is communicated to our service providers (IT service providers and others) and sub-contractors. |
6. PREVENTION AGAINST MONEY LAUNDERING |
Data concerned Identification data, data relating to your identity and copies of identity documents, your company’s shareholding and articles of association and, if required by law, your individual assessment of BC/FT risks and the vigilance measures taken. |
Legal basis The processing of this data is necessary to fulfil our ethical and legal obligations, in particular under the Act of 18 September 2017 on the prevention of money laundering (Article 6.1.c) GDPR). |
Retention period Data concerning you relating to our management of the fight against money laundering is kept for a period of 10 years after completion of the assignment or file. |
Recipients This data is communicated to our service providers (IT service providers and others) and sub-contractors. This data may be passed on to the President of the Bar or to the supervisory authority, as well as to another lawyer if necessary. |
7. LITIGATION AS PART OF OUR LIABILITY Defending our interests in court in the event of a dispute relating to our services or otherwise |
Data concerned Surname, first name, image, profession, domicile or residence, telephone number, e-mail address, date and place of birth, marital status, national register number and identity card number, bank account number, correspondence, various supporting documents, procedural documents, etc.), criminal convictions, criminal offences or related security measures. |
Legal basis This data is processed on the basis of our legitimate interest in protecting our interests (art. 6.1.f) of the GDPR). The processing of sensitive data may be necessary for the establishment, exercise or defence of legal claims (art. 9.2.f) of the GDPR). |
Retention period Data concerning you relating to our management of potential disputes is kept for a period of 10 years after completion of the assignment or case. |
Recipients This data is communicated to our service providers (IT service providers and others) and sub-contractors. This data may be passed on to our lawyer, the other parties or their lawyers, the courts, experts or technical advisers, notaries, mediators, arbitrators or bailiffs, banking or insurance organisations. |
8. FILING / CUSTOMER FEEDBACK / PUBLIC PROCUREMENT Use of our contractual relationship or your feedback to promote our services or respond to a public procurement contract |
Data concerned Surname, first name, profession, position, e-mail address and subject of the application |
Legal basis Data is processed on the basis of your consent (art. 6.1.a) of the GDPR). |
Retention period Your data will be kept until you withdraw your consent. |
Recipients This data is communicated to our service providers (IT service providers and others) and sub-contractors. This data will also be communicated to persons authorised to receive offers of public contracts and private offers of legal services, or communicated on our website. |
9. TRAINING Use of your data to organise, monitor and promote our training courses |
Data concerned Surname, first name, profession, position, e-mail address, professional identification number, image. |
Legal basis Data is processed on the basis of your consent (art. 6.1.a) of the GDPR). Processing is also essential for the performance of the contract between us in connection with the training provided (art. 6.1.b) of the GDPR). |
Retention period We will keep your contact details for this purpose for one year after the course. This period may be longer if you wish to have your participation in our training recognised in order to meet your legal or ethical training obligations. |
Recipients This data is communicated to our service providers (IT service providers and others) and sub-contractors. This data will also be communicated to your company or any other professional organisation where appropriate in the event of recognition or a certificate of participation. |
10. COOKIES Use of cookies or other tracers on our website |
Data concerned Electronic identification data and other data in accordance with our |
Legal basis Data is processed on the basis of your consent (art. 6.1.a) of the GDPR). Some cookies may be necessary for the performance of the service and the presentation of the website (art. 6.1.b) of the GDPR). |
Retention period Each cookie has an expiry date, which we invite you to consult in our . However, cookies in general will have a maximum duration of 13 months. |
Recipients This data is communicated to our service providers (IT service providers and others) and sub-contractors. The exact list of recipients can be found In the . |
WHAT RIGHTS DO YOU HAVE OVER YOUR PERSONAL DATA?
Your rights under the GDPR allow you to retain control over what we do with your personal data and are described below:
HOW TO EXERCISE YOUR RIGHTS
If you wish to exercise any of your rights, you can contact us by various means, at any time, easily and free of charge:
By e-mail: info@lex4u.com
By post: Rue de Wansijn no. 53, 1180 Uccle
In order to help you enforce your rights, and when the context justifies it, we must take all reasonable measures to verify your identity. To this end, where there is reasonable doubt as to your identity, we may ask you to prove your identity by providing us with additional information.
If you do not provide us with this additional information enabling us to identify you, we are not obliged to respond to your requests to exercise your rights if we are unable to identify you.
We undertake to get back to you as soon as possible and, at the latest, within thirty (30) days of receiving your request.
This deadline may be extended by a maximum of two (2) months if your request is complex and/or we are faced with an excess of requests. Should such a situation arise, we will inform you of the reasons for the delay.
LOCATION AND PROTECTION OF YOUR DATA
We implement the appropriate technical and organisational measures to guarantee an adequate level of security for the processing of your personal data, in particular against loss, theft, misuse or alteration of the information received, disclosure or unauthorised use. This level of security is established on the basis of the risks presented by the processing and the nature of the data to be protected.
In the unlikely and unfortunate event that your personal data under our control is compromised as a result of an information security breach, we undertake to act promptly to identify the cause of the breach and to take appropriate remedial action.
If necessary, in accordance with the law in force, we will inform you of this incident.
With certain exceptions, we do not transfer your data outside the European Economic Area. However, if certain processing operations involve transfers outside the EEA, we will ensure that these transfers benefit from an adequate level of protection.
WOULD YOU LIKE TO LODGE A COMPLAINT WITH THE DATA PROTECTION AUTHORITY?
If you feel that your rights are not being respected, it is advisable to contact us directly.
However, you may also lodge a complaint with the Data Protection Authority, whose contact details are as follows:
Data Protection Authority, Rue de la Presse 35, 1000 Brussels |
+32 2 274 48 00
|
|
For further information on complaints and possible means of redress, please consult the information available on the Data Protection Authority website:
https://www.autoriteprotectiondonnees.be.
You also have the option of lodging a complaint with the Brussels Court of First Instance.
APPLICABLE LAW AND COMPETENT COURTS
This policy is governed by Belgian law.
Any dispute relating to the interpretation or execution of this policy shall be governed by Belgian law and shall fall within the exclusive jurisdiction of the French-speaking courts of the judicial district of Brussels.
MODIFICATION
This policy may be corrected, added to or amended at any time for various reasons. The most up-to-date version can be consulted at all times on our website. We invite you to consult it regularly.
Last modified on 03 October 2023