Privacy Policy

Privacy Statement

Finnius advocaten B.V. (Finnius) attaches great importance to the protection of your privacy and the security of your personal data in accordance with the General Data Protection Regulation (2016/679) (AVG) and the underlying (implementation) laws and regulations, including but not limited to the AVG Implementation Act. This Privacy Statement describes how we handle and protect your personal data.

This Privacy Statement, in accordance with Article 13 and Article 14 AVG, contains information about:

  • What personal data is and how we obtain it;
  • For what purposes and on what bases we process your personal data;
  • how long we keep your personal data;
  • With whom we share your personal data;
  • How your personal data is protected; and
  • the rights you have regarding your personal data.

This Privacy Statement is intended for natural persons whose personal data Finnius processes, in particular clients of Finnius, prospects of Finnius, persons who have subscribed to newsletters from Finnius, persons who apply for and are or were employed by Finnius, and suppliers of Finnius (i.e. parties from which Finnius purchases services such as, for example, software or printer suppliers, courier service providers and the accountant).

What are personal data?

Personal data as defined in the AVG means any information about an identified or identifiable natural person. An identifiable natural person is considered to be one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more elements characterizing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

We process the following personal data

  • basic information such as your first and last name, middle name, title;
  • contact information such as your e-mail address, mailing address, place of residence and telephone number;
  • Information for billing purposes, such as your bank account number;
  • other personal data you provide to us in the context of our legal services, including – depending on the legal services requested –  personal data of close relations or family members. This may also include special personal data and/or personal data about criminal convictions or facts;
  • personal data that, where appropriate, we are required to request under the Money Laundering and Terrorist Financing (Prevention) Act (Wwft) before providing our legal services, such as, for example, a copy of your proof of identity (with the BSN number masked out);
  • personal data you provide us in the context of attending events or meetings, such as accessibility and dietary requirements and wishes;
  • personal information that you provide to us for the purpose of an application, such as your first and last name, date of birth, address, telephone number, nationality, marital status and any other personal information provided in your application; and
  • personal data which you provide to us for the purpose of entering into an employment contract, such as your first and last name, date of birth, address, telephone number, nationality, marital status, passport number and any other personal data provided by you. In relation to Finnius’ obligation as an employer under the Income Tax Act to the Tax Authorities, your BSN number is processed only in relation to this obligation.

We process this personal data because you have provided it to us. For example, you provide data when entering into an agreement with us, by giving us your business card, or by applying for a job. We may also process your personal data by acquiring it from other (public) sources, such as a concerned lawyer, counterparties, the Trade Register, the Land Registry or by using public sources, such as Google. If your personal data is obtained from third parties, Finnius will inform you separately about the categories of personal data provided.

Cookies

Cookies are small text files placed on your device (computer, tablet or smartphone) by websites. Finnius uses limited analytical cookies to collect statistics about usage, without this information being traceable to individual visitors. These cookies allow us to:

  • To measure the number of visitors to our website
  • To see how visitors navigate through the website
  • Analyze and improve the performance of our website
  • To understand which parts of the website are used most frequently

This information is processed completely anonymously, meaning we cannot tell which specific person visited which pages. We only use this data to optimize the overall user experience of our website.

Purposes and bases for processing personal data

Finnius processes your personal data exclusively for the following purposes:

  • the provision of our legal services, which include advising, litigating and supervising investigations and transactions, and the performance of the (contractual) arrangements underlying such legal services;
  • keeping our records;
  • Sending out and collecting invoices;
  • complying with legal and regulatory obligations, such as conducting client due diligence under the Wwft;
  • organizing marketing and business development activities, such as sending newsletters, invitations to our events and other marketing communications that may be of interest to you;
  • Optimizing the overall user experience of our website;
  • Handling your application or registration for one of our events;
  • Performing your employment contract (including making payments of wages).

We process your personal data on the basis of one or more of the following legal bases:

  • Processing is necessary for the performance of a contract to which the you are a party, or to take action at your request prior to the conclusion of a contract;
  • Processing is necessary to comply with a legal obligation incumbent on Finnius;
  • Processing is necessary for the protection of the legitimate interests of Finnius or a third party, except where your interests or your fundamental rights and freedoms requiring protection of personal data outweigh those interests; or
  • You have consented to the processing of your personal data for one or more specific purposes.

A legitimate interest for processing your personal data is the use of your basic information and contact details for Finnius’ direct marketing purposes and the placement of limited analytical cookies. In addition, we may use your personal data to put you in contact with one of our relations, for example in the context of a referral. If Finnius processes personal data under the processing ground of legitimate interest, it will make the relevant assessment according to the then applicable requirements as required under the AVG and relevant related legislation and case law.

When Finnius processes your personal data based on your consent, Finnius will ask you separately. You may withdraw your consent at any time. Please also refer to the section “Your rights” below.

If Finnius intends to process your personal data for a purpose other than that shown above, Finnius will inform you of that other purpose and any relevant further information prior to the start of the processing of your personal data.

Transfer of personal data to third parties

In certain cases, we may disclose your personal information to third parties, such as:

  • Third parties relevant to our legal services, such as counterparties, attorneys, courts, regulatory agencies and government agencies;
  • Third parties, such as regulators and other agencies, to comply with our legal obligations;
  • Third parties who process your personal data for the benefit and on behalf of Finnius (processors) for the purposes described in this Privacy Statement, for example in the context of storing data in our CRM system.

The sharing of your personal data with these third parties is done only for the purposes stated in this Privacy Statement and only based on the bases stated in this Privacy Statement.

Third parties to whom we provide your personal data are themselves responsible for compliance with privacy laws. Finnius is neither responsible nor liable for the processing of your personal data by these third parties. To the extent that a third party processes your personal data in the capacity of a processor (within the meaning of the AVG) of Finnius, Finnius shall enter into a processor agreement with such third party that complies with the requirements described in the AVG.

In order to provide our services, we may need to transfer your personal data to a third party based in a country outside the European Economic Area (EEA). You can think about providing your personal data to an opposing party, a judicial authority or a regulator based outside the EEA. Finnius regularly conducts litigation in Aruba, Bonaire and Curaçao. In addition, its advisory practice extends to the United States and the United Kingdom, among others.

With regard to the United Kingdom, the European Commission adopted an adequacy decision on June 28, 2021. This means that the United Kingdom ensures an adequate level of protection

 

With respect to the United States, the European Commission adopted an adequacy decision on July 10, 2023. This means that the United States ensures an adequate level of protection with respect to the processing of personal data by companies in the United States that are certified under the EU-US Data Privacy Framework (DPF). Transfers of personal data to companies in the United States that do not have such (voluntary) certification are therefore not covered by the protection of the DPF (and therefore not within the scope of the European Commission’s adequacy decision). Prior to each transfer, Finnius will determine on the basis of the AVG on which ground a transfer can take place and whether additional measures and safeguards are required. Furthermore, Finnius will keep an eye on further developments regarding the DPF.

With respect to the other aforementioned countries, no adequacy decision has been made as of the date of this Privacy Statement. In such cases, or in cases where personal data is transferred to companies or organizations that are not (voluntarily) certified under the DPF in the United States, Finnius will ensure that such transfers of personal data are in compliance with the AVG and other applicable laws and regulations, and will take additional measures to protect your personal data where possible. At the time we will transfer your personal data to a country outside the EEA, we will inform you prior to the transfer about these protection measures and whether a copy of these measures can be obtained or where they can be accessed.

How long do we keep your data?

Finnius does not retain personal data processed in an identifiable form longer than necessary for the aforementioned purposes of data processing or as required under applicable laws and regulations.

More specifically, Finnius uses the following retention periods:

  • The files of cases handled by Finnius are kept in accordance with the Dutch Bar Association’s Handbook on Archiving at the Law Office for at least five years (and longer if required by law);
  • Personal data processed under Article 33 of the Prevention of Money Laundering and Financing of Terrorism Act (Wwft) in relation to customer due diligence shall be retained for a period of at least 5 years after the termination of the business relationship or after the execution of the transaction concerned. Personal data processed pursuant to Article 34 Wwft for the purpose of reporting an unusual transaction performed or intended to be performed are retained for a period of at least 5 years after the time of making the report or the time of receiving a message from the Financial Intelligence Unit, respectively;
  • Personal data that must be administered pursuant to Section 52 of the Algemene wet inzake rijksbelastingen (AWR) shall be retained for 7 years (from the end of the year in which the data in question have lost their current relevance for the (tax) conduct of business) in connection with Finnius’ tax retention obligation under Section 52(4) AWR,

except that the specific retention periods mentioned above may be extended if legal retention obligations are/are applicable.

Your personal data will be deleted in any case if:

  • it appears that your (e-mail) address is no longer in use (for example, when error messages are received);
  • your personal data is processed and/or stored based on consent and you revoke the consent;
  • the basis on which your personal data are processed ceases to exist, for example, if your company ceases to exist or if you have not been a customer of Finnius or have not had any contact with Finnius in a period of 5 years;
  • the legal retention periods for keeping your personal data have expired.

Your rights

Right to access, rectification, data erasure, restriction of or object to processing and data portability

You have the right to access, rectification or data erasure of your personal data processed by Finnius, subject to the legal grounds for exception in relation to the right to data erasure under Article 17(3) of the AVG. You also have the right to request restriction of processing, to object to processing and the right to data portability (data portability).

To the extent that the processing of your personal data takes place pursuant to the legal or contractual processing basis or is a necessary condition for entering into a contract with Finnius, and you do not agree to provide such personal data, may potentially result in Finnius not being able to provide its services to you because the processing of your personal data is necessary for its services or it needs to process your personal data in order to fulfill legal obligations applicable to it. Finnius will inform you accordingly.

Object to processing pursuant to legitimate interest

To the extent that there is processing of your personal data based on a legitimate interest, you have the right to object to this processing. This also applies if your personal data is used for direct marketing

You may submit such an objection in writing to Finnius advocaten B.V., Jollemanhof 20 A, 1019 GW Amsterdam, or by email to .privacy@finnius.com

Right to unsubscribe from direct marketing

At the bottom of every digital mailing you receive from Finnius, you can change your mail preferences via the “unsubscribe” link. Every other mailing you receive from Finnius will indicate how you can unsubscribe. You can therefore withdraw your consent to the processing of your personal data for direct marketing at any time.

Right to withdraw consent

To the extent that your personal data are processed pursuant to consent provided by you, you have the right to withdraw this consent at any time. Finnius reminds you that the withdrawal of your consent does not affect the lawfulness of the processing of your personal data prior to the withdrawal of your consent. Should the withdrawal of your consent affect Finnius’ services, Finnius will notify you accordingly.

No automated decision-making

Finnius does not use automated decision-making (including profiling within the meaning of Article 22 AVG).

When will you receive a response to your request?

Finnius only handles requests that relate to your own personal data.

Finnius will notify you of any rectification, restriction or erasure of your personal data in accordance with Articles 16, 17 and 18 of the AVG, unless this proves impossible or requires disproportionate effort. Finnius will always inform you of this if you explicitly request it.

A request to exercise any of the aforementioned rights or to revoke previously granted consent may be made in writing to Finnius advocaten B.V., Jollemanhof 20 A, 1019 GW Amsterdam, or by email toprivacy@finnius.com . Finnius will in principle inform you within one (1) month after receipt of your request whether Finnius can comply with your request. This deadline may be extended by two (2) months in specific cases, for example if there is a complex request or multiple requests. About such extension, Finnius will inform you at the latest within one (1) month after receipt of your request. Pursuant to privacy laws, Finnius may refuse your request under certain circumstances, for example due to attorney confidentiality obligations or other legal obligations (such as statutory retention periods). If this is the case, Finnius will explain to you why.

You can also find more information about your privacy rights on the website of the Personal Data Authority.

Request for additional information

In order to be sure that we are providing the relevant personal data to the correct person based on your request, we will ask you to provide a copy of a valid passport, driver’s license or ID card with a shielded passport photo and BSN number, and/or additional information that serves this purpose, for verification purposes.

Questions or comments? Get in touch!

If you have any questions about Finnius’ processing of your personal data or disagree with the processing of your personal data or the way Finnius processes your personal data, you may contact us by email by sending an email to . privacy@finnius.com

Finally, you have the right to file a complaint with the Dutch Personal Data Authority (https://autoriteitpersoonsgegevens.nl/nl/zelf-doen/gebruik-uw-privacyrechten/klacht-melden-bij-de-ap).

The security of your personal data

Finnius wants your personal data to be as secure as possible. We therefore strive to transfer your personal data securely from your computer to our servers. Finnius has taken appropriate technical and organizational measures to protect your personal data from loss or any form of unlawful processing. Measures taken include, but are not limited to, protected access to sensitive files, two-factor authentication (2FA) with respect to gaining access to computers, the CRM system and Outlook in relation to e-mail correspondence

Finnius periodically assesses whether the measures taken still provide adequate and appropriate protection and, where necessary, will make adjustments.

Changes

Finnius may modify the content of this Privacy Statement at any time without prior notice or third-party approval. You can review our Privacy Statement on Finnius’ website at any time. We recommend that you do so regularly, and at least at the time you provide your personal data to Finnius. If there are substantial changes that may significantly affect one or more data subjects, Finnius endeavors to inform these data subjects directly.

Contact

If you have any questions or comments about the processing of your personal data or wish to exercise your rights as stated above, please contact Finnius advocaten B.V., Jollemanhof 20 A, 1019 GW Amsterdam, or by email to privacy@finnius.com

Last update: April 2023