Privacy Statement of De Groot Law (“DGL”)
Version 02-27012023
Privacy
We respect your personal data and ensure that any such data provided by you or obtained by us as part of our professional activities will be treated confidentially unless disclosure of any such data is required. We process personal data as part of the performance of the legal services provided to our clients. Personal data includes all information relating to identified or identifiable natural persons. This privacy statement serves to comply with the obligations of DGL under the European General Data Protection Regulation (“GDPR” – Regulation (EU) 2016/679 of 27 April 2016) with respect to persons whose data we process.
DGL
With respect to such personal data DGL qualifies as a data controller within the meaning of the GDPR. DGL does not engage third parties for newsletters, client satisfaction surveys or other unsolicited marketing activities.
Purpose of our data processing
We process personal data – relating to clients (including prospective and former clients), suppliers, and third parties – for the purpose of:
- providing legal services to our clients;
- invoicing for such services (including the financial administration relating thereto);
- purchasing goods and services from suppliers, and making payments for such goods and services (including the financial administration relating thereto);
- compliance with any professional, legal, and statutory duties and obligations to which we are subject.
Which personal data?
We may process the following (categories of) personal data of (the contact persons of) clients (including prospective and former clients), suppliers and third parties:
- contact information: name and address details (such as names, first names, initials, (job) titles, gender (for purposes of salutation), residential and business addresses, postal codes, telephone and telefax numbers, and e-mail and web addresses), details of Chamber of Commerce registration and information from other public registers, VAT numbers, bank account numbers and other banking information;
- other identifying particulars, such as place and date of birth, sex, and nationality as well as (details of) identity documents as may be required within the framework of client identification under the applicable statutory rules;
- other personal data, as may be provided to or obtained by us as part of the performance of legal services to our clients (including but not limited to the handling of (potential) legal disputes, and the handling of court, arbitration and similar legal or administrative proceedings for our clients);
- personal data needed to compile internal documents relating to work assignments, time recording, invoicing and collection of invoices, engagement histories of clients for the benefit of conflict searches, and purchasing information with respect to our suppliers;
- personal data which we should process as required by or necessary to comply with applicable professional, legal, and statutory duties and obligations.
All such data have been provided to us by clients (including prospective and former clients), suppliers or third parties, or have been obtained by us from third parties or public sources.
Lawfulness of our data processing
All our data processing is GDPR compliant:
- the data subject has given consent to the processing of his or her personal data for one or more of the abovementioned specific purposes; and/or
- the processing is necessary for the performance of legal services to our clients (including prospective clients); and/or
- the processing is necessary for the compliance with any professional, legal, or statutory duties and obligations to which we are subject; and/or
- the processing is necessary for the purposes of the legitimate interests pursued by us (as provided in Article 6, paragraph 1, sub (f) of the GDPR).
Third parties
If necessary for the performance of legal services to our clients, we may share your personal data with third parties. This may occur in the following situations:
- engagement of another lawyer or law firm, or a civil law notary, accountant or tax adviser, translator or any other professional expert (usually with prior informed consent of the client), or process-server (gerechtsdeurwaarder);
- communication with adverse parties or otherwise interested parties and their lawyers or other advisers;
- within the context of court, arbitration, or similar legal or administrative proceedings (as provided by the relevant rules and regulations).
In the abovementioned situations, third parties will as a rule themselves qualify as data controllers within the meaning of the GDPR. However, if a third party qualifies as a data processor, but not as a data controller under the GDPR, DGL will enter into a data processing agreement with such third party to warrant compliance with the GDPR.
Moreover, we may provide your personal data to third parties, such as government authorities and regulatory agencies if we are under a professional, legal or statutory duty to do so.
Finally, we may provide your personal data to our accountant in as far as such data is part of our financial administration. The accountant qualifies as a data controller within the meaning of the GDPR.
Protection of personal data
We value adequate protection of your personal data and have taken reasonable and appropriate technical and organizational measures to secure your personal data against unauthorized or unlawful processing. DGL is a small law firm, but we will use our best efforts to select and engage suppliers and providers of ICT services to ensure that your personal data are and will remain adequately protected.
Retention of personal data
We will not keep personal data for any longer than is necessary to achieve the abovementioned purposes of our data processing or for longer than the time required by applicable professional, legal, and statutory rules. In this respect, DGL is bound to observe i.a. professional regulations (recommended or set by the Dutch Bar Association (Nederlandse Orde van Advocaten)) for the archiving of lawyers’ files and statutory duties to preserve certain personal data that belong to our financial administration, for tax purposes. We may also retain personal data for a longer period if this is necessary for the handling of legal disputes or claims.
Your privacy rights
The GDPR lists various privacy rights of data subjects. You may submit to us a request to have access to your personal data, or have your personal data rectified or deleted, or have our processing of your personal data restricted, or to exercise your right to data portability, or your right to object as per Article 21 of the GDPR, or to withdraw your consent for the processing of your personal data (if our processing is based on your consent). Under the heading ‘Questions & contact’ you will find our contact details.
Within one month from the date of receipt of your request, you will receive our response.
In certain cases, professional duties of confidentiality or obligations to preserve certain information or documents for legally prescribed periods of time may prevent us from compliance with your request.
To ascertain your identity, we kindly ask you to send us a copy of a valid passport or other identity document along with with your request. The photo of the carrier and his or her BSN (or similar identification) number may be shielded.
Social media & website
The website of DGL (www.degrootlaw.nl) features a button to promote and share Diederik de Groot’s personal profile on Linkedin. However, we do not supervise nor are we in any way responsible for the processing of your personal data by social media.
The website of DGL uses Google Analytics cookies in a GDPR compliant manner to monitor the use of the website by visitors.
Amendments
We expressly reserve the right to amend this privacy statement without prior notice. The most recent version of this statement will be available on our website (www.degrootlaw.nl).
Questions & contact
If you have any questions about this statement, or about the processing of your personal data by us, you may contact DGL:
De Groot Law
Attn. Mr. Diederik de Groot
Silodam 315
1013 AW Amsterdam
The Netherlands:
Diederik.degroot@degrootlaw.nl
If you have a complaint about the processing of your personal data by us, we will be happy to discuss the issue with you to find a solution. If you are not satisfied, you have the right to lodge a complaint with the competent supervisory authority. In the Netherlands, this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) in Den Haag.
This privacy statement (version 02) was introduced on 27 January 2023.