Finnius advocaten B.V. (Finnius) respects your privacy and processes personal data as a data controller in accordance with the European General Data Protection Regulation (GDPR). In this Privacy Statement we address how we handle and protect your personal data.
More precise, this Privacy Statement addresses:
- what personal data we collect and how,
- for what purposes and on what grounds we process your personal data;
- how long we keep your personal data;
- who we share your personal data with;
- the rights you have as data subject; and
- how your personal data is protected.
This Privacy Statement applies to all persons of whom Finnius processes personal data, in particular clients, prospects, persons who have subscribed to newsletters or events, and persons who have applied for a job at Finnius.
What are personal data?
Personal data are any information relating to an identified or identifiable natural person. Personal data that we process may include:
- basic information such as your first and last name, prefix, title;
- contact details such as your e-mail address, postal address and phone number;
- data that are required for invoicing purposes, such as your bank account number;
- other personal data that are necessary to provide our legal services, possibly including – depending on the required legal services- special and/or criminal personal data;
- personal data that we are required to ask in certain particular cases, in accordance with the Anti Money Laundering and Terrorist Financing Prevention Act (Wet ter voorkoming van witwassen en financieren van terrorisme, Wwft), before we can provide you our legal services;
- personal data you provide us for the purpose of attending events or meetings, such as access and dietary requirements;
- personal data you may provide us for the purpose of a job application, such as your full name, date of birth, address, phone number, nationality, marital status and any other personal data set out in your application;
We collect this personal data because you provided these data to us. For example, you may provide data when entering into an agreement with us, by entering your data on our website, by giving us your business card or by applying for a job. We may also collect your personal data from other sources, such as an involved legal counsel, counterparties, the Trade Register, the Land Registry or by using publically available sources.
Purposes and legal basis for the processing of personal data
Finnius may process your personal data for the following purposes:
- to provide our legal services in our advisory practice, litigation practice or to assist in investigations;
- to keep accounts;
- to collect our invoices;
- to comply with our legal and regulatory obligations, such as performing a client investigation as is required pursuant to the Wwft;
- to organise marketing and business development activities, such as news updates, invitations for our events and other marketing communications that may be of interest to you;
- to handle your job application or subscription to any of our recruitment services and events.
We will process your personal data using one or more of the following legal grounds:
- Performance of a contract;
- Compliance with a legal obligation;
- Legitimate interest;
- Your consent.
Sharing of personal data
In some cases we may also share your personal data with third parties, such as:
- Third parties relevant to the legal services that we provide, such as counterparties, legal counsel, courts, regulatory authorities and governmental institutions.
- Third parties that we engage with, such as supervisory authorities and other bodies, in order to comply with legal obligations.
- Third party suppliers in connection with the processing of your personal data for the purposes described in this Privacy Statement, such as IT providers, communication service providers or other suppliers to whom we outsource certain support services.
We will only share your personal data with these third parties for the purposes and on the legal grounds stated in this Privacy Statement.
Third parties to whom we transfer your personal data are responsible themselves for compliance with privacy legislation. Finnius is neither responsible nor liable for the processing of your personal data by these third parties. To the extent that a third party processes your personal data as a data processor of Finnius, Finnius will conclude a processor agreement with such party that meets the requirements set out in the GDPR.
To be able to provide our services, it may be necessary for us to transfer your personal data to a recipient in a country outside of the European Economic Area. For example, Finnius might provide your personal data to a counterparty that is established abroad. In that case, Finnius will ensure that the data transfer is compliant with the applicable law.
How long do we keep your data?
Finnius will process your personal data no longer than is necessary for the aforementioned purposes and legal grounds, or no longer than is legally required.
Your personal data will be erased if:
- it appears that your email address is no longer in use (for example when error messages are received);
- the consent based on which your personal data are processed and/or stored is withdrawn by you;
- the legitimate interest based on which your personal data are processed, expires, which might occur for example if your company ceases to exist; or you have not had any contact with Finnius for a period of 5 years;
- the statutory retention period for keeping your personal data has expired.
A request for inspection, correction, limitation, objection or transferral of data, removal of your personal data or withdrawal of your previously given consent, can be sent to the hereafter mentioned contact details. You will receive further notice from us within four weeks after we have received your request.
At the end of each digital mailing that you receive from Finnius, you can always change your mailing preferences via the ‘unsubscribe’ or ‘subscribe’ link. In each non-digital mailing that your receive from Finnius, you will find how to unsubscribe. Therefore, you can always withdraw your consent.
A request for inspection and/or correction can be addressed in writing to Finnius advocaten B.V., Jollemanhof 20 A, 1019 GW Amsterdam, or per email to email@example.com.
In so far as your personal data are processed on the basis of a legitimate interest, you are entitled to object to this processing. You can address any request in that regard to Finnius advocaten B.V., Jollemanhof 20 A, 1019 GW Amsterdam, or per email to firstname.lastname@example.org.
Additionally, you are entitled to submit a complaint to the Dutch Data Protection Authority.
There might be circumstances in which Finnius cannot or not completely carry out a request as stated in this paragraph. These situations may occur due to the duty of confidentiality of a lawyer or due to statutory retention periods.
In order to be certain that we provide the personal data regarding your request to the correct person, we ask you to provide a copy of a valid passport, driver’s license or identity card with your photo and citizen service number shielded for verification purposes. Finnius will only process requests that concern your own personal data.
Security of your data
We want your personal data to remain as secure as possible and accordingly strive to provide secure data transmission between your computer and our servers. Finnius has taken appropriate technical and organisational measures to protect personal data against loss or any form of unlawful processing.
Finnius may amend this Privacy Statement from time to time. On this website, you can always view the latest version of our Privacy Statement. We would advise you to check the statement regularly and, in any event, whenever you provide us with personal data.
Latest update: November 2018