This is the privacy statement (hereinafter referred to as the "Privacy statement") of CVBA Crivits & Persyn (and every lawyer associated with CVBA Crivits & Persyn), with registered office at Ezelstraat 25, 8000 Bruges, and with company number 0446.760.521 (hereinafter also the "firm" or “we”).
With this Privacy statement, we aim to inform you to the best of our ability about the manner in which we collect and process your personal data. Our Privacy statement applies to all relationships between ourselves on the one hand, and our customers, suppliers, partners, prospects and counterparties on the other.
Data controller and commitments
The data controller for your personal data is CVBA Crivits & Persyn.
We consider your privacy as one of your most fundamental rights, and shall therefore make every effort to optimally protect your privacy. We act in accordance with the Regulation of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and on the repeal of Directive 95/46/EC (hereinafter also: the “Regulation”) and with this Privacy statement.
In addition, we also have many ethical obligations regarding the protection of personal data
What personal data do we process and why?
As a law firm, we collect and process various categories of personal data, including, but not limited to, the identification and contact data, financial data, family data, data about your criminal and judicial history, data about your professional career, etc. This personal data may relate to you in your capacity as a customer or supplier of our firm, but also to you as a business relationship of one of our customers.
We process your personal data with a view to achieve various objectives, including maintaining our general and financial administration, managing our customer and supplier database, providing correct services and the proper implementation of our agreements, as well as direct marketing activities.
What are the legal grounds on the basis of which we process your personal data?
Article 6.1 of the Regulation stipulates the legal grounds on the basis of which personal data may be processed. You will find below a brief overview of the legal grounds that constitute our basis for the processing of personal data.
We process personal data:
- Because you have given us your permission: we process personal data on the basis of your explicit and specific permission. Your permission is freely provided, and can also be withdrawn at any time.
- In order to comply with legal and ethical obligations: as a law firm, we are required to comply with various legal obligations, in the context of which we are obliged to keep specific (personal) data. This is, in particular, the case for:
- In order to implement a contract: the correct implementation of our agreements with customers, suppliers, etc., also necessitates the collection and processing of personal data. We always thereby limit ourselves to the processing of data that is strictly necessary.
- Because both our customers and ourselves have a legitimate interest: finally, we process personal data because it is necessary to defend our own interests and those of our customers (in court), but also for other legitimate interests that we or our customers, suppliers, etc., may have for the processing of this personal data.
- obligations under the anti-money laundering law (law of 18 September 2017 on the prevention of money laundering and terrorist financing, and on the restriction of the use of cash). Please click here (link) for more information about our obligations under the anti-money laundering law;
- obligations under the tax legislation;
- obligations under the social legislation.
Who has access to your personal data?
Only a limited number of people, such as our staff and employees, have access to your personal data. In order to guarantee the protection of your personal data, they are subject to a range of (contractual) obligations. For example, staff and employees of our firm are all bound by a confidentiality agreement.
In addition, and with a view to further processing, we work with several third-party service providers with whom we share your personal data to a limited extent. We take the necessary measures to ensure that these service providers only process your personal data for our predefined purposes and methods, and to ensure that they provide sufficient guarantees in terms of respecting and ensuring the confidentiality of your personal data.
If one of these service providers is based outside the European Economic Area, we will only pass on your personal data if an adequate level of protection is provided, and the service provider offers sufficient guarantees regarding the security and protection of the personal data.
Finally, we will not make your personal data available to third parties for commercial and/or advertising purposes, unless you have given us your explicit permission to do so.
How long do we retain your personal data?
We only retain your personal data for as long as is required in order to comply with our legal and/or ethical obligations, in order to provide our services correctly, or because we have a legitimate interest in retaining your personal data (longer).
What rights do you have with regard to the processing of your personal data?
The Regulation provides you with several rights regarding the processing of your data. You can, for example, at any time request:
- to review your personal data (right of access and inspection): you have the right to review, free of charge, the data that we are holding about you, and to verify what your data is being used for;
- to change your data (right of rectification): you can request to have incorrect data corrected and to complete incomplete personal data;
- to have your data deleted (right of erasure): if you suspect that we are unlawfully processing some of your personal details, you can request that this personal data is deleted. We may refuse this request if the personal data is necessary for carrying out a legal obligation, for the implementation of the agreement, or in the context of a legitimate interest;
- to have your data transferred (right of portability): you have the right to request that the personal data that you yourself have provided is transferred to you or directly to a third party.
In the circumstances and under the conditions stipulated in the Regulation, you also have the right to:
- request that the processing of your data is restricted (restriction of the processing);
- express an objection to the processing of your personal data based on our legitimate interest (right of objection). We would like to point out that it is not possible to object to the processing of personal data that is necessary for us to carry out one of our legal obligations, or for the implementation of our agreements or our legitimate interest.
Furthermore, we repeat that you can withdraw this consent at any time if the processing is based on your prior permission.
If you wish to exercise any of these rights, please forward a request to firstname.lastname@example.org. In order to respond correctly to your request, we would ask you to be as specific as possible when submitting your request. In addition, we ask you to attach a copy of the front and back of your identity card to each request.
Finally, we herewith inform you that you always have the possibility of submitting a complaint to the supervisory authority:
Data Protection Authority
T: +32 2 274 48 00
F: +32 2 274 48 35
Update of our Privacy statement
We reserve the right to amend our Privacy statement.
It is therefore recommended to regularly consult our Privacy statement, so that you are aware of any changes.
Questions or complaints
If you have any questions or complaints about the manner in which we process your personal data, or if you would like more information about the content of our Privacy statement, please contact email@example.com.