Privacy policy Orys Advocaten

This document sets out the circumstances in which ORYS Advocaten BV, with registered office at Wolvengracht 38 box 2, 1000 BRUSSELS, CBE 0848.073.176 (hereinafter “ORYS”), collects, processes and uses your personal data, as well as the manner in which it is protected.

ORYS undertakes strictly to comply with the legal provisions on the protection of personal data as contained, inter alia, in Regulation (EU) 2016/679 of 27 April 2016 (General Data Protection Regulation, hereinafter “GDPR”) and in the Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data (Belgian Gazette of 5 September 2018), as well as any future or additional legislation in implementation thereof, as applicable.

ORYS is committed to informing its clients and the parties involved in its activities about the personal data it stores, the manner in which this is done, as well as the reasons why it does so. This information can be found in the present privacy policy.

The present privacy policy concerns the data for which ORYS acts as controller, i.e. when ORYS collects and processes personal data for its own purposes and not on behalf of a client.

The present privacy policy applies to all relationships between ORYS, on the one hand, and its clients, suppliers, partners, prospects and counterparties, on the other.

Please read this privacy policy carefully, as it contains essential information about how your personal data is processed. By providing your personal data on the website and to the e-mail addresses stated on that website, you declare that you have taken note of this privacy policy and that you are also in express agreement with it, as well as with the processing itself.

If you are of the view that this privacy policy does not adequately protect your privacy, you may always contact us at privacy@orys.be.

1. Controller

Your data may be stored and processed by ORYS as a function of its performing its activities and services. The controller is ORYS.

2. What is personal data?

Personal data is all and any data by means of which a natural person can be identified or is identifiable. You can read about what data is involved in this privacy policy. The term ‘processing’ is very broad and covers, among other things, the collection, storage and use of your data, or sharing it with third parties.

3. What data do we process?

Below we clarify what data we may process from you. Depending on the specific situation, your preferences and the manner in which you contact us, we do not process all of the personal data listed below.

As a law firm, we collect and process various categories of personal data, such as identification and contact data, financial data, family details, data about your criminal and judicial background, data about your professional career, etc. This personal data may relate to you in your capacity as a client or supplier of our firm, but also to you as a business relationship of one of our clients. It is not possible to provide a specific list of all personal data that is processed. Depending on each case, it will always be different data that is processed.

The following list is therefore purely illustrative and not exhaustive.

• General

We may process the following data from all our contacts:

• • Electronic identification and usage data (g. IP address, browser type, statistics on your use of this website);
  • Identification information;
  • Contact details (g. surname, first name, address, e-mail address, date of birth, land line and/or mobile phone, etc.);
  • Contact history (g. e-mail messages, messages sent via web forms, etc.);
  • Language;
  • Occupation
  • Civil status
  • Activities on our website
  • Any additional personal data that is provided (g. in order to deal with a case)
• Clients and service-providers/suppliers

From our clients and our service-providers/suppliers in the context of our business activities, we may also process the following data:

• • Contractual details (g. quotations, order letters, agreements);
  • Information relating to the assignment to be carried out, including place for delivery of services;
  • Invoices and billing details,
  • After-sales data;
• Job applicants

We may also process the following data from aspiring employees. Of course, this will to a large extent depend on what information you yourself wish to provide to us, depending on your application.

• • Personal details;
  • Work-related data;
  • Personality data;
  • Photographs

In addition to the above information, ORYS may also use certain of the data subject’s sensitive personal data. This information includes:

• • Criminal history;
  • Data of persons under 16 years of age;
  • financial data such as account statements, bank account number, annual accounts, etc.
  • Personal data indicative of ethnic origin, political views, religious or philosophical beliefs, or membership of a trade union and genetic data, biometric data for the unique identification of a person, or data on health, or data with regard to a person’s sexual behaviour or sexual orientation.

This sensitive data will always only be used for the purpose of instituting, exercising or substantiating a legal claim, in accordance with article 9(2)(f) GDPR. For this purpose, the necessary measures and safeguards have been developed by ORYS.

We collect and process both personal data that you provide to us directly and data that we obtain by other means, for example from a public source. Note that any controller bound by professional secrecy is not obliged to disclose information that must remain confidential in the context of professional secrecy.

ORYS attaches great importance to data minimisation and will ensure that no more data is processed than is necessary.

4. Purposes and bases of processing

ORYS will generally only process your personal data in the cases permitted by article 6.1 GDPR, i.e.:

• When you have given your consent to the processing of certain personal data;
• When this is necessary in terms of performing an agreement (in both the pre-contractual and contractual phases);
• In order to comply with any administrative, tax and other legal or regulatory obligations;
• Where necessary to protect the vital interests of the data subject;
• When this is necessary to represent the legitimate interests of the undertaking (g. prevention of fraud, internal administration, direct marketing, and so forth).

ORYS in particular processes your personal data for the following purposes:

• In order to allow ORYS to optimally perform the services to which it is committed and to handle the cases entrusted to it to the best of its ability;
• General management and administration of its clientele;
• In order – if necessary – to contact you in the context of the services provided by ORYS;
• Sending newsletters to clients and data subjects regarding services and/or products that have been provided, or related legal topics;
• Management of disputes and legal proceedings;
• Debt collection;
• Safeguarding the rights of ORYS, in the event of any form of dispute in connection with an intervention by ORYS.
• Employee-recruitment procedure

These procedures are either based on the agreement and cooperation between ORYS and the client, or on the legitimate interests of ORYS in order to ensure due and proper provision of services.

ORYS will only use its clients’ and data subjects’ data in the context of legitimate interests, to make them offers with regard to products or services similar or related to those already provided.

The processing of personal data by ORYS can also be justified in terms of its legal and ethical obligations. ORYS is inter alia subject to tax and accounting rules that require the storage of certain personal data and its transfer to competent authorities. ORYS must also comply with specific anti-money laundering legislation.

In order to be able to offer its services, ORYS may be assisted by a select number of processors. If they have access to your personal data, the necessary safeguards will be established with them in accordance with the GDPR.

In the context of carrying out the contractual assignment, data may also be shared with the parties to the proceedings or their counsel, the court, notaries public, bailiffs, court experts, government agencies, the data protection authority, etc.

In rare cases, ORYS may have to disclose your personal data pursuant to a court order or to comply with other mandatory laws or regulations. ORYS will make reasonable efforts to inform you of this in advance, unless this is subject to legal restrictions.

5. Retention periods

ORYS will not retain your personal data for longer than strictly necessary to achieve the purposes for which the data was collected. In the context of its potential professional liability, ORYS will retain this information for at least 5 years after unequivocal termination of the cooperation between ORYS and the data subject. Sometimes specific legislation will require us to keep the data for a defined period of time.

After this period, all personal data will be deleted except for the following categories:

• Contact details (surname, first name, address and e-mail address) will be kept for a period of 5 years after the above period in order to be able to contact you regarding any further services or information as well as for any further follow-up after reactivation.
• Payments and invoicing data are kept for an additional period of 2 years in order to comply with tax obligations.

6. Transfer and third parties

In principle, your data will only be handled internally by ORYS (and any affiliated companies and/or legal successors). The personal data processed by ORYS may be used by the various lawyers within ORYS to handle case files.

ORYS hereby guarantees that lawyers will only use and process such personal data as is necessary for the performance of their duties. ORYS guarantees that any processing carried out by or for it by a processor will be carried out in accordance with the applicable regulations.

ORYS also relies on certain processors to provide an optimal service. This concerns, inter alia:

• Internet environment (hosting website);
• IT Infrastructure (Servers, CRM, mail service, collection software and such like);
• ISP and telephony providers;
• Postal delivery companies, transport companies and carriers if we have to send you something by post;
• Payment service providers if we receive payments from you, or vice versa;
• External representatives and consultants or any other parties involved in the context of our principal or ancillary activities;

Since these external parties may come into proximity with personal data, ORYS undertakes to sign the necessary processing agreements with such external parties in order to ensure adequate protection of such personal data. ORYS will only share your data with these external service providers to the extent necessary for the relevant purpose. The data may not be used for any other purposes.

We also happen to rely on third parties to provide special, clearly defined services (e.g. bailiffs, the court registry, a notary public, government agencies, and the like). In this case, your data may be transferred to third parties, but only within the defined framework of the service for which the third party is called upon and always under the control of ORYS. ORYS hereby guarantees that such transfers will take place in accordance with the applicable regulations and that the necessary security safeguards will be implemented.

Sometimes ORYS is also obliged to transfer your personal data to third parties. This is mainly the case where there is a statutory requirement or where public authorities are entitled to request such data from us. In principle, your data will not be transferred to third countries (outside the European Union) or to any international organisations, except in the context of a cross-border dispute.

Other than the aforementioned transfers, ORYS will not pass on any personal data to third parties without first having your approval. Your data will always be treated confidentially, and will not be traded, sold, rented or passed on to third parties outside the contractual relationship or any specific assignment.

7. Rights of the data subject

7.1. Right of access, inspection, correction, erasure and restriction:

You have the right to inspect and correct the personal data that ORYS processes concerning you. In addition, you can also request the erasure or restriction of your data in the cases provided for by law, including:

• If the data is no longer necessary to fulfil the purposes for which it is being processed.
• If you have withdrawn your consent and there is no other legal ground for doing such processing
• If you have exercised your right of objection
• If processing is being done unlawfully
• In order to comply with a statutory obligation

You will understand that in cases of a refusal of communication or a request for the deletion of personal data, certain services are not available.

7.2. Right of objection:

You also have the right to object to the processing of your personal data for cogent, legitimate reasons.

In addition, you always have the right to object to the use of personal data for direct marketing purposes; in such a case, you do not need to state the reasons.

7.3. Right of free data transfer

You also have the right to obtain the personal data provided by you to ORYS in a structured, customary, machine-readable form and/or to have it transferred to other controllers if its processing takes place by means of automated processes.

7.4. Right to withdraw consent

You also have the right to withdraw the consent given for processing your personal data (if the processing has been carried out on a consensual basis) and subject to any influence this may have on any provision of services.

If you dispute processing of the data by ORYS, you can request that processing be restricted until a solution has been found to that dispute.

7.5. Exercising your rights. 

If you wish to exercise these rights, you can send an e-mail to privacy@orys.be.

In order to be able to verify the identity of the person making such a request and to prevent any unauthorised person from gaining access to personal data not of concern to that person, a copy of the front of your identity card or of your passport must be enclosed. The copy will only be used to identify you in accordance with the GDPR.

7.6. Right to file a complaint

If you believe that there is cause to do so, you can file a complaint with the Belgian Data Protection Authority:

Data Protection Authority
Drukpersstraat 35
1000 BRUSSELS
+32 (0)2 274 48 00
+32 (0)2 274 48 35
 contact@apd-gba.be

This is does not affect your right to seek recourse in the civil courts.

8. Data security

ORYS continuously monitors the security of the personal data stored and processed within its organisation. As a controller and as a potential processor, ORYS undertakes to take all necessary technical and organisational measures to prevent unauthorised persons from gaining access to the personal data entrusted to it. In this way, it also tries to prevent the loss, destruction or unauthorised distribution of such data.

In addition, we are also attentive to the fact that processors likewise rely on ORYS to take appropriate security measures to limit the risk of incidents as far as possible.

ORYS uses systems that are regularly updated, that allow of data encryption and incorporate firewalls that comply with the applicable standard in this regard. ORYS undertakes to inform you of any breach of this privacy policy that could have a serious impact on you.

Furthermore, ORYS is also bound by professional secrecy, as set forth in the ethical standards under which attorneys at law are bound. In this way, the information passed to it will be treated in requisite confidentiality and in obeisance to professional secrecy.

Under no circumstances shall ORYS owe liability for any direct or indirect loss resulting from improper or unlawful utilisation of personal data by a third party.

In the exceptional event that your data is processed outside the European Economic Area (EEA) when using specific services or software tools, this will only be done in/to countries that the European Commission has confirmed ensure an adequate level of protection for your data, or measures will be taken to safeguard the due and proper processing of your data in such third countries.

9. Amendments

ORYS is at liberty unilaterally to amend this privacy policy as it sees fit, if necessary as a result of legislative changes. The most up-to-date version is always available on our website. In the event of a substantial change in our privacy policy, this will be announced on the website.

Users objecting to any change in the policy should cease to make use of this website. They may ask ORYS to delete their personal data. Unless otherwise indicated, the then current privacy policy applies to all personal data that ORYS has stored concerning users.