1. To whom does this Privacy Statement apply?
This Privacy Statement applies to everyone who visits our website and to people whose personal data are processed by Van Doorne in the context of its provision of legal servicest.
People whose personal data are processed by Van Doorne in the context of its provision of legal services are:
2.What personal data does Van Doorne process in relation to you?
The personal data we process in relation to you are:
- Personal data you have provided to us;
- Personal data that give insight into the use of our website or other electronic means of communication and;
- Personal data obtained from other sources.
- Personal data provided by you
Personal data that give insight into the use of our website or other electronic means of communication. These could include data such as:
- contact details and other personal data which are needed for your case to be handled by a lawyer, civil-law notary or tax consultant. One the one hand these include details such as your name, address, telephone number, email address, job title(s) and (details of) your iidentification documents (identification data), and on the other hand, case details (client file);
- contact details and other personal data filled in on contact forms or other web forms. The precise content of the data depends on the content of the contact forms and web forms;
- contact details provided during initial meetings, events, seminars, etc. These may include details provided on business cards;
- Other personal data that are provided by you such as personal data in e-mail messages sent to our employees.
- IP address (unique number identifying your device when you connect with the internet), which we use to measure your interest in our website;
- your browsing behaviour on the website, including data on your first visit, previous visit and current visit, the visited pages and how you navigate through the website and the kind of device you are using; and
- the opening and reading of a newsletter or commercial email. This also includes clicking behaviour in the email or newsletter.In this context, we also refer to our Cookie Statement
- Personal data obtained from other sources:
- personal data available on public professional social media platforms such as LinkedIn. These are names and contact details;
- personal data obtained from the Trade Register of the Chamber of Commerce and the Land Registry Office. This could include a Chamber of Commerce number and contact details; and
- personal data available on public professional websites, such as company websites.
3. For what purposes do we process your personal data?
We may use your personal data for the following purposes:
- To perform a contract in which you have engaged our lawyers, civil-law notaries or tax consultants to provide you with legal and/or tax-related services.
If you engage a lawyer, civil-law notary or tax consultant to handle your case, your contact details will be requested in that context. Other personal data may also be necessary for the handling of the matter, depending on the nature of the case. Data from other parties involved may also be processed.
- To invoice for services rendered.
To comply with our statutory obligations.
A civil-law notary is required on grounds of the Civil-Law Notaries Act to include certain personal data in a deed, such as the surname, first and middle names, date and place of birth, address, city of residence and civil status of the parties.
Civil-law notaries are also required by law to provide certain personal data to the Chamber of Commerce and the Land Registry Office.
Under the Legal Profession Regulations and the Civil-Law Notaries Act we have to identify our clients or their representatives. We establish your identity on the basis of a valid identification document (a legalised copy is required in case of remote identification). The document type and document number will be stored as proof of compliance. Under the Money Laundering and Terrorist Financing (Prevention) Act (Wwft) we have the obligation to retain data for a longer period of time. If the services fall under the Money Laundering and Terrorist Financing (Prevention) Act a copy of the identification document will be stored. The photograph and the citizen service number will be blacked out.
- To be able to respond to your inquiries or messages we receive from you via e-mail, whether or not related to any of the purposes mentioned above. In the event of a prolonged absence of one of our employees or in case an employee leaves Van Doorne, it may be necessary for another employee of Van Doorne to have temporary access to messages you have sent us. This access shall only be granted in exceptional circumstances, after careful consideration of the interests involved and only in accordance with the 'need-to-know' principle as mentioned in paragraph 7 of this privacy statement.
If access is granted to another employee of Van Doorne, you will receive an out-of-office message in response to your e-mail mentioning that access has been granted and that you have the option to request the deletion of your message. In addition to this temporary access, some of our employees, such as our secretaries, have continuous access to the e-mail messages of other employees, due to the nature of their job.
- The State Taxes Act requires us to process and store certain personal data.
- To stay in contact with you.
We feel it is important to contact you with information that is relevant for you. We combine and analyse the personal data available to us in order to be able to do so. Based on this, we determine what information and channels are relevant and which moments are most suitable for providing information or making contact. In conducting marketing campaigns, we do not process any special personal data or any confidential data that is covered by the professional privilege of lawyers or civil-law notaries.
- For (the communication regarding) webinars
When registering for a webinar, we ask for your email address to enable us to communicate with you regarding the webinar. You will receive a registration email at the email address you have provided. After the webinar you will also receive an email including a link to the recorded webinar. You will also receive this email if you indicated that you cannot attend the live webinar.
Furthermore, we ask you to provide the name of your company and your job title on a voluntary basis. If you provide that information, it will enable us to tailor the webinar to you more effectively.
In order to attend a webinar, you need to register your name and email address via the link we send you. We shall process the data regarding the webinar attendance (including registration details, time of registration, time of attendance and duration of your attendance).
With prior consent from you, we shall contact you to evaluate the content of the webinars and to check if we can be of further assistance to you. In the latter case, we may contact you through various communication channels, including by telephone, if you have filled in your phone number.
The list of participants will be shared internally with our Education department for the purpose of allocating training points. We shall also analyse this data to enable us to improve our webinars.
The participants are not audible or visible during the webinar, nor are their names visible. When asking questions during the webinar, the name of the individual asking the question will only be visible to the host (Van Doorne) and not to the other participants. We shall process this data to enable us to answer questions during or, if necessary, after the webinar.
- To evaluate
With your consent, we shall send you an email including a link to the evaluation, an online questionnaire. Participation is on a voluntary basis and can be done anonymously. Prior to the evaluation, you will receive further information on how we shall handle the obtained information.
- To prepare analyses
To prepare analyses we use:
- Interaction data:
Personal data obtained from contact between Van Doorne and you. For example, on your use of our website or supporting applications. This also applies to offline interactions, including how often there is contact between Van Doorne and you.
- Behavioral data:
Personal data that Van Doorne processes on your behaviour, such as your preferences, opinion, wishes and needs. We can derive these data from your browsing behaviour on our website, for instance, the reading of our newsletters or because you requested information. But also from inbound telephone conversations and email contact with our employees. We collect and use information obtained via tracking cookies only with your consent, which you can withdraw at any time. See also our Cookie Statement
- To conduct client satisfaction surveys.
We sometimes ask clients to participate in a client satisfaction survey, through an online questionnaire. Participation is voluntary. Before each client satisfaction survey, you will receive further information on the procedure and the way in which we handle the information obtained.
- To improve and secure our website.
- To prepare user statistics.
The user statistics from the website enable us to get a picture of, among other things, the number of visitors, the duration of the visit, what parts of the website are viewed and the clicking behaviour of visitors. These are generic reports without any information on individual persons. We use the information obtained to improve the website.
- To monitor access to the office building and protect safety.
When you visit our office, we take down your name upon arrival. There are surveillance cameras on the exterior of the office building, at the entrances and the exits of our office building, in the basement car park belonging to the office building and at the reception desk. We do this in order to have a record of who is in the building in case of an emergency and to ensure that unauthorised people cannot gain access to the building. In principle, the camera footage will be destroyed within 4 weeks.
4. What is the legal basis for the processing of your personal data?
We process your personal data only when this is permitted on grounds of one of the legal bases cited in the General Data Protection Regulation (GDPR). We are guided by the following legal bases:
- We ask your consent for participation in a client satisfaction survey.
- We ask your consent for direct marketing purposes, which will be specified in detail when you give your consent. You can find more information on this subject in this Privacy Statement.
- If we have requested and obtained your consent to process your personal data, you have the right to withdraw such consent at any time. You can do this here or by contacting us (email@example.com).
- The processing is necessary in order to establish a contract or in the run-up to the establishment of a contract
- If you give us an assignment to provide legal or tax-related services, we process personal data if and to the extent this is necessary in order to perform the assignment.
- Statutory obligation
- A civil-law notary is required on grounds of the Civil-Law Notaries Act to include certain personal data in a deed, such as the surname, first and middle names, date and place of birth, address, city of residence and civil status of the parties.
- Civil-law notaries are also required by law to provide certain personal data to the Chamber of Commerce and the Land Registry Office.
- The Money Laundering and Terrorist Financing (Prevention) Act (Wft) requires lawyers, civil-law notaries and tax consultants to obtain and document certain information. This includes, among other things, a copy of an identification document (passport) with the citizen service number and photograph made unrecognizable.
- Legitimate interest
- We may also process personal data if we have a legitimate interest and this does not breach your privacy disproportionately. We use your contact details to invite you to seminars and events, for instance.
- We also have a legitimate interest if we use your personal data to contact you after you have approached us yourself.
- We do not always need permission to contact you. If we obtain your email address as a result of providing services, we can offer you similar services via direct marketing. In that case, we have a legitimate interest in offering you these services.
5. How did we obtain your personal data?
We obtain some information automatically when you visit our website. We collect this information via cookies, for instance. In this context, we also refer to our Cookie Statement.
We obtain other information if you actively provide it to us. For example, if you are or become our client or if you sign up for newsletters or events.
We also obtain information from third parties, such as personal data from the Trade Register of the Chamber of Commerce and the Land Registry Office, orpersonal data available on public professional websites. We also obtain information from professional social media sources like LinkedIn.
6.How long do we keep your personal data?
We will not keep your personal data longer than strictly necessary for the purposes for which they are processed,
unless statutory requirements obligate us to keep your personal data longer. More specifically, the applicable retention periods are listed below.
- We will delete your personal data if you have withdrawn your consent or have decided to opt out.
- We will keep your personal data in our contact database for up to two years from the day the business relationship ends. After this period of two years we shall delete your personal data.
- The personal data that were processed to verify the identity of a client or its representative will be kept for five years from the day the business relationship ends.
- The retention period of the client files is subject to several factors, including the type of matter it concerns. We usually keep client files for a period of five or twenty years after the file is closed. It depends on the applicable time limit of the file in question. We shall keep certain documents, including notarial deeds and the related preparatory acts, in accordance with the statutory retention periods. These retention periods are 20 or 30 years, or even indefinitely (e.g. where it concerns the execution and the registration of deeds).
- In the event that you have registered for a webinar, we shall delete your registration details from our CRM system after we have sent you the recording of the webinar, unless you have given us your consent to use your details in the future. In that case, such data processing is subject to the applicable retention periods.
The information regarding the webinar, which has been provided to or registered by our supplier (GoToWebinar) will be stored for one year, to enable us to analyse and continue to improve the webinars.
- For the reasons described above, evaluations of the webinar will be stored for six months. In the event that you have provided your telephone number and/or email address with the evaluation, we shall delete that information as soon as we have contacted you.
- Camera footage will be destroyed within four weeks, unless there is an incident which requires us to hold on to the footage for longer.
- We will delete visitor registration details within seven weeks from the date the right to access the information expires or from the date of the visit.
7. Who has access to your personal data?
Your personal data are only accessible to people at Van Doorne authorised to access them on a ‘need-to-know’ basis. Outside of the situations mentioned in this Privacy Statement, we will not disclose your personal data unless we deem this disclosure necessary in order to satisfy our statutory obligations, to protect our rights or someone else’s rights, or to enforce compliance with this Privacy Statement.
Sometimes it is necessary to share your personal data with third parties. Depending on the circumstances of the case, this may be necessary in order to handle your file. There are also statutory obligations which mean that personal data must be passed on to third parties
Personal data are provided to third parties in the following cases, among other things:
When handling a file, it may be necessary to share your personal data with third parties. For example, when litigating against another party, concluding a contract or for a notarial deed involving several parties.
Civil-law notaries are required by law to provide certain personal data to the Chamber of Commerce and the Land Registry Office.
If a court order requires us to provide personal data to third parties, we must comply with that.
Your personal data are not shared with third parties for commercial purposes. There is one exception to this. We sometimes work with other organisations to organise a joint activity, such as an event or seminar. In that case, only the necessary contact details will be exchanged.
Personal data may also be provided to third parties in the event of a reorganisation or merger of our business or sale of (part of) our business.
We may engage service providers (processors) for the processing of your personal data, who process personal data exclusively on our instructions. We conclude processing agreements with these processors which fulfil the requirements of the General Data Protection Regulation (GDPR).
We work with service providers who provide SaaS (software as a service) solutions or hosting services. There are also ICT service providers who help us keep our systems secure and stable. We also use third-party services to send newsletters and commercial emails.
8. Transfer of personal data to countries outside the EEA
The files handled by our lawyers and civil-law notaries will be documented and saved in the Netherlands. The personal data contained in these files are not transferred to countries outside the European Economic Area (EEA) unless this is necessary for the establishment, exercise or defence of legal claims.
When your personal data are processed, your personal data may be shared with third parties. These parties may be located outside the EEA. When applicable, we have taken appropriate security measures for sharing the personal data.
We can transfer these data if this is necessary to perform the contract for services for the provision of legal or tax-related services or if this is necessary in the context of a legal claim for which we are providing you with legal support.
The processor outside the EEA which provides us with services in the sending of online newsletters and email campaigns and the processing of data filled in on the web forms on our website is located in the United States and has a registration for the EU-US Privacy Shield. More information on this can be found at: https://www.privacyshield.gov/welcome
9. How do we secure your personal data?
We do our utmost to take appropriate technical and organisational security measures to protect against the loss, abuse and alteration of your personal data for which we are responsible.
To ensure the security of your personal data, we have taken the following technical and organisational measures, among other things:
- Availability and continuity: We do our utmost to ensure optimal availability and continuity of our website and our systems.
- Device management and security: Exclusively devices managed by Van Doorne have direct access to our systems. Devices that are not managed by Van Doorne only have access to our system via a VPN connection secured by means of passwords and two-factor authentication.
- Physical security: Our building is secured by physical access control and camera security. Only people authorised to access our building may enter.
- Authorisations: The access to our systems is protected via role-based security.
- Encryption: We use encryption to secure our laptops and the exchange of data with you can, on request, also take place using encryption.
- Monitoring of our systems: Our systems are constantly checked for suspicious behaviour via monitoring by a certified third party.
- Periodic penetration testing: A certified third party regularly conducts penetration tests on our network for internal and external vulnerabilities.
- Thread protection: Various systems have been put in place to prevent unauthorised access and exchange of personal data.
- GDPR design: Every new system we consider adopting must be tested in advance for the principles of privacy by design and privacy by default.
- Data Protection Impact Assessments (DPIA): Before we put a new system into use, we will also subject that system to a data protection impact assessment, if required by law.
- Data Leaks: We have established a Data Leak Team to detect and report data leaks.
10. Your Rights
You have various privacy rights pursuant to the privacy regulationsen.
You can request:
- to inspect the personal data we process in relation to you.
- to amend your personal data or supplement these if you believe that the personal data we process in relation to you are incomplete or inaccurate.
- to have certain personal data relating to you erased.
- to have your data transferred to another party.
You can also object to the processing of your personal data.
For more information on the rights you can exercise on the basis of the privacy regulations, please see the website of the Dutch DPA. See this webpage for an overview of your rights under the privacy regulations. In cases that arise, you also have the right to submit a complaint to the Dutch DPA.
12. Third-party websites
13. Our contact details
Please contact us, if you have any questions or comments with regard to how we handle your personal data::
Van Doorne N.V.
1081 KM Amsterdam
You can also contact our privacy officer if required: firstname.lastname@example.org