Privacy Statement

1. Introduction

Rutgers & Posch N.V. is an independent law firm established in Amsterdam. Our ambition to provide the best legal services in a personal, dedicated and transparent manner. In the context of our service, we process personal data. We also process personal data when you visit our website (www.rutgersposch.com). The concept of “personal data” includes all information about an identified or identifiable natural person. With regard to the processing of personal data, Rutgers & Posch N.V. qualifies as controller within the meaning of the General Data Protection Regulation (EU) 2016/679 (“GDPR”). Our contact information, including the e-mail address at which we can be contacted for privacy-related questions can be found below:

Rutgers & Posch N.V.
Keizersgracht 617
1017 DS Amsterdam
+31 (0)20 891 3900
privacy@rutgersposch.com

This Privacy Statement informs you about how we use your personal data at the office. This Privacy Statement explains:

2. What personal data do we process?

We process the following categories of personal data of clients, potential clients and their contact persons.

  • Name and address details (name, first names, initials, titles, gender, address, postal code, residence);
  • Other contact details (date of birth, telephone number, email address and similar data required for communication);
  • Data relating to the handling of a case or the settlement of a dispute, including data concerning the other party and third parties, see also below under “third parties”;
  • Data for the purpose of calculating and recording fees and expenses, making payments and receiving claims, including the bank account number;
  • When you visit our meetings or events and, if relevant: data on requirements for accessibility and/or dietary preferences;
  • Other data obtained from public sources such as the Commercial Register, the Chamber of Commerce and the Land Register, or data provided to us by third parties in the context of the handling of a case or the settlement of a dispute;
  • Other data of which processing is required by applicable laws or regulations (including the Money Laundering and Terrorist Financing (Prevention) Act (WWFT)) and the rules of conduct for lawyers, such as, in certain cases, the processing of certain data relating to proof of identity and the maintenance of a former client list.

We process the following categories of personal data of persons from whom we purchase products or services or who work for our suppliers:

  • Name and address details (name, first names, initials, titles, gender, address, postal code, residence);
  • Other contact details (telephone number, e-mail address and similar data required for communication);
  • In certain cases, depending partly on the type of service provision and/or if required by regulations: a certificate of good conduct and data regarding an identity card;
  • Data for the purpose of placing orders or purchasing services;
  • Data for the purpose of calculating and recording fees and expenses and making payments, including the bank account number;
  • Other data that must be processed pursuant to applicable laws or regulations.

We process the following categories of personal data of job applicants:

  • Name and address details (name, first names, initials, titles, gender, address, postal code, residence);
  • Other contact details (telephone number, e-mail address and similar data necessary for communication);
  • Bank account number and travel expenses (commuting distance);
  • Nationality, date of birth;
  • Availability, CV and employment history, training history (copies of diplomas, certificates, testimonials), motivation letter;
  • References, data of the position applied for, notes of job interviews and written communication with the applicant.

We process the following categories of personal data of third parties, such as persons who are not clients and of whom personal data can be found in our records, such as opposing parties, referrers, lawyers and other advisors with whom we are in contact and visitors of our website:

  • Name and address details (name, first names, initials, titles, gender, address, postal code, residence), as far as known to us;
  • Other contact details (telephone number, e-mail address and similar data necessary for communication); as far as known to us;
  • When you visit our meetings or events and, where relevant: data on requirements for accessibility and/or dietary preferences;
  • Data related to a visit to www.rutgersposch.com, including your surfing behaviour (when the website is visited, the duration of the visit and which parts of the website are visited) and your IP address. See our Cookie Statement for more information on the collection and processing of these data through the use of cookies on our website;
  • Data relating to electronic messages originating from or intended for third parties and data required to maintain contact with these third parties;
  • Other data obtained from public sources or data provided to us by clients or third parties in the context of the handling of a case or the settlement of a dispute.

We process the following categories or personal data when you receive our newsletter or an invitation to, for example, one of our events:

  • Your e-mail address;
  • Whether or not you open the newsletter or invitation and the activities “within” the newsletter or invitation (open and click ratio);
  • If you open the newsletter or invitation:
    • The time at which you open the newsletter or invitation;
    • Your location;
    • The operating system you used.

3. On the basis of which principles and for which purposes do we process your personal data?

We process your personal data on the basis of one or more of the following legal principles:

  • If this is necessary for the performance of an agreement to which you are a party or to perform precontractual acts at your request;
  • If this is necessary to comply with statutory obligations;
  • If this is necessary to justify our legitimate interests or the interests of a third party;
  • With your permission. If we process your personal data on the basis of your consent, we will ask you for it separately. You may withdraw this consent at any time. Please note that the withdrawal of your consent does not affect the lawfulness of the processing of your personal data prior to the withdrawal of your consent.

We use the above personal data for the purposes stated below, in respect of which we have indicated for each purpose on the basis of which of the above principles (a through d) we do so. If the processing is based on the principle of ‘legitimate interest’, we briefly explain this interest. If you have any specific questions in this respect, please do not hesitate to contact us.

Purposes with corresponding principles:

  • to provide the requested legal services, including identifying the client and performing a conflict check to prevent a conflict of interest (a, b and c: being able to offer and improve our services, complying with the rules of conduct for lawyers);
  • to be able to handle any complaints (see our Complaints Procedure) and disputes regarding our service (a, b and c: to protect our rights and to improve our service);
  • to maintain contact and communicate with you; which includes communication for marketing, relationship management and business development activities such as invitations to events and sending newsletters and other marketing communication that may be relevant to you; (a, b, c: our interest in bringing our services to the attention of existing clients and d: obtaining consent if we do not yet have a client relationship with you, but you have subscribed to our newsletter, for example);
  • to handle your job application (a, b, c: our legitimate interest in assessing whether you are suitable for the job opening and d: consent if you wish to remain in our portfolio, see the header: “How long do we retain your personal data?”;
  • for placing orders or purchasing services (a, b and c: our interest in being able to keep proper records);
  • for conducting audits and other internal controls (a, b and c: our interest in being able to keep proper records);
  • to grant you access to our offices and for the benefit of company security; (a, b and c: our interest in protecting our property and the data we hold).

4. To whom do we provide your personal data?

We do not provide your personal data to third parties (‘recipients’ within the meaning of privacy legislation), unless this is necessary for the proper performance of the purposes set out in this Privacy Statement, if the law requires us to do so or if you granted permission to this end. The third parties to whom the personal data are made available are obliged to handle your personal data confidentially. If these parties are appointed as ‘processor’ within the meaning of privacy legislation, we will ensure that a Processor Agreement is concluded with these parties, which complies with the requirements included in the GDPR.

We can share personal data of potential clients with:

  • Employees of Rutgers & Posch;
  • Suppliers (for example translation agencies, courier services, bailiffs, the party that sends our newsletter and our software suppliers) and the like;
  • Opposing parties, other lawyers, accountants, civil-law notaries or advisors in the context of our service provision (e.g. for the benefit of a second opinion or an expert report);
  • Courts and government institutions;
  • Other parties, such as regulators and other institutions, if required by law or with your consent.

We can share personal data of suppliers with:

  • Employees of Rutgers & Posch;
  • Suppliers (e.g. software suppliers);
  • Other parties, such as regulators and other institutions, if required by law or with your consent.

We can share personal data of job applicants with:

  • Employees of Rutgers & Posch;
  • Suppliers (e.g. software suppliers);
  • Other parties, such as regulators and other institutions, if required by law or with your consent.

We can share personal data of third parties with:

  • Employees of Rutgers & Posch;
  • Other lawyers or advisors in the context of our service provision;
  • Suppliers (e.g. translation agencies, courier services, bailiffs, Google LLC for the user statistics of our website);
  • Courts and government institutions;
  • Other parties, such as regulators and other institutions, if required by law or with your consent.

In order to provide our services, we might need to transfer your personal data to a recipient in a country outside the European Economic Area with a lower degree of protection of personal data than the European law offers. In that case, Rutgers & Posch will ensure that such a transfer of personal data is in accordance with the applicable laws and regulations, for example by concluding a model contract prepared and approved for that purpose by the European Commission and verify whether additional measures are necessary to ensure an adequate level of protection of your personal data.

Please do not hesitate to contact Rutgers & Posch if you would like to receive more information about the appropriate or suitable safeguards in place for the transfer of your personal data outside the European Economic Area or if you would like to receive a copy thereof.

5. How long do we retain your personal data?

Rutgers & Posch does not retain your personal data in an identifiable form for longer than is necessary to achieve the purposes included in this Privacy Statement. More specifically, we apply the following retention periods:

  • In conformity with the Filing Manual of the Netherlands Bar Association (in Dutch), we retain the files of cases handled by us for at least five and at most twenty years.
  • Additionally, we retain certain personal data in order to comply with legal retention periods, such as certain accounting data for 7 years, from the end of the year in which the relevant data has lost their current value for the tax-related business operations, in relation with the tax-related retention period required pursuant to Article 52 of the State Taxes Act (in Dutch).
  • The personal data that we process in the context of our visitor registration will be deleted six months after the date of the visit.
  • The personal data that you provide us with in the context of your job application will be retained up to four weeks after the end of the application process. With your permission, we will retain your personal data in our portfolio up to one year after termination of the application process. This will give us the possibility to contact you for possible future job openings at Rutgers & Posch. When you enter the service of Rutgers & Posch, the personal data that you provided in the context of your job application become part of your personnel file.
  • The personal data that are processed in the context of our Complaints Procedure will be removed no later than two years after the complaint and/or the legal proceedings arising from it have been dealt with.

For the retention periods of the information acquired by means of cookies on our website, we refer to our Cookie Statement.

The abovementioned specific retention periods can be extended if statutory retention obligations apply or will become applicable. We may also retain the personal data for a longer period of time if this is necessary for the handling of incidents and/or legal disputes.

6. Security

We attach great value to the security and protection of your personal data. Rutgers & Posch has taken appropriate technical and organisational measures to secure your personal data against unauthorised or unlawful processing and against loss, destruction, damage, modification or publication. Our employees will only have access to your personal data if this is necessary for the performance of their work. They are obliged to observe confidentiality and follow instructions aimed at the adequate protection of your personal data. If you have any questions about the security of your personal data, or if you suspect or see signs of misuse, please contact us via 020 891 3900 or privacy@rutgersposch.com.

7. Your privacy rights

You have the following rights in respect of the processing of your personal data by Rutgers & Posch:

  • the right to request whether we process your personal data and if so, the right to access your personal data and receive certain information about the processing of your personal data;
  • the right to rectification of your personal data if these are incorrect or incomplete;
  • the right to have your personal data deleted (‘right to be forgotten’);
  • the right to object to the processing of your personal data or to limit the processing of your personal data;
  • the right to withdraw permission for the processing of your personal data, if the processing is based on your permission;
  • the right to receive or surrender your personal data to a third party appointed by you in a structured, customary and machine-readable form (‘right to data portability’).

Rutgers & Posch does not use automated decision-making within the meaning of Article 22 of the GDPR.

To exercise your rights, you can contact us through the abovementioned contact details. In doing so, please indicate which processing activities or which personal data your request relates to. In order to prevent that we disclose information to a wrong person, we can ask you for additional information to verify your identity. In principle, we will inform you of whether we can comply with your request, within one month after receipt. In specific cases, for example when it concerns a complex request, this term may be extended by two months. We will inform you of such an extension within one month after receiving your request. On the basis of the privacy laws, we can refuse your request under certain circumstances. If this is the case, we will explain to you why. When you object to the processing of your personal data for direct marketing purposes, we will always respect this request. You can find more information about your privacy rights on the website of the Data Protection Authority (in Dutch).

8. Complaints

If you have a complaint about the processing of your personal data by Rutgers & Posch, we will be happy to work together to find a solution. If this does not lead to the desired result, you will have the right to file a complaint with the authorised regulator. In the Netherlands, this is the Data Protection Authority (in Dutch). If you live or work in another country of the European Union, you can file a complaint with the regulator of that country.

9. Amendments

This Privacy Statement was last amended on 20 April 2021. We reserve the right to amend this Privacy Statement and will always make the most recent version thereof available on our website. If substantial amendments are made that could have a significant impact on one or more of the parties involved, we will try to inform these parties of this immediately.