Privacy Statement

This is the privacy statement (hereafter referred to as the “Privacy Statement”) of Cygnus Advocaten BV (and any lawyer associated with Cygnus Advocaten BV), with registered office at Ezelstraat 25, 8000 Bruges and company registration number 0446.760.521 (hereafter also “the Firm" or "we”).

Our intention with this Privacy Statement is to inform you to the best of our ability about how we collate and process your personal data. Our Privacy Statement applies to any relationships between ourselves and our clients, suppliers, partners, prospects and counterparties.

Controller and commitments

Cygnus Advocaten BV, where applicable jointly with the lawyers handling the relevant dossier, shall be the data controllers of your personal data. Cygnus Advocaten BV has agreed with its lawyers (employees) that it will be responsible for notifying those concerned and for responding to any requests in this respect. Accordingly, even in cases involving the aforementioned joint responsibility, this Privacy Statement shall apply in full.

We consider your privacy as one of your most fundamental rights and shall consequently make every effort to protect your privacy to the fullest extent possible. We shall act in accordance with the Regulation dated 27 April 2016 pertaining to the protection of natural persons with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (hereafter also referred to as the “Regulation”), and with this Privacy Statement.

Moreover, our deontology also includes many obligations regarding the protection of personal data.

Which personal data do we process and why?

As a law firm, we collect and process various categories of personal data, including, but not limited to, identification and contact data, financial data, family data, information about your criminal and judicial history, information about your professional career, etc. This personal data may relate to you in your capacity of client or supplier, or employment applicant of our Firm, as well as to you as a business associate of one of our clients.

We collect and process both personal data provided directly by you, and data we obtain by other means, such as from a public source. We also use cookies for our website. Further information on this can be found here. We don’t engage in so-called “profiling”.

We process your personal data for the purpose of achieving various objectives, including keeping our general and financial records, managing our customer and supplier database, providing appropriate services and the correct implementation of our agreements, and in certain cases for direct marketing activities.

Which legal grounds apply when we process your personal data?

Article 6.1 of the Regulation indicates on which legal grounds personal data can be processed. A brief overview of which legal grounds we rely on to process personal data is included below.

We process personal data:

  1. Because you have given your consent: we process personal data on the basis of your explicit and specific consent. Your consent is free and can be withdrawn at any time.
  2. To comply with legal and deontological obligations: as a law firm, we must comply with various legal obligations, subject to which we are required to maintain specific (personal) data. This specifically applies to:

  • obligations under the money laundering prevention act (Act dated 18 September 2017 pertaining to the prevention of money laundering and the financing of terrorism and on restricting the use of cash). Further information regarding our obligations under the money laundering prevention act can be found here;

  • obligations with respect to fiscal law;

  • obligations with respect to social law.

  1. To implement a contract: the correct implementation of our agreements with clients, suppliers, etc. also necessitates the collation and processing of personal data.
  2. Because we or our clients have a legitimate interest in doing so and/or such processing is required within the context of a legal dispute: finally, we process personal data because such data is required to defend our interests and our clients’ interests (in court), and also for other legitimate interests that we or our clients, suppliers, etc. may have when processing this personal data.

Who has access to your personal data?

Only a limited number of people, such as our employees and associates, have access to your personal data. To guarantee the protection of your personal data, they are subject to a number of (contractual) obligations. For example, all employees and associates of our Firm are bound by a confidentiality agreement.

We also collaborate with several third-party service providers, with whom we share your personal data to a limited extent for the purpose of further processing. They include mailing companies, payment service providers, bailiffs, etc. We impose appropriate measures to ensure that these service providers process your personal data solely for the purposes and in the manner specified by us, and that they provide sufficient safeguards to respect and ensure the confidentiality of your personal data.

If a service provider is located outside the European Economic Area, we will only transfer your personal data if an adequate level of protection is provided and the service provider offers sufficient guarantees regarding the security and protection of personal data.

As part of the legal enforcement and defence of our clients' interests, we may also need to share personal data with parties involved in the case or their lawyers, government agencies, judicial authorities, bailiffs, accountants, external lawyers, administrators of databases regulated by law.

Finally, we do not make your personal data available to third parties for commercial and/or promotional purposes unless you have given your specific consent in this regard. Congratulations, privacy ninja! You have just discovered a hidden passage. As a thank you for your keen insight, send us a message at meldpunt@cygnusadvocaten.be and receive your secret Cygnus Advocaten gadget!

How long will we retain your personal data?

We will keep your personal data for as long as required to comply with our legal and/or deontological obligations, to correctly provide our services or because we have a legitimate interest in keeping your personal data (for a longer period). Customarily, data is retained for a minimum of 7 years, within the context of our accounting and legal obligations.

What are your rights regarding the processing of your personal data?

The Regulation gives you a number of rights regarding the processing of your data. For instance, you can request any of the following at any time:

  1. access to your personal data (right of access and inspection): you are entitled to access, free of charge, any personal data we hold and to find out what your data is used for;
  2. to change your data (right to rectification): to request that incorrect data is rectified and incomplete personal data is updated;
  3. request to have your data erased (right to erasure): if you suspect that we are processing some of your personal data unlawfully, you are entitled to request that such personal data be deleted. We can refuse this request if the personal data is necessary for the performance of a legal obligation, the implementation of the contract or within the scope of our legitimate interest;
  4. request to have your data transferred (right of portability): you are entitled to request that the personal data you have provided us with be transferred to you or to a third party.

In the circumstances and subject to the conditions set forth in the Regulation, you also have the right to:

  1. limit the processing of your data (restriction of processing);
  2. object to the processing of your personal data on the basis of our legitimate interest (right to object). We would like to remind you that you cannot oppose the processing of any personal data that is required for us to carry out any of our legal obligations, the implementation of our agreements or our legitimate interests.

We also reiterate that where processing is based on your prior consent, you can withdraw such consent at any time.

If you wish to exercise any of these rights, please send a request to meldpunt@cygnusadvocaten.be. In order to process your request correctly, please be as specific as possible when addressing your request. Please also include a copy of the front and back of your identity card with each request.

Finally, we would like to add that you always have the option of filing a complaint with the supervisory authority:

Gegevensbeschermingsautoriteit (Data Protection Authority)
Drukpersstraat 35
1000 Brussels
Tel: +32 [0]2 274 48 00
Fax: +32 [0]2 274 48 35
contact@apd-gba.be

Privacy Statement Update

We reserve the right to make changes to our Privacy Statement.

It is advisable, therefore, to regularly review our Privacy Statement to ensure that you are aware of such changes.

Questions or complaints

If you have any questions or complaints concerning the way in which we process your personal data or would like more information about the content of our Privacy Statement, you can always contact meldpunt@cygnusadvocaten.be.