Following rules and regulations
To which extent am I allowed to use (electronic) databases, cookies, tracking devices and other on- or off-line tools in my marketing efforts?
The use of databases to enhance marketing efforts is very common. Such databases must be used in accordance with the personal data protection rules described above (see Question 23). Where data are obtained from third-parties, the company should always ensure that they have been lawfully collected.
Where personal data are used for direct marketing purposes by e-mail, the prior consent (opt-in) of the individual will generally be required, even in a B2B environment. An opt-out possibility (unsubscribe link) can however be sufficient for promotional e-mails sent to existing clients (as opposed to prospective clients) if the e-mail pertains to products similar to those already bought by the same client.
The use of other tracking devices for marketing purposes is subject to the individual's consent, after being provided with adequate information as to their use. The best-known example of such a tracking device is cookies, the use of which for (behavioural) advertising purposes requires the prior information and consent of the individual, generally through a banner on the homepage.Written by Tamar Van Colenberghe
Are there any restrictions on contractual arrangements from a competition law perspective? Are non-compete clauses recommended and/or possible?
The types of clauses which are permissible under competition law will depend on whether the agreement is concluded with a competitor (eg, in view of joint R&D or production) or a non-competing undertaking (eg, for the distribution of goods and/or services).
Agreements between competitors are strictly scrutinised by the competition authorities. Hence, caution is required when negotiating contracts with competitors. A non-compete clause will only be allowed in a limited number of cases.
Agreements between non-competing undertakings are also subject to competition law and hence caution should be taken, in particular with regard to exclusivity and pricing. Non-compete clauses are permitted if they fulfil certain strict conditions.Written by Elke Janssens
Does my company comply with all relevant regulatory requirements (eg, environmental, health and safety, data protection and zoning requirements)? Does my company have the necessary permits to conduct its business (eg, GMP, GDP, biosafety, environment
Certain sectors are highly regulated (such as bio-pharmaceuticals and medical devices, food and energies & utilities). Depending on your field of business, you may need certain permits and authorisations (eg, marketing authorisation, CE mark, pricing decision, GMP/GDP/ISO certificates). Your company may also be subject to regular audits by the competent authorities.
If your company processes personal data (ie any data pertaining to an identified or identifiable individual), it must comply with the rules on personal data protection. Personal data may relate to information about employees, clients prospective clients, patients, service providers, etc.
Health-related data and other special categories of data (trade union membership, political convictions, ethnic origin, race, etc) are considered sensitive and their processing, if allowed, is subject to more stringent requirements.
Compliance with the personal data protection rules requires, amongst other things, the following:
- a legal basis for processing the personal data, which can consist of the data subject's free and informed consent, a statutory obligation, a contractual duty to the data subject, a legitimate interest, etc;
- information of the data subjects of the reason(s) for the processing of their personal data, the recipients of their data, their right to access and correct their personal data, etc;
- the implementation of adequate technical and organisational measures to protect the data against loss, disclosure, and any other form of unlawful or unauthorised processing;
- if processors (ie service providers that process personal data on the company's behalf) are used, they must be contractually bound to the company;
- if personal data are transferred to (or accessible from) abroad (in particular countries outside the European Economic Area), additional measures (such as data transfer agreements) may be required.
Subject to certain (limited) exceptions, processing activities must be notified to the Belgian Privacy Commission prior to the start thereof.
It is important to bear in mind that permits may be required for the approval and reimbursement of certain products. The same applies to M&A transactions and licensing agreements.Written by Christel Brion
Does governing law matter?
Parties are free to choose the law governing their agreement, which can be the law of a party's place of business. However, in most cases, it is not recommended to choose a so-called neutral law, ie the law of a jurisdiction with which the parties and their agreement have no connection or link. Indeed, a choice of neutral law may complicate the situation since, in addition to this law, mandatory provisions of local law (related to public policy) can also apply.Written by Florence Verhoestraete