GDPR & Privacy
This Policy applies as between you, the User of this Website
and Lexplicity SPRL-S the owner and provider of this Website and the commercial brand Lexonweb.
This Policy applies to our use of any and
all Data collected by us in relation to your use of the Website and any Services or Systems
therein. We take data protection and privacy seriously. This Policy explains who we are, how we collect, use, keep (and how long) personal data, and how you can exercise your rights.
Lexonweb reserves the right to change this Policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and you are deemed to have accepted the terms of the Policy on your first use of the Website following the alterations.
Last update: 10 June 2019
I. Definitions and interpretation
In this Policy the following terms shall have the following
Account: means collectively the personal
information, Payment Information and credentials used by Users to access Material and / or any
communications System on the Website;
Content: means any text, graphics, images,
audio, video, software, data compilations and any other form of information capable of being stored in a
computer that appears on or forms part of this Website;
Cookie: means a small text file placed on
your computer by Lexplicity SPRL-S when you visit certain parts of this Web Site. This allows us to
identify recurring visitors and to analyse their browsing habits within the Website;
Data: means collectively all information
that you submit to the Web Site. This includes, but is not limited to, Account details and information
submitted using any of our Services or Systems;
Lexonweb, We, Us, Our: means Lexplicity SPRL-S, rue des Francs 17, 1040 Etterbeek, Belgium, company number BE 0700.558.051;
System: means any online communications
infrastructure that Lexonweb makes available through the Website either now or in the future. This
includes, but is not limited to, web-based email, message boards, live chat facilities and email
User/Users: means any third party that
accesses the Website and is not employed by Lexonweb and acting in the course of their employment;
Website: means the website that you are
currently using (lexonweb.com) and any subdomains of this site (e.g. courses.lexonweb.com)
unless expressly excluded by their own terms and conditions.
II. Who we are
Lexonweb is the commercial brand for the publishing of online courses & compliance trainings by Lexplicity SPRL-S, rue des Francs 17, B-1040 Etterbeek, company number BE0700.558.051 ("We," "Us," "Our,"), which provides:
- online courses for Compliance Officers and Banking & Finance lawyers,
- custom designed online compliance trainings ("Compliance training") for or on behalf of Compliance departments,
- legal/compliance consultancy services, and
- legal/compliance interim services for Belgian companies,
altogether the "Services".
In our daily operations, we follow these 6 principles:
1. Privacy by design and minimisation
We make sure to limit the personal data we collect and the extent of its processing. For instance, when you subscribe to our mailing list in order to be informed of the online courses we publish, we only collect your email address.
We always reflect at the start of a new process:
- if it is necessary and pertinent,
- if it concerns personal data, and to which extent,
- how to minimise the data collected (personal or not),
- what the purpose of the processing is, and whether it is legitimate,
- how to make sure it is not further processed in a manner that is incompatible with the initial purposes,
- on which legal basis the processing is performed (consent, legitimate interest, to enable the performance of a contract, a legal obligation),
- whether the processing is proportionate to the purposes and legal basis,
- which categories of personal data must be processed and how long,
- how to ensure appropriate security of the personal data collected.
2. Location in EEA preferred
Whenever possible, we select providers which are located and/or which locate our data in the EEA.
For instance, our webhost is US-based but their servers are located in the Netherlands. Our online courses platform is a EU-based company, and we use Office365 and Google Suite with servers located in the EU region (see list of processors under Section V).
We require a Data Processing Agreement
from our processors.
If not located in the EEA, our providers are:
- EU-US Privacy Shield certified, and/or;
- with whom we have signed EU Standard Contractual Clauses.
3. Selection of providers & security
In any case, we select our providers with great care. Data protection/IT security (data breaches management included) is one of the three main criteria on which we make our choice (along with ability to meet our needs and, in last position, pricing), and the one to which the greatest weight is given when several options for the performance of a similar service are available on the market.
4. Legitimate interest
When we base a processing on our legitimate interest, we always perform a balance test with the rights of the persons whose data is processed, taking into account the categories of data processed, the amount, its public character (or not), the result of the processing and whether it might be considered as intrusive in a B2B context.
We document our processes internally (register, mapping, procedures). This documentation is updated as soon as a new process is implemented and reviewed on a yearly basis.
We ensure the transparency of the processing of personal data we perform by publishing and reviewing regularly this Policy and making the necessary references to it on our website, in our emails, Purchase Orders and contracts.
IV. How we collect and use data
1.1.What we do: we build a mailing list of prospects interested by our online courses and training on demand solutions.
1.2.Why: to grow our business and raise awareness about our online courses and trainings (methods, pedagogy, tools, topics of new courses…).
1.3. Legal basis: consent, you opt in to the mailing list by filling in an online form and can unsubscribe at any time.
1.4. Which data: email address provided by subscriber, information about mailing list activity (from ESP) such as open rate, clicks.
1.5. How long: 3 years after last active contact (subscription, opening of email or unsubscribe).
2. Online courses
2.1. What we do: we publish online courses that can be purchased either by an individual or a company with the possibility to add some one-on-one consultancy related to the topic as an option to the purchase. On purchase, we give access to the public online course in question to the student (licensee/attendee) in order for them to take the course, download materials, pass the quizzes/tests that make part of the course. We deliver a certificate of completion. We maintain for each public online course a course-based mailing list and e-learning platform communications of/to students. When one-on-one consultancy has been purchased in addition to the course, we use a provider to schedule the call and send reminders.
2.2. Why: (i) to deliver the online course, e.g.: to communicate login info, to create and deliver course certificates, for technical/billing support purposes, (ii) to ensure a better online training experience and achieve a higher degree of course completion (communications about content, reminders, invitations to live Q&As, sending the certificate of completion…), (iii) to schedule one-on-one consultancy calls when purchased.
2.3. Legal basis: (i) the performance of the contract with the student/company who purchased the course (ii) our legitimate interest (amelioration of present/future courses).
2.4. Which data: (i), students data: email address, first name + name, completion rate/activity (quizzes, test, survey, certificate), (ii) scheduling one-on-one consultancy calls: email address, first name + name, telephone number.
2.5. How long: 3 years after purchase.
3.1. What we do: we use third party cookies. The full description of the ones we use can be found in our .
3.2. Why: to (i) improve visitor experience, (ii) increase number of subscribers and purchases, (iii) advertise our services on LinkedIn.
3.3. Basis: legitimate interest.
3.4. Which data: IP address.
3.5: How long: 1 year.
4. Payments, invoicing & accounting
4.1. What we do: we process online purchases through Checkout/Payment services (and any refund). From there, invoices are created with the necessary legal mentions. Invoices are also processed in our accounting system.
4.2. Why: (i) to provide online mean of payment, (ii) document contracts, (iii) keep proof of these contracts, (iii) meet Our and your accounting obligations.
4.3. Basis: (i) legal obligations (accounting and tax), (ii) legitimate interest (proof).
4.4. Which data: (i) ID; first name + name, email address, (ii) invoicing; address, VAT number, (iii) payment; card number, expiration date, CVC.
4.5. How long: (i) ID; 10 years after purchase (statute of limitation), (ii) contracts; 10 years after purchase (statute of limitation), (iii) invoices, 10 years after purchase (statute of limitation); (iv) payment data; no longer than necessary to process payment (and eventual refund during cool off period).
V. Service providers
DPA & Privacy Shield
DPA & EU SCCs
Cloud (G Suite)
DPA, EU adequacy decision
Stripe Payment Eur.
VI. How we do NOT use data
We do not send you our general promotion emails ('mailing list') if you have not subscribed. We neither sell, share or rent the mailing list we gather.
VII. How to exercise your rights
1. Your rightsUnder the GDPR, you have several rights, the most important are the following ones:
- Right of access
- Right to rectification
- Right to erasure (or "right to be forgotten")
- Right to restriction of processing
- Right to be informed (this Policy)
- Right to object to processing
- Right to data portability
- Right to revoke consent at any time, when processing is based on consent.
The exact contour and performance of these rights depend on the legal basis for which we process/keep data. Please, contact us if you have any request about exercising your rights.
In any case, if you do not want to receive our emails anymore, you may always unsubscribe from a list through a link present at the bottom of each of them. You may also, among other, request to not receive any kind of marketing message from us.
2. How to contact us
For any enquiries related to data protection and privacy, please send us an email at .
3. ComplainsYou may always lodge a complain with the 'Data Protection Authority':
Data Protection Authority
rue de la Presse 35