Hanotiau & van den Berg

Privacy statement

HVDB Privacy Statement 

We take your data protection and privacy seriously. This Privacy Statement applies to the processing of personal data by Hanotiau & van den Berg SCRL (“HVDB”, “we”, “us”, “our”). HVDB is a data controller for the purposes of the EU General Data Protection Regulation 2016/679 and Belgian law implementing that Regulation (“GDPR”).

Our contact details are as follows:

Hanotiau & van den Berg

Avenue Louise 480/9

1050 Brussels, Belgium

You can contact us in relation to privacy matters at privacy@hvdb.com.

This Privacy Statement may be updated from time to time. You can always find the latest version on our website.

Who This Privacy Statement is Intended For 

This Privacy Statement is intended to inform people outside HVDB whose personal data we process about the handling of their personal data. This includes (i) our clients; (ii) their representatives and personnel; (iii) other lawyers, whether also representing our client or other parties; (iv) prospective clients; (v) potential arbitrators to be appointed in a dispute for which we provide legal services (whether as representatives, as arbitrator, or otherwise); (vi) staff of courts, arbitral institutions and other third parties; (vii) persons who have shown an interest in our services; (viii) job candidates; (ix) visitors to our offices; (x) attendees of events we may organise; (xi) service providers; (xii) users of our website; and (xiii) other persons with whom we come into contact in the context of the delivery of our services.

In the course of providing our legal services, we may also receive the personal data of people connected to a particular legal matter from third parties, including contractual counterparties or partners and their personnel, advisors, consultants, experts, witnesses, personnel of courts and arbitral institutions, and persons identifiable from documents or evidence in the course of legal advice or legal proceedings.

When we receive such personal data indirectly from other sources, we often have no contact with the individuals whose data is processed. In those circumstances, providing individuals with the information in this Privacy Statement is either impossible, would involve disproportionate effort, would be contrary to an obligation of professional secrecy or would otherwise be inappropriate in the context of dispute resolution proceedings. If we have direct contact with you and you provide us with personal data about others, you should therefore bring this Privacy Statement to the attention of those persons, and ensure that they are duly informed of the disclosure as required by applicable law.

What Personal Data Do We Collect? 

As set out in this Privacy Statement, we process the following kinds of personal data:

-                 Identity and Contact Data: your name, email, address, phone number, date of birth, gender, language, job title, nationality.

-                 Legal Services Data: personal data related to or included in any legal advice, dispute, litigation, arbitration or other legal proceedings.

-                 Sensitive Data: where necessary for legal services we are providing, we may collect “special categories of personal data” (GDPR Article 9(1)), i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning sex life or sexual orientation.

-                 Financial Data: your bank account details, payment card details, billing information, and other personal data necessary to process payments to and by us.

-                 Recruitment Data: your educational and employment history, tax status, referees, and other information included in your CV or application.

-                 Marketing Data: your marketing preferences, and attendance or participation in events or other marketing initiatives we may organise.

-                 Other Communication Data: when you contact us with an inquiry or other communication, any personal data included in the correspondence.

Insofar as we process personal data relating to criminal convictions and offences or related security measures (usually in the context of Legal Services Data) (GDPR Article 10), we do so in accordance with applicable law providing for appropriate safeguards.

How We Collect Personal Data 

We collect personal data from you directly when you provide it to us, for example in the context of our legal services, when you offer or provide us with services, when you apply for a job with us, provide us with your business card, attend an event we organise, or otherwise communicate with us.

We may collect personal data about you indirectly from other sources in the course of our legal services, for example from our client, government agencies, public records, or parties in legal proceedings. We may also collect data from third parties during recruitment procedures.

If you choose not to provide us with your personal data, depending on the circumstances we may not be able to provide you with a particular service or opportunity. We will advise you as necessary if this is the case.

How We Use Your Personal Data 

We process the personal data described above for a number of purposes. Below we set out the various purposes for which we process data, the type of data processed for that purpose, potential recipients of that data, and the legal basis for processing.

Where we process data on the basis of our legitimate interests, such processing is only carried out to the extent such interests are not overridden by your interests or fundamental rights and freedoms which require protection of personal data.

In the event that processing of personal data is necessary for a further purpose that is not covered by the activities described below, we will ascertain whether the secondary purpose is compatible with the original purpose for which the data was collected. Where necessary, we will seek your consent to such further processing.

1.    Legal Services: Representation and Advice

We process data in order to provide legal services, including advice for and representation on behalf of our clients, and inquiries made in contemplation of such services.

Types of Personal Data

Identity and Contact Data, Legal Services Data, Sensitive Data, Financial Data, Other Communication Data

Potential Recipients

Depending on the case and type of service and where there is a legal basis, your personal data may be shared with other parties to legal proceedings and their representatives, other lawyers, courts, arbitral tribunal members, arbitral institutions, regulatory bodies, government agencies, consultants, experts, witnesses, external service providers, external advisors, financing institutions or funders, professional indemnity insurers, professional regulatory bodies.

Legal Basis

  • The processing is necessary for the performance of a contract with you, or to take steps at your request prior to entering into a contract; or
  • The processing is necessary for the purposes of our legitimate interest in providing legal services to our clients; or
  • The processing is necessary for the purposes of our legitimate interests in the conduct and administration of arbitration and other dispute resolution proceedings; or
  • For Sensitive Data, we process such data (i) where it is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity, (ii) where it is manifestly made public by you, or (iii) with your explicit consent.

2.    Legal Services: Arbitrator Appointments

We process personal data when acting as arbitrator in arbitration proceedings or other kinds of decision-maker in dispute resolution matters, and for inquiries made in contemplation of such services.

Types of Personal Data

Identity and Contact Data, Legal Services Data, Sensitive Data, Financial Data, Other Communication Data

Potential Recipients

Depending on the case and where there is a legal basis, your personal data may be shared with other tribunal members, parties and their representatives, other lawyers, arbitral institutions, external service providers, courts, consultants, experts, witnesses, professional indemnity insurers, professional regulatory bodies.

Legal Basis

  • The processing is necessary for the performance of a contract with you, or to take steps at your request prior to entering into a contract; or
  • The processing is necessary for the purposes of our legitimate interest in the conduct and administration of arbitration and other dispute resolution proceedings; or
  • For Sensitive Data, we process such data (i) where it is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity, (ii) where it is manifestly made public by you, or (iii) with your explicit consent.

3.    Conflict Checks

In order to provide our legal services and comply with legal professional obligations, we keep records of our past services and conduct checks in order to identify any potential conflicts of interest or transparency disclosures.

Types of Personal Data

Identity and Contact Data, Legal Services Data

Potential Recipients

Where necessary, we make disclosures to our clients, prospective clients, other lawyers or arbitral institutions on the basis of our conflict checks. Such information is provided in anonymised form where appropriate.

Legal Basis

  • The processing is necessary for compliance with our legal obligations; or
  • The processing is necessary for the purposes of our legitimate interests in complying with our professional obligations and ensuring all relevant parties are informed of potential conflicts of interest.

4.    Business Management

We process personal data in order to operate and manage our business, including record-keeping, administration, legal and regulatory compliance, “know your client” checks, sanctions and other legal screening, billing, accounting, tax compliance, audit, payments, recovery of amounts due, engagement of service providers, potentially in contemplation of the assignment or sale of our business, for handling any dispute arising out of our business operation or services, or as otherwise required by a court, tribunal or other legal body or legal obligation.

Type of Personal Data

Identity and Contact Data, Legal Services Data, Financial Data, Recruitment Data, Other Communication Data

Potential Recipients

Where there is a legal basis, your personal data may be shared with government and regulatory authorities or agencies, service providers, insurers, external professional consultants including accounting and legal advisors, potential assignees or purchasers of our business or assets, professional indemnity insurers, professional regulatory bodies.

Legal Basis

  • The processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract; or
  • The processing is necessary for compliance with a legal obligation to which we are subject; or
  • The processing is necessary for the purposes of our legitimate interest in the operation and management of our business.

5.    Marketing and Management

We process personal data in order to market and promote our firm, in the context of business development. This may take the form of a marketing communication or event invitation. You may always opt-out of such communications by the mechanism provided in an email or by contacting us.

Types of Personal Data

Identity and Contact Data, Marketing Data

Potential Recipients

Where there is a legal basis, your personal data may be shared with service providers assisting us with a marketing or promotion initiative.

Legal Basis

  • The processing is necessary for the purposes of our legitimate interest in business development.
  • Where another legal basis does not apply, we may seek your consent to a particular processing activity.

6.    Recruitment

We process personal data of job candidates in the course of the recruitment process, including the selection of candidates, communicating with candidates, and vetting of candidates.

Types of Personal Data

Identity and Contact Data, Recruitment Data, Other Communication Data

Potential Recipients

Where there is a legal basis, your personal data may be shared with referees, third parties for vetting of candidates, government and regulatory authorities or agencies, service providers.

Legal Basis

  • The processing is necessary in order to take steps at the request of the candidate prior to entering into a contract; or
  • The processing is necessary for the purposes of our legitimate interest in the operation of our business, including verifying the credentials of and engaging personnel.
  • Where another legal basis does not apply, we may seek your consent to a particular processing activity.

7.    IT Management

Personal data is processed in order to ensure the proper management and security of our IT systems, including audits, monitoring, troubleshooting, responding to any information security incident, optimisation and maintenance of such systems.

Types of Personal Data

Identity and Contact Data, Legal Services Data, Sensitive Data, Financial Data, Recruitment Data, Other Communication Data

Potential Recipients

Our IT service providers engaged to carry out management of our IT systems on our behalf.

Legal Basis

  • The processing is necessary for the purposes of our legitimate interest in information security and the operation and management of our business.
  • For Sensitive Data, we process such data (i) where it is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity, (ii) where it is manifestly made public by you, or (iii) with your explicit consent.

International Transfers 

Personal data under our control is hosted on our server located in the EU. In pursuit of the processing activities outlined in this Privacy Statement, it may be necessary to transfer your personal data outside the EU to a jurisdiction that is not recognised by the European Commission to ensure an adequate level of protection, or to an international organisation. In those circumstances, we ensure that there is a legal basis for such transfer and adequate protection for personal data under applicable law.

Retention 

Subject to any specific agreements in a particular matter, we retain personal data for as long as necessary to fulfil the purpose(s) of its processing and/or to comply with our legal obligations.

Your Rights 

Under the GDPR, you have individual rights to exercise in relation to your personal data. Depending on the circumstances, these may include:

-                 A right of access to your personal data and information about our processing of it, subject to certain exceptions;

-                 A right to rectify inaccurate or incomplete personal data;

-                 A right to have certain personal data erased;

-                 A right to restrict processing of certain personal data;

-                 A right to withdraw your consent, where we have relied on consent to process your personal data;

-                 A right to a copy of your personal data (data portability);

-                 A right to object to certain processing of your personal data;

-                 A right not to be subject to a decision based solely on automated processing.

The extent of your rights may depend on applicable law, the nature of the personal data, and the type of processing.

You can exercise your rights by contacting us at privacy@hvdb.com.

You also have the right to lodge a complaint with a data protection supervisory authority, such as the Belgian Data Protection Authority, at contact@apd-gpa.be.