CMS DeBacker SCRL/CVBA (hereafter “CMS Belgium”) is committed to protecting and respecting your privacy.
1. KEY TERMS
We, us, our
CMS DeBacker SCRL/CVBA
Chaussée de La Hulpe 178, 1170 Brussels (Belgium)
Undertaking with number BE 0430 408 301
Phone : +32 2 743 69 00
E-mail: [email protected]
Users of CMS Belgium’s legal services, job applicants and candidates for employment
Our data protection lead
Tom Heremans, managing partner
Phone : +32 2 743 69 73
E-mail: [email protected]
Any information that identifies, or could reasonably be used to identify, a living individual, either on its own or together with other information.
Special category personal data
Data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership
Genetic and biometric data
Data concerning health, sex life or sexual orientation
2. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?
CMS Belgium will be responsible for your personal data. Specifically, CMS Belgium is the data controller.
3. PERSONAL DATA WE COLLECT ABOUT YOU
We may collect personal information from you in the course of our business, including through your use of our website, when you contact or request information from us, when you engage our legal or other services, as a result of your relationship with one or more of our staff and clients (see §3.1), or when you send us a copy of your CV or register a candidate profile with us (see §3.2).
3.1 Legal services
The personal information that we process in the framework of our legal services includes:
- Basic information, such as your name, your employer, your title or position and your relationship to a person;
- Contact information, such as your physical address, email address, fax, mobile and telephone number(s);
- Identification and background information to enable us to check and verify your identity, e.g., your date of birth or passport details;
- Financial information, such as bank account details and so far as is relevant to your instructions, e.g., the source of your funds if you are instructing on a purchase transaction;
- Information relating to the matter in which you are seeking our advice or representation;
- Information collected from publicly available resources, integrity databases and credit agencies;
- Technical information (including your IP address); such as information from your visits to our website or applications or in relation to materials and communications we send to you;
- Details of your visits to this web site including, but not limited to, traffic data, location data, weblogs and other communication data;
- Details of your visits to our premises;
- Information you provide to us for the purposes of attending meetings and events, including disabilities or special dietary requirements you may have;
- Personal information provided to us by or on behalf of our clients or generated by us in the course or providing services to them, which may include special categories of data;
- Any other information relating to you which you may provide to us. This personal data is required to enable us to provide our service to you. If you do not provide personal data we ask for, it may delay or prevent us from providing services to you.
When you send us a copy of your CV or register a candidate profile with us, either to make an application for an existing vacancy, or so that you are notified of future vacancies, the personal data about you that we process includes:
- Your name, address, e-mail address, telephone numbers;
- CV/work history/employment experience and preferences, achievements;
- Details of your qualifications;
- Job preferences including role, geographical areas and salary; and
- Any other work related information you provide, for example, education or training certificates.
If you make an application for a vacancy, you may also be invited to complete online tests, interviews and written assessments and be asked for additional information, including about your immigration status and criminal convictions.
If your application is successful and you accept a role with us, we may collect personal data about you from third parties, such as professional recruiting firms, prior employers, CMS employees, partners or staff with whom you have interviewed, and employment background check providers, to the extent this is permitted by applicable law.
4. HOW YOUR PERSONAL DATA IS COLLECTED
As a law firm, we regularly receive personal data as part of our professional activities. We may collect your personal data:
- As part of our business intake or recruitment procedures;
- When you or your organisation seek legal advice or employment from us;
- When you or your organisation offer or provide services as our vendor;
- When you browse or interact with our website(s) or use any of our online services;
- When you email us or provide such data to us in other circumstances, such as when you request details about or attend a firm sponsored event, or an alumni event;
- We collect most of this information from you directly or through your use of our website. However, we may also collect data about you from a third party source, such as government or credit reporting agencies, an information or service provider or from a publicly available record.
5. HOW AND WHY WE USE YOUR PERSONAL DATA?
Whether we receive your personal data directly from you or from a third party source, we will only use your personal data if we have a proper reason for doing so, e.g. to comply with our legal and regulatory obligations; for the performance of our contract with you or to take steps at your request before entering into a contract; for our legitimate interests or those of any third party recipients that receive your personal data; or where you have given consent.
We may use your personal data for the following purposes only, either in the framework of our legal services or in the framework of our recruitment procedures (“Permitted Purposes”):
5.1 Legal services
- Providing legal advice or other services to you;
- Managing our business relationship with you or your organisation, whether in connection with the provision or procurement of goods and services, including processing payments, accounting, auditing, billing and collection and related support services;
- Acting in compliance with our legal obligations, including with respect to anti-money laundering and sanctions checks and other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g. rules issued by our professional regulator (the Brussels and Antwerp Bars);
- Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies;
- Managing and securing the access to our offices, systems and online platforms, including our websites and email communications sent to and from CMS Belgium;
- Communicating with you about events and seminars that we hold and sending briefings and newsletters (“Marketing Communications”, cf. also below);
- Insurance purposes; and
- For any purpose related and/or ancillary to any of the above or any other purposes for which your personal data was provided to us.
- identifying and evaluating candidates for potential employment, membership or partnership opportunities, as well as for future roles that may become available;
- record keeping in relation to recruiting and hiring;
- sending you notifications of new vacancies that match your profile and registered career interests (you can opt-out from receiving these updates at any time);
- ensuring compliance with legal requirements, including diversity and inclusion requirements and practices;
- conducting criminal history checks as permitted by applicable law;
- protecting our legal rights to the extent authorised or permitted by law; or
- emergency situations where the health or safety of one or more individuals may be endangered;
- analyzing your personal data to improve our recruitment and hiring process.
6. MARKETING COMMUNICATIONS
We may use your personal data to send you Marketing Communications (by email, text message, telephone or post) about legal developments that might be of interest to you and/or information about our services, including exclusive offers, promotions or new services.
We have a legitimate interest in processing your personal data for marketing purposes. This means we do not usually need your consent to send you marketing communications. However, where consent is needed, we will ask for this consent separately and clearly. We will also comply with your request to stop sending any such further communications.
We will always treat your personal data with the utmost respect and never sell or share it with other organisations outside CMS for marketing purposes except with your prior permission.
You have the right to opt out of receiving marketing communications at any time by:
(a) contacting us by emailing [email protected]; or
(b) using the ‘unsubscribe’ link in emails.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business. We will not use your personal data for taking any automated decisions affecting you or creating profiles.
7. WHO WE SHARE YOUR PERSONAL DATA WITH
We are an international law firm and any information that you provide to us may be shared with and processed by CMS Member Firms or CMS Legal Services EEIG and their connected businesses (the “CMS Member Firms”). A complete list is available on request and on our website at www.cms.law.
We may also share your personal information with certain trusted third parties in accordance with contractual arrangements in place with them, including:
- Our professional advisers who we instruct on your behalf or refer you to, e.g. other attorneys, bailiffs, mediators, accountants, tax advisors or other experts;
- Suppliers to whom we outsource IT services such as e-mail services in the cloud or data room services, or certain support services such as translation;
- Our banks, insurers and brokers;
- Courts, law enforcement agencies and regulatory bodies to perform our legal services for you or to comply with our legal and regulatory obligations. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so; and
- Third parties involved in hosting or organising events or seminars.
We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.
If in the future we re-organise or transfer all or part of our business, we may need to transfer your information to new CMS Member Firms or to third parties through which the business of CMS Belgium will be carried out. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
Individuals performing administrative functions and IT personnel within CMS DB and CMS Member Firms may also have a limited access to your personal data to perform their jobs. We have put in place legal mechanisms designed to ensure adequate data protection of your personal data that is processed by CMS DB and CMS Member Firms.
8. PERSONAL DATA ABOUT OTHER PEOPLE WHICH YOU PROVIDE TO US
9. WHERE YOUR PERSONAL DATA IS HELD
Information may be held at CMS Belgium and at the premises of other CMS Member Firms, third party agencies, service providers, representatives and agents as described above (see ‘Who we share your personal data with’).
Some of these third parties may be based outside the European Economic Area. For more information, including on how we safeguard your personal data when this occurs, see below: ‘Transferring your personal data out of the EEA’.
10. HOW LONG YOUR PERSONAL DATA WILL BE KEPT
Your personal information will be retained in accordance with our data management and retention policy, which specifies the appropriate retention period for each category of data. Those periods are based on the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice, our business purposes and client requirements.
We will delete your personal data at the latest 10 years following the termination of the legal services that we provided to you or when you withdraw your consent (where applicable), provided that we are not legally required or otherwise permitted to continue to hold such data.
For job applicants, if we do not employ you or you do not join the partnership, we may nevertheless continue to retain and use your personal data for three years after you are notified of rejection to consider you for potential future roles, unless you decide to opt-out prior to such time.
11. TRANSFERRING YOUR PERSONAL DATA OUT OF THE EEA
CMS Belgium is an international firm and a list of our offices and of the other CMS Member Firms, together with relevant contact information, may be found on our website. Irrespective of how we obtain your personal data, it may be shared among CMS Belgium and CMS Member Firms (both inside and outside the European Economic Area). Our policy requires CMS Belgium and the other CMS Member Firms to at all times ensure a level of data protection at least as protective as those mandated by the European Economic Area. We may also need to transfer personal data to third parties, including third parties based outside the European Economic Area, for example (but not limited to) sub-contractors, other counsel and accountants and third parties involved in your matters.
Where we share or transfer your personal data, we will do this in accordance with applicable data protection laws and will take appropriate safeguards to ensure its integrity and protection.
12. YOUR RIGHTS
In addition to your rights under applicable data protection legislation and where we are permitted or required by applicable law and regulation and by our professional obligations, we will provide you, upon request, with a copy of your personal data and we will correct any errors identified by you. Subject to certain legal conditions, you have the right to have any inaccurate personal data corrected and to object to or restrict our using your personal data.
We may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorised disclosure of data. We reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your data, and for any additional copies of the personal data you request from us.
All such requests, including any requests to update personal data about you or any questions or comments regarding this policy or our handling of your personal data, should be addressed to [email protected].
You have the following rights, which you can exercise free of charge:
The right to be provided with a copy of your personal data.
The right to require us to correct any mistakes in your personal data
To be forgotten
The right to require us to delete your personal data in certain situations
Restriction of processing
The right to require us to restrict processing of your personal data in certain circumstances, e.g. if you contest the accuracy of the data
The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain situations
The right to object:
Not to be subject to automated individual decision-making
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
Please note that even after you have chosen to withdraw your consent we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.
13. KEEPING YOUR PERSONAL DATA SECURE
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We use a variety of technical and organisational measures to help protect your personal data from unauthorised access, use, disclosure, alteration or destruction consistent with applicable data protection laws. Personal data may be kept on our personal data technology systems, those of our contractors or in paper files.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
14. HOW TO COMPLAIN
We hope that we can resolve any query or concern you may raise about our use of your information. You may also have the right to lodge a complaint in relation to our processing of your personal data with a local supervisory authority, see www.dataprotectionauthority.be.
15. DATA CONTROLLERS
There are a number of entities through which we provide legal services. Most of the firm’s main IT systems are located in Belgium and controlled by CMS Belgium. Depending on the location where legal or other services are provided, another CMS Member Firm may be the data controller in relation to your personal data.
16. HOW TO CONTACT US
Our contact details are shown below:
Our contact details
Our data protection lead's contact details
Office: Chaussée de La Hulpe 178, 1170 Brussels (Belgium)
Direct Dial: +32 (0)2.743.69.73
Email : [email protected]