Privacy Policy

The original version of the Privacy Policy is in French language. Any translated version is for your convenience and information only. In case of disputes the French text shall prevail.

Preamble:

We are a Belgian start-up that aims to make the law more accessible and understandable to everyone.

We are active in Belgium, so we respect the Belgian and European legislation.

We are very concerned about the protection of our users’ personal data and the use of cookies.

From the inception of the Symplicy start-up, we are proactive and preventive in our handling of Personal Data. Our record of Personal Data processing is available upon request.

We collect and process your data in accordance with the General Data Protection Regulation (RGPD) of 27 April 2016 as well as the law of 30 July 2018 on the protection of individuals with regard to the processing of Personal Data. You benefit from a control of your data.

This Privacy Policy explains how we handle Personal Information and outlines the choices you have regarding it.

Capitalized terms used but not defined in this Privacy Policy shall have the meaning given to them in the Terms of Use.

By using our Services, you declare that you have read our policy on the protection of personal data and you expressly accept it.

What Personal Data do we process and collect? What is the basis for the processing? How long are your Personal Data stored?

You contact us

If you contact us via email, phone, our Calendly appointment scheduling tool and/or message via our Facebook, Instagram, LinkedIn, Twitter or YouTube pages, we process and collect:

  • Your name.
  • Your first name.
  • Your phone number.
  • Your email address.
  • Your request.

for the following purposes:

  • Contact you and answer your request.
  • To present you our services. This approach has a commercial character.
  • Possibly set up an appointment to present our services to you. This appointment is of a commercial nature.
  • Respond to your request regarding the implementation of your rights related to Personal Data.

The processing and collection of this Personal Data is based on a legitimate interest that we pursue. From the moment you send us a message, an e-mail, or make an appointment, it is necessary to collect and process your Personal Data to respond to your request. The Personal Information we process comes directly from you. This Personal Data collected via our Facebook, Instagram, LinkedIn, Twitter or YouTube pages, by e-mail, by telephone or via our Calendly appointment booking tool is kept for two years.

You use our Software installed on a Lawyer’s site

Symplicy has developed a software that is installed on lawyers’ websites. This software allows you to get in touch with your lawyer. This contact is made by means of forms. Therefore, when using our software to contact your lawyer, you will be asked to fill in a form.

In the interface of our software, if you fill in a form and click on the “Send” button, your answers are directly sent to the lawyer’s mailbox.

By checking a box provided for this purpose in the interface of our Software, you give us your express consent to process :

The answers provided in the Forms :

  • Your name.
  • Your first name.
  • Your phone number.
  • Your email address.
  • The content of your request for the Lawyer. This content may contain sensitive data, including personal health data.

for the following purposes:

  • Send your answers from the form to the lawyer’s email address.
  • Send you an acknowledgement of receipt to your email address. This acknowledgement confirms that your request has been sent to the lawyer’s e-mail address.
  • Contact the Lawyer to check if he/she has received your request in his/her mailbox, the Form.
  • Return the form and the request to the Lawyer if he/she has not received the request in his/her mailbox.
  • Perform an automated case law search.

The processing and collection of this Personal Information is based on your consent. This consent is obtained when you check a box provided for this purpose.

The Personal Data we process comes directly from you.

We retain your Personal Information collected through the Forms for forty-five days.

This forty-five day period allows us to verify that your request has been sent to the Lawyer’s email address. After this forty-five day period, your Personal Information collected via the Forms is completely deleted from our servers. The sending of the Form responses is secure. This submission supports opportunistic TLS encryption for all outgoing email, ensuring that messages are encrypted in transit to remote mail servers and ISPs that support TLS encryption. We also fully support and encourage the use of email standards such as DKIM , SPF and DMARC , which allows us to control our domain reputation and reduce the risk of email spoofing.

Installation of our Software and creation of our Lawyer Directory

In the context of the installation of our Software on the Lawyer’s Website and the publication of our Lawyer’s Directory, we process and collect :

  • Name of the lawyer.
  • First name of the lawyer.
  • Lawyer’s business number.
  • Lawyer’s VAT number.
  • Phone number of the lawyer.
  • Photo of the Lawyer.
  • Photo of the lawyer’s office.
  • Address of the lawyer’s office.
  • Lawyer’s e-mail address.
  • Language spoken by the lawyer.
  • Structure of the lawyer’s office.
  • Competence of the Lawyer.
  • Lawyer’s bank account numbers.
  • Link to the Lawyer’s social networks.
  • Link to the Lawyer’s website.
  • Decisions pleaded by the Lawyer.

for the following purposes:

  • To ensure the exercise of our Services.
  • To send the request, the Litigation Form to the lawyer’s e-mail address.
  • To allow the Lawyer to contact the Litigant.
  • To carry out our canvassing and our visual presentations of canvassing to Lawyers.
  • To ensure communication with the lawyer.
  • Contact the Lawyer by email or telephone to ensure that he has received the request, the Litigation Form.
  • To ensure the online publication of the lawyer profile on trouveunavocat.be as well as its indexation.
  • To draw up our various contracts with the lawyers.
  • To ensure the accounting of our Services with the Lawyers.
  • To proceed with the invoicing of our Services and their recovery.
  • Post court decisions on the Internet.

The processing and collection of this Personal Data is based on a contractual obligation.

This Personal Data is kept for as long as necessary to achieve the intended purpose.

They will be deleted from our database as soon as they are no longer required for the purpose or if the Lawyer has validly exercised his right to deletion.

A Lawyer may decide to modify, correct or permanently delete this Personal Data from our database.

We invite you to read the following points:

  • What are your rights regarding the protection of Personal Data?
  • How to implement them?

Publication and online distribution of court decisions

When a Lawyer is contacted by a Litigant via a Form, we send him/her by email court decisions. The choice of these court decisions is made according to the data collected in the Form that you fill in. It is therefore a case law research called automated.

The purpose of the processing is to transmit and communicate court decisions to the Lawyer according to the data filled in by the Litigant in the Form.

The court decisions are transmitted to us by lawyers or come from public databases that are covered by a royalty-free license.

We post court decisions on the Internet, which may contain Personal Information.

The legal basis for the collection and processing of court decisions from public databases is :

  • Our legitimate interest in reusing public information.
  • The response to the legitimate interest of informing the public about the decisions rendered by the Belgian courts (freedom of expression and right to information).
  • Our legitimate interest in fulfilling an educational purpose.

The collection and processing of court decisions from lawyers’ private databases is contractually based. Lawyers who benefit from this automated case law service have subscribed to our service.

We have made the technical choice to proceed with a pseudonymization by random letters rather than by initials, in order to ensure the effectiveness of the pseudonymization performed.

This means that the letters you find in place of people’s names are not the initials of those people.

The identification keys are completely deleted and are not kept.

If you find decisions in which the names of legal professionals, legal entities or names of litigants are not pseudonymized, you can send us the link of these decisions so that we can proceed to a rectification.

The judicial decisions of the European Court of Human Rights are not pseudonymized, in accordance with Articles 33 and 47 of the Rules of Court.

Our goal is to make :

  • The law more accessible and understandable.
  • To simplify access to legal information.
  • To stimulate the sharing of court decisions. We believe that court decisions in Belgium are not shared enough, published and freely accessible to citizens.
  • To disseminate legal information. In addition to sharing court decisions, we produce podcasts. We create and share free model contracts under the MIT license.

You visit the accounts, pages of our various social networks

By consulting our pages, our accounts on social networks, we process jointly with the social network your Personal Data in order to:

  • To improve the advertising system of the social network.
  • Obtain statistics on the audience of the page and the account.
  • To carry out our advertising campaigns on social networks.
  • To properly promote our page.

The processing and collection of this Personal Data is based on our legitimate interest in obtaining statistics about visitors to the page and the account.

The audience statistics of the social network are only transmitted to us in an anonymized form. This anonymized data is processed as long as the account and page exist. We use the following social networks: Facebook, Instagram, YouTube, Twitter and LinkedIn.

You submit your application

If you send us your application, we process and collect :

  • Your CV.
  • Your cover letter.

in order to evaluate the possibility of a future contractual relationship.

This Personal Data comes directly from you. The processing and collection of this Personal Data is based on our legitimate interest in recruiting.

These Personal Data are deleted within 2 months of the end of the selection process.

You deal with us as a subcontractor or supplier

If you are one of our subcontractors or suppliers, we process and collect:

  • Your name.
  • Your postal address.
  • Your email address.
  • Your telephone number.
  • Your VAT and/or ECB number.
  • Your bank account number.

in order to fulfill our legal obligations under the Economic Law Code in tax and accounting matters and to execute the contract.

The retention period is 7 years from the year in which the supplier or subcontractor has been encoded in the accounts. This data comes directly from our supplier or subcontractor.

Who is the data controller?

The controller is the limited liability company Symplicy represented by its directors Adrien Dumonceaux, Simon Genin, Shervin Sardari, Gwenaël Bierlier and Romain Dubay. The address of Symplicy’s registered office is Chemin du Cyclotron, number 6, 1348 Ottignies-Louvain-la-Neuve.

In the context of one of our Services, we process your Personal Data in our capacity as data controller, i.e. the entity that determines the purposes and means of the processing.

Who has access to your Personal Information?

The following categories of recipients may receive or have access to some of your Personal Information (only if necessary to perform their duties):

  • The data controller.
  • The freelancers or employees responsible for customer success have access to the personal identification data, professional identification data and contact data of customers (natural persons) or customer representatives (legal entities) as well as to the Personal Data contained in the documents prepared within the framework of the Service (which may contain Personal Data relating to other persons concerned).
  • Freelancers or business development employees have access to the personal identification data, professional identification data and contact data of our customers (natural persons), representatives of our customers (legal entities) and representatives of our suppliers only within the scope of our business management and the management of our suppliers.
  • Our legal advisors and attorneys have access to certain Personal Information of data subjects in connection with corporate restructuring or litigation.
  • We entrust the processing of some of your Personal Data to subcontractors only to the extent necessary to perform their tasks and in accordance with the applicable data protection legislation.
  • In the event of a corporate reorganization transaction (e.g., a merger and acquisition or financing transaction), we may transfer certain Personal Data about a limited number of customer representatives (legal entities) to a third party involved in the transaction (e.g., a buyer or investor) in accordance with applicable data protection legislation.
  • To the tax and social security authorities in order to meet our legal obligations.

How do we share your data with our contractors?

We entrust the processing of some of your Personal Data to subcontractors. In order to be completely transparent, we communicate you the list of these subcontractors:

  • Aws Amazon EC2
    • The purpose is to host our websites, software, and databases.
    • The location of the data is set in Europe. Data is also transferred to subcontractors established in countries outside the European Economic Area. This transfer is governed by standard contractual clauses. Our subcontracting agreement with Amazon is available by clicking here.
  • OVH
    • The goal is the registration of our domain names.
    • The location of the data is set in Europe. Our outsourcing contract with OVH is available by clicking here.
  • Postmark
    • The goals are:
      • Sending the application form to the lawyer’s e-mail address in complete security.
      • Sending a copy of your application form to your email address in complete security.
    • To learn more about security and encryption, we invite you to read Postmark’s guide. This guide is available by clicking here.
    • The location of the data is set in the United States. The data is therefore transferred to subcontractors established in countries outside the European Economic Area. This transfer is governed by standard contractual clauses. Our subcontracting agreement with Postmark is available by clicking here.
    • Postmark is committed to the RGPD. You can consult the charter set up by Postmark concerning the respect of the RGPD. It is available by clicking here.
  • Google Ads, Analytics and Tag Manager.
    • Goals:
      • To analyze the audience of our Services
      • To carry out advertising campaigns on the Google network. This web analytics service offered by Google tracks website traffic. Google uses the collected data to track and monitor the use of our Services. This data is shared with other Google services. Google may use the data collected to contextualize and personalize ads in its own advertising network.
    • Data is transferred to subcontractors established in countries outside the European Economic Area. This transfer is governed by standard contractual clauses. These standard contractual clauses are available: Google Ads Data Processing Terms, Google Ads Controller-Controller Data Protection Terms and Google Measurement Controller-Controller Data Protection Terms.
  • Google Maps
    • The goal is the implementation of APIs: API Place details, API Autocompete, API Maps. These APIs allow a user to be geolocated via his browser so that he can find lawyers near his position.
    • Data is transferred to subcontractors established in countries outside the European Economic Area. This transfer is governed by standard contractual clauses. These standard contractual clauses are available by clicking here.
  • Google Dialogflow
    • The goal is to run our personal assistant, Harvey, on Facebook messaging.
    • Data is transferred to subcontractors established in countries outside the European Economic Area. This transfer is governed by standard contractual clauses. These standard contractual clauses are available by clicking here.
  • Microsoft Office 365
    • The goals are:
      • Create and host our text documents, tables, presentations.
      • Hosting our emails.
    • The location of the data is set in Europe. Data is also transferred to subcontractors established in countries outside the European Economic Area. This transfer is governed by standard contractual clauses. Our subcontracting agreement with Microsoft is available by clicking here.
  • Facebook
    • The goals are:
      • Receive and respond to your messages via our pages, Facebook and Instagram accounts.
      • Launch advertising campaigns on Facebook and Instagram.
      • Analyze the audience of our pages and accounts. This analytics service provided by the Facebook group of companies uses the data collected to track and monitor the use of our services. This data is shared with other Facebook services. Facebook may use the data collected to contextualize and personalize ads on its own advertising network.
      • Install our personal assistant, Harvey, on the Facebook platform.
    • Data is transferred to subcontractors established in countries outside the European Economic Area. This transfer is governed by standard contractual clauses. Our outsourcing contract with Facebook is available by clicking here.
  • LinkedIn
    • The goals are:
      • Receive and respond to your messages via our pages, LinkedIn accounts.
      • Launch advertising campaigns on LinkedIn.
      • Analyze the audience of our pages and accounts. This analytics service offered by LinkedIn uses the data collected to track and monitor the use of our services. This data is shared with other LinkedIn services. LinkedIn may use the data collected to contextualize and personalize ads in its own advertising network.
    • Data is transferred to subcontractors established in countries outside the European Economic Area. This transfer is governed by standard contractual clauses. Our subcontracting agreement with LinkedIn is available by clicking here.
  • Twitter
    • The goals are:
      • Receive and reply to your messages via our pages, Twitter accounts.
      • Launch advertising campaigns on Twitter.
      • Analyze the audience of our pages and accounts. This analytics service offered by Twitter uses the data collected to track and monitor the use of our services. This data is shared with other Twitter services. Twitter may use the data collected to contextualize and personalize ads on its own advertising network.
    • Data is transferred to subcontractors established in countries outside the European Economic Area. This transfer is governed by standard contractual clauses. Our subcontracting agreement with Twitter is available by clicking here.
  • Accountant Crapanzano
    • The goals are:
      • To keep an orderly accounting of our activity.
      • To respect our fiscal and social obligations.
    • The location of the data is set in Belgium.
  • CBC Banque Belgium
    • The goals are:
      • To allow the maintenance of our bank account.
      • To enable the execution and receipt of our payments.
    • The location of the data is set in Europe. CBC Banque’s Personal Data Protection Policy is available by clicking here.
  • Calendly
    • The goal is to allow you to select a time slot in our electronic calendar in order to schedule an appointment, a meeting.
    • The location of the data is set in the United States. Data is transferred to subcontractors established in countries outside the European Economic Area. This transfer is governed by standard contractual clauses. Calendly’s Personal Data Protection Policy is available by clicking here.
  • Asana
    • The goals are:
      • To organize as a team.
      • To communicate internally.
    • The location of the data is set in the United States. Data is transferred to subcontractors established in countries outside the European Economic Area. This transfer is governed by standard contractual clauses. Our outsourcing agreement with Asana is available by clicking here.

For your information, here is their policy on the protection of personal data:

What level of security do we provide?

We have taken appropriate technical and organizational measures to protect your Personal Data from unauthorized access, use, loss or disclosure.

For example, we have taken the following measures:

  • We maintain a register of the processing of Personal Data. It is available upon request.
  • We maintain a data leakage and theft procedure and a data leakage and theft log. To date, there has never been a data breach or theft.
  • We provide a list of our subcontractors.
  • We have put in place an internal policy informing and obliging our administrators, employees to maintain data confidentiality and compliance with the GDPR. We have set up a Sharepoint to raise awareness of Personal Data issues among our teams.
  • We are able to notify you without delay in the event of a data breach (although we and our contractors work hard to ensure this is not necessary).
  • We have a username and password policy on all our systems.
  • We pseudonymize personal information when necessary.
  • We routinely back up personal data so that it can be recovered in the event of physical or technical incidents.
  • We regularly test and evaluate our measures and adjust them if necessary.
  • We are monitored by competent privacy lawyers.
  • We keep ourselves informed of the guides and guidelines published by the CNIL and the Belgian Personal Data Authority.

In the case of new projects that may have an impact on your privacy, a thorough analysis is carried out to guarantee your rights, the security and the protection of your Personal Data.

Should there nevertheless be an incident involving your data, you will be informed personally in the circumstances provided by law.

Do we transfer Personal Information outside the European Union?

Yes, we transfer Personal Data to a country outside the European Union or the European Economic Area if and only if:

  • The European Commission has issued a decision that establishes that country provides an adequate level of data protection, i.e., equivalent to that provided by EU law. Personal data will be transferred on this basis.
  • The transfer is covered by an appropriate safeguard granting a level of data protection equivalent to that provided by European legislation, such as the Commission’s standard contractual clauses, a Code of Conduct, certification, binding corporate rules, consent.

What are your rights regarding the protection of personal data?

Right of access

  • This right allows you to ask us directly if we have any information about you, and to request that we provide you with all of that information.
  • The exercise of the right of access is free of charge unless your request is excessively recurrent, unfounded or manifestly intended to abuse this right of access.
  • We will be entitled to charge a “reasonable fee” based on the administrative costs incurred.

Right of rectification and right to update your data

  • This right allows you to ask us to rectify inaccurate information about you. The right of rectification completes the right of access.

Right to object

  • This right allows you to object to the processing of your Personal Data.
  • This right of objection only applies to processing that is necessary for the performance of a task in the public interest or in the exercise of official authority, or for the purposes of the legitimate interests pursued by the controller or by a third party, or for canvassing purposes, or for scientific or historical research or for statistical purposes. We may invoke legitimate and compelling reasons overriding you by the processing to not act on your right to object.

Right to withdraw your consent

  • If the data is processed on the basis of your consent, you have the possibility at any time to reverse this decision, without calling into question the past processing.

Right of portability

  • This right allows you to retrieve some of your data in an open, machine-readable format and to transfer your Personal Data from one organization to another.
  • You can exercise this right only for data processing that has been based on consent or that the processing is carried out using automated processes.
  • You can only exercise this right with respect to the data you have provided to us.
  • You will not be able to implement the right to data portability if it infringes on the rights and freedoms of third parties.

Right to erasure

  • This right allows you to request the permanent deletion of your data.
  • This right can only be exercised within the limits provided for in Article 17 and 18 of the General Regulation on the Protection of Personal Data.

How can you exercise your privacy rights?

If you wish to exercise your rights and if you have any questions or complaints about the way in which we process your personal data, please address them in advance to info@symplicy.com.

If you believe that a data controller is not respecting your personal data, you have the possibility to lodge a complaint with the Data Protection Authority (“DPA”), you have the right to lodge a complaint with the competent supervisory authority.

The competent authority for Belgium is: Data Protection Authority, Rue de la Presse 35, 1000 Brussels, +32 (0)2 274 48 00, contact@apd-gba.be or via this link https://www.autoriteprotectiondonnees.be/introduire-une-requete-une-plainte.

Hyperlinks to other websites ?

When using our Services, they may contain Hyperlinks to other Websites that are maintained by legal/physical persons who are not part of our company.

These websites must have their own rules for the protection of personal data.

We invite you to read their rules. We cannot be responsible for the content of these websites or for the way in which these websites handle Personal Data.

What is the applicable law?

This Privacy Policy shall be interpreted by and in accordance with Belgian law.

What is the competent jurisdiction?

In the event of a dispute between the Parties relating to the validity, interpretation or execution of this Privacy Policy that cannot be resolved amicably, the Parties shall first attempt to resolve such dispute through mediation. The Parties shall appoint a mediator from among the mediators approved by the Federal Mediation Commission in Belgium.

If the mediation does not allow to solve this dispute, the dispute will be brought exclusively before the courts of Liège, Namur division materially competent.

Miscellaneous clauses

If any provision of this Privacy Policy is found to be invalid or unenforceable, it shall be deemed unwritten, without affecting the validity of the remaining provisions.

This Privacy Policy is an integral part of the Terms of Use and cannot be separated from them.

If you feel that we are not respecting your privacy, you can email us at info@symplicy.com.

This Privacy Policy is dated June 5, 2021. You can download a copy of this version in a durable medium (.pdf format) by clicking here.