Privacy statement

CORP. advocaten (Chamber of Commerce number: 34376392), located at De Lairessestraat 137, 1075HJ Amsterdam (“CORP.”) is a data controller within the meaning of the General Data Protection Regulation (Algemene Verordening Gegevensbescherming; “GDPR”) for the personal data we process about you. This privacy statement applies to the processing of personal data of:

  1. Website visitors
  2. Clients
  3. Third parties from whom we process personal data as part of our services
  4. Applicants
  5. Suppliers

CORP. considers the protection of your privacy important. CORP. has therefore drawn up, among other things, this privacy statement. The purpose of this privacy statement is to be transparent about how CORP. collects, uses and protects your personal data in accordance with Articles 13 and 14 of the GDPR.

What is personal data?
Under the GDPR, personal data is any information about an identified or identifiable natural person. This means that information is either directly about someone or can be traced back to that person.

For what purposes do we process personal data?
We process your personal data only for specified, explicit and legitimate purposes. Below you will find more information on the different purposes for each category of data subjects.

I. WEBSITE VISITORS

1. For answering your questions when you contact us

What does this purpose imply?
Our website contains our contact details and we use web forms. This allows you to contact us. When you contact us and/or fill in a web form, we process the personal data you provide in order to contact you and answer your question. The legal basis for this processing is our legitimate interest to contact you in response to your enquiry (Article 6.1.f GDPR).

What personal data do we process for this purpose?
We only process personal data that you provide to us, for example through a web form. This may include, for example, name, phone number, e-mail address and the information provided in your message.

II. CLIENTS

We process personal data of clients, their employees, contact persons and third parties engaged by them. The client is responsible for informing third parties engaged by the client of the contents of this privacy statement. A copy of this privacy statement can be found on our website.

1. To perform our legal services and advice, including handling disputes and conducting legal proceedings

What does this purpose imply?
To perform our legal services and advice (including handling disputes and conducting legal proceedings), we process personal data of the client or her contacts. This allows us to perform our services efficiently and effectively and to maintain contact with you (e.g. on the progress of the case). The processing of personal data for this purpose is necessary for the conclusion or performance of an agreement with you (Article 6.1.b GDPR) and/or our legitimate interest in the efficient and effective performance of our legal services and advice (Article 6.1.f GDPR).

What personal data do we process for this purpose?
This includes contact details (name, phone number and e-mail address) and any other information we deem necessary in the context of our services.

2. For our day-to-day operations

What does this purpose imply?
For carrying out our daily business operations, including cost estimation, financial administration (such as invoicing, calculating and recording fees and expenses, making payments, collecting receivables and paying our invoices), we process personal data of the client or its contacts. The processing of personal data for this purpose is based on the performance of our agreement (Article 6.1.b GDPR), our legitimate interest in the payment of our invoices (Article 6.1.f GDPR) and the fulfilment of our statutory administration obligations (Article 6.1.c GDPR).

What personal data do we process for this purpose?
For this purpose, we process your name, phone number, e-mail address. In case you act from a partnership and/or are a client as a natural person, we also process financial data such as your bank account number and information on payments.

3. For screening and establishing the identity of our clients

What does this goal entail?
Before we can start providing our legal services and advice, we collect information to verify the identity of the client and the ultimate beneficial owners (UBOs). This enables us to comply with our obligations under, for example, the Money Laundering and Terrorist Financing (Prevention) Act (Wet ter voorkoming van witwassen en financieren van terrorisme; Wwft) and the Legal Profession Regulation (Verordening op de advocatuur; Voda).

We are obliged to report unusual transactions to the Fiscal Information and Investigation Service (Fiscale inlichtingen- en opsporingsdienst; FIOD). In that case, we must also provide other relevant information related to the transaction. We also process your personal data for a possible audit by the Netherlands Bar Association (Orde van Advocaten). We do this because we are legally obliged to do so (Article 6.1.c GDPR). The processing of personal data for this purpose is based on the performance of our agreement (Article 6.1.b GDPR) and the fulfilment of our legal obligations (Article 6.1.c GDPR).

What personal data do we process for this purpose?
We process the name of your company and/or employer, first and last name, position, e-mail address, telephone number, transaction and payment details and, where appropriate, proof of identity. The passport photo and citizen service number should be made invisible, for example by using the KopieID app of the Ministry of the Interior and Kingdom Relations. This allows you to choose which data to shield.

4. For maintaining our relationship

What does this goal entail?
We think it is important to maintain a good relationship with our clients. We therefore process your personal data, for example, when we invite you to events or when you register for them. In addition, we may use your data to send you a congratulations on a (personal) milestone or for reference when you apply for the Legal 500 or Chambers. Finally, we like to keep in touch to evaluate our services. The legal basis for sending invitations to events lies in your consent (Article 6.1.a GDPR) and/or our legitimate interest to maintain the relationship with our clients, for example by organising courses or other events or sending a congratulatory message (Article 6.1.f GDPR).

What personal data do we process for this purpose?
To this end, we process your contact details (name, phone number and e-mail address), date of birth and gender if and to the extent disclosed to us.

III. THIRD PARTIES

1. To perform our legal services and advice, including handling disputes and conducting legal proceedings

What does this goal entail?
To perform our legal services and advice (including handling disputes and conducting legal proceedings), we process personal data of third parties with whom we do not have a direct (contractual) relationship. These include:

  • employees of clients, third parties or counterparties;
  • client suppliers, third parties and counterparties;
  • advisers to clients, third parties and counterparties;
  • other third parties engaged by clients, third parties and counterparties; and
  • other stakeholders and/or interested parties.

Processing your personal data enables us to carry out our services efficiently and effectively. The processing of personal data for this purpose is necessary for our legitimate interest in carrying out our legal services and advice efficiently and effectively (Article 6.1.f GDPR).

What personal data do we process for this purpose?
Contact details (name, e-mail address) and data provided to us by clients or other third parties or obtained from public sources in connection with our legal services and advice.

IV. APPLICANTS

1. For an effective and efficient recruitment and selection process

What does this goal entail?
To recruit and select new employees or contractors (self-employed persons without staff who perform temporary work on an interim basis by means of an assignment agreement), we process personal data. We do this to assess whether the applicant or contractor is suitable for the open position.

By default, this personal data is kept for up to two months after the closing date of the vacancy. This way, we can still provide you with substantive information if you have questions about the outcome of your application during this period. If the application results in an appointment, the relevant personal data will be retained in accordance with our retention policy and our privacy statement for employees and/or contractors.

The legal basis is our legitimate interest in carrying out the recruitment and selection procedure efficiently and to be able to speak to applicants with any questions about the outcome of the application (Article 6.1.f GDPR). If, after the recruitment and selection procedure, we proceed to the conclusion of an employment contract or assignment agreement, we may process additional personal data in preparation for the performance of the agreement (Article 6.1.b GDPR) and to comply with other legal requirements (Article 6.1.c GDPR).

What personal data do we process for this purpose?
We process personal data that you provide to us. These are your name, address, work experience, education, the personal data on your CV, the personal data in your cover letter and information from reference interviews or results of a competency test.

When entering into an employment contract or assignment agreement, additional data may be processed, such as Citizen Service Number, bank details (bank account number and name of account holder), copy of identity document and other data whose processing is required when entering into an employment contract or assignment agreement.

V. SUPPLIERS

1. For processing orders and assignments

What does this goal entail?
For the execution and settlement of our orders and assignments with you as a supplier, we process personal data of (employees of) our suppliers. This personal data helps us to provide you with the right information for placing an order or placing an order. The legal basis for processing personal data for this purpose is the conclusion or performance of an agreement(Article 6.1.b GDPR).

What personal data do we process for this purpose?
We process your contact details (name, phone number and e-mail address). If you act from a partnership, we also process address and financial data, such as bank account number and payment information.

Your rights

You have the right to be properly informed about what we do with your data and why we need your data. We do this through this privacy notice. In addition to the right to be transparently informed, you have the following rights:

  • Right to access (if you want to know what personal data we collect from you);
  • Right to rectification (we are happy to amend any personal data that is no longer correct);
  • Right to be forgotten (in some cases, you can ask us to delete your personal data);
  • Right to restrict processing (in some cases, you may ask us to restrict the processing of your personal data);
  • Under circumstances, right to data portability (if you wish, we can transfer your personal data to another party or give you a copy of your personal data);
  • Right to object (in some cases, you may object to the use of your personal data).

If you wish to exercise any of your rights, please contact us by emailing baas@corp.nl. To prevent any abuse, we may ask you to adequately identify yourself before we process your request. There may be circumstances that prevent us from fulfilling or not fully fulfilling your request. If such a circumstance arises, we will notify you. We will always respond to your request within one month.

With whom do we share personal data?

CORP. does not sell or trade your personal data to any third party. CORP. may be required by specific laws and regulations to provide certain personal data to third parties, such as government agencies. In addition, we may share your personal data with third parties to protect our own rights or those of others.
Internally, only our employees have access to personal data to the extent relevant to their work (on a need-to-know basis) and all our employees have a confidentiality clause in their employment contract.
We also engage processors who process personal data on our behalf. We conclude processing agreements with them that meet the requirements of the GDPR. For example, with regard to reporting data breaches and taking appropriate technical and organisational measures. In addition, personal data may be shared with:

  • A dispute resolution institute and/or competent judicial authority. This may apply to personal data of clients, suppliers and/or third parties.
  • Accounting firm and the Netherlands Bar Association. For carrying out our (annual) audits. This may apply to personal data of clients, suppliers and/or third parties.
  • IT service providers. While maintaining, managing and supporting our systems and applications, they may have limited access to various personal data.
  • Other service providers involved in our services, such as external consultants, lawyers and accountants. This may apply to clients, suppliers and/or third parties.
  • Bailiffs and administrators. To these we provide your name and contact details, financial data and employment details. This may apply to clients, suppliers and/or third parties.
  • Insurers. To insurers we provide your name, contact details and financial data. This may apply to clients, suppliers and/or third parties.

How long do we keep your personal data?

We will keep your personal data for as long as necessary for the purpose for which we use your personal data and/or as long as the law requires us to keep the personal data. Exactly how long varies. From a few months to many years, for example because it is necessary for our accounting purposes. We have defined the retention periods for each processing activity in our retention policy.
We retain personal data of job applicants for up to 2 months after the recruitment and selection process. With your consent, we will keep your data for an additional 12 months for any future vacancies.

Consent

If we process your data based on your consent, you always have the right to withdraw your consent. This can easily be done by sending an email to baas@corp.nl. In that case, if we have no other basis for processing, we will no longer use your data for this purpose.

How do we protect your data?

Under Article 32 GDPR, we are obliged to take appropriate technical and organisational measures to prevent the loss of personal data or unlawful processing. So we have taken physical, administrative, organisational and technical measures. Periodically, we evaluate the technical and organisational measures and adjust them if necessary. Our organisation is set up in such a way that we do everything possible to prevent data leaks. If there is a data breach, we will act in accordance with the data breach protocol.

Contact and complaints

If you have any questions about this privacy statement or wish to exercise your rights as a data subject, please contact us at baas@corp.nl.

In case of complaints about, for example, how we use your data or how we respond to privacy-related queries, you can file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Amsterdam, July 2024