Privacy statement

Privacy statement for lawyers to clients and third parties

Version 29.04.2021

Your privacy is important to us.

We process your personal data in accordance with the applicable data protection regulations, in particular the General Data Protection Regulation 2016/679 of 27 April 2016 ("GDPR"), as well as this privacy statement.

This Privacy Statement provides you with more information on what personal data we process, why we process it, how we obtain it, how long we keep it and with whom we share it.

1. IDENTITY AND CONTACT DETAILS

1. IDENTITY AND CONTACT DETAILS

The controller of your personal data is the following legal entity:

Crosslaw law firm
The Crescent Building – Lenniksebaan 451 – 1070 Brussels

Company number: BE 0712.773.123.

In case you have any questions regarding the processing of your personal data, you can always contact us:

by post: to the above address, indicating "Privacy”
via e-mail: h.vanluchene@crosslaw.be
by phone: +32 2 41 00 085

2. OBJECTIVES

We process your personal data for one or more of the following purposes:

Customer management
Legal services	Compliance with laws and regulations applicable to the legal profession

Internal organisation and own management
B2B management	Invoicing and bookkeeping

Dispute management

Communication and marketing
Newsletters and other commercial communications	Website
Organisation of seminars and events

Access control and camera surveillance

Below, you can find out for each purpose what personal data we process, why we process it, how we obtain it, how long we keep it and with whom we share it:

Customer management

1) Legal services

In order to provide legal services to our clients, we may process your personal identification data (name, (business) address, e-mail address, telephone number), governmental identification data (identity card number, passport number, driving licence number, pension number, licence plate, company number, VAT number...), financial data and details (bank account number, method of payment), personal characteristics (date of birth, place of birth, gender, language, nationality), professional data (education and profession), and personal data relating to criminal convictions and offences. We may also process other personal data that the client shares with us when handling a case. In this context, we do not process sensitive personal data (e.g. personal data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health or data concerning your sex life or sexual orientation), except in the context of defending the interests of Crosslaw's clients.

These data enable us to provide legal advice, draw up legal acts and documents, represent our clients in court, in arbitration or before administrative or similar bodies, provide assistance in negotiations and/or in concluding contracts, provide assistance in mediation, provide assistance in police or similar hearings, take on various mandates (curator, debt mediator, administrator, etc.), offer legal training, etc.

The legal basis for the processing of personal data is:

With regard to private clients: the conclusion or performance of a contract for the provision of legal services (Article 6 §1 (b) of the GDPR);
With regard to contacts with professional clients and third parties: a legitimate interest to be able to provide legal services to our clients (Article 6, §1, (f) GDPR).

We obtain these personal data directly from the person concerned and/or via third parties. Personal data is obtained by third parties from your advisers (including notaries, lawyers, and other professional advisers) and at your instruction, from public sources (including the Belgian Official Gazette, CBE, and government departments), and from certain private sources (including social media and B2B databases).

For the provision of legal services, we will retain your personal data for up to 5 years plus a verification period of 1 year after the conclusion of the relevant file.

We share these personal data, where appropriate, with judicial and police authorities (i.e. courts and tribunals, bailiffs, the Public Prosecutor's Office and police authorities). In addition, within the framework of protecting the client's interests, we share these personal data with the opposing party's lawyer(s) or with the opposing party if the latter acts without the assistance of a lawyer or, as the case may be, with a substitute lawyer. We also share these personal data, if appropriate, with banking or insurance institutions. Pursuant to a court order, we may also be obliged to share these personal data with a technical adviser, an expert or a judicial mandatary (e.g. notary and judicial administrator) appointed by court order or judgment. In addition, third parties with whom we cooperate for the storage and management of our data also have access to this personal data (IT providers). A list of these third parties with whom we cooperate is available upon written request.

2) Compliance with laws and regulations applicable to the legal profession

In order to comply with laws and regulations applicable to the legal profession, we may process your personal identification data (name, (business) address, e-mail address, telephone number), national register number, identification data issued by the authorities (identity card number, passport number, company number, VAT number, etc.); Financial data (transactions carried out for or on behalf of the client); personal characteristics (date of birth, place of birth, gender, language, nationality); legal data (convictions, pending disputes) and other personal data shared with us by you in the course of handling your case.

These data allow us, among other things, to fulfil our obligations within the framework of the money-laundering prevention and anti-fraud legislation, and to comply with a judicial or administrative order or the regulations of the Order of Flemish Bars.

The legal basis for the processing of personal data is based on the legal obligations contained in the Act of 18 September 2017 on the prevention of money laundering and terrorist financing and on the restriction of the use of cash and any reference to other relevant legislation/regulations (Article 6, §1, (c) GDPR); a legitimate interest in being vigilant against money laundering in the context of our legal services (Article 6, §1, (f) GDPR).

In order to comply with laws and regulations applicable to the legal profession, we will retain your personal data for up to 5 years plus a verification period of 1 year after the conclusion of the relevant file.

We share this personal data with the Manager of our Bar Association, the “Sollicitor General” (“Stafhouder”). In addition, third parties with whom we cooperate for the storage and management of our data also have access to this personal data (IT providers). A list of these third parties with whom we cooperate is available upon written request.

Internal organisation and own management

1) B2B management

With a view to the B2B management of our law firm, we may process your personal identification data (name, (business) address, e-mail address, telephone number), financial data (bank account number, method of payment), personal characteristics (gender, language) and any other information you provide within the framework of the cooperation (e.g. information on profession and job).

This data allows us to conclude agreements with suppliers/business partners, including comparing suppliers, requesting offers and conducting pre-contractual negotiations, communicating with suppliers, managing orders placed and organising payment.

The legal basis for the processing of personal data is:

With regard to private suppliers or business partners: the conclusion and performance of a contract in (Article 6 § 1 (b) of the GDPR)
With regard to professional suppliers or business partners: a legitimate interest to organise our B2B management (Article 6, §1, (f) GDPR).

For our B2B management, we keep your personal data for up to 10 years plus a 1-year verification period after termination of the contract.

We share this personal data, where appropriate, with government agencies, banks and insurance companies, accountants and auditors and external legal advisors. In addition, third parties with whom we cooperate for the storage and management of our data also have access to this personal data (IT providers). A list of these third parties with whom we cooperate is available upon written request.

2) Invoicing and accounting

For the purpose of invoicing and our accounting obligations, we may process your personal identification data (name, (business) address, e-mail address, telephone number), financial data (bank account number, method of payment) and services rendered.

This data allows us to prepare our invoices, keep our accounts and fulfil accounting obligations, including the preparation of financial statements.

The legal basis for the processing of the personal data is based on various legal obligations, such as those contained in the Economic Law Code (“ELC”) (art. I.1 ELC, art. III.82 ELC, art. III.89 ELC and art. III.90 ELC), the Companies and Associations Code’s Royal Decree (double-entry bookkeeping), the Companies and Associations Code (“CAC”) (art. 3:1 CAC) and the Income Tax Code (“ITC”) (art. 320 ITC) (article 6, §1, (c) GDPR).

For our invoicing and accounting purposes, we keep your personal data for up to 7 years plus a 1-year verification period after the respective financial year.

We share this personal data with our accounting office, government departments, social security agencies and banking and insurance companies. In addition, third parties with whom we cooperate for the storage and management of our data also have access to this personal data (IT providers). A list of these third parties with whom we cooperate is available upon written request.

Dispute management

For the purpose of settling potential disputes, we may process your personal identification data (name, (business) address, e-mail address, telephone number), identification data issued by the authorities (identity card number, passport number, driving licence number, pension number, licence plate, etc.), information on profession and employment, financial data, court data and any other information relevant to the (potential) lawsuit.

This data allows us to defend our legitimate interests in all forms of dispute resolution and to administer them.

The legal basis for the processing of personal data is based on the legitimate interest to safeguard the (contractual and extra-contractual, legal and other) rights of our law firm (Article 6, §1, (f) GDPR).

For our dispute resolution, we keep your personal data for 5 years after the expiry of the last deadline for appeal (longer if necessary, e.g. to comply with legal obligations) plus a 1-year verification period.

We share this personal data, where appropriate, with government, judicial and police authorities, banks and insurance companies, our accounting office, external legal advisors, bailiffs and debt collection agencies. In addition, third parties with whom we cooperate for the storage and management of our data also have access to this personal data (IT providers). A list of these third parties with whom we cooperate is available upon written request.

Communication and marketing

1) Newsletters and other commercial communications

For the purpose of sending newsletters and other commercial communications, we may process your personal identification data (name, (company) address, e-mail address, telephone number).

These data allow us to keep you informed about legal developments, to inform you about our products and services, to send you our Christmas card, etc.

The legal basis for the processing of personal data is based on the legitimate interest of promoting our products and services to our customers (Article 6, §1, (f) of the GDPR). If you have subscribed to our newsletter, you will receive our commercial communications because you have given your consent (Art. 6, §1, (a) GDPR).

For the purpose of sending our commercial communications, we will retain your personal data for as long as you are a client of ours, i.e. up to 5 years plus a 1-year verification period after the last file has been closed. Of course, you can unsubscribe from our communications at any time. In this case, we will stop processing your personal data for this purpose.

We share this personal data with suppliers of software that we use to send commercial communications. In addition, third parties with whom we cooperate for the storage and management of our data also have access to this personal data (IT providers). A list of these third parties with whom we work is available upon written request.

2) Website

Within the framework of our website, we may process your personal identification data (name, (company) address, e-mail address), contact request and electronic identification data (IP address and cookies).

This data allows us to optimise our website, to show online advertisements, to answer your contact request, etc.

The legal basis for processing personal data is based on the legitimate interest of providing a well-functioning and user-friendly website and promoting our products and services (Article 6, §1, (f) of the GDPR). Analytical cookies, advertising cookies and/or social media cookies will only be placed if you have given your consent via the website (Article 6, §1, (a) GDPR). (For more information, see cookie statement)

We always obtain this personal data directly from you.

For the above purposes, we will retain your personal data for the duration of the relevant cookie (for more information, see cookie statement). You can change your cookie preferences at any time. If you have submitted a contact request via our website, we will retain your personal data for up to 5 years plus a 1-year verification period after the relevant file is closed.

We share this personal data with third parties with whom we cooperate for the management of our website (IT and software providers) (for more information, see cookie statement). In addition, third parties with whom we cooperate for the storage and management of our data also have access to this personal data (IT providers). A list of these third parties with whom we cooperate is available upon written request.

3) Seminars and events

For the organisation of seminars and events, we may process your personal identification data (name, (business) address, e-mail address, telephone number), information on profession and employment (position) and financial data (bank account number, method of payment).

This data enables us to allow you to participate in our legal training courses, seminars and other events.

The legal basis for the processing of personal data is based on the conclusion or performance of the contract for participation in the seminar or event (Article 6, §1, (b) of the GDPR).

For the above purposes, we will retain your personal data for up to 7 years plus a 1-year verification period after the seminar or event.

We share this personal data with co-organisers of a seminar and/or event and with providers of external venues where we organise a seminar and/or event. In addition, third parties with whom we cooperate for the storage and management of our data also have access to this personal data (IT providers). A list of these third parties with whom we cooperate is available upon written request.

Access control and camera surveillance

In order to ensure security in our offices, we may process your personal identification data (name, (business) address, e-mail address and telephone number), data on profession and job (position, company name), time of visit and image recordings.

This data allows us to ensure security in our offices, including the registration of our visitors and camera surveillance.

The legal basis for the processing of personal data is based on the legitimate interest of ensuring the safety of our employees, visitors and offices (Article 6 § 1 (f) of the GDPR). The processing of camera images, indicated by the obligatory pictogram, is based on your consent in accordance with Article 8 § 3 (1°)of the Camera Act (“Wet tot regeling van de plaatsing en het gebruik van bewakingscamera's”, Belgian Official Gazette, March 21, 2007).

We obtain this personal data when you register at our reception and through the images of our surveillance cameras.

For the purpose of monitoring security in our offices, we will retain your personal data for up to 1 month plus a 2-week verification period after you visit our offices, unless it needs to be retained for a longer period as evidence of a specific crime or claim or to identify a potential perpetrator, victim or witness.

We share this personal data, where appropriate, with third party recipients, e.g. judicial and police authorities, banks and insurance companies. In addition, third parties with whom we cooperate for the storage and management of our data also have access to this personal data (IT providers). A list of these third parties with whom we cooperate is available upon written request.

3. SECURITY

We have implemented appropriate technical and organisational measures to ensure the confidentiality of your personal data and protect your data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

We have made the necessary contractual arrangements with the third parties with whom we work and do not transfer your personal data outside the European Economic Area without ensuring that your data enjoys an equivalent level of protection there.

4. RIGHTS

You can always contact us to exercise the following rights:

a request for access or rectification of your personal data
a request for the erasure of your personal data
a request for restriction of the processing of your personal data
an objection to the processing of your data
a request for the transfer of your data
a complaint if you believe that we are not acting in accordance with the applicable data protection laws. You can also lodge a complaint with the Belgian Data Protection Authority

You can always contact us for this:

by post: to the address indicated at the beginning of this Privacy Statement, indicating "Privacy".
via e-mail: h.vanluchene@crosslaw.be
by phone: +32 2 41 00 085

We respect all rights relating to your personal data to which you are entitled under applicable law.

If you no longer wish to receive our electronic newsletters and wish to stop the processing of your data for this purpose, you can always use the unsubscribe link provided at the bottom of each newsletter.

For those purposes for which the legal basis for the processing of personal data is a legitimate interest, you can always ask us for more information about the balancing of interests that we have carried out within that framework (for more information, see OBJECTIVES).

For those purposes for which the legal basis for the processing of personal data is legitimate interest, you may at any time exercise your right to object to the processing of your personal data, giving reasons related to your particular situation (for more information, see OBJECTIVES). We will cease processing your personal data unless we consider that there are compelling legitimate grounds which override the interests, rights and freedoms you assert.

For identification purposes, we may ask you for a copy of the front of your identity card.

5. UPDATES

This privacy statement may be amended from time to time, within the limits of the applicable data protection regulations. You can always access the most current version at https://www.crosslaw.be/en.