We are De Roos Advocaten en Notariaat Coöperatief U.A.
We process personal data – that is information about individuals. In this privacy notice we explain how.
Here’s the summary:
We're in charge of making decisions about the processing of personal data as described in this privacy notice.
We process personal data of:
- clients, potential clients and other people if needed for handling a case. We keep these personal data for up to twenty years after we’re done working with a client.
- people who contact us via our website or social media pages. We keep these personal data as long as necessary to deal with the comment or inquiry.
- job candidates, for up to four weeks after the application process has ended. If you say it’s okay, we can keep your data for a year.
- people we work with in other businesses. We keep these data as long as necessary for the services they provide to us.
We work with third parties who process personal data on our behalf. Even so, we continue to uphold responsibility for ensuring protection of your personal data during such processing. We might also share your personal data with third parties who use it for their own purposes. Once they have your data, it is their responsibility to protect it. Furthermore, we only share personal data with third parties if the law obliges us to, if you say it's okay, or in special situations. Some of these third parties are located outside the European Economic Area.
You have certain rights when it comes to your personal data. If you want to use these rights, just reach out to our privacy officer, via the contact details below. You can also file a complaint with the supervisory authority if you believe we’re not treating your personal data right.
We may update this privacy notice from time to time.
Want to get into the details? We explain everything below.
Questions? Feel free to contact our privacy officer at firstname.lastname@example.org.
De Roos Advocaten en Notariaat Coöperatief U.A.
1021 JT Amsterdam
Telephone number: 020 303 8880
We're in charge of making decisions about the processing of personal data as described in this privacy notice. We decide why and how the personal data is collected and used. In terms of the General Data Protection Regulation, we are the ‘controller’.
We process personal data of clients, potential clients and of other people if needed for handling a case.
- contact details of contact persons;
- personal data in extracts from Chamber of Commerce and other public registers;
- copies of identity documents;We always ask to cover the not necessary data from the identity document before sharing the copy. You should always cover your Citizen Service Number (BSN) and the MRZ. MRZ is the series of letters and numbers at the bottom of your identity document, which includes the BSN.
- banking details; and
- any personal data required for handling the case.Sometimes personal data of other individuals is included in the information about the case. We do not inform these individuals about this, as this may breach our duty of confidentiality.
- correspond with our clients and perform our legal services;
- to send invoices to our clients and keep records; and
- to verify our clients’ identity.
- we need these personal data to perform our agreements with clients, or to enter in such agreements;
- we are required by the law to do so; and
- we have a legitimate interest in doing so. This mostly has to do with the personal details of our clients' employees and the data we get while working on a case. Simply put, we need these personal data to do our job right.
- up to twenty years after the cooperation with the client has ended.
- contact details of the sender; and
- any other personal data included in the message.
- respond to the message; and
- improve our services in response to the message.
- we have a legitimate interest in doing so. Essentially, we need to process these personal data so we can reach out and assist individuals based on their comments or inquiries, and to enhance our services in response to the feedback we receive.
- as long as necessary to deal with comment/inquiry.Information you made public on social media pages can often be deleted by yourself.
- the job candidate's contact info;
- personal data that the candidate shares through the online application form (like their qualifications, job history, education, and answers to our questions about skills);
- any extra personal data the candidate voluntarily chooses to add or upload to the application form (like a video, their grades, or an evaluation);
- personal details we might find from looking at social media; and
- notes we make during the interviews.
- evaluate if the candidate is a good fit for the job; and
- determine which candidate is the most suitable candidate.
- we have a legitimate interest in doing so. Essentially, we need to process these personal data to ensure a proper application process.
- if the candidate provides us with additional personal data, including special categories of personal data, we process this information based on consent. Special categories of personal data may include details about your health, religious beliefs, sexual orientation, political preferences, and/or ethnic background. The candidate is never required to provide us with this information and may always withdraw consent for processing these personal data by sending an email to email@example.com.
- up to four weeks after the application process has ended, unless we have consent from the candidate to keep the data for one year.
- contact details; and
- information relevant to the business relation, such as banking details.
- correspond with suppliers about their services; and
- process invoices of suppliers and keep records.
- we need these personal data to perform our agreements with the suppliers, or to enter in such an agreement;
- we are required by the law to do so; and
- we have a legitimate interest in doing so. This mainly involves the personal data of employees from our suppliers. To put it simply, we need these personal data to work effectively with these companies.
- as long as necessary for the above purposes.
Sometimes, we keep personal data longer than the retention period mentioned above. We only do this if the law obliges us to, if we're looking into fraud or abuse, or if we need it for a legal claim. When we do this, we keep these personal data separate from the rest.
We work with third parties who process personal data on our behalf. Even so, we continue to uphold responsibility for ensuring your data's protection during such processing. We use these third parties inter alia for:
- email management and communication;
- data storage;
- sending newsletters; and
- customer relation management.
Only if this is necessary to handle the case. For example, legal designers, bailiffs and collection agencies, counterparties, other lawyers, insurers, experts, courts, administrative bodies, government agencies and similar parties.
- tax authorities; and
Only applicable to the personal data we are legally obliged to share. We are required by law to include (some of) your personal data in our financial records, which may have to be shared with the tax authorities.
- the Financial Intelligence Unit Netherlands.
Only applicable to the personal data we are legally obliged to share. In case of an (intended) unusual transaction, we are required to provide (personal) data to the Financial Intelligence Unit without disclosing this to our client.
- protect our own interests or those of third parties:
- deal with a legal case; or
- sell or merge our company.
You have certain rights when it comes to your personal data. If you want to use these rights, just reach out to our privacy officer. These rights aren't absolute. For instance, sometimes we might not be able to do everything you ask with your data. This could be to protect other people's rights and freedoms, or because we need it for legal reasons. If something like this happens, we'll let you know.
You can file a complaint with your national data protection authority if you believe we are not handling your personal data properly. You can find a list of the European data protection authorities, their websites and contact details here.
We may update this privacy notice from time to time. If we make big changes to this privacy notice, we'll put a message on our website with the updated notice or reach out to you about it. We'll pick whichever way is best for that situation.