Text last adapted: 6 September 2018
The Controller of the personal data is Stappers Advocaten cvba. You can reach us at the address, email address, telephone or fax number shown below:
We collect personal data for the following purposes: our activities as lawyers (amongst others, assistance with legal and extra-legal proceedings and legal advice), personnel administration and personnel management, invoicing and accounts, management of clients and suppliers, advertising purposes (including events and seminars for clients, the newsletter and networking activities), security, collaboration with other lawyers and with various service providers, recruitment and selection, knowledge building and knowledge management.
We only process personal data where this processing has a legal basis, namely: if the party concerned (data subject) has given consent, if the processing of the data is necessary to provide our services, if processing is necessary for compliance with a legal obligation, if processing is necessary for performance of a task carried out in the public interest, or to protect the vital interests of the data subject.
The personal data of anyone in a contractual relationship with us (including clientele, personnel, service providers, etc.) is processed because this is necessary for the performance of that contract. The provision of personal data may constitute a necessary condition for concluding an agreement. Failure to provide it may hinder or limit the provision of our services.
The personal data of third parties is processed if processing is necessary for, on the one hand, performance of a task in the public interest (legal assistance in (extra-) legal matters) and, on the other, the legitimate interests of our clientele. These legitimate interests are the performance of our law firm’s services for the client in question.
The personal data of the recipients of our newsletter is processed on the basis of the consent given by them, which may be withdrawn at any time by unsubscribing via the link shown at the bottom of the newsletter, or by contacting us at email@example.com. Subscribing to our newsletter implies consent to processing of the personal data provided to us when subscribing.
Special categories of personal data (relating to race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sexual behaviour or sexual orientation) are only processed if the data subject has given explicit consent, if processing is necessary for establishment, exercise, or defence of legal claims, or in the event of one of the other conditions included in the GDPR.
The following categories of personal data may be collected: name, address (analogue and digital), telecommunication data, accounting data including account number and financial information, gender, age, National Register number, VAT and/or companies registration number, information relating to employment situation, social security situation and related information, salary information, data relating to civil, administrative and criminal proceedings, including criminal convictions and offences, data relating to health (depending whether legal assistance in and outside proceedings), family situation, marital status, images, picture and sound recordings.
The categories of recipients of personal data are the following: judicial instances, government departments, enterprises and private individuals (clients, opposing parties and third parties), lawyers, judicial officers, notaries, experts, IT service providers, communication agencies, translators, payroll office, external preventive service and other service providers of the firm.
As lawyers, we are bound by the confidentiality laid down in the Criminal Code and prescribed by the Code of Ethical Practice when handling personal data.
We can only process data in a country outside the European Economic Area, if and in as much as this is strictly necessary in the context of the legal service in the case/file to which the data in question relates.
Reserving our professional confidentiality – you have the right to request information on the personal data we keep concerning you, at any time.
You can rectify incorrect data and add to incomplete data.
You have the right to request us to erase your personal data, except where processing is necessary for the right of freedom of expression and information, for compliance with a legal obligation to process to which we are subject, or for the performance of a task carried out for reasons of public interest, or for the establishment, exercise or defence of legal claims.
You have the right to request us to restrict processing of your personal data, in the following cases: if you feel that your personal data is incorrect, if you feel there is no legitimate interest for processing your personal data, if we no longer need the data but you need it for the establishment, exercise, or defence of a legal claim, and if you object to processing of your personal data because processing by the controller was wrongly based on the necessity to perform a task carried for reasons of public interest, or on our legitimate interests or those of a third party.
You can request the transfer of your personal data to yourself or to a third party. The GDPR provides a number of limitations of this right.
You have the right to object to the processing of your personal data, because the processing by the controller was wrongly based on the necessity to perform a task carried out for reasons of public interest, or on our legitimate interests or those of a third party, and in the event of direct marketing.
In the case of a breach relating to your personal data, we will notify the personal data breach to the supervisory authority mentioned under Heading 9 no later than 72 hours after having become aware of it. The notification shall include all data required by the GDPR. We will document all breaches, their effects and the remedial action taken.
If the personal data breach is likely to result in a high risk to your rights and freedoms, you will be informed without delay.
Mindful of the liability periods, retention periods for accountancy documents, and in the interest of clientele, your personal data shall be retained for ten years from the closing date of the last case/file to which the personal data relate. Personal data which is not related to a case/file handled by a lawyer, shall be retained as long as necessary to perform the activities mentioned in this policy.
Any complaints may be submitted to the Data Protection Authority, Drukpersstraat 35, 1000 Brussels, www.dataprotectionauthority.be.