Object

This Policy is drawn up by Law-right SRL located at Louise Avenue, 523 Brussels, under the registration number BE 0478.744.389 (hereinafter referred to as “the controller”).

The purpose of this Policy is to inform visitors to the website hosted at the following address: https://www.law-right.com/ (hereinafter referred to as the “website”) of the manner in which data are collected and processed by the controller.

This Policy is in line with the wish of the controller to act transparently, in compliance with its national provisions and with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as the “General Data Protection Regulation”).

The controller pays particular attention to the protection of the privacy of its users and therefore undertakes to take reasonable precautions to protect the personal data collected against loss, theft, disclosure or unauthorised use.

“Personal data” are defined as all personal data concerning the user, i.e. any information which makes it possible to identify the user directly or indirectly as a natural person.

If the user wishes to react to any of the practices described below, he may contact the controller at the postal address or email address specified under “contact data” in this Policy.

What data do we collect?

The controller shall collect and process, in accordance with the methods and principles described below, the following personal data:

  • its domain (automatically detected by the controller’s server), including the dynamic IP address;
  • its e-mail address if the user has previously disclosed it, for example by sending messages or questions to the website, by communicating with the controller by e-mail, etc;
  • all the information concerning the pages that the user has consulted on the website;
  • any information that the user has given voluntarily, for example in the context of satisfaction surveys and/or registrations on the website, or by accessing the restricted part of the website through identification.

We also collect the following data:

  • NAME
  • FIRST NAME
  • TELEPHONE
  • DEMAND

The controller may also collect non-personal data. These data are called non-personal data because they do not directly or indirectly identify a particular person. They may then be used for any purpose whatsoever, for example to improve the website, the products and services offered or the data controller’s advertising.

In the event that non-personal data are combined with personal data, so that identification of the data subjects is possible, such data will be treated as personal data until such time as it is impossible to link them to a particular person.

Collection methods

The controller shall collect personal data in the following manner:

WEB FORM

Purposes of the processing

Personal data are collected and processed only for the purposes mentioned below:

  • ensure a first contact in relation to the services offered ;
  • answer the user’s questions;
  • create statistics ;
  • improve the quality of the website and the products and/or services offered by the controller;
  • transmit information on new products and/or services of the controller;
  • with a view to commercial prospecting activities;
  • to allow a better identification of the user’s interests.

The controller may be required to carry out processing operations not yet provided for in this Policy. In this case, he will contact the user before re-using his personal data, in order to inform him of the changes and give him the opportunity, if necessary, to refuse such re-use.

Legitimate interests

Some of the processing operations carried out by the controller are based on the legal basis of his legitimate interests. These legitimate interests are proportionate to the respect of the rights and freedoms of the user. If the user wishes to be informed of the details of the purposes based on the legal basis of legitimate interests, it is recommended to contact the controller (see point on “contact data”).

Retention period

In general, the controller keeps personal data only for as long as reasonably necessary for the purposes pursued and in accordance with legal and regulatory requirements.

The personal data of a customer are kept for a maximum of 10 years after the end of the contractual relationship between the customer and the controller.

At the end of the storage period, the controller shall make every effort to ensure that the personal data have indeed been made unavailable and inaccessible.

Exercise of rights

For all the rights listed below, the controller reserves the right to verify the identity of the user for the Exercise.

This request for additional information shall be made within one month of the submission of the request by the user.

Data access and transfer

The user may obtain free of charge the written communication or a copy of the personal data relating to him or her that have been collected.

The controller may charge a reasonable fee based on administrative costs for any additional copies requested by the user.

Where the user makes such a request electronically, the information shall be provided in a commonly used electronic form, unless the user requests otherwise.

Unless otherwise provided for by the general data protection regulation, the copy of the data will be communicated to the user at the latest within one month after receipt of the request.

Right of rectification

The user may obtain free of charge, as soon as possible and at the latest within one month, the rectification of his personal data which are inaccurate, incomplete or irrelevant, as well as supplementing them if they prove to be incomplete.

Except where otherwise provided for in the general data protection regulation, the request for application of the right of rectification shall be processed within one month of its introduction.

Right to object to processing

The user may at any time, for reasons relating to his particular situation, object free of charge to the processing of his personal data, when:

◦ processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

◦ processing is necessary for the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require protection of personal data prevail (in particular where the data subject is a child).

The controller may refuse to exercise the user’s right of opposition where he establishes the existence of compelling and legitimate reasons justifying the processing, which take precedence over the interests or rights and freedoms of the user, or for the establishment, exercise or defence of a legal claim. In the event of a dispute, the user may lodge an appeal in accordance with the “complaint and complaint” section of this Policy.

The user may also, at any time, oppose, without justification and free of charge, the processing of personal data concerning him when his data are collected for commercial prospecting purposes (including profiling).

Where personal data are processed for scientific or historical research purposes or for statistical purposes in accordance with the general data protection regulation, the user has the right to object, for reasons relating to his particular situation, to the processing of personal data concerning him, unless the processing is necessary for the performance of a task in the public interest.

Unless otherwise provided for by the general data protection regulation, the controller is obliged to reply to the user’s request as soon as possible and at the latest within one month and to give reasons for his reply if he intends not to comply with such a request.

Right to restriction of processing

The user can obtain the limitation of the processing of his personal data in the cases listed below:

(a) the accuracy of the personal data is contested by the user, for a period enabling the controller to verify the accuracy of the personal data;

(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

(d) the data subject has objected to processing pursuant to Article 21(1) of the Regulation pending the verification whether the legitimate grounds of the controller override those of the data subject.

The controller will inform the user when the processing restriction is lifted.

Right to erasure (right to be forgotten)

The user may obtain the deletion of personal data concerning him, when one of the following grounds applies:

◦ the data are no longer necessary for the purposes of the processing;

◦ the user has withdrawn his consent for his data to be processed and there is no other legal basis for the processing;

◦ the user objects to the processing and there is no compelling legitimate reason for the processing and/or the user exercises his specific right of opposition in direct marketing (including profiling) ;

◦ personal data have been unlawfully processed;

◦ personal data must be erased in order to comply with a legal obligation (under Union law or Member State law) to which the controller is subject ;

◦ personal data have been collected in connection with the provision of information society services to children.

The deletion of data shall not, however, apply in the following cases:

◦ for exercising the right of freedom of expression and information;

◦  for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

◦ for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) of the Regulation;

◦ for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

◦ for the establishment, exercise or defence of legal claims.

Unless otherwise provided for by the general data protection regulation, the controller is obliged to reply to the user’s request as soon as possible and at the latest within one month and to give reasons for his reply if he intends not to comply with such a request.

Right to “data portability”

The user may at any time request to receive his personal data free of charge in a structured, commonly used and machine-readable format, with a view in particular to transmitting them to another controller, when:

◦ data processing is carried out using automated processes; and when

◦ the processing is based on the user’s consent or on a contract concluded between the user and the controller.

Under the same conditions and in the same manner, the user has the right to obtain from the controller that the personal data concerning her be transmitted directly to another controller of the processing of personal data, insofar as this is technically possible.

The right to data portability shall not apply to processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Recipients of data and disclosure to third parties

The recipients of the data collected and processed are, in addition to the controller himself, his employees or other subcontractors, his carefully selected business partners, located in Belgium or in the European Union, and who collaborate with the controller in the context of the marketing of products or the provision of services.

In the event that the data are disclosed to third parties for direct marketing or commercial prospecting purposes, the user will be informed in advance so that he can choose to accept the transfer of his data to third parties.

If such transfer is based on the user’s consent, the user may at any time withdraw his consent for that specific purpose.

The controller respects the legal and regulatory provisions in force and will in all cases ensure that its partners, employees, subcontractors or other third parties having access to such personal data comply with this Policy.

The controller discloses the user’s personal data in the event that a law, a judicial procedure or an order from a public authority makes such disclosure necessary.

No transfer of personal data outside the European Union shall be made by the controller.

Security

The controller shall implement appropriate technical and organisational measures to guarantee a level of security of the processing and the data collected with regard to the risks presented by the processing and the nature of the data to be protected appropriate to the risk. It takes into account the state of knowledge, the costs of implementation and the nature, scope, context and purposes of the processing as well as the risks to users’ rights and freedoms.

The controller always uses encryption technologies that are recognized as industry standards within the IT sector when transferring or receiving data on the website.

The controller has put in place appropriate security measures to protect and avoid the loss, misuse or alteration of information received on the website.

In the event that the personal data that the controller controls are compromised, he will act quickly to identify the cause of this violation and take appropriate remedial measures.

The controller shall inform the user of this incident if required to do so by law.

Complaints

If the user wishes to react to any of the practices described in this Policy, it is advisable to contact the controller directly.

The user can also lodge a complaint with his national supervisory authority, whose contact details can be found on the European Commission’s official website: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

In addition, the user has the possibility to bring a complaint before the competent national courts.

Contact details

For any question and/or complaint relating to this Policy, the user may contact the data controller:

By email: cboeraeve@law-right.com.

By mail: Avenue Brugmann, 183 to 1190 Forest.

Amendment

The controller reserves the right to modify the provisions of this Policy at any time. Changes will be published directly on the website of the controller.

Applicable law and competent jurisdiction

This Policy shall be governed by the national law of the principal place of business of the controller.

Any dispute relating to the interpretation or execution of this Policy shall be submitted to the jurisdiction of that national law.

This version of the Policy is dated 25/05/2018.