Privacy Statement v1 January 1st 2020


Your privacy and trust are important to us. This privacy statement (“Privacy Statement”) explains how Gades (“Gades”, “we”, “us” or “our”) collects, handles, stores and protects personal information about you in the context of our services. It also provides information about your rights and about how you can contact us if you have questions or complaints about how we handle your information.

MGLC SPRL, operating under the tradename "Gades", having its registered office at Avenue d'Argenteuil, 53, 1410 Waterloois registered with the Central Database for Enterprises as number BE0669869924 (Belgium Legal Persons Register) (hereinafter referred to as “Gades”). 



1.      Applicability of this Privacy Statement

2.      What are the sources of personal information that we collect?

3.      What types of personal information do we collect?

4.      How do we use personal information?

5.      Legitimate interests for use

6.      With whom do we share personal information?

7.      How do we secure personal information?

8.      For how long do we keep personal information?

9.      Your rights

10.  Transfer of personal information outside EU and EEA

11.  Use of publicly available information within our Services

12.  How to contact us?

13.  Updates to this Privacy Statement


1.      Applicability of this Privacy Statement

Gades provides tailored legal consultancy services (“Services”).

This Privacy Statement applies to persons who use our website (the “Website”) or who subscribed to our Services .

Within our Website , there may be links to third-party websites or applications.  We do not control, and are not responsible for, the content or practices of these other websites. Our provision of such links does not constitute our endorsement of these other websites, their content s , their owners, or their practices. This Privacy Statement does not apply to these other websites.

Disclaimer : We do not process children’s personal information.


2.      What are the sources of personal information that we collect?

We collect personal information about you from your interactions with us and from certain third parties and other sources ( including from your employer providing access to our Services or publicly available sources , where permissible).

We obtain personal information from you:

  • through your interactions with us and our Services, such as, when you use our Services, request information or call us for support

  • through your system/device and use of our Services. Our servers, logs and other technologies automatically collect system/device and usage information to help us administer, protect and improve our Services, analyse usage and improve users’ experience

  • through cookies and similar technologies included on our Services.

We also collect personal information about you from third parties such as:

  • the person(s) arranging for you to access our Services (e.g. your employer)

  • publicly available sources such as public websites, open government databases or other data in the public domain, to help us maintain data accuracy and provide and enhance the Services .


3.      What types of personal information do we collect ?

The type of personal information we collect depends on how you are interacting with us.

You may choose whether or not to provide us with personal information. In the event that you choose not to, you may not get full functionality from the Services that we offer.

The personal information we collect consists of the following:

  • Name and contact data, such as, first and last name, email address, postal address, phone number, and other similar contact data

  • Device information, such as, information about your device, such as IP address, location or provider

  • Any other personal data, which might be part the agreement to which you or your employer are party to, as required for the provision of Services to you.


4.      How do we use personal information ?

This section includes details of the purposes for which we use personal information and the different legal grounds upon which we process that personal information. We use personal information to provide and improve our Website, to provide and improve our Services and for other purposes that are in our legitimate interests , as well as for compliance purposes. Further information is set out below.

The EU General Data Protection Regulation (“GDPR”) require s us to explain our lawful reason for processing personal information. We process personal information about you on the basis that it is:

  • necessary for the performance of a contract: where we have a contract with you, we will process your personal information in order to fulfil that contract (i.e., to provide you with Services) . This is the case, for example, when you order our Services.

  • in our or a third parties’ legitimate interests : details of those legitimate interests  are set out in more detail below (e.g., provision of Services that we are contractually obliged by a third party, such as your employer, to deliver to you)

  • where you explicitly give us your consent: we only ask for your consent in relation to specific uses of personal information where we need to and, if we need it, we will collect it separately and make it clear that we are asking for consent

  • for compliance with a legal obligation (e.g., to respond to a court order or a regulator)

You are welcome t o contact us   for further information on the legal grounds that we rely on in relation to any specific processing of your personal information.


5.      Legitimate interests for use

We use personal information for a number of legitimate interests, including but not limited to the following:

  • to administer our relationship with you, our business and our third-party providers (e.g., to send invoices)

  • to provide insights to any third party, who has made our Services available to you (e.g., your employer), about use of the Services

  • for internal research and development purposes and to improve, test and enhance the features and functions of our Website and Services

  • to manage our client base, including invoicing, credit checks etc.

  • to meet our internal and external audit requirements, including our information security obligations (and if your employer provides for your access to our Services, to meet their internal and external audit requirements)

  • to enforce our general terms and conditions

  • to protect our rights, privacy, safety, networks, systems and property, or those of other persons

  • to comply with requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, including where they are outside your country of residence

  • in order to exercise our rights, and to defend ourselves from claims and to comply with laws and regulations that apply to us or third parties with whom we collaborate

  • in order to participate in, or be the subject of, any sale, merger, acquisition, restructure, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings)

Where we rely on legitimate interests as a lawful ground for processing your personal information, we balance those interests against your interests, fundamental rights and freedoms.


6.      With whom do we share personal information ?

We share personal information within Gades group (may be outside of the EU) , with our business partners and third-party service providers, the person providing for your access to our Services ( in the event it is not you ) and in accordance with applicable aw s . Our third-party service providers are not permitted to share or use personal information we make available to them for any purpose other than to provide services to us.

We share your personal information for the purposes set out in this Privacy Statement, with the following categories of recipients:

  • Employees, agents or subcontractors of Gades group in Belgium and abroad (you may refer to the section on transfer of personal information outside EU and EEA with respect to same)

  • the person providing your access to our Services

  • third parties that help us deliver Services or act on our behalf

  • third parties where we have a duty to or are permitted to disclose your personal information by law (e.g., government agencies, law enforcement, courts and other public authorities)

  • third parties in order to participate in, or be the subject of, any sale, merger, acquisition, restructure, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), in which case we may disclose your personal data to prospective buyers, sellers, advisers or partners and your data may be a transferred asset in a business sale

  • third parties reasonably required to protect our rights, users, systems and Services (e.g., legal counsel and information security professionals)

  • any person you have explicitly asked us to share information with .


7.      How do we secure personal information ?

Gades takes the security of personal information seriously and we use appropriate technologies and procedures to protect personal information (including administrative, technical and physical safeguards) according to the risk level and the type of personal information .

We only provide your personal information to our employees, advisors and authorized third parties on a need-to-know basis.

Furthermore, we restrict access of our information systems to non-authorized parties and use password protected laptops/computers to prevent unauthorized access to your personal information.


8.      For h ow long do we keep personal information ?

We retain your information in accordance with our enterprise records retention schedule.

We calculate retention periods for your personal information in accordance with the following criteria:

  • the length of time necessary to fulfil the purposes we collected it for

  • when you or your employer cease to use our Services

  • the length of time it is reasonable to keep records to demonstrate that we have fulfilled our duties and obligations

  • any limitation periods within which claims might be made

  • any retention periods prescribed by l aw s or recommended by regulators, professional bodies or associations

  • the existence of any relevant proceedings .


9.      Your rights

You have the following rights:

  • Right to access: The right to make a written request for details of your personal information and a copy of that personal information.

  • Right to rectification: The right to have inaccurate information about you corrected or removed .

  • Right to erasure ('right to be forgotten'): The right to have certain personal information about you erased under the following conditions:

    • Your personal information is no longer necessary for the intended purposes

    • You withdraw your consent for the processing and there is no other legal ground for processing

    • You have validly objected to the processing of your personal information

    • Your personal information has been illegally processed

    • Your personal information must be deleted to comply with a legal obligation.

  • Right to limitation of processing: The right to request that your personal information is only used for limited purposes .

  • Right to opt out of marketing: The right to manage your marketing preferences i n the event that you receive marketing communications from us .

  • Right to object: The right to object to processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third party’s legitimate interest .

  • Right to data portability: The right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable format .

  • Right to withdraw consent: The right to withdraw any consent you have previously given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information prior to the withdrawal of your consent .

These rights are not absolute, and they do not always apply in all cases.

In order to exercise your rights , please contact us .

In response to a request, we verify your identity if we need to, and to provide information that helps us to understand your request better. If we do not comply with your request, whether in whole or in part, we will provide the reason thereof.


10.  Transfer of personal information outside EU and EEA

Gades, may during the provision of its Services, transfer personal information outside EU and EEA (for e.g. to its affiliate or subcontractors in Mauritius). Such data transfer is done solely for the purpose of provision of Services.

When personal information is transferred outside the EEA, special safeguards are foreseen to ensure that the protection travels with the data. Therefore, Gades has concluded an agreement with its affiliate in Mauritius regarding international transfer of personal information using model contracts (a template of which may be found on the website of the European Commission). This ensures that our affiliate outside of EU, also abides by the provisions of the GDPR, in controlling or processing personal information, as the case may be.


11.  Use of publicly available information within our Services

Many professionals and third parties rely on the use of publicly available information in order to carry out research (e.g., on case law , new legislations, etc. ) or to satisfy their compliance obligations (e.g., to carry out anti-money-laundering checks , audits, etc. ).

To assist them, we make available information obtained from publicly available sources like public websites, open government databases or other data in the public domain (some of which is behind a paywall and some not).

We take privacy seriously and put in place measures designed to ensure that we process personal information in a proportionate way and in compliance with applicable data protection laws.   

Where we process non-sensitive personal information within those Services, it is normally processed because it is in our or a third parties’ legitimate interests to do so. In the limited circumstances where we do process sensitive personal information, we normally do so where:

  • It is necessary in relation to obligations under employment, social security and social protection law

  • Personal information has been manifestly made public by the person to whom it relates to and it does not violate that person’s rights

  • It is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity

  • Processing is necessary for reasons of substantial public interest, on the basis of applicable l aw s .


12.  How to contact us ?

If you have any questions, comments, complaints or suggestions in relation to data protection or this Privacy Statement, or any other concerns about the way in which we process information about you, please contact us at .

Filing a Complaint. If you are not content with how Gades manages your personal information, you may lodge a complaint with a privacy supervisory authority. In the European Economic Area, the relevant supervisory authority is the one in the country or territory where:

  • you are resident ,

  • you work, or

  • the alleged infringement took place .

A list of National Data Protection Authorities in the European Economic Area can be found here: .


13.  Updates to this Privacy Statement

We keep our Privacy Statement under regular review, and we place any updates on this webpage. This Privacy Statement was last updated on January 1st 2020. .