Privacy Policy

Purpose

This Policy is established by Law-right SRL located at Avenue Louise, 523 in 1050 Brussels, registered under number: BE 0478.744.389 (hereinafter referred to as “the data controller“).

The purpose of this Policy is to inform visitors to the website hosted at the following address: https://www.law-right.com/ (hereinafter referred to as the “website“) of the manner in which data is collected and processed by the data controller.

This Policy reflects the data controller’s commitment to act with complete transparency, in compliance with its national provisions and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “General Data Protection Regulation”).

The data controller pays particular attention to protecting the privacy of its users and consequently undertakes to take the reasonable precautions required to protect personal data collected against loss, theft, disclosure, or unauthorized use.

“Personal data” is defined as all personal data concerning the user, that is, any information that makes it possible to identify them directly or indirectly as a natural person.

If the user wishes to respond to any of the practices described below, they may contact the data controller at the postal address or email address specified in the “contact details” section of this Policy.

What data do we collect?

The data controller collects and processes, according to the methods and principles described below, the following personal data:

  • their domain (automatically detected by the data controller’s server), including the dynamic IP address;
  • their email address if the user has previously disclosed it, for example by sending messages or questions on the website, communicating with the data controller by email, etc.;
  • all information concerning the pages that the user has viewed on the website;
  • any information that the user has provided voluntarily, for example in the context of satisfaction surveys and/or registrations on the website, or by accessing the restricted part of the website through identification.

We also collect the following data:
SURNAME
FIRST NAME
TELEPHONE
REQUEST

The data controller may also collect non-personal data. Such data is classified as non-personal data because it does not make it possible to identify a particular person directly or indirectly. It may therefore be used for any purpose whatsoever, for example to improve the website, the products and services offered, or the data controller’s advertising.

In the event that non-personal data is combined with personal data, such that identification of the data subjects becomes possible, such data will be treated as personal data until it is no longer possible to link it to a particular person.

Collection Methods

The data controller collects personal data in the following manner:
WEB FORM

Processing Purposes

Personal data is collected and processed solely for the purposes mentioned below:

  • to ensure initial contact regarding the services offered;
  • to respond to the user’s questions;
  • to compile statistics;
  • to improve the quality of the website and the products and/or services offered by the data controller;
  • to transmit information about new products and/or services of the data controller;
  • for commercial prospecting purposes;
  • to enable better identification of the user’s areas of interest.

The data controller may carry out processing that is not yet provided for in this Policy. In such cases, it will contact the user before reusing their personal data, in order to inform them of the changes and give them the opportunity, where applicable, to refuse such reuse.

Legitimate Interests

Certain processing carried out by the data controller is based on the legal basis of the data controller’s legitimate interests. These legitimate interests are proportionate to respect for the user’s rights and freedoms. If the user wishes to be informed of the details of the purposes based on the legal basis of legitimate interests, they are advised to contact the data controller (see “contact details” section).

Retention Period

In general, the data controller retains personal data only for the time reasonably necessary for the purposes pursued and in accordance with legal and regulatory requirements.

A customer’s personal data is retained for a maximum of 10 years after the end of the contractual relationship between that customer and the data controller.

At the end of the retention period, the data controller makes every effort to ensure that personal data has been rendered unavailable and inaccessible.

Exercise of Rights

For all the rights listed below, the data controller reserves the right to verify the user’s identity for the exercise of the rights listed below.

This request for additional information will be made within one month from the submission of the request by the user.

Access to Data and Copy

The user may obtain free written communication or a copy of the personal data concerning them that has been collected.

The data controller may require payment of reasonable fees based on administrative costs for any additional copy requested by the user.

Where the user submits this request electronically, the information is provided in a commonly used electronic form, unless the user requests otherwise.

Unless an exception is provided for by the General Data Protection Regulation, the copy of their data will be communicated to the user no later than one month after receipt of the request.

Right to Rectification

The user may obtain, free of charge, as soon as possible and no later than one month, the rectification of their personal data that is inaccurate, incomplete, or irrelevant, as well as complete it if it proves to be incomplete.

Unless an exception is provided for by the General Data Protection Regulation, the request to exercise the right to rectification is processed within one month of its submission.

Right to Object to Processing

The user may at any time, for reasons relating to their particular situation, object free of charge to the processing of their personal data, where:

  • the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
  • the processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require protection of personal data prevail (particularly where the data subject is a child).

The data controller may refuse to implement the user’s right to object when it establishes the existence of compelling legitimate grounds for the processing, which override the interests or rights and freedoms of the user, or for the establishment, exercise, or defense of legal claims. In the event of a dispute, the user may lodge an appeal in accordance with the “complaint and claim” section of this Policy.

The user may also, at any time, object, without justification and free of charge, to the processing of personal data concerning them when their data is collected for commercial prospecting purposes (including profiling).

Where personal data is processed for scientific or historical research purposes or statistical purposes in accordance with the General Data Protection Regulation, the user has the right to object, on grounds relating to their particular situation, to the processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out in the public interest.

Unless an exception is provided for by the General Data Protection Regulation, the data controller is required to respond to the user’s request as soon as possible and no later than one month and to justify its response when it intends not to comply with such a request.

Right to Restriction of Processing

The user may obtain restriction of the processing of their personal data in the cases listed below:

  • where the user contests the accuracy of data and only for the time necessary for the data controller to verify it;
  • where the processing is unlawful and the user prefers restriction of processing to erasure;
  • where, although no longer necessary for the purposes of the processing, the user needs it for the establishment, exercise, or defense of legal claims;
  • during the time necessary to examine the merits of an objection request submitted by the user, in other words the time for the data controller to verify the balance of interests between the legitimate interests of the data controller and those of the user.

The data controller will inform the user when the restriction of processing is lifted.

Right to Erasure (Right to be Forgotten)

The user may obtain erasure of personal data concerning them, where one of the following grounds applies:

  • the data is no longer necessary in relation to the purposes of the processing;
  • the user has withdrawn their consent for their data to be processed and there is no other legal basis for the processing;
  • the user objects to the processing and there are no overriding legitimate grounds for the processing and/or the user exercises their specific right to object in relation to direct marketing (including profiling);
  • the personal data has been unlawfully processed;
  • the personal data must be erased to comply with a legal obligation (under Union law or Member State law) to which the data controller is subject;
  • the personal data has been collected in relation to the offer of information society services addressed to children.

Erasure of data is not applicable in the following cases:

  • where the processing is necessary for exercising the right to freedom of expression and information;
  • where the processing is necessary to comply with a legal obligation which requires processing under Union law or Member State law to which the data controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the data controller;
  • where the processing is necessary for reasons of public interest in the area of public health;
  • where the processing is necessary for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, provided that the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing;
  • where the processing is necessary for the establishment, exercise, or defense of legal claims.

Unless an exception is provided for by the General Data Protection Regulation, the data controller is required to respond to the user’s request as soon as possible and no later than one month and to justify its response when it intends not to comply with such a request.

Right to Data Portability

The user may at any time request to receive their personal data free of charge in a structured, commonly used, and machine-readable format, in particular with a view to transmitting it to another data controller, where:

  • the data processing is carried out by automated means; and where
  • the processing is based on the user’s consent or on a contract concluded between the user and the data controller.

Under the same conditions and according to the same procedures, the user has the right to obtain from the data controller that the personal data concerning them be transmitted directly to another personal data controller, insofar as this is technically feasible.

The right to data portability does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

Recipients of Data and Disclosure to Third Parties

The recipients of the data collected and processed are, in addition to the data controller itself, its employees or other subcontractors, its carefully selected business partners, located in Belgium or in the European Union, who collaborate with the data controller in the marketing of products or the provision of services.

In the event that data is disclosed to third parties for direct marketing or commercial prospecting purposes, the user will be informed in advance so that they can choose to accept the transfer of their data to third parties.

Since this transfer is based on the user’s consent, the user may, at any time, withdraw their consent for this specific purpose.

The data controller complies with the legal and regulatory provisions in force and will in all cases ensure that its partners, employees, subcontractors, or other third parties having access to this personal data comply with this Policy.

The data controller discloses the user’s personal data in the event that a law, legal proceeding, or order from a public authority makes such disclosure necessary.

No transfer of personal data outside the European Union is carried out by the data controller.

Security

The data controller implements appropriate technical and organizational measures to ensure a level of security of the processing and data collected with regard to the risks presented by the processing and the nature of the data to be protected appropriate to the risk. It takes into account the state of knowledge, implementation costs, and the nature, scope, context, and purposes of the processing as well as the risks to the rights and freedoms of users.

The data controller always uses encryption technologies that are recognized as industry standards within the IT sector when it transfers or receives data on the website.

The data controller has implemented appropriate security measures to protect and prevent the loss, misuse, or alteration of information received on the website.

In the event that the personal data that the data controller controls is compromised, it will act quickly to identify the cause of this breach and take appropriate remedial measures.

The data controller will inform the user of this incident if the law requires it to do so.

Complaint and Claim

If the user wishes to respond to any of the practices described in this Policy, they are advised to contact the data controller directly.

The user may also lodge a complaint with their national supervisory authority, whose contact details are listed on the official website of the European Commission: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

In addition, the user has the option of filing a complaint before the competent national courts.

Contact Details

For any questions and/or complaints relating to this Policy, the user may contact the data controller:

By email: cboeraeve@law-right.com

Amendment

The data controller reserves the right to amend the provisions of this Policy at any time. Amendments will be published directly on the data controller’s website.

Applicable Law and Competent Jurisdiction

This Policy is governed by the national law of the place of the data controller’s main establishment.

Any dispute relating to the interpretation or performance of this Policy will be submitted to the courts of that national law.

This version of the Policy is dated 2018-05-25.