Personal data protection policy

Hereinafter, "the firm" or "we", "our". We are particularly attentive to the protection of personal data and the respect of the privacy of any person who comes into contact with us. We act in full transparency, in accordance with national and international provisions on the subject, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (hereinafter referred to as the "General Data Protection Regulation" or "GDPR"). This privacy statement describes how we process your data and the rights you can exercise with respect to your data as a data subject. It may be modified at any time, in particular to comply with any regulatory, legal or technological developments. We invite you to consult it regularly. You can react to any of the practices described below by contacting us.

Depending on the data collected and processed and the categories of data subjects, the purposes and legal basis of our processing differ.

• The firm processes your data in the context of requests (audits, consulting notes, legal opinions) and the defense of the interests of our clients, natural or legal persons. This processing is necessary for the fulfilment of our legal obligations in accordance with the Judicial Code, and in particular, for procedural acts (article 6.1.c. of the R.G.P.D.) and for the execution of the contract between us and our clients (article 6.1.b. of the R.G.P.D.). We may also process sensitive data (special categories of personal data), whenever this is necessary for the establishment, exercise or defense of a legal claim in accordance with the provisions of article 9 §2, f. of the GDPR.
• The firm processes your data in the context of fulfilling the firm's contractual or pre-contractual obligations to clients (administrative management of files). This processing is necessary for the fulfillment of our legal obligations referred to, in particular by the law of September 18, 2017 on the prevention of money laundering and terrorist financing and the limitation of the use of cash and by the Code of Ethics of the lawyer, in particular in the fight against money laundering and terrorism (Article 6.1.c. of the R.G.P.D.) and for the performance of the contract that binds us to our clients (Article 6.1.b. of the R.G.P.D.).
• The firm processes your data for the purpose of accounting management (invoicing). This processing is necessary for the fulfilment of our legal obligations as defined by the Economic Law Code and the VAT Code in tax and accounting matters (article 6.1.c. of the GDPR).
• The firm processes your data as part of the management of pre-contractual relations: we process personal data in order to respond to requests and/or questions that clients send us (in particular via the contact form accessible on our site), or service offers and resumes. This processing is necessary to carry out pre-contractual measures (article 6.1.b. of the R.G.P.D.) with a view to enabling or facilitating a future contractual relationship.
• The firm processes your data in the context of supplier management: we process personal data in the context of our contractual obligations towards the client. This processing is necessary for the fulfilment of our legal obligations under the Code of Economic Law in tax and accounting matters (article 6.1.c. of the R.G.P.D.) and for the execution of the contract between us and our client (article 6.1.b. of the R.G.P.D.)
• The firm processes your data for communication and newsletter management: we process data in order to communicate information related to our business. Our legitimate interest is to offer and promote our services and/or to share with our clients information messages that correspond to what they can reasonably expect from us in the context of our existing or future relationship. This processing is necessary for the pursuit of our legitimate interest, provided that we have balanced this interest against the interests or fundamental rights and freedoms of the customer (article 6.1.f. of the GDPR). Customers may object to this processing at any time by contacting us.
• The firm may need to process your personal data in the context of a possible dispute. This processing is necessary for the pursuit of our legitimate interest, provided that we have balanced this interest against the interests or fundamental rights and freedoms of the client (article 6.1.f. of the GDPR). We may also process sensitive data (special categories of personal data), whenever this is necessary for the establishment, exercise or defense of our legal rights in accordance with the provisions of article 9 §2, f. of the GDPR.

We only collect personal data that is adequate, relevant and limited to what is necessary for the purposes for which it is processed. Depending on the purpose, the data is collected differently. Below we detail the personal data we collect about our customers, the reason for their collection, as well as the methods of collection.

• In the course of processing requests and defending the interests of our clients, we collect their personal identification data (surname, first name, address, telephone number, company number), electronic identification data (e-mail address), family data (first and last names of children, parentage, marital status, etc.), personal characteristics (age, sex, date of birth, nationality, country of origin, mother tongue, language(s) spoken, etc.), professional characteristics (profession, diploma, career, etc.), financial data (account number, statement of income and household composition or any documents attesting to the financial situation) and data of special categories such as the following), professional characteristics (profession, degree, career, etc.), financial data (account number, tax return and household composition or any documents attesting to the financial situation) and special category data such as data concerning health, criminal convictions or offences, racial or ethnic origin, political opinions, religious beliefs, membership of a trade union or sexual orientation. In general, we collect all data necessary to establish, exercise or defend the legal interests of our clients. This data is either collected directly from the client, or from a third party such as the legal aid office, an insurance company, the opposing party, technical counsel, a judicial or administrative authority, a public authority (police, etc.), or because the client or a public authority has made it publicly available.
• Within the framework of the administrative management of our clients' files, we collect their personal identification data (surname, first name, address, telephone number, company number, identity card), electronic identification data (e-mail address) and photograph (identity card). These data are either collected directly from the client or from a third party such as the legal aid office, an insurance company, the opposing party, the technical counsel, a judicial or administrative authority, a public authority (police, etc.), or because the client or a public authority has made them publicly available.
• Within the framework of the management of legal mandates, we collect personal identification data (surname, first name, address, telephone number, company number), electronic identification data (e-mail address), family data (first and last names of children, parentage, marital status, etc.), personal characteristics (age, sex, date of birth, nationality, country of origin, mother tongue, language(s) spoken, etc.), professional characteristics (profession, diploma, career, etc.), financial data (account number, statement of income and household composition or any documents attesting to the financial situation) and data of special categories such as), professional characteristics (profession, degree, career, etc.), financial data (account number, tax return and household composition or any documents attesting to the financial situation) and special category data such as data concerning health, criminal convictions or offences, racial or ethnic origin, political opinions, religious beliefs, membership of a trade union or sexual orientation. In general, we collect all data necessary to establish, exercise or defend the legal interests of our clients. This data is either collected directly from the client, or from a third party such as the competent judicial or administrative authority, a public authority (police, etc.) or a technical council, or because the client or a public authority has made it publicly available.
• Within the framework of accounting management, we collect personal identification data (name, first name, address, telephone number, company number), electronic identification data (e-mail address) and financial data (account number). This data is either collected directly from the customer or because the customer or a public authority has made it publicly available.
• Within the framework of the management of pre-contractual relations, we collect personal identification data (surname, first name, telephone number), electronic identification data (e-mail address) and data communicated by the client in order to assess whether we can adequately process his file or request. In addition, in the case of recruitment, we collect family data (first and last names of children, marital status), personal characteristics (age, sex, date of birth, country, mother tongue) and professional characteristics (profession, degree, career, etc.). This data is either collected directly from the client or because the client or a public authority has made it publicly available.
• Within the framework of the management of our suppliers, we collect personal identification data (name, first name, address, telephone number, company number, order number) and financial data (account number). This data is either collected directly from the customer or because the customer or a public authority has made it publicly available (Crossroads Bank for Enterprises).
• Within the framework of the communication management and our newsletter, we collect personal identification data (name, first name, address, telephone number) and electronic identification data (e-mail address). This data is either collected directly from the customer or because the customer or a public authority has made it publicly available.
• Within the framework of the management of the dispute, we collect personal identification data (surname, first name, address, telephone number, company number), electronic identification data (e-mail address), professional characteristics (profession, diploma, career, etc.), financial data (account number, notice of assessment and household composition or any documents attesting to the financial situation), special category data such as health data, criminal convictions, etc.), financial data (account number, tax return and household composition or any documents proving the financial situation), special category data such as data concerning health, criminal convictions or offences, racial or ethnic origin, political opinions, religious beliefs, trade union membership or sexual orientation. In general, we collect all data necessary to establish, exercise or defend the interests of our clients in court. We also collect photographs or images. This data is either collected directly from the client, or obtained from the insurance company, or because the client or a public authority has made it publicly available.

All data sharing is done in compliance with professional secrecy, ethical rules and this document. The data listed above are accessible to members of the firm's team or any colleague, intervening as a collaborator or specialized lawyer, or any technical advisor to the extent strictly necessary for the performance of the firm's obligations. In the context of the defense of its interests, of the mandate given by the client and to the extent necessary, the firm communicates the personal data of the client to the competent judicial or administrative authorities or judicial auxiliaries.

• The firm may disclose such personal data to opposing parties in the course of defending the client's interests and to the extent necessary.
• The firm is likely to transmit, if necessary, the data of the customer to banking or insurance organizations within the framework of the defense of the interests of the customer, in the respect of the professional secrecy and in the measurement necessary.
• The firm may be required to share personal data with third parties under the terms of the law, decrees or other regulations from which it cannot evade. For example, we may be required to share client data with the legal aid office if the client benefits from its intervention.
• The firm may also share certain data with its co-contractors, qualified as "subcontractors" within the meaning of the R.G.P.D., to the extent strictly necessary for the operation of computerized or non-computerized applications or management systems to which the firm has subscribed.

In all circumstances, we ensure the protection of customer data through confidentiality agreements. ➢ Service providers with whom we share customer data include: ➢ Email solution providers located in Europe; ➢ Mailing solution providers located in Europe; ➢ IT solutions and infrastructure and systems maintenance providers located in Europe; ➢ Hosting / Cloud service providers located in Europe; ➢ Accountants and financial service providers located in Europe; ➢ Banks / Insurance companies located in Europe; ➢ Third party insurer located in Europe; ➢ Legal aid office (Bar Associations) located in Europe ; ➢ Lawyers / Associates / Trainee lawyers located in Europe; ➢ The French and German speaking Bars (Avocats.be). For security reasons, the list of subcontractors, their field of activity, the purpose pursued and, if applicable, the country in which the data are processed and hosted are not available on our site but at the first request of the persons concerned.

The length of time that personal data is kept varies according to the purposes for which it is processed. This duration is limited taking into account the possible obligations of conservation that the law imposes to us.

• For the management of the defense of the interests and the requests of the customers, the duration of conservation of the data is 5 years as from the end of the relation with the firm;
• For the administrative management of our clients' files, the data is kept for 5 years from the closing of the file;
• For the management of legal mandates, the data retention period is 5 years from the end of the relationship with the firm;
• For accounting management, the data retention period is 10 years from the year in which the client was entered in the accounts;
• For accounting management, the data retention period is 10 years from the year in which the client was entered in the accounts;
• For the management of pre-contractual relations, the data are immediately deleted, with the exception of the C.V., which we can keep for one year in our recruitment reserve;
• For the management of our suppliers, the retention period of data is 7 years from the year in which the customer was encoded in the accounts;
• For the management of the communication and our newsletter, the duration of data retention is 2 years from our last contact;
• For the management of the firm's litigation, the data is deleted after the execution of the judgment or the final closure of the litigation.

Transfers of data to a country outside the European Union or the European Economic Area will be permitted, if and only if: ➢ The European Commission has issued a decision that establishes that country provides an adequate level of data protection, i.e., equivalent to that provided by European legislation. Personal data will be transferred on this basis. ➢ The transfer is covered by an appropriate safeguard granting a level of data protection equivalent to that provided by European legislation, such as the Commission's standard contractual clauses, a Code of Conduct, certification, binding corporate rules, consent. In the absence of an adequacy decision or appropriate safeguards, a transfer or a set of transfers of personal data to a third country remains possible if such transfer is necessary for the establishment, exercise or defense of legal claims.

In all circumstances, we ensure an adequate level of technical and organizational security of customer personal data to protect against data leakage, including loss, destruction, public disclosure, unauthorized access or misuse. However, if the customer is aware of or suspects a data breach, we ask that the customer report it to us immediately by contacting us. For security reasons, the list of subcontractors, their field of activity, the purpose and, if applicable, the country in which the data is processed and hosted are not available on our site but on first request of the persons concerned.

Except where a legal provision in force in Belgium does not allow it, including the R.G.P.D., or where professional secrecy prevents it, clients have the following rights: ➢ The right of access including the right to know that the firm is processing their personal data; ➢ The right to receive a copy of the processed data; ➢ The right to rectification of the processed data; ➢ The right to withdraw consent; ➢ The right to object to the processing of their personal data especially if their personal data is processed on the basis of our legitimate interest; ➢ The right to restrict the processing of the data processed; If the customer disputes the accuracy of the data. Pending the assessment of the interests involved before exercising the right to object to the processing of certain personal data. If the processing of personal data is unlawful, but the customer does not wish to exercise the right to erasure of data. If we no longer need the customer's personal data, but the customer needs it in connection with a legal action. ➢ The right to erasure of processed data; ➢ The right to portability of processed data; ➢ The right to file a complaint with the Data Protection Authority: www.autoriteprotectiondonnees.be Rue de la Presse, 35 in 1000 Brussels Telephone: +32 (0)2 274 48 00 Fax: +32 (0)2 274 48 35 E-mail: contact@apd-gba.be For more information on complaints and possible remedies, customers are invited to consult the following page of the Data Protection Authority: https: //www.autoriteprotectiondonnees.be/citoyen/agir/introduire-une-plainte We will respond to the customer's request as soon as possible and at the latest within one month of receiving the request, we will inform the customer of the action we have taken. Depending on the difficulty of the request or the number of requests we receive from other people, this period may be extended by two months. In this case, the client will be notified of this extension within one month of receiving the form. In all circumstances, when providing this information, we are always obliged to take into account the rights and freedoms of other persons. The client can exercise his rights by contacting the firm at the following e-mail address: fs@stubla.law or by mail at the following address Avenue Reine Astrid, 61/1A, 5000 Namur, Belgium. We ask our clients to attach to their request the necessary documents or information to prove their identity, failing which we could come back to them in order to request proof of their identity, for example a copy of their identity card, in order to follow up their request. Finally, when the request to exercise a right is manifestly unfounded or excessive, in particular because of its repetitive nature, it may be refused or be subject to the payment of reasonable fees that take into account the administrative costs incurred to provide the information, make the communications or take the measures requested.

This Policy is governed by Belgian law. Any dispute relating to the interpretation or execution of this Policy shall be subject to Belgian law and to the judicial district of the Firm.

The firm may make corrections, additions or changes to this information document on data protection policy at any time for various reasons. The most current version can be consulted at any time on our website. Last updated on 11.01.2023.