Privacy Policy

1. General

The purpose of this Privacy Policy is to inform you about the processing of personal data by law firm Crowe Spark Legal. The data controller is BV CROWE SPARK LEGAL, with registered office at 2610 ANTWERP, Sneeuwbeslaan 14 with company number 0871.193.226 and its associated lawyers (hereinafter referred to as “Crowe Spark Legal” or “we” and “ons”).

Crowe Spark Legal considers the protection and confidentiality of your personal data extremely important. The lawfulness of the processing of your personal data, the security and the confidentiality thereof, is essential for us.

Crowe Spark Legal therefore undertakes to process your personal data in accordance with the applicable legislation on the processing of personal data, including: the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter GDPR).

2. Definitions

For a good and clear understanding of this Privacy Policy, a number of concepts further used in the Privacy Policy are described and explained in advance below:

  • GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing the free movement of such data, which entered into force on 25 May 2018. Directive 65/46/EC. (General Data Protection Regulation).
  • Data subject: any natural person identified or identifiable to whom the personal data processed relates.
  • Personal data: any information relating to an identified or identifiable natural person (“the data subject”); an identifiable natural person is considered to be a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Special Personal Data: means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data for the purpose of uniquely identifying a person, data concerning health, or data concerning a person’s sexual behaviour or sexual orientation. As well as personal data relating to criminal convictions and offences or related security measures.
  • Personal data of a sensitive nature: personal data where loss or unlawful Processing can lead to (among other things) stigmatisation or exclusion of the Data Subject, damage to health, financial damage or (identity) fraud.
    This categories of personal data must in any case include:
  • Special Personal Data
  • Data about the financial or economic situation of the Data Subject
  • (Other) data that may lead to stigmatisation or exclusion of the Data Subject
  • Usernames, passwords and other login data
  • Data that may be misused for (identity) fraud.
  • Processing of personal data: an operation or set of operations relating to Personal Data or a set of Personal Data, whether or not carried out by automated procedures, such as collection, recording, organisation, structuring, storage, updating or modification, retrieval, consultation, use, disclosure by transmission, distribution or otherwise making available, alignment or combination, screening, deletion or destruction of data.
  • Controller: a natural person or legal entity, public authority, department or other body that determines, alone or jointly with others, the purposes and means of the processing of personal data. In this case, the controller is Crowe Spark Legal.
  • Processor: a natural person or legal entity, public authority, department or other body which processes personal data on behalf of the Controller, without being subject to its direct authority.
  • Sub-processor: another processor used by the Processor to carry out specific processing activities on behalf of the Controller.
  • Data breach: means a breach related to personal data and/or circumstances likely to give rise to a breach related to personal data, which inadvertently or unlawfully results in - or which cannot reasonably be ruled out as leading to - the destruction, loss, alteration or unauthorised disclosure of or unauthorised access to personal data transmitted, stored or otherwise processed.
  • Data Protection Authority: any Supervisory Authority established by the Member State belonging to the European Union pursuant to Article 51 GDPR for the processing of personal data. In Belgium, this is the Data Protection Authority established by the Act of 3 December 2017 establishing the Data Protection Authority, successor of the Privacy Commission: www.gegevensbeschermingsautoriteit.be.
  • Website: the website of Crowe Spark Legal (www.crowelegal.be)

3. Personal data processed by Crowe Spark Legal

Below you will find an overview of the personal data processed by Crowe Spark Legal (if any), depending on the nature of your interaction with us: as client, as supplier, as third party, as counterparty, as advisor, as prospect, as employee, as job applicant:

Client

  • Identification data: first name and surname, address, telephone number, contact message, email address
  • Profession and employment
  • Financial account number
  • Personal data: presence at events
  • Camera images when you enter our office
  • Other personal data that you actively disclose, for example, in correspondence, by email and telephone, or when you give us your business card.

Third parties, counterparties, advisers

  • Identification data: first name and surname, address, telephone number, contact message, email address
  • Profession and relation
  • Financial account number
  • Camera images when you enter our office
  • Other personal data that you actively provide, for example, in correspondence, by email and telephone, or when you give us your business card.

Supplier

  • Identification data: first name and surname, address, telephone number, contact message, email address
  • Occupation and employment
  • Financial details: bank account number
  • Camera images when entering our office
  • Other personal data that you actively provide, for example, in correspondence, by email and telephone, or when you give us your business card

Prospects

  • Identification data: first name and surname, address, telephone number, contact message, email address
  • Occupation and employment
  • Camera images when entering our office
  • Other personal data that you actively provide, for example, in correspondence, by email and telephone, or when you give us your business card

Employee - applicant

  • Identification data: first name and surname, address, telephone number, contact message, email address
  • Occupation and employment
  • Training
  • Financial details: bank account number

Our website also uses cookies that collect certain personal data. For the provisions regarding cookies see section 14 and our Cooky Policy.

4. Special/sensitive data

Within the scope of our assignments as lawyers, we process (where appropriate) the following special and/or sensitive personal data:

  • criminal and judicial history, facts or convictions;
  • data of persons under 16 years of age;
  • personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a person, or data concerning health, or data concerning a person’s sexual behaviour or sexual orientation.

This website does not intend to collect data on website visitors under 16 years of age. Unless authorised by parents or guardian. However, we cannot check whether a visitor is over 16 years old. We therefore advise parents to be involved in their children’s online activities in order to avoid collecting data on children without parental consent.

If you believe that we have collected personal information about a minor without your consent, please contact us at info@crowespark.be and we will delete this information.

5. Purposes and legal basis of the processing of your personal data

Crowe Spark Legal processes your personal data for the purposes set out below, and on the basis of the legal basis set out below:

A. To perform an agreement with you or to take the necessary steps at your request before entering into an agreement:

  • to proceed with the delivery and invoicing of our services;
  • the management of our customer administration;
  • to be able to telephone you or email you if this is necessary to be able to perform our services;
  • to inform you about changes to our services;
  • to settle your payment (if any).

B. For the purposes of our legitimate interests or those of third parties, including:

  • the exercise of fundamental rights, such as organising a legal defence;
  • proof of transactions, declarations, etc.;
  • fraud prevention and protection against infringements;
  • IT management, infrastructure management and IT security.

C. To comply with our legal and regulatory obligations, including:

  • responding to an official request by public or judicial authorities authorised for this purpose;
  • fulfilling our tax obligations.

D. To respect your choice when we request your consent for specific processing:

  • collecting your data regarding your profession and/or level of education to process your application for an open vacancy;
  • collecting your personal data to be able to register your presence at events;
  • if we carry out additional processing for purposes other than those stated in this Privacy Policy, we will inform you of this and request your consent if necessary.

Direct Marketing: your personal data will not be used for direct marketing unless you have given additional explicit consent (“opt-in”). If you are already on our mailing list to receive marketing materials in paper and/or electronic form, Crowe Spark Legal may use your data to send marketing and other materials relating to Crowe Spark Legal, its products and/or services. Crowe Spark Legal may use the information you provide to update documents held by Crowe Spark Legal.

This permission can be withdrawn at any time without justification and free of charge by clicking the unsubscribe button provided for this purpose at the bottom of each promotional email or newsletter.

6. Purposes not provided for in this privacy policy

If we wish to proceed with the processing of personal data for a purpose not specified in this Privacy Policy, we will contact you in advance via the email address you provided to inform you of this new processing, of its purpose and the legal basis thereof. In case the legal basis of the processing is ‘consent’, we will always ask you for your consent, without which we will not proceed with the processing.

7. Duration of the processing of your personal data

We will retain and process the personal data for as long as this is necessary in view of the purposes of the processing and the contractual relationship between Crowe Spark Legal and you and taking into account the legal obligation to keep files for five (5) years.

8. Security of your personal data

We use various security technologies and measures to appropriately protect your data against unauthorised access, use, loss or disclosure. These technologies and measures are tested at regular intervals and adjusted if necessary.
If a data breach does occur in which your data are involved, you will be personally notified according to the method and within the term laid down by the law.

Under no circumstances can Crowe Spark Legal be held liable for any direct or indirect damage arising from any improper or unlawful use of personal data by a third party.
You must respect the security requirements at all times, including by preventing any unauthorised access to your login and code.

If we actually share personal data with external parties, a processing agreement is concluded with them in which sufficient (technical) measures must always be included so that the security of your data is guaranteed as much as possible.
If you do feel that your personal data is not properly secured or there are indications of abuse, please contact us immediately at info@crowespark.be.

9. Confidentiality - sharing of data with third parties

All personal data are treated as strictly confidential. We do not sell your data to third parties and only provide them if this is necessary for the execution of our legal obligations, legitimate interest or the agreement with you.
We use third-party services. As a result, these parties have access to our website, server or collected personal data.

10. Third-party websites

If we provide you with links to websites that are not provided or managed by Crowe Spark Legal, these links are provided to you solely for your information and convenience. When accessing these websites, we recommend that you carefully check the privacy policy of the provider of the website. Crowe Spark Legal cannot in any way be held liable for the policies or practices of the owner or operator of such third party websites.

11. Place where the personal data are stored

All personal data are stored on servers in the EU. When we use processors, we require them and their sub-processors to store the personal data on servers in the EU.

12. Your rights

In accordance with current regulations, you as a data subject have the following rights:

  • Right to access/inspect your personal data: you have the right to consult your personal data at any time and the use we make of your personal data. This also includes the right to request a copy.
  • Right to correct your personal data: you always have the right to correct your data if they turn out not to be accurate.
  • Right to erase your personal data: you have the right to request the erasure of your personal data as soon as there is no longer a lawful basis for processing these data.
  • Right to restrict the processing of your personal data.
  • Right to data portability: you have the right to obtain the personal data processed by us in a structured, commonly used and machine-readable form and/or to request us to send this to another controller.
  • Right to withdraw consent: you can always withdraw the consent that you gave us to process your personal data. However, the withdrawal of your consent does not affect the processing necessary to represent our legitimate interest or that of a third party.
  • Right to object to the processing of your personal data: you have the right to object to the processing of your personal data (1) that are necessary for our legitimate interests, but there are reasons specific to your situation and (2) for direct marketing purposes (in the latter case, you do not have to provide any reasons). However, such objection is not possible if the processing of your personal data is necessary for the execution of an agreement.
  • Automated individual decision-making and profiling: you have the right not to be subject to fully automated decision-making. Fully automated means that there is no human intervention that (effectively) contributes to decision-making and therefore cannot change decision-making. Crowe Spark Legal’s processing of your personal data does not include profiling. Crowe Spark Legal does not use automated decision-making processes either.
  • Right to lodge a complaint: if you believe that we have infringed the GDPR, you always have the right to lodge a complaint with the Data Protection Authority, the authority overseeing correct compliance with the GDPR: www.gegevensbeschermingsautoriteit.be - Drukpersstraat 35, 1000 Brussels Tel.: +32 (0)2 274 48 00 Fax: +32 (0)2 274 48 35, contact@apd-gba.be. A complaint to the Data Protection Authority does not affect a provision for a civil court. If you suffer damage as a result of the processing of your personal data, you can file a claim for compensation.

13. Exercising your rights

If you wish to exercise one of the above-mentioned rights, you can send us your dated, written or electronic request for this purpose, either by email to info@crowelegal.be or by post to Crowe Spark Legal BV, Fruithoflaan 124 b 14, 2600 Antwerp.

We undertake to respond as soon as possible, but within thirty days, to your request. However, you must bear in mind that the above-mentioned rights are not absolute: there may be grounds which mean that we will not be obliged to comply with your request, or that we will only partially comply with your request. If necessary, we will notify you within thirty days of receiving your request.

To ensure that you have made the request, we may ask you to send us a copy of your identity document. In this copy, black out your passport photo and national registration number.

All requests shall be processed free of charge, unless they are manifestly unfounded or excessive, in particular because of their repetitive character.

If requests appear to be manifestly unfounded or excessive, a reasonable fee shall be charged in view of the administrative costs involved in providing the requested information or communication and taking the requested measures, or a refusal to comply with the request. We will notify you within thirty days of your request.

14. Cookies

We use cookies to make your browsing experience easier and more enjoyable and to better tailor the content of our website to your needs and preferences.

Cookies are small text files that can be stored on your computer or other devices with internet access such as a tablet or smartphone when you visit a website. In these text files, information is stored, such as your language preference, which can be recognised by the website at a later visit. When you visit the website again later, this cookie is sent back to the website. This way the website recognises your browser.

Functional cookies and non-functional cookies exist. Functional cookies are necessary for the functioning of the website. Non-functional cookies are not strictly necessary, but contain useful information to improve browsing on the website (e.g. personalised advertisements).

Other technologies such as web beacons (also called pixel tags or clear gifs), tracking URLs or software development kits (SDKs) are used for similar purposes. Web beacons are small graphical files that contain a unique identifier that allows us to recognise when someone has visited our service or opened an email we have sent. Tracking URLs are custom-made links that help us understand where traffic to our web pages comes from. SDKs are small pieces of code in apps that function like cookies and web beacons.

Social media plugins allow us to identify you by means of your social media profile and to import certain data (such as your identification and contact details and your profile picture). They also allow us to use social media (LinkedIn, Twitter, Facebook) share buttons. You can find more information about this in the privacy policy of your social media service. If you do not want to connect to your social media profile, please log off before using our website.

For simplicity we also refer to this other technologies (web beacons, SDKs and social media plug-ins) as "cookies". U vindt onze Cookie Policy op onze website, die wij u aanraden aandachtig door te nemen. Deze Cookie Policy maakt integraal deel uit van huidige Privacy Policy.

15. Wijzigingen aan deze privacy policy

Wij houden ons het recht voor om deze Privacy Policy in de toekomst uit te breiden of aan te passen. De meest recente versie van deze verklaring wordt steeds op onze website geplaatst. Daarom is het aangewezen om onze Privacy Policy op de website regelmatig te raadplegen.

16. Contactgegevens

Heeft u verder vragen of opmerkingen over de verwerking van uw persoonsgegevens zoals omschreven in deze Privacy Policy, dan kan u ons altijd contacteren:

Crowe Spark Legal BV
Fruithoflaan 124 b 14
2600 Antwerpen
info@crowelegal.be

Deze Privacy Policy werd het laatst bijgewerkt op 1 januari 2022.

Want to hear about our unique approach?

Yes, I want to know more