This Policy is set by:
Paul Muylaert
Rue Defacqz 73
paul.muylaert@paulmuylaert.be
CBE number : 0885.641.276
Hereinafter, “the firm” or “we”, “our”.
We take great care to protect the personal data and privacy of any person who contacts us. We act in complete transparency, in accordance with the relevant domestic and international legislation, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as the “General Data Protection Regulation” or “GDPR”).
This document on personal data protection describes how we process your data and the rights you can exercise with regard to the data relating to you as a data subject.
We reserve the right to amend this policy at any time, among other things to comply with any regulatory, legal or technological developments. We ask you to read this document on a regular basis.
You can comment on any of the practices described below by contacting us at: rgpd@paulmuylaert.be
1. WHY AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA?
The purposes and the legal basis of our data processing will differ, depending on the data we collect and process and the categories of data subjects.
The firm processes your data:
Processing |
Purpose |
Legal basis |
Managing the defence of our clients’ interests and requests |
We process data in the context of requests (audits, consultation notes, opinions) and the defence of our clients’ interests, whether legal entities or natural persons. |
This processing is necessary:
We may also process sensitive data (special categories of personal data) whenever necessary for the establishment, exercise or defence of legal claims, pursuant to the provisions of Article 9 §2.f. of the GDPR. |
Administrative management of our clients’ cases |
We process data to fulfil our contractual or pre-contractual obligations towards our clients, whether legal entities or natural persons. |
This processing is necessary:
|
Accounting management |
We process personal data for billing purposes. |
This processing is necessary to comply with our legal obligations as defined by the Belgian Code of Economic Law and the Belgian VAT Code on tax and accounting (Article 6.1.c. of the GDPR). |
Pre-contractual relationship management |
We process personal data to respond to requests and/or questions from our clients (e.g. via the contact form on our website), or to services offerings and CVs. |
This processing is necessary to implement pre-contractual measures (Article 6.1.b. of the GDPR) so as to enable or facilitate a future contractual relationship. |
Supplier management |
We process personal data in the context of our contractual obligations to our client. |
This processing is necessary:
|
Communication and newsletter management |
We process data to communicate information about our business. Our legitimate interest is to offer and promote our services and/or to share information with our clients that is consistent with what they can reasonably expect from us in the context of our current or future relationship. |
This processing is necessary to pursue our legitimate interest, where we have balanced this interest against the interests or fundamental rights and freedoms of our clients (Article 6.1.f. of the GDPR). You are free to object to this processing at any time by contacting us at: rgpd@paulmuylaert.be |
Potential dispute management |
We may use personal data to defend our legal interests in the event of a dispute. |
This processing is necessary to pursue our legitimate interest, where we have balanced this interest against the interests or fundamental rights and freedoms of our clients (Article 6.1.f. of the GDPR). We may also process sensitive data (special categories of personal data) whenever necessary for the establishment, exercise or defence of our legal rights, pursuant to the provisions of Article 9 §2.f. of the GDPR |
2. WHAT PERSONAL DATA DO WE PROCESS AND WHERE DO THE DATA COME FROM?
We only collect personal data that is appropriate, relevant and limited to what is necessary for the purposes for which it is processed. Depending on the purpose, data is collected differently.
Below, we detail the personal data we collect about our clients, why we collect it and how we collect it.
Processing |
Collected and processed data |
Collection method |
Managing the defence of our clients’ interests and requests |
Family data (first names and surnames of children, parentage, marital status, etc.) Personal characteristics (age, sex, date of birth, nationality, country of origin, mother tongue, language(s) spoken, etc.) Professional information (profession, degree, career, etc.) Financial data (account number, tax assessments, household composition or any documents proving a client’s financial situation) Special categories of personal data, including data concerning health, criminal convictions or offences, racial or ethnic origin, political opinions, religious beliefs, trade union membership and/or sexual orientation. In general, all the data necessary for the establishment, exercise or defence of our clients’ legal interests. |
Either directly from you as our client. Or from a third party, such as:
Or because you or a public authority have made the data publicly available. |
Administrative management of clients’ cases |
Personal identification data (first name, surname, address, telephone number, company number, identity card) Electronic identification data (email address) Photograph (identity card) |
Either directly from you as our client. Or from a third party, such as:
Or because you or a public authority have made the data publicly available. |
Accounting management |
Personal identification data (first name, surname, address, telephone number, company number) Electronic identification data (email address) Financial data (account number) |
Either directly from you as our client. Or because you or a public authority have made the data publicly available. |
Pre-contractual relationship management |
Personal identification data (first name, surname, telephone number) Electronic identification data (email address) Data you provided to enable us to assess whether we can deal with your case or request. In addition, in the event of recruitment:
|
Directly from you as our client.
|
Supplier management |
Personal identification data (first name, surname, address, telephone number, company number, order number) Financial data (account number) |
Either directly from you as our client. Or because you or a public authority have made the data publicly available (Banque Carrefour des Entreprises [Crossroads Bank for Enterprises]). |
Communication and newsletter management |
Personal identification data (first name, surname, address, telephone number) Electronic identification data (email address) |
Either directly from you as our client. Or because you have made the data publicly available. |
Dispute management |
Personal identification data (first name, surname, address, telephone number, company number) Electronic identification data (email address) Professional information (profession, degree, career, etc.) Financial data (account number, notice of assessment and household composition or any documents proving your financial situation) Special categories of personal data, including data concerning health, criminal convictions or offences, racial or ethnic origin, political opinions, religious beliefs, trade union membership and/or sexual orientation. In general, all the data necessary for the establishment, exercise or defence of our clients’ legal interests. Photos or images. |
Either directly from you as our client. Or from an insurance company. Or because you or a public authority have made the data publicly available. |
3. WHOM DO WE SHARE YOUR PERSONAL DATA WITH?
All data sharing is carried out in compliance with professional secrecy, the rules of conduct and this document.
The data listed above is accessible to members of the firm’s team and any fellow lawyer, acting as a co-worker or specialist lawyer, or any technical advisor to the extent strictly necessary for the performance of the firm’s obligations.
For the purpose of defending your interests, in accordance with the mandate you have given us and insofar as necessary, we communicate your personal data to the competent judicial or administrative authorities or legal officers.
We may pass on this personal data to opposing parties to defend your interests, and to the extent necessary only.
We may also share your data with banking or insurance organisations for the purpose of defending your interests, in compliance with professional secrecy and insofar as necessary.
We may be obliged to pass on personal data to third parties by law, by virtue of a decree or other regulations we must comply with.
We may also share certain data with our co-contractors, defined as “subcontractors” within the meaning of the GDPR, insofar as necessary for the operation of computerised or non-computerised applications or management systems the firm uses.
At all times, we ensure the protection of your data through confidentiality agreements.
We share your data with the following service providers:
Type of service provider |
Location |
Email solution providers |
In Europe |
Mailing solution providers |
In Europe |
IT solutions and infrastructure and system maintenance providers |
In Europe |
Hosting/Cloud service providers |
In Europe |
Accountants and financial service providers |
In Europe |
Banks/Insurance companies |
In Europe |
Third-party insurer |
In Europe |
Legal aid office (Bar) |
In Europe |
Lawyers – staff – trainee lawyers |
In Europe |
The French- and German-speaking Bar Association (Avocats.be) |
In Europe |
Copy service providers |
In Europe |
Social media |
In Europe |
External staff |
In Europe and outside Europe |
Other: …. |
In Europe |
For security reasons, the list of subcontractors, their field of activity, the purpose for which the data is processed and, where applicable, the country where the data is processed and hosted is not available on our website but can be provided at the data subject’s request.
4. HOW LONG DO WE RETAIN YOUR PERSONAL DATA FOR?
The storage period of personal data varies, depending on the purposes for which the data is processed. This period is limited, taking into account any storage obligations imposed by law.
Processing |
Period |
Managing the defence of our clients’ interests and requests |
The storage period is 5 years from the end of the relationship with the firm. |
Administrative management of our clients’ cases |
The storage period is 10 years from the closing of the case. |
Accounting management |
The storage period is 7 years from the year in which you were first invoiced. |
Pre-contractual relationship management |
The data is deleted immediately, with the exception of CVs, which we may keep in our recruitment database for one year. |
Supplier management |
The storage period is 7 years from the year in which you were first invoiced. |
Communication and newsletter management |
The storage period is 2 years from our last contact. |
Dispute management |
The data is deleted after the enforcement of the judgment or the final settlement of the dispute. |
5. DO WE TRANSFER PERSONAL DATA OUTSIDE OF THE EUROPEAN UNION?
Transfers of data to a country outside of the European Union or the European Economic Area are permitted only, if and when:
- The European Commission has issued a decision establishing that this country provides an adequate level of data protection, i.e. equivalent to that ensured by the European legislation. Personal data will be transferred on this basis.
- The transfer is covered by an appropriate safeguard providing a level of data protection equivalent to that provided for by the European legislation, such as the Commission’s standard contractual clauses, a code of conduct, certification, binding business rules, consent.
In the absence of an adequacy decision or appropriate safeguards, a transfer or a set of transfers of personal data to a third country shall remain possible if such a transfer is necessary for the establishment, exercise or defence of legal claims pursuant to Article 49.1.e of the GDPR.
6. HOW DO WE PROTECT YOUR PERSONAL DATA?
At all times, we ensure an adequate level of technical and organisational security of your personal data to protect it against data breaches, including loss, destruction, public disclosure, unauthorised access or misuse. However, if you become aware of a data breach or suspect a data breach, we ask you to contact us without delay.
For security reasons, the list of subcontractors, their field of activity, the purpose for which the data is processed and, if applicable, the country where the data is processed and hosted is not available on our website but can be provided at the data subject’s request.
7. WHAT RIGHTS DO YOU HAVE AND HOW CAN YOU CONTACT US?
Unless forbidden under Belgian law, including the GDPR, or the information is covered by professional secrecy, you are free to exercise the following rights:
- The right of access, including the right to know that the firm is processing your personal data;
- The right to receive a copy of the data processed;
- The right to rectification of the data processed;
-
The right to withdraw consent;
- The right to object to the processing of your personal data, including when your personal data is processed on the basis of our legitimate interest;
- The right to limit the processing of processed data;
- If you dispute the accuracy of the data. Pending assessment of the interests involved before exercising the right to object to the processing of certain personal data.
- If the processing of your personal data is unlawful, but you do not wish to exercise your right to have the data erased.
- If we no longer need your personal data but you need it in the context of a legal action.
- The right to have processed data erased;
- The right to portability of the data processed;
- The right to lodge a complaint with the Belgian Data Protection Authority: www.autoriteprotectiondonnees.be Rue de la Presse 35, 1000 Brussels Tel: +32 (0)2 274 48 00 Fax: +32 (0)2 274 48 35 Email: contact@apd-gba.be For more information on complaints and possible redress, please refer to the following page of the Belgian Data Protection Authority: https://www.autoriteprotectiondonnees.be/citoyen/agir/introduire-une-plainte
We will respond to your request without undue delay and at the latest within one month of receipt and will inform you of the action we have taken.
Depending on the complexity of the request and the number of requests we receive from other people, this period may be extended by two months. In that case, we will notify you to that effect within one month of your form having been received.
When providing this information, we are at all times obliged to take the rights and freedoms of others into account.
You may exercise your rights by contacting the firm at the following email address: rgpd@paulmuylaert.be.
We ask you to include all the necessary documents or information to prove your identity, failing which we may contact you to request proof of identity, such as a copy of your identity card, so as to enable us to respond to your request.
Lastly, we reserve the right to refuse requests to exercise a right if they are manifestly unfounded or excessive, particularly because of their repetitive nature, or to charge you a reasonable fee that reflects the administrative costs incurred in providing or communicating the information, or taking the measures requested.
8. APPLICABLE LAW AND JURISDICTION
This Policy is governed by Belgian law. Any dispute relating to the interpretation or execution of this Policy shall be subject to Belgian law.
9. DO WE USE COOKIES OR OTHER TRACKERS?
We use cookies on our website.
A cookie is a code in the form of a file which is stored on your computer. During a subsequent visit to our website, these cookies can then be recognised. Cookies help us to improve our website, enhance your browsing experience, offer you targeted advertising and analyse our website’s visitors. To find out more about our Cookie Policy, please visit the “Cookie Policy” section of our website..
10. AMENDMENTS
The firm is free to make corrections, additions or amendments to this data protection policy at any time and for various reasons. The most recent version is always available on our website.
Last updated: 31.12.2022