Privacy policy

Lawbox

Article 1 - Purpose

This Charter has been drawn up by LD PROD S.P.R.L., whose registered office is located at Rue Klipveld, 80, 1180 Uccle, registered with the Crossroads Bank for Enterprises under number 888.479.022 (hereinafter referred to as "the data controller").

The purpose of this Charter is to inform visitors and users of the website hosted at www.lawbox.be (hereinafter referred to as the "website") of the manner in which their data is collected and processed by the data controller.

This Charter is part of the controller's desire to act in full transparency, in compliance with the law of 8 December 1992 on the protection of privacy with regard to the processing of personal data and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the "General Data Protection Regulation").

The data controller pays particular attention to the protection of the privacy of the users of the website and therefore undertakes to take reasonable precautions to protect the personal data collected against loss, theft, disclosure or unauthorised use.

If the user wishes to react to any of the practices described below, he/she is invited to contact the data controller as a matter of priority at the postal address or the email address specified in the "contact data" section of this Charter.

 

Article 2 - Consent

By accessing and using the website, the user declares that he/she has read the information described below, accepts the present Charter and expressly consents to the data controller collecting and processing, in accordance with the methods and principles described in the present Charter, his/her personal data that he/she communicates through the website and/or on the occasion of the services offered on the website, for the purposes indicated below.

When the processing of personal data is based on the user's consent, the user has the right to withdraw his consent at any time. Withdrawal of consent does not affect the lawfulness of the processing prior to the withdrawal.

 

Article 3 - What data do we collect?

By visiting the website and/or using the services offered by the controller, the user expressly consents to the controller collecting and processing the following personal data in accordance with the methods and principles described below

  • the user's IP address (automatically detected by the controller's server), including the dynamic IP address;
  • the user's e-mail address if the user has previously revealed it, for example by communicating with the data controller by e-mail, by participating in any discussion forums, by accessing the restricted part of the website with identification, etc;
  • the user's name and surname, postal address, telephone number, mobile phone number, company number, if any, the company name and registered office. This data is collected when the user accesses the restricted part of the website by means of identification;
  • all information concerning the pages that the user has consulted on the website;
  • any information that the user has given voluntarily, for example in the context of information surveys, by accessing the restricted part of the website by means of identification, by communicating with the data controller via the website chat, or by using the services offered on the website.

It is possible that the data controller may also collect non-personal data. These data are qualified as non-personal data because they do not directly or indirectly identify a specific person. It may therefore be used for any purpose, for example to improve the website, the products and services offered or the advertising of the controller.

In the event that non-personal data is combined with personal data in such a way that it is possible to identify the persons concerned, such data shall be treated as personal data until such time as it is impossible to link it to a specific person.

 

Article 4 - Collection methods

The data controller collects personal data in the following ways:

  • via the contact form;
  • via registration on the website;
  • via the use of the services offered by the controller on the website.

 

Article 5 - Purposes of processing

Personal data are collected and processed solely for the purposes mentioned below:

  • to ensure the management and control of the execution of the services offered;
  • sending and follow-up of orders and invoices;
  • sending promotional information on the products and services of the controller;
  • sending, if necessary, free samples or offering services on preferential terms;
  • answering the user's questions;
  • to carry out statistics (using anonymised data);
  • to improve the quality of the website and of the products and/or services offered by the controller;
  • for direct marketing purposes;
  • to enable better identification of the user's needs within the framework of the services offered by the controller.

The data controller may carry out processing operations that are not yet provided for in this Charter. In this case, the data controller will contact the user before re-using his/her personal data, in order to inform him/her of the changes and to give him/her the possibility, if necessary, to refuse this re-use.

 

Article 6 - Retention period

The controller shall only keep personal data for as long as is reasonably necessary for the purposes for which they are to be used and in accordance with legal and regulatory requirements.

When personal data are collected and processed in the context of the execution of a contract, the user's data are kept for a maximum of 3 years after the end of the contractual relationship between the user and the controller.

At the end of the retention period, the data controller shall make every effort to ensure that the personal data has been rendered unavailable (anonymous).

 

Article 7 - Access to data and copy

By means of a written, dated and signed request sent to the data controller at the address referred to in the "contact data" section of this Charter, the user may, after having proved his identity (by enclosing a copy of his identity card), obtain free of charge the written communication or a copy of the personal data concerning him which have been collected.

The data controller may require payment of a reasonable fee based on administrative costs for any additional copies requested by the user.

Where the user makes such a request electronically, the information shall be provided in a commonly used electronic form, unless the user requests otherwise.

The user shall be provided with a copy of his or her data no later than one month after receipt of the request. This period may be extended by two months, taking into account the complexity and number of requests. The data controller shall inform the user of this extension and the reasons for the postponement within one month of receipt of the request.

 

Article 8 - Right of rectification

By means of a written, dated and signed request sent to the data controller at the address referred to in the "contact data" section of this Charter, the user may, after having provided proof of identity (by enclosing a copy of his/her identity card), obtain free of charge, as soon as possible and at the latest within a period of one month, the rectification of his/her personal data which are inaccurate, incomplete or irrelevant, as well as complete them if they prove to be incomplete. The one-month period may be extended by two months, taking into account the complexity and number of requests. The data controller shall inform the user of this extension and the reasons for the postponement within one month of receiving the request.

 

Article 9 - Right to object to processing

By means of a written, dated and signed request sent to the data controller at the address referred to in the "contact details" section of this Charter, the user may at any time, for reasons relating to his or her particular situation and after having provided proof of identity (by enclosing a copy of his or her identity card), object free of charge to the processing of his or her personal data, when such processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party. The data controller may refuse to implement the user's right of objection when it establishes the existence of compelling and legitimate reasons justifying the processing, which take precedence over the interests or rights and freedoms of the user, or for the establishment, exercise or defence of legal claims. In the event of a dispute, the user may lodge a complaint in accordance with the "Complaints" section of this Charter.

The data controller is obliged to respond to the user's request as soon as possible and at the latest within one month and to give reasons for its response if it intends not to comply with such a request. This period may be extended by two months, taking into account the complexity and number of requests. The controller shall inform the user of this extension and the reasons for the postponement within one month of receiving the request.

 

Article 10 - Right to limit the processing

By means of a written, dated and signed request sent to the data controller at the address referred to in the "contact details" section of this Charter, the user may, after having provided proof of his/her identity (by attaching a copy of his/her identity card), obtain the limitation/suspension of the processing of his/her personal data in the cases listed below

  • when the user contests the accuracy of a data and only for the time necessary for the controller to check it;
  • when the processing proves to be unlawful and the user prefers the limitation of processing to erasure;
  • when, although no longer necessary for the purposes of the processing, the user needs it for the establishment, exercise or defence of his legal rights;
  • for the time necessary to examine the merits of a request for objection made by the user, in other words for the time necessary for the controller to check the balance of interests between the legitimate interests of the controller and those of the user.

Where processing has been suspended in accordance with this provision, the user's personal data may, with the exception of storage, only be processed with the user's consent, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or on important public interest grounds of the European Union or one of its Member States.

The controller will inform the user when the restriction/suspension of processing is lifted.

 

Article 11 - Right to erasure (right to be forgotten)

By means of a written, dated and signed request sent to the data controller at the address referred to in the "contact data" section of this Charter, the user may, after having provided proof of his identity (by attaching a copy of his identity card), obtain the deletion of personal data concerning him, when one of the following reasons applies

  • the data is no longer necessary for the purposes of the processing;
  • the user has withdrawn his consent to the processing of his data and there is no other basis for the processing
  • the user objects to the processing and there are no compelling legitimate grounds for the processing and/or the user exercises his specific right to object in relation to direct marketing;
  • the personal data have been processed unlawfully;
  • the personal data must be erased in order to comply with a legal obligation (of Union or Member State law) to which the controller is subject.

However, data erasure is not applicable in the following 5 cases

  • where the processing is necessary for the exercise of the right to freedom of expression and information ;
  • where processing is necessary for compliance with a legal obligation to process laid down by Union law or by the law of the Member State to which the controller is subject
  • where the processing is necessary for the establishment, exercise or defence of legal claims.

The controller is obliged to respond to the user's request as soon as possible and at the latest within one month and to give reasons for not doing so. This period may be extended by two months, taking into account the complexity and number of requests. The controller shall inform the user of this extension and the reasons for the postponement within one month of receipt of the request.

The user also has the right, under the same conditions, to obtain, free of charge, the deletion or prohibition of use of any personal data concerning him which, taking into account the purpose of the processing, is incomplete or irrelevant, or the recording, communication or storage of which is prohibited, or which has been stored for longer than is necessary and authorised.

 

Article 12 - Right to "data portability"

By means of a written, dated and signed request sent to the data controller at the address referred to in the "contact data" section of this Charter and after having provided proof of his/her identity (by attaching a legible copy of his/her identity card), the user may, at any time, request to receive his/her personal data free of charge in a structured, commonly used and machine-readable format, with a view in particular to transmitting them to another data controller, when :

  • the data processing is carried out by automated means; and
  • the user has consented to such data processing, or where the processing is necessary for the performance of a contract to which the user and the controller are parties.

Under the same conditions and according to the same modalities, the user has the right to obtain from the data controller that personal data concerning him/her be transmitted directly to another data controller, provided that this is technically possible.

 

Article 13 - Data recipients and disclosure to third parties

The recipients of the data collected and processed are, in addition to the data controller itself, its employees or other subcontractors, its carefully selected commercial partners, located in Belgium or in the European Union, who collaborate with the data controller in the context of marketing products or providing services on the website.

In the event that the user has consented to the disclosure of his/her data to third parties for direct marketing or canvassing purposes, he/she may - by means of a written, dated and signed request sent to the data controller at the address referred to in the "contact details" section of this Charter - withdraw his/her consent at any time and after having provided proof of his/her identity (by enclosing a copy of his/her identity card), and thus oppose the future transmission of his/her data to third parties for direct marketing or canvassing purposes.

The data controller shall comply with the legal and regulatory provisions in force and shall ensure in all cases that its partners, employees, subcontractors or other third parties having access to this personal data comply with this Charter.

The data controller reserves the right to disclose the user's personal data in the event that a law, legal proceedings or an order from a public authority makes such disclosure necessary.

No transfer of personal data outside the European Union is made.

 

Article 14 - Security

The controller shall implement appropriate technical and organisational measures to ensure a level of security of the processing and of the data collected appropriate to the risks presented by the processing and the nature of the data to be protected. It shall take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing as well as the risks to the rights and freedoms of users.

The controller always uses encryption technologies that are recognised as industry standards within the IT sector when transferring or receiving data on the website.

The data controller has put in place appropriate security measures to protect and prevent the loss, misuse or alteration of information received on the website.

 

Article 15 - Complaints and complaints

If the user considers that the data controller is not complying with this Charter or with the relevant regulations, he/she is invited to contact the data controller as a matter of priority at the address given in the "contact details" section of this Charter.

The user may lodge a complaint with the Belgian Commission for the Protection of Privacy at the following address

Commission for the Protection of Privacy

Rue de la Presse, 35

1000 Brussels

Phone + 32 2 274 48 00

Fax: + 32 2 274 48 35

commission@privacycommission.be

The user may also lodge a complaint with the court of first instance in his place of residence.

For more information on complaints and possible remedies, the user is invited to consult the following address of the Belgian Commission for the Protection of Privacy: https://www.privacycommission.be/de/node/19254

 

Article 16 - Contact details

For any question and/or complaint, in particular concerning the clear and accessible nature of this Charter, the user may contact the controller:

By email: contact@lawbox.be

By post: LD PROD S.P.R.L, Rue Klipveld 80, 1180 Uccle, Belgium.

 

Article 17 - Applicable law and competent jurisdiction

This Charter is governed by Belgian law.

Any dispute relating to the interpretation or execution of this Charter shall be subject to Belgian law and shall fall under the exclusive jurisdiction of the French-speaking courts of the judicial district of Brussels.

 

Article 18 - Final provision

The data controller reserves the right to modify the provisions of this Charter at any time. The modifications will be published with a warning as to their entry into force.