This Policy is established by :

CSMG sc, operating under the trade name Exelia
Address: avenue de la Couronne, 340 – 1050 Ixelles (Brussels)
e-mail :
BCE n° : BE 0502 417 537

Hereinafter referred to as “the firm” or “we”, “our”.
We pay particular attention to the protection of personal data and the respect of privacy of anyone in contact with us. We act transparently, in compliance with national and international regulations in this area.
This information document on personal data protection describes how we process your data and the rights you have as a data subject.
It may be modified at any time to comply with any regulatory, legal, or technological developments. We invite you to consult it regularly.
You can react to any of the practices described below by contacting us.

1. Glossary

In the context of this document, the GDPR means: General Data Protection Regulation (GDPR) Regulation 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

For the purposes of the GDPR, the following definitions apply:

  • « Personal data » : Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • « Processing » : Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • « Controller » :The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  • « Processor » : A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller ;
  • « Recipient » : A natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
  • «Third party »: A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

In this document, “personal data” is also referred to as “personal information”.

2. Why does the firm process personal data and what is the legal basis for our processing?

3. What personal data does the firm process, and where does it come from?

We only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. Depending on the purposes, the collection of data is carried out differently.

We detail below the personal data we collect on the individuals concerned, including our clients, the reason for their collection, and the methods of collecting it.

4. Who does the firm share personal data with?

Any data sharing is carried out in compliance with professional secrecy, ethical rules, and the present document. A link to these ethical rules can be found on the legal notice page of our website.

The data listed above can be accessed by members of the firm’s team or any colleague acting as a collaborator or specialized lawyer, or any technical advisor, strictly as necessary for the execution of the firm’s obligations.

In order to defend its interests, in accordance with the mandate given by the customer and to the extent necessary, the firm may communicate the client’s personal data to competent judicial or administrative authorities or legal auxiliaries.

The firm may also transmit these personal data to opposing parties as necessary for the defense of the client’s interests.

The firm may, when necessary, transmit client data to banking or insurance organizations for the defense of the client’s interests, in compliance with professional secrecy and to the extent required.

The firm may need to transmit personal data to third parties under the law, decrees, or other regulatory provisions it cannot derogate from.

The firm may also share certain data with its co-contractors, termed “processors” under the GDPR, strictly necessary for the operation of computerized or non-computerized management applications or systems the firm subscribes to.

In all circumstances, we ensure the protection of client data through agreements ensuring confidentiality.

Service providers with whom we may share client data include:

Service provider typeLocation
Email delivery solution providersIn Europe
Postal delivery service providersIn Europe
Providers of IT solutions and maintenance for infrastructure and systemsIn Europe
Hosting / Cloud service providersIn Europe
Accountants and financial service providersIn Europe
Banks / Insurance companiesIn Europe
Third-party payer insurerIn Europe
Legal aid office (Bar Associations)In Europe
Lawyers – collaborators – trainee lawyersIn Europe
The Order of French-speaking and German-speaking Bars ( Europe
Copying service providerIn Europe
Social networksIn Europe

For security reasons, the list of subcontractors, their area of activity, the intended purpose, and if applicable, the country in which the data are processed and hosted are not available on our site but can be provided upon the first request of the individuals concerned.

5. How long does the firm retain personal data?

The retention period for personal data varies depending on the purposes of the data processing. This period is limited, taking into account any potential retention obligations imposed by law.

6. Does the firm transfer personal data outside the European union?

The firm may transfer data to countries outside the European Union or the European Economic Area only if:

  • The European Commission has decided that the country ensures an adequate level of data protection, equivalent to that provided by European legislation. Personal data will be transferred on this basis.
  • The transfer is covered by an appropriate guarantee providing a level of data protection equivalent to that provided by European legislation, such as standard contractual clauses of the Commission, a Code of Conduct, certification, binding corporate rules, consent.

In the absence of an adequacy decision or appropriate safeguards, a transfer or a set of personal data transfers to a third country is still possible if the transfer is necessary for the establishment, exercise, or defense of legal claims.

7. How do we protect the personal data of the individuals concerned?

Exelia has developed appropriate technical and organizational security measures to prevent the destruction, loss, alteration of personal data collected, access to these data by unauthorized persons, or the erroneous communication of these data to third parties, as well as any other unauthorized processing of such data.

  • Technical measures
    • Use of antivirus, firewall, etc.
    • Passwords
    • Data access control system
    • Data encryption
    • No unsecured backups
    • Use of software dedicated to legal case management
  • Organizational measures
    • Limited access to certain well-defined individuals
    • Incident management procedure
    • Training and awareness for lawyers and collaborators

If, despite all precautions, an individual becomes aware of a data breach or suspects one, we ask them to report it immediately by contacting us.

For security reasons, the list of subcontractors, their area of activity, the intended purpose, and if applicable, the country in which the data are processed and hosted are not available on our site but can be provided upon the first request of the individuals concerned.

8. What are the rights of the data subject and how to contact us?

Unless a current legal provision in Belgium does not allow it, including the GDPR, or if professional secrecy opposes it, every concerned person has the following rights:

  • The right to access, including the right to know that the firm processes their personal data;
  • The right to receive a copy of the processed data ;
  • The right to rectification of the processed data ;
  • The right to withdraw consent ;
  • The right to object to the processing of their personal data, particularly if their personal data are processed on the basis of our legitimate interest ;
  • The right to restrict the processing of the processed data;
    • If the concerned person disputes the accuracy of this data. pending the evaluation of the interests before exercising the right to object to the processing of certain personal data.
    • If the processing of their personal data is unlawful, but the concerned person nevertheless does not wish to exercise their right to data erasure.
    •  If we no longer need the personal data of the concerned person, but they need it for the establishment, exercise, or defense of legal claims.
  • The right to erasure of the processed data;
  • The right to data portability;
  • The right to file a complaint with the Data Protection Authority:
    Rue de la Presse, 35 à 1000 Brussels
    Phone : +32 (0)2 274 48 00
    Fax: +32 (0)2 274 48 35

For more information on complaints and possible remedies, you can visit the following page of the Data Protection Authority:

We will respond to the requests of the concerned person as soon as possible and at the latest within a month following the receipt of their request, we will inform them of the follow-up given to it.

Depending on the complexity of their request or the number of requests we receive from other people, this period may be extended by two months. In this case, the concerned person will be notified of this extension within a month following the receipt of their form.

In all circumstances, when communicating this information, we are always obliged to consider the rights and freedoms of other people.

The concerned person can exercise their rights by contacting the firm, whose contact details are provided above.

We ask the concerned person to attach to their request the documents or information necessary to prove their identity; otherwise, we may return to them to request proof of their identity, for example, a copy of their ID card, to give the appropriate follow-up to their request.

Finally, when the request to exercise rights is manifestly unfounded or excessive, particularly because of its repetitive character, it may be refused or subject to the payment of reasonable fees that take into account the administrative costs incurred in providing the information, carrying out the communications, or taing themeasures requested.

9. Who is the data controller?

The data controller is CSMG scrl, operating under the trade name Exelia, as identified above.

10. What is the applicable law and jurisdiction?

Any dispute related to the execution of the present or any subsequent or related act shall be exclusively governed by Belgian law.

Notwithstanding Article 624 of the Judicial Code, any dispute concerning the application of the present or any subsequent or related act falls under the exclusive jurisdiction of the courts of Brussels.

11. Cookie policy

For more information about our cookie policy, please refer to the next page.

12. Modifications

The Firm may, for various reasons, make corrections, additions, or changes to this information document on data protection policy at any time. The most current version can always be viewed on our website.

Last update on July 24, 2023.




Exelia uses cookies on its website (hereafter referred to as “the site”) to enhance your online experience. These cookies ensure the site’s proper functioning. The use of cookies enables Exelia to adapt the content of its site to your needs and preferences. Among other functions, cookies facilitate the selection of the display language.

If you refuse to accept cookies, the site may not function properly. By accepting cookies, you consent to their use as described in this cookie policy. You may change your cookie preferences at any time. We invite you to refer to your browser’s cookie management settings.

This cookie policy provides all information about the cookies used on Exelia’s domains. It also explains how these cookies are used to improve your experience.


Cookies are small text files stored by your browser on your computer or portable device when you use websites. These cookies are sent by your browser to the site during each visit, so you can be recognized as a unique visitor with your own user preferences. During your visit to the site, information can therefore be collected through these cookies.

Your consent is requested for the use of cookies concerning the storage and analysis of personal data.

By using the site, you consent, within the limits expressed below, to cookies being stored on your device used for this purpose.

This consent is given for a maximum duration of 6 months following your last visit to the site.

You can control how websites use cookies by configuring your browser’s privacy settings. Cookies can generally be viewed and deleted at your discretion (for more information on controlling cookies, please refer to your browser’s Help function). Please note, however, that if you block or disable all cookies, the site may not function properly.

Cookies on this website

This website uses cookies that we have divided into several major categories, based on their purposes:

Necessary Cookies

Necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the site. The site cannot function properly without these cookies.

To navigate the site, you must accept this type of cookie.

Functional Cookies

Functional cookies enable a website to retain data that changes the way the site behaves or is displayed such as your preferred language or the location of the user.

You can refuse this type of cookie, but your browsing experience may be affected.

Statistical / Marketing Cookies

Statistical cookies help website owners, by collecting and reporting information anonymously, to understand how visitors interact with the site.

Marketing cookies are used to track visitors across websites. The aim is to display ads that are relevant and interesting to the individual user and thus more valuable for publishers and third-party advertisers.

Some of the services listed below collect aggregated statistics and may not require the user’s consent or may be managed directly by the controller, as described, without the assistance of third parties.

In cases where the tools indicated below are services managed by third parties, these may – in addition to what is specified and without the knowledge of the controller – be used to track the user’s browsing habits. Please consult the privacy policy of the listed services for detailed information.


The services contained in this section can be used to track user behavior and enable the controller to monitor and analyze web traffic.

  • Google Analytics (Google Inc.)
    Google Analytics is a web analytics service provided by Google Inc. (« Google »). Google uses the collected data to track and analyze the use of this application, prepare reports on its activities, and share them with other Google services. Google may use the collected data to contextualize and personalize ads of its own advertising network.
    • Personal Data collected: cookies and usage data
    • Processing location: United States
    • Privacy Policy
    • Optout

You can refuse this type of cookies.

When accessing the site, you can set your cookie preferences. You can update your preferences by clicking on this link.



CSMG SCRL, operating under the trade name «Exelia»
Avenue de la Couronne 340
B-1050 Bruxelles
BE0502 417 537
email address of the controller :



CSMG is a limited liability cooperative company, operating under the trade name Exelia. It is composed of lawyers Alain Hirsch, Vincent Delcuve, Maxime Bernard, Brice Anselme, all members of the French Order of the Brussels Bar, and Véronique Christiaens, member of the Dutch Order of the Brussels Bar.

Details :

avenue de la Couronne 340
1050 Ixelles (Brussels)
Registered with the BCE under no. 0502.417.537 (VAT Brussels)
Tél. +32 02 645 05 80 +32 648 05 80

All CSMG lawyers are covered by an insurance policy taken out by the French and German speaking bars (OBFG) with Ethias S.A., located at 4000 Liège, rue des Croisiers, 24.

CSMG partners are also covered by an additional professional liability insurance policy, also with Ethias S.A.

The deontological rules to which the lawyers of CSMG are subject are those applicable to all members of the French (available at or Dutch (available at Orders of the Brussels Bar.

Information regarding our fees, as well as our general conditions, are available under this hyperlink.


Last update: 09 november 2023

would you like to know more?

Contact us