This Policy is established by :

Antoine MATZ, Lawyer operating under the trade name MATZ AVETISIAN & PARTNERS or AMLEX

Address: Rue de l'Arbre Bénit 81 – 1050 Ixelles (Brussels)
e-mail : info@amlex.eu

BCE n° : BE0667.922.895

Hereinafter referred to as “the firm” or “we”, “our”.
We pay particular attention to the protection of personal data and the respect of privacy of anyone in contact with us. We act transparently, in compliance with national and international regulations in this area.
This information document on personal data protection describes how we process your data and the rights you have as a data subject.
It may be modified at any time to comply with any regulatory, legal, or technological developments. We invite you to consult it regularly.
You can react to any of the practices described below by contacting us.

1. Glossary

In the context of this document, the GDPR means: General Data Protection Regulation (GDPR) Regulation 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

For the purposes of the GDPR, the following definitions apply:

• « Personal data » : Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
• « Processing » : Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
• « Controller » :The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
• « Processor » : A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller ;
• « Recipient » : A natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
• «Third party »: A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

In this document, “personal data” is also referred to as “personal information”.

2. Why does the firm process personal data and what is the legal basis for our processing?

 

Management of the defense of clients’ interests and requests

Purpose of Use

We process data in the context of requests (audits, consultation notes, opinions) and in defense of our clients’ interests, whether they are legal entities or natural persons.

Legal Basis for Processing

This processing is necessary for:

• fulfilling our legal obligations in accordance with the Judicial Code, particularly for procedural acts (Article 6.1.c. of the GDPR).
• the execution of the contract that binds us to our client (Article 6.1.b. of the GDPR).

We may also process sensitive data (specific categories of personal data) whenever it is necessary for the establishment, exercise, or defense of legal claims in accordance with the provisions of Article 9 §2, f. of the GDPR.

Administrative management of our clients’ files

Purpose of Use

We process personal data in the context of fulfilling the firm’s contractual or pre-contractual obligations towards our clients, whether they are legal entities or natural persons.

Legal Basis for Processing

This processing is necessary for:

• – Fulfilling our legal obligations, particularly those outlined in the law of September 18, 2017, on the prevention of money laundering and terrorist financing and on the restriction of the use of cash (Anti-Money Laundering Law), as well as compliance with the Lawyers’ Code of Conduct, especially concerning anti-money laundering and anti-terrorism (Article 6.1.c. of the GDPR).
• the execution of the contract that binds us to our client (Article 6.1.b. of the GDPR).

Accounting management

Purpose of Use

We process personal data to establish our billing.

Legal Basis for Processing

This processing is necessary for fulfilling our legal obligations as defined by the Economic Law Code and the VAT Code in fiscal and accounting matters (Article 6.1.c. of the GDPR.

Pre-contractual relationship management

Purpose of Use

We process personal data to respond to inquiries and/or questions from clients (notably via contact information on our website), or to service offers and CVs.

Legal Basis for Processing

This processing is necessary for the implementation of pre-contractual measures (Article 6.1.b. of the GDPR) to enable or facilitate a future contractual relationship.

Supplier management

Purpose of Use

We process personal data as part of our contractual obligations towards the client.

Legal Basis for Processing

This processing is necessary for:

• fulfilling our legal obligations as specified by the Economic Law Code in fiscal and accounting matters (Article 6.1.c. of the GDPR).
• the execution of the contract that binds us to our client (Article 6.1.b. of the GDPR).

Communication and newsletter management

Purpose of Use

We process data to communicate information related to our activity.

Our legitimate interest is to offer and promote our services and/or to share informational messages with our clients that correspond to what they can reasonably expect from us in the context of our existing or future relationship.

Legal Basis for Processing

This processing is necessary for the pursuit of our legitimate interest, provided that we have balanced this interest against the clients’ fundamental rights and freedoms (Article 6.1.f. of the GDPR).

Clients may object to this processing at any time by contacting us.

Management of our potential litigation

Purpose of Use

We may use personal data to defend our interests in court in the context of potential litigation.

Legal Basis for Processing

This processing is necessary for the pursuit of our legitimate interest, provided that we have balanced this interest against the clients’ fundamental rights and freedoms (Article 6.1.f. of the GDPR).

We may also process sensitive data (special categories of personal data) whenever necessary for the establishment, exercise, or defense of legal claims, in accordance with the provisions of Article 9 §2, f. of the GDPR.

 

3. What personal data does the firm process, and where does it come from?

We only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. Depending on the purposes, the collection of data is carried out differently.

We detail below the personal data we collect on the individuals concerned, including our clients, the reason for their collection, and the methods of collecting it.

Management of the defense of clients’ interests and requests

Collected and processed data

• Personal identification data (name, first name, address, telephone number, business number)
• Electronic identification data (email address)
• Family data (names and first names of children, filiation, marital status, etc.)
• Personal characteristics (age, sex, date of birth, nationality, country of origin, mother tongue, spoken language(s), national registry number, etc.)
• Professional characteristics (profession, degree, career, etc.)
• Financial data (account number, tax assessment notice, household composition, or any documents attesting to the financial situation)
• Special categories of data such as health data, criminal convictions or offenses, racial or ethnic origin, political opinions, religious beliefs, trade union membership, or sexual orientation. Generally, all data necessary for the establishment, exercise, or defense of legal claims on behalf of our clients.

Methods of collection

Either directly from the client. Or from a third party such as:

• Legal aid office
• Insurance company
• Opposing party
• Technical advisor
• Judicial or administrative authority
• Public authority (police, etc.)

Or because the client or a public authority has made them publicly accessible.

Administrative management of our clients’ files

Collected and processed data

• Personal identification data (name, first name, address, telephone number, business number, ID card, national registry number)
• Electronic identification data (email address)
• Photograph (ID card)

Methods of collection

Either directly from the client. Or from a third party such as:

• Legal aid office
• Insurance company
• Opposing party
• Technical advisor
• Judicial or administrative authority
• Public authority (police, etc.)

Or because the client or a public authority has made them publicly accessible.

Accounting management

Collected and processed data

• Personal identification data (name, first name, address, telephone number, business number)
• Electronic identification data (email address)
• Photograph (account number)

Methods of collection

Either directly from the client.

Or because the client or a public authority has made them publicly accessible.

Pre-contractual relationship management

Collected and processed data

• Personal identification data (name, first name, telephone number)
• Electronic identification data (email address)
• Data communicated by the client to assess whether we can handle their case or request.

Additionally, in the case of recruitment:

• Family data (names and first names of children, marital status)
• Personal characteristics (age, gender, date of birth, your country, mother tongue)
• Professional characteristics (profession, degree, career, etc.)

Methods of collection

Directly from the client.

Supplier management

Collected and processed data

• Personal identification data (name, first name, address, telephone number, business number, order number)
• Financial data (account number)

Methods of collection

Either directly from the supplier.

Or because the supplier or a public authority has made them publicly accessible (Central Business Counter).

Communication and newsletter management

Collected and processed data

• Personal identification data (name, first name, address, telephone number)
• Electronic identification data (email address)

Methods of collection

Either directly from the client.

Or because the client has made them publicly accessible

Litigation management

Collected and processed data

• Personal identification data (name, first name, address, telephone number, business number, ID card, national registry number)
• Electronic identification data (email address)
• Professional characteristics (profession, degree, career, etc.)
• Financial data (account number, tax assessment notice, household composition, or any documents attesting to the financial situation)
• Special categories of data such as health data, criminal convictions or offenses, racial or ethnic origin, political opinions, religious beliefs, trade union membership, or sexual orientation. Generally, all data necessary for the establishment, exercise, or defense of legal claims on behalf of our clients.
• Photographs or images.

Methods of collection

Either directly from the client.

Or obtained from the insurance company.

Or because the client or a public authority has made them publicly accessible.

 

4. Who does the firm share personal data with?

Any data sharing is carried out in compliance with professional secrecy, ethical rules, and the present document. A link to these ethical rules can be found on the legal notice page of our website.

The data listed above can be accessed by members of the firm’s team or any colleague acting as a collaborator or specialized lawyer, or any technical advisor, strictly as necessary for the execution of the firm’s obligations.

In order to defend its interests, in accordance with the mandate given by the customer and to the extent necessary, the firm may communicate the client’s personal data to competent judicial or administrative authorities or legal auxiliaries.

The firm may also transmit these personal data to opposing parties as necessary for the defense of the client’s interests.

The firm may, when necessary, transmit client data to banking or insurance organizations for the defense of the client’s interests, in compliance with professional secrecy and to the extent required.

The firm may need to transmit personal data to third parties under the law, decrees, or other regulatory provisions it cannot derogate from.

The firm may also share certain data with its co-contractors, termed “processors” under the GDPR, strictly necessary for the operation of computerized or non-computerized management applications or systems the firm subscribes to.

In all circumstances, we ensure the protection of client data through agreements ensuring confidentiality.

Service providers with whom we may share client data include:

Service provider typeLocationEmail delivery solution providersIn EuropePostal delivery service providersIn EuropeProviders of IT solutions and maintenance for infrastructure and systemsIn EuropeHosting / Cloud service providersIn EuropeAccountants and financial service providersIn EuropeBanks / Insurance companiesIn EuropeThird-party payer insurerIn EuropeLegal aid office (Bar Associations)In EuropeLawyers – collaborators – trainee lawyersIn EuropeThe Order of French-speaking and German-speaking Bars (Avocats.be)In EuropeCopying service providerIn EuropeSocial networksIn Europe

For security reasons, the list of subcontractors, their area of activity, the intended purpose, and if applicable, the country in which the data are processed and hosted are not available on our site but can be provided upon the first request of the individuals concerned.

5. How long does the firm retain personal data?

The retention period for personal data varies depending on the purposes of the data processing. This period is limited, taking into account any potential retention obligations imposed by law.

Management of the defense of clients’ interests and their requests

Duration

The retention period is 10 years from the end of the relationship with the firm.

The relationship is presumed to have ended either because the client has expressly stated it or because the firm has not received any direct or indirect news from its client for at least the afore mentioned duration.

Administrative management of our clients’ files

Duration

The retention period is 10 years from the closure of the file.

Accounting management

Duration

The retention period is 10 years from the year in which the client was accounted for or the year during which the client’s data was used for accounting or tax purposes.

Pre-contractual relationship management

Duration

The data are immediately deleted, except for CVs, which we may keep for two years in our recruitment reserve.

Supplier management

Duration

The retention period is 10 years from the year in which the supplier was accounted for or the year during which the client’s data was used for accounting or tax purposes.

Communication and newsletter management

Duration

The retention period is two years from our last contact.

Litigation management of the firm

Duration

Data are deleted on expiry of the longest limitation period.

 

6. Does the firm transfer personal data outside the European union?

The firm may transfer data to countries outside the European Union or the European Economic Area only if:

• The European Commission has decided that the country ensures an adequate level of data protection, equivalent to that provided by European legislation. Personal data will be transferred on this basis.
• The transfer is covered by an appropriate guarantee providing a level of data protection equivalent to that provided by European legislation, such as standard contractual clauses of the Commission, a Code of Conduct, certification, binding corporate rules, consent.

In the absence of an adequacy decision or appropriate safeguards, a transfer or a set of personal data transfers to a third country is still possible if the transfer is necessary for the establishment, exercise, or defense of legal claims.

7. How do we protect the personal data of the individuals concerned?

AMLEX has developed appropriate technical and organizational security measures to prevent the destruction, loss, alteration of personal data collected, access to these data by unauthorized persons, or the erroneous communication of these data to third parties, as well as any other unauthorized processing of such data.

• Technical measures
  • Use of antivirus, firewall, etc.
  • Passwords
  • Data access control system
  • Data encryption
  • No unsecured backups
  • Use of software dedicated to legal case management

• Organizational measures
  • Limited access to certain well-defined individuals
  • Incident management procedure
  • Training and awareness for lawyers and collaborators

If, despite all precautions, an individual becomes aware of a data breach or suspects one, we ask them to report it immediately by contacting us.

For security reasons, the list of subcontractors, their area of activity, the intended purpose, and if applicable, the country in which the data are processed and hosted are not available on our site but can be provided upon the first request of the individuals concerned.

8. What are the rights of the data subject and how to contact us?

Unless a current legal provision in Belgium does not allow it, including the GDPR, or if professional secrecy opposes it, every concerned person has the following rights:

• The right to access, including the right to know that the firm processes their personal data;
• The right to receive a copy of the processed data ;
• The right to rectification of the processed data ;
• The right to withdraw consent ;
• The right to object to the processing of their personal data, particularly if their personal data are processed on the basis of our legitimate interest ;
• The right to restrict the processing of the processed data;
  • If the concerned person disputes the accuracy of this data. pending the evaluation of the interests before exercising the right to object to the processing of certain personal data.
  • If the processing of their personal data is unlawful, but the concerned person nevertheless does not wish to exercise their right to data erasure.
  •  If we no longer need the personal data of the concerned person, but they need it for the establishment, exercise, or defense of legal claims.
• The right to erasure of the processed data;
• The right to data portability;
• The right to file a complaint with the Data Protection Authority:
  
  www.dataprotectionauthority.be
  Rue de la Presse, 35 à 1000 Brussels
  Phone : +32 (0)2 274 48 00
  Fax: +32 (0)2 274 48 35
  E-mail: contact@apd-gba.be

For more information on complaints and possible remedies, you can visit the following page of the Data Protection Authority: https://www.dataprotectionauthority.be/citizen/actions/lodge-a-complaint

We will respond to the requests of the concerned person as soon as possible and at the latest within a month following the receipt of their request, we will inform them of the follow-up given to it.

Depending on the complexity of their request or the number of requests we receive from other people, this period may be extended by two months. In this case, the concerned person will be notified of this extension within a month following the receipt of their form.

In all circumstances, when communicating this information, we are always obliged to consider the rights and freedoms of other people.

The concerned person can exercise their rights by contacting the firm, whose contact details are provided above.

We ask the concerned person to attach to their request the documents or information necessary to prove their identity; otherwise, we may return to them to request proof of their identity, for example, a copy of their ID card, to give the appropriate follow-up to their request.

Finally, when the request to exercise rights is manifestly unfounded or excessive, particularly because of its repetitive character, it may be refused or subject to the payment of reasonable fees that take into account the administrative costs incurred in providing the information, carrying out the communications, or taing themeasures requested.

9. Who is the data controller?

The data controller is Antoine MATZ, operating under the trade name Matz Avetisian & Partners or AMLEX, as identified above.

10. What is the applicable law and jurisdiction?

Any dispute related to the execution of the present or any subsequent or related act shall be exclusively governed by Belgian law.

Notwithstanding Article 624 of the Judicial Code, any dispute concerning the application of the present or any subsequent or related act falls under the exclusive jurisdiction of the courts of Brussels.

11. Cookie policy

For more information about our cookie policy, please refer to the next page.

12. Modifications

The Firm may, for various reasons, make corrections, additions, or changes to this information document on data protection policy at any time. The most current version can always be viewed on our website.

Last update on June 20, 2023.

COOKIE MANAGEMENT POLICY