By sending us a case or by subscribing to our legal information service (newsletter, white paper, training, etc.), you are communicating personal data about yourself to us. If you are a partner or opponent of our client or another party involved in his project or dispute, we process your personal data.
Our firm scrupulously complies with the applicable legislation in this field as in all others. This data protection policy explains the purposes for which we process your personal data, how we process and protect any personal data you provide and the rights you have in relation to your personal data.
Identification of the controller
Your personal data are processed by scrl Lexing Belgium (hereinafter Lexing), whose registered office is located at 4000 Liège, Boulevard d’Avroy, 280 – Belgium), acting as data controller.
Different treatments carried out
We carry out the following processing of personal data:
Processing of customers' personal data
Managing your case
Purpose | The data you provide to us and the data we receive from opposing parties about you are of course processed for the purpose of carrying out our contractual representation or consultancy mission (and, where applicable, for the purpose of fulfilling the legal obligations arising therefrom) and for the purpose of communicating with you in this regard. Where applicable, this data may be processed in the pre-assignment phase, when you ask us to provide you with a cost estimation for example, or when you consult us online or make an online appointment. Some of your data (surname, first name, e-mail address, login and password, logs) may also be processed in the context of the management of our extranet, provided that you have created an account. | ||
Basis(es) of lawfulness | The processing of the data is essential for the performance of the task you entrust to us or intend to entrust to us ((pre-)contract). Without the processing of this data, we cannot carry out our task (article 6.1.b) GDPR). The processing of certain data is also necessary for the fulfilment of some of our legal and ethical obligations (in particular, checking for conflicts of interest) (Article 6.1.c) GDPR). The processing of sensitive data may be necessary for the establishment, exercise or defence of legal claims (Article 9.2.f) GDPR). | ||
Data categories | This may include your surname, first name, image, profession, domicile or residence, telephone and fax numbers, e-mail address, date and place of birth, marital status, national register and identity card number, bank account number, login details, passwords, connections (if you use our extranet), correspondence, various supporting documents, court documents, etc.). If necessary for the establishment, exercise or defence of a legal claim, we may also process data revealing your racial or ethnic origin, your political opinions, your religious or philosophical beliefs or your trade union membership, as well as genetic data, biometric data, data concerning your health, your life or your sexual orientation. Similarly, data relating to criminal convictions, criminal offences or related security measures may be processed if your defence so requires. | ||
Administrative and accounting management
Purpose | The data you send us is processed to ensure the administrative, accounting and fiscal management of your case or the online services you order from us. | ||
Basis(es) of lawfulness | The processing of this data is necessary for the performance of the contract between us (Article 6.1.b) RGPD), in particular the invoicing of our services and their recuperation, the notification of a change in our general terms and conditions or in the Data Protection Policy (in particular new purposes). The processing of this data is also necessary for the fulfilment of our legal obligations, in particular under the Economic Law Code and the VAT Code in relation to tax and accounting matters (Article 6.1.c) GDPR). | ||
Data categories | These are your identification data (surname, first name, e-mail, address, telephone number, company number, VAT number), issued invoices and payments and your financial data (bank, account number). | ||
Duration | The data is processed for a period of 10 years from the closing of your file. | ||
Recipients | This data will be communicated to the tax authorities. Similarly, it may be necessary to communicate this information to our service providers and subcontractors (IT service providers, other lawyers working on our behalf, accountants, auditors). |
Anti-money laundering
Purpose | Your data is processed to enable our firm to comply with its legal obligations regarding client identification under the Act of 18 September 2017 on the prevention of money laundering and terrorist financing and the restriction of the use of cash. | ||
Basis(es) of lawfulness | The processing of this data is necessary to fulfil our deontological and legal obligations, in particular under the law of 18 September 2017 on the prevention of money laundering (Article 6.1.c) GDPR). | ||
Data categories | Data relating to your identity and copies of identity documents, shareholding and articles of association of your company, as well as, if required by law enforcement, individual BC/FT risk assessment and due diligence measures taken. | ||
Duration | The data is kept for a period of 10 years from the completion of the last assignment you gave us. | ||
Recipients | In some cases, the data may be transmitted to our President of the Bar and to the supervisory authority. It may also be necessary to communicate this information to our service providers and subcontractors (IT service providers, other lawyers working on our behalf). |
Public procurement, tenders and rankings
Purpose | With your consent, we may use our contractual relationship to respond to a public contract or a private tender for legal services, or to submit our firm’s file to a classification body, which is itself subject to a confidentiality undertaking. In this case, our firm may be required, in strict compliance with the Code of Ethics of Lawyers, to reveal the names of clients for whom it is or has been involved in the matter concerned, just as it may provide information relating to the subject matter of the contract in the cases it handles or has handled. The information provided does not, under any circumstances, relate to your private life. | ||
Basis(es) of lawfulness | The data is processed on the basis of your consent (article 6.1.a) of the GDPR). | ||
Data categories | This includes your name, first name and e-mail address as well as the subject of the case you have entrusted to us. | ||
Duration |
Legal information (newsletters, white papers)
Purpose | If you have subscribed to our legal information service, we process your data in order to send you free newsletters and white papers in paper form and/or electronically. | ||
Basis(es) of lawfulness | The data are processed on the basis of the performance of the service provision contract (Article 6.1.b) of the GDPR). | ||
Data categories | These are your name, first name and e-mail address. | ||
Duration | The data is processed until you terminate this free service. | ||
Recipients | The communication of your data to our service providers and subcontractors (IT service providers, emailing and mailing…) may also be necessary. |
Trainings
Purpose | If you register for one of our courses, we will process your data to ensure the organisation and follow-up of the course. We may also process your data to promote our courses on social networks. | ||
Basis(es) of lawfulness | The processing of your data is essential for the execution of the contract between us in the context of the training course you have subscribed to (article 6.1.b) of the RGPD). Your image is processed with your consent (article 6.1.a) of the RGPD), as soon as you are invited to activate or switch off your camera according to your choice. | ||
Data categories | This includes your surname, first name, e-mail address, profession and position, professional identification number and, if applicable, your image. | ||
Duration | We will store your contact details for this purpose for one year after the training, unless you request recognition of your participation in our training to meet your insurance training obligation, in which case evidence of your participation must be kept for 7 years. | ||
Recipients | It may be necessary to communicate your data to our service providers and subcontractors (IT ticketing providers, etc.). If you request recognition of your participation in our training to meet your training obligation, we will communicate to your professional organisation your contact details and your actual attendance at the training. |
Promotion of our services
Purpose | If you are a client of our firm and/or if you have subscribed to our legal information service and/or if you have registered for one of the training courses we provide, we may process your data in order to inform you of our news, our training courses and the services provided by our firm or by one of the firms forming the Lexing network which may be of interest to you. | ||
Basis(es) of lawfulness | This data is processed on the basis of our legitimate interest in promoting our services to our customers and persons accessing our services (Article 6.1.f) of the GDPR). | ||
Data categories | This includes your surname, first name, occupation and capacity and e-mail address (or postal address if applicable). | ||
Duration | The data is processed until you ask us to cease. | ||
Recipients | The communication of your data to our service providers and subcontractors (IT providers, emailing and mailing…) may be necessary. |
Security
Purpose | Your data will be processed to ensure the security of our offices and IT infrastructure. | ||
Basis(es) of lawfulness | You will be filmed by the video intercom system when you enter our offices. You will also be filmed inside our offices via a video surveillance system. Your data is processed on the basis of our legitimate interest in ensuring the security of our offices (Article 6.1.f) GDPR). Your data is also processed in order to ensure compliance with our legal obligation to secure your data (Article 6.1.c) GDPR). | ||
Data categories | Identification data: name, first name, image (surveillance camera and video phone system). | ||
Duration | Video surveillance images are recorded and stored for 30 days. Video surveillance images are recorded and stored for 30 days. | ||
Recipients | The communication of your data to our service providers and subcontractors (IT providers, etc.) may be necessary. In some cases, the communication of your data may also be necessary to the competent authorities. |
Litigation related to our liability
Purpose | We may need to process your data to defend our legal interests in the event of a dispute. | ||
Basis(es) of lawfulness | This data is processed on the basis of our legitimate interest in ensuring the defence of our interests (Article 6.1.f) of the GDPR). The processing of sensitive data may be necessary for the establishment, exercise or defence of legal claims (Article 9.2.f) of the GDPR). | ||
Data categories | This may include your surname, first name, image, profession, domicile or residence, telephone and fax numbers, e-mail address, date and place of birth, marital status, national register and identity card number, bank account number, login details, passwords, connections (if you use our extranet), correspondence, various supporting documents, court documents, etc.). If necessary for the establishment, exercise or defence of a legal claim, we may also process data revealing your racial or ethnic origin, your political opinions, your religious or philosophical beliefs or your trade union membership, as well as genetic data, biometric data, data concerning your health, your life or your sexual orientation. Similarly, data relating to criminal convictions, criminal offences or related security measures may be processed if our defence so requires. | ||
Duration | The data will be deleted 10 years after the completion of the last assignment you gave us. Evidence of the closure of each file is kept for 20 years. | ||
Recipients | It may be necessary to communicate your data to our lawyer, to other parties or their lawyers, to the courts, to experts, technical advisers, notaries, mediators, arbitrators or bailiffs, to banking or insurance organisations, to the legal aid office. It may also be necessary to communicate with our service providers (IT providers, accountants). |
Processing of personal data of other parties to a case
Purpose | We may have received your personal data in connection with legal services provided to one of our clients. Your personal data will only be processed to the extent and for the duration necessary to safeguard the interests of that client. |
Basis(es) of lawfulness | The processing of your data is necessary to comply with our legal obligations and is also based on our legitimate interest, and that of our client, to defend its interests (Articles 6.1.c and f) GDPR). |
Data categories | The data concerned are all those we would have access in the context of a case and which would be necessary for the proper performance of the mission entrusted to us by our client. You could be concerned if you are an opponent of our client, another counsel, an expert, a notary, a bailiff, a magistrate… |
Duration | The data will only be processed for the time necessary to manage the case and for a period of 10 years from the end of our contractual relationship with our client, in order to be able to ensure our own defence in the event of our civil or criminal liability being called into question. Proof of the closure of the case is kept for 20 years. |
Recipients | The communication of data to other parties or their lawyers, courts, experts, technical advisers, notaries, mediators, arbitrators or bailiffs, banking or insurance organisations may be necessary for the performance of our task. It may also be necessary to communicate this information to our service providers and subcontractors (IT service providers, other lawyers working on our behalf). |
Complementary information | You can contact us at privacy@lexing.be to exercise the following rights: a request for access to or rectification of your personal data; a request for deletion of your personal data; a request to restrict the processing of your data; an objection to the processing of your data; a request for transfer of your data (see below). We will comply with your request within the limits of the applicable regulations, especially taking into account our obligation of professional secrecy. The time limit and the way in which we communicate this information are justified by the need to respect our obligation of professional secrecy in accordance with Article 458 of the Criminal Code. If you believe that we are not acting in accordance with the law, you can file a complaint with the Belgian Data Protection Authority (Rue de la Presse, 35 – 1000 Brussels, Tel. + 32 2 274 48 00 – https://www.autoriteprotectiondonnees.be/citoyen/agir/introduire-une-plainte). |
Location of your data
In the European Union – Your data is generally only stored on servers located in the EU.
If transferred outside the European Union – Your data is only transferred to a country that does not offer an adequate level of protection if the processing of your case requires the sharing of information with legal professionals in non-EU countries. Similarly, for the sending of our newsletters and the ticketing of the events we organise, we may use subcontractors located outside the European Union.
In such cases, we will of course ensure that the recipients are obliged to comply with the same data protection standards as in the EU by means of appropriate contractual clauses. You can obtain a copy of these guarantees on request.
Protection of your data
Technical and organisational security – We take all necessary steps (such as those set out in the “Security” section) to ensure an adequate level of security for your data, in particular to protect it from leakage, loss, destruction, public disclosure, unauthorised access or other misuse.
Rights and how to exercise them
Information – This right is exercised through this document. If the data processed includes the data of your staff, you undertake to inform them of this document.
Access and rectification – You have the right to access your data and to have them rectified if necessary.
Objection – You may object to the processing of your data by us on the basis of our legitimate interest.
Withdrawal of consent – Where data is processed on the basis of your consent, you may withdraw this decision at any time, without calling into question the past processing.
Erasure – You may obtain the erasure of your data or the restriction of processing under the conditions set out in Articles 17 and 18 of the General Data Protection Regulation.
Portability – The data you have provided to us may be communicated to you or to a colleague in electronic format.
For additional information on your rights:
https://www.autoriteprotectiondonnees.be/citoyen/vie-privee/quels-sont-mes-droits-
*
The person responsible for processing your data (Lexing – Belgium SCRL, with registered office at Boulevard d’Avroy 280, 4000 Liège) and its data protection officer (Tel. +32 4 229 20 10; privacy@lexing.be; Boulevard d’Avroy 280, 4000 Liège, Belgium) are at your disposal for any questions or requests relating to the above rights.
If you require further information, or if you wish to lodge a complaint, you can contact the Data Protection Authority (Rue de la Presse, 35 – 1000 Brussels, Tel. + 32 2 274 48 00 – https://www.autoriteprotectiondonnees.be/citoyen/agir/introduire-une-plainte).
Editing
This policy may be corrected, added to or amended at any time for various reasons. The most up-to-date version can be consulted at all times on our website. We invite you to consult it regularly.
Last updated: February 1st 2022