Privacy policy

The data controller is MyLaw.be SRL, [Adresse du siège — Belgique], [BE 0XXX.XXX.XXX]. For any question regarding your data, please contact our Data Protection Officer at dpo@mylaw.be.

When you use MyLaw.be, we collect the following categories of data:

• Identification: first name, last name, email, phone number.
• Consultation data: legal area, subject, description, identity of opposing parties (name, date of birth, national or VAT number if provided).
• Payment data: processed exclusively by Stripe; we never store your full banking data.
• Call recording: only with your explicit consent (checkbox at payment).
• Consultation notes: written by the lawyer, encrypted (AES-GCM) with a dedicated KMS key.
• Technical data: IP address, browser type, connection logs (for security purposes).

• Performance of the matchmaking and consultation service (Article 6.1.b GDPR — performance of the contract).
• Automated conflict-of-interest check to comply with Bar deontology (Article 6.1.c GDPR — legal obligation).
• Call recording (Article 6.1.a GDPR — consent, freely revocable).
• Site security, fraud prevention, compliance audit (Article 6.1.f GDPR — legitimate interest).
• Transactional communications regarding your consultation (confirmation, match, summary).

Your data is never sold to third parties. It may be shared with:

• The lawyer assigned to your consultation, strictly limited to what is necessary for their mission.
• Other lawyers in the network who have signed the shared-secrecy agreement, in case of subsequent consultation (file continuity). Each access is logged in an immutable audit trail.
• Stripe (payment), Twilio (telephony), AWS / Google Cloud (hosting and encryption) — processors bound by an agreement compliant with Article 28 GDPR.
• Public authorities upon legal request.

• Customer account: as long as the account is active, plus 5 years after the last consultation (civil prescription).
• Consultation notes: 5 years after the consultation, in line with the lawyer's professional obligations.
• Audio recordings: 30 days, then automatic deletion. If the consultation is converted into a follow-up case, the period extends to that of the case.
• Technical logs: 12 months maximum.
• Payment data: kept by Stripe according to its own rules.

Consultation notes are encrypted (AES-GCM) with a per-lawyer key managed via a dedicated KMS service. Communications are protected by TLS. Access to sensitive data is restricted to authorized persons and tracked in an immutable audit trail.

Under the GDPR, you have the following rights:

• Right of access and to obtain a copy of your data.
• Right to rectification of inaccurate data.
• Right to erasure ("right to be forgotten"), subject to legal retention obligations.
• Right to restriction of and objection to processing.
• Right to data portability.
• Right to withdraw your consent to audio recording at any time.
• Right to lodge a complaint with the Data Protection Authority (DPA), Rue de la Presse 35, 1000 Brussels, contact@apd-gba.be.

To exercise these rights, write to dpo@mylaw.be. You will receive an answer within one month.

The Site uses cookies essential to the operation of the service. For more details, see our cookies policy.

This policy may evolve to reflect legal or technical changes. Material changes will be communicated to you by email.