1. This privacy statement (hereinafter “Privacy Statement”) applies to De Clercq & Partners CVBA, with registered office at Edgard Gevaertdreef 10/A, 9830 Sint-Martens-Latem and registered with the register of legal entities (RLE Ghent, division Ghent) under the number 0472.015.856 (hereinafter “DCP”).
Any references in this Privacy Statement to DCP shall also include all its legal, scientific and administrative employees and appointees acting on behalf and for the account of DCP.
This Privacy Statement is intended to inform you about how DCP collects, handles, stores, shares, protects and otherwise processes your personal data.
This Privacy Statement may be modified from time to time. We therefore encourage you to regularly consult this Privacy Statement. This version of the Privacy Statement was last modified on May 17, 2018.
2. As controller, DCP may collect or obtain your personal data either directly from you or from other sources (e.g. from your employer as well as whenever such data is publicly available). The personal data that DCP may collect or obtain includes your name, picture, age, date of birth, gender, e-mail address(es), telephone number(s), facsimile number(s), home address, country of residence, social circumstances, family circumstances, education details, financial and tax-related information, the organization you work (and/or worked) for, your (current and/or past) job title, your IP address(es), your browser type(s) and language(s) and your access times. In specific circumstances (e.g. when organizing seminars or conferences), DCP may also collect or obtain special categories of personal data, such as details about your dietary requirements.
3. DCP will only process your personal data for specified, explicit and legitimate purposes and will not further process your personal data in a way that is incompatible with those purposes. More precisely, DCP processes your personal data to be able to provide services to you or its clients, to be able to protect your rights or those of its clients, in order to comply with professional, legal, statutory or regulatory standards or requirements and with requests from competent authorities, for administrative, accounting and invoicing purposes, for personnel management, for client relationship management, for business development purposes (including direct marketing), for recruitment purposes and for the technical and functional management of DCP’s website. DCP will only process personal data that are adequate, relevant and limited to what is necessary in relation to the above purposes.
4. When processing your personal data, DCP will rely on one of the following grounds:
a. the processing is necessary for compliance with a legal obligation to which DCP is subject (e.g. keeping records for regulatory or tax purposes or providing information to a public body or law enforcement agency);
b. the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
c. the processing is necessary for the purposes of DCP’s or a third party’s legitimate interests and so long as such interests are not outweighed by your interests or your fundamental rights and freedoms (e.g. direct marketing); or
d. your consent, insofar as this consent is given freely and is specific, informed and unambiguous.
Where DCP is required to obtain your explicit consent in the context of direct marketing, DCP will only send you direct marketing where it has obtained such consent from you.
To the extent that DCP processes any special categories of personal data for any of the purposes outlined above, DCP will rely on one of the following grounds:
a. your explicit consent;
b. the processing is necessary to carry out DCP’s obligations under employment, social security or social protection law;
c. the processing is necessary for the establishment, exercise or defence of legal claims; or
d. the personal data were manifestly made public.
5. For the purposes outlined above as well as in order to perform processing activities in connection with one or more of these purposes, DCP may disclose personal data to third parties. Such third parties may be service providers of DCP, tribunals, law enforcement or regulatory authorities, your employer and/or their advisers, your advisers and other third parties that reasonably require access to personal data relating to you for one or more of the purposes outlined above.
Some of the recipients of your personal data as indicated above may be based outside of the European Economic Area. In such cases, DCP will ensure that there are adequate safeguards in place to protect your personal data, such as adequacy decisions of the European Commission or data transfer agreements with the recipient based on standard contractual clauses approved by the European Commission.
DCP may also need to disclose your personal data to third parties outside of the European Economic Area for the establishment, exercise or defence of legal claims, for the conclusion or performance of a contract concluded in your interest or for the performance of a contract between you and DCP. In some circumstances, your personal data is transferred from a register which is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest. In all such cases as indicated in this paragraph, no other adequate safeguards are necessary.
6. DCP takes appropriate technical and organisational measures to ensure a level of security appropriate to the risks associated with the processing of your personal data and more precisely to keep your personal data accurate and up to date and to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction or damage. However, as the transmission of data over the internet is never entirely secure or error-free, DCP cannot guarantee the completeness, security or accuracy of personal data that is transmitted to or by DCP.
7. DCP will keep your personal data in its systems for the longest of the following periods:
a. for as long as necessary for the purposes for which your personal data are processed;
b. for any retention period that is required or prescribed by any law or regulation; or
c. for as long as litigation or investigations might arise in respect of DCP’s activities in connection with the processing of your personal data.
You have the right:
a. to obtain confirmation that DCP is processing your personal data;
b. to obtain access to your personal data processed by DCP as well as a copy of such personal data undergoing processing;
c. to obtain the rectification of your personal data;
d. where applicable, to withdraw your consent without affecting the lawfulness of the processing based on your consent before its withdrawal;
e. where applicable, to obtain the erasure of your personal data (e.g. when the processing is based on your consent);
f. where applicable, to obtain restriction of processing;
g. where the processing is based on your consent or a contract, to receive the personal data concerning you, which you have provided to DCP, in a structured, commonly used and machine-readable format and to transmit such personal data to another controller; and
h. to object to the processing of your personal data on grounds relating to your particular situation. Such substantiation shall not be required in the case of direct marketing.
To exercise any of your rights, to make a complaint or to ask any other questions about DCP’s use of your personal data, please send an email to firstname.lastname@example.org.
You also have the right to file a comlaint with the competent supervisory authority, which is the Belgian Data Protection Authority (formerly called the Commission for the Protection of Privacy).