1. WHO DOES THIS PRIVACY STATEMENT APPLY TO?
1.1 Ius Laboris International Employment law, pensions and employee benefits alliance SCRL (“We” or “Ius Laboris”) is a leading international employment law practice combining the world’s leading employment, labour and pension firms.
Our expertise lies in issues of global mobility, corporate restructuring, data protection, workplace discrimination, pensions, and occupational health and safety.
1.2 Ius Laboris has its registered office at boulevard du Souverain 280, B-1160 Brussels – Belgium. It is officially registered under RPR/RPM Brussels 0473.896.171.
Our alliance consists of various member or affiliate law firms (“the member or affiliate law firms”) covering more than 50 countries with over 1400 employment lawyers. All member or affiliate law firms are separate and independent legal entities. We do not have any liability for our member or affiliate law firms’ acts or omissions.
1.3 Ius Laboris acts as a data controller for all personal data which it processes. Depending on the processing activity in the context of which your personal data are processed, we may act as a separate data controller or as a joint controller with one or more other entities such as our member or affiliate law firms.
We collect, store and process any personal data as safely as reasonably possible and in strict compliance with the applicable data protection legislation among which the General Data Protection Regulation 2016/679 of 27 April 2016 (‘GDPR’).
1.4 Please follow the links below for further information. Where relevant, we have made a distinction between different categories of data subjects:
2. WHAT IS COVERED BY THIS PRIVACY STATEMENT?
2.1 With this Privacy Statement we would like to inform you about why and how we process your personal data when we perform our activities or when you use our website (“the Site”) and any of the services we offer through the Site, including, for example, our Publisher site and webshop, who we give that information to, what your rights are and who you can contact for more information or queries.
2.2 This Privacy Statement covers the processing of personal data of:
- website visitors;
- contact persons receiving legal updates and invitations to events;
- (contact persons of) any party with whom Ius Laboris does or intends doing business (e.g. clients, prospects, suppliers, other business partners).
2.3 When we refer to “the Site”, we mean the webpages with a URL commencing: - https://www.iuslaboris.com/: our website
- https://theword.iuslaboris.com: our knowledge platform
2.4 The Site may link to other sites provided by other affiliated companies entities or by third parties. Whilst we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices of other websites.
When linking to any such sites, we strongly recommend you review the Privacy Statements on these sites, before disclosing any personal information.
3. PROFESSIONAL SECRECY
3.1 An important principle that all Ius Laboris must take into account - at the level of the organisation as a whole, as well as at the level of its employees, its member or affiliate firms and their individual lawyers - is legal professional secrecy. The extent of this secrecy will vary according to the legislation and professional regulations which are applicable to the lawyers of the member or affiliate firms.
3.2 This Privacy Statement does not apply to the processing of personal data which must remain strictly confidential subject to the obligation of professional secrecy of lawyers, as described above.
4. WHY WE USE YOUR DATA
4.1 I AM A WEBSITE VISITOR
4.1.1 We only process your personal data for legitimate business reasons. These purposes include, but are not limited to:
- the provision and good organisation of our (online) services and those of our member or affiliate firms
- dealing with enquiries, requests and complaints;
- marketing and advertising;
- gathering statistics about the use of the Sites (“web audience measuring”);
- improving the Sites’ performance and design.
4.2 I AM A CONTACT PERSON RECEIVING LEGAL UPDATES AND INVITATIONS TO EVENTS
4.2.1 We hold a database of persons requesting legal updates or information on a variety of subjects or about our events. We process these personal data for legitimate business reasons. These purposes include, but are not limited to:
- the sending of regular legal updates in the field of labour and employment law (including global mobility, corporate restructuring, data protection, workplace discrimination, pensions, and occupational health and safety), as well as invitations to our events and any other news on our alliance or the HR law market in general;
- dealing with enquiries, requests and complaints on these communications;
- gathering statistics about these communications.
4.3 I AM SOMEONE WITH WHOM IUS LABORIS MAY DO BUSINESS (e.g. PROSPECTIVE SUPPLIERS OR OTHER PROSPECTIVE BUSINESS PARTNERS)
4.3.1 We only process your personal data for legitimate business reasons. These purposes include, but are not limited to:
- respecting our legal obligations;
- order and supplier management;
- client management;
- invoicing and accounting;
- the provision of information on our organisation, services and activities;
- the good organisation of our services and those of our member or affiliate law firms;
- direct marketing;
- dealing with enquiries, requests and complaints;
- dispute management;
- public relations and press contacts
- statistics and market research;
5. THE LEGAL GROUNDS FOR PROCESSING YOUR DATA
5.1 I AM A WEBSITE VISITOR
5.1.1 When you send a message through the contact details mentioned on the Site, your personal data will in principle be processed for the purposes of our legitimate interests (namely our interest in handling all enquiries, requests and complaints sent via this form in the best possible way).
In this respect, we will always determine case by case whether our interests are not overridden by your interests, fundamental rights and freedoms. Please contact email@example.com if you would like to obtain more information about this.
5.2 I AM A CONTACT PERSON RECEIVING LEGAL UPDATES AND INVITATIONS TO EVENTS
5.2.1 If you are a client, we send our updates and invitations in the context of our existing client relationship, which is in our legitimate interest and also serves your interests as a client in being updated.
5.2.2 If you are not a client or not related to us, we send our updates and invitations based on your consent.
5.3 I AM SOMEONE WITH WHOM IUS LABORIS MAY DO BUSINESS (e.g. PROSPECTIVE SUPPLIERS OR OTHER PROSPECTIVE BUSINESS PARTNERS)
5.3.1 We process your personal data for the purposes mentioned above:
- when necessary for the performance of contracts to which you are party or in order to take steps at your request prior to entering into a contract;
- when necessary for compliance with our legal obligations;
- for the purposes of the legitimate interests of Ius Laboris, and/or of a third party, including (but not limited to) our activities, client / prospect / supplier management etc.
5.3.2 If we have the legal obligation to obtain your free, informed, specific and unambiguous consent to process your personal data for certain purposes (e.g. specific direct marketing or market research activities), we will only process your data for such purposes to the extent that we have obtained such consent from you.
6. YOUR RIGHTS
6.1 You have several rights concerning the information we hold about you. We would like to inform you that you have the right to:
· obtain confirmation that we are processing your personal data and request a copy of the personal data we hold about you;
· ask that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete;
· ask that we delete personal data that we hold about you, or restrict the way in which we use such personal data if you believe that there is no (longer a) lawful ground for us to process it;
· withdraw consent to our processing of your personal data (to the extent such processing is based on consent);
· receive a copy of the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit such personal data to another party (to the extent the processing is based on consent or a contract);
· object to our processing of your personal data for which we use legitimate interest as a legal basis, in which case we will cease the processing unless we have compelling legitimate grounds for the processing.
You have also the right to object at any time to the processing of personal data for direct marketing. If you do not want to continue receiving any direct marketing from us, you can contact us (see below) or click on ‘unsubscribe’. In that event, the personal data shall no longer be processed for such purposes.
6.2 In order to exercise any of your rights, you can send us a request, indicating the right you wish to exercise by: · emailing us at firstname.lastname@example.org; or
· addressing your query to the Managing Director, Boulevard du Souverain 280, B-1160 Brussels, Belgium.
You may also use these contact details if you wish to make a complaint to us relating to your privacy.
6.3 If you are unhappy with the way we have handled your personal data or any privacy query or request that you have raised with us, you have a right to complain to the Data Protection Authority (“DPA”) in your jurisdiction. If you would like to be directed to the appropriate DPA, please contact us.
7. HOW WE OBTAIN DATA
7.1 I AM A WEBSITE VISITOR
7.1.1 We may obtain your personal data when you use the Site and its services. This may be for instance the case when contact us through the contact details on the Sites or when you use our online services.
7.2 I AM A CONTACT PERSON RECEIVING LEGAL UPDATES AND INVITATIONS TO EVENTS
7.2.1 The personal data we hold in our database were provided to us by you or by others (e.g. our member or affiliate law firms).
7.3 I AM SOMEONE WITH WHOM IUS LABORIS MAY DO BUSINESS (e.g. PROSPECTIVE SUPPLIERS OR OTHER PROSPECTIVE BUSINESS PARTNERS)
7.3.1 We may obtain you personal data in the framework of the execution of our business activities.
7.3.2 We may obtain such personal data because you give them to us (e.g. by contacting us), because others give them to us (e.g. your employer, our member or affiliate law firms or third-party service providers that we use in the framework of our activities) or because they are publicly available.
7.3.3 When we obtain personal data from external parties, we make reasonable efforts to enter into contractual clauses with these parties obliging them to respect the data protection legislation. This can be done by obliging this party to provide you with all necessary information or - if necessary - to obtain your consent for processing the personal data as described in this GDPR Privacy Statement.
8. DATA WE COLLECT
8.1 I AM A WEBSITE VISITOR
8.1.1 We may collect your personal data when you contact us through the contact details mentioned on the Site.
8.2 I AM A CONTACT PERSON RECEIVING LEGAL UPDATES AND INVITATIONS TO EVENTS
8.2.1 The personal data we hold in our database consist of your:
- full name
- email address
- job title
8.3 I AM SOMEONE WITH WHOM IUS LABORIS MAY DO BUSINESS (e.g. PROSPECTIVE SUPPLIERS OR OTHER PROSPECTIVE BUSINESS PARTNERS)
8.3.1 The personal data that we collect or obtain may, among other things, include:
- Identification data (e.g. name, address (private/work), phone number (private / work), e-mail address (private / work), country of residence), national identification number, passports etc.
- electronic identification data (e.g. IP addresses, browser type, cookie identifiers, ...);
- personal characteristics (e.g. age, gender, date of birth, place of birth, nationality, language, family composition, hobby’s etc.);
- financial specifics (e.g. bank account number, creditworthiness...);
- life style and social circumstances;
- employment and educational data (e.g. organization you work for, job title, current responsibilities, projects, qualifications, trainings, work scheme...);
- data about the services you request from us;
- data about how you interact with us (e.g. when you contact us) and other similar information
9. ACCESS AND DISCLOSURES
9.1 I AM A WEBSITE VISITOR
9.1.1 Our staff members will have access to your personal data on a strict ‘need-to-know’ basis for the purposes described above.
9.1.2 We do not transfer your personal data outside of the EEA.
9.2 I AM A CONTACT PERSON RECEIVING LEGAL UPDATES AND INVITATIONS TO EVENTS
9.2.1 Your personal data may be disclosed to our partners and their assistants, and staff in the Ius Laboris central team as well as to any service provider who helps us send out our updates or provides IT assistance with regard to our database.
9.2.2 We do not transfer your personal data outside of the EEA.
9.3 I AM SOMEONE WITH WHOM IUS LABORIS MAY DO BUSINESS (e.g. PROSPECTIVE SUPPLIERS OR OTHER PROSPECTIVE BUSINESS PARTNERS)
9.3.1 Our staff members and our lawyers will have access to your personal data on a strict need-to-know basis. We may disclose your personal data to affiliated companies, third parties that provide services to us that reasonably require access to personal data relating to you for one or more of the purposes outlined in the “Why we use your data” section above. The following external parties may for instance be involved:
- external service providers we rely on for various business services; - other law firms; - law enforcement authorities in accordance with the relevant legislation; - external professional advisors (e.g. consultants of the company).
We reserve the right to disclose your personal information as required by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on us.
9.3.2 We do not transfer your personal data outside of the EEA.
10. SECURITY OF YOUR DATA
10.1 We employ strict technical and organisational (security) measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage both online and offline.
These measures include:
· training relevant staff to ensure they are aware of our privacy obligations when handling personal data;
· administrative and technical controls to restrict access to personal data on a ‘need to know’ basis (passwords);
· technological security measures, including anti-virus software;
· login access blocks in case of loss or theft of devices;
· physical security measures, such as security badges to access our premises.
10.2 Although we use appropriate security measures once we have received your personal data, the transmission of data - especially over the internet (including by e-mail) - is never completely secure. We endeavor to protect personal data, but we cannot guarantee the security of data transmitted to us or by us.
We limit access to your personal information to those who we believe reasonably need to come into contact with that information in order to carry out their jobs.
11. DATA RETENTION
11.1 I AM A WEBSITE VISITOR
11.1.1 Your personal data will not be retained longer than necessary for the purposes described above.
11.1.2 As a general rule, personal data obtained through our website are stored for a period of 5 years.
Depending on the specific situation and the applicable national legislation, we may however retain your personal data for a longer period. This will in particular be the case if any of the following periods is longer: (i) as long as is necessary for our daily business; (ii) any retention period that is required by law; or (iii) the end of the period in which litigation or investigations might arise.
11.2 I AM A CONTACT PERSON RECEIVING LEGAL UPDATES (e.g. NEWSFLASHES, NEWSLETTERS) AND INVITATIONS TO EVENTS
11.2.1 Your personal data will not be retained longer than necessary for the purposes described above.
11.2.2 We will keep your data as long as you are working in a company that is a client. We consider any company we have worked for as a client. If we have not received any assignments during a period of 5 years starting of our last professional contact, your company will no longer be considered to be a client.
11.3 I AM SOMEONE WITH WHOM IUS LABORIS MAY DO BUSINESS (e.g. PROSPECTIVE SUPPLIERS OR OTHER PROSPECTIVE BUSINESS PARTNERS)
11.3.1 Your personal data will not be retained longer than necessary for the purposes described above.
11.3.2 As a general rule, records in the framework of a contractual relationship are stored for a period of 10 years as from the end of the contractual relationship. Emails are generally stored for a period of 1 year and back-ups of emails for a period of 10 years.
11.3.3 We may however retain your personal data for another period, depending on one of the following periods: (i) as long as is necessary for our daily business; (ii) any retention period that is required by law; or (iii) the end of the period in which litigation or investigations might arise.
12. AUTOMATED DECISION-MAKING
12.1 Automated decisions are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved.
12.2 As a rule, your personal data will not be used for automated decision-making. We do not base any decisions about you solely on automated processing of your personal data.
13. HOW TO CONTACT US?
13.1 We hope that this Privacy Statement helps you understand, and feel more confident about, the way we process your data. If you have any further queries about this Privacy Statement and this Site in general, please contact us: · by emailing us at email@example.com; or
· by calling us at + 32 2 761 46 10; or
by addressing your query to the Managing Director, Boulevard du Souverain 280, B-1160 Brussels, Belgium.
14. CHANGES TO THIS PRIVACY STATEMENT
14.1 We may modify or amend this Privacy Statement from time to time. Any changes we may make to this Privacy Statement in the future will be posted on this page. To let you know when we make changes to this Privacy Statement, we will amend the revision date at the top of this page. The new modified or amended Privacy Statement will apply from that revision date. Please check back periodically to see changes and additions.
If we are in the possession of your email address and we are still processing your personal data, we will also inform you electronically about all changes to this Privacy Statement.