Privacy statementAt Dirkzwager, we are keen to share our knowledge and therefore also our knowledge about privacy legislation and the processing of personal data. For this reason, we believe it to be important to inform you clearly and well in this privacy statement about which data we process ourselves and how and why we do that.
Dirkzwager N.V. (hereinafter ‘Dirkzwager’, ‘we’, ‘our’ or ‘ourselves’) process personal data in the role of controller as set out in the General Data Protection Regulation (the ‘GDPR’).
This privacy statement was most recently amended on august 19, 2020.
1. Which personal data do we process
Personal data comprises information by which a natural person (the data subject) can be identified or is identifiable. The personal data that we can process (i.e. from receiving and saving through to amending, transferring and deleting) include:
• basic information, such as your first and last name, title, gender, the company where you work or your job title;
• contact details, such as postal address, (mobile) telephone number or e-mail address;
• additional personal data, such as identity document, date of birth, nationality and marital status;
• financial information, such as your bank account number;
• technical details, such as your IP address, the device you use to visit our website and the pages you view;
• the personal data you provide us with when you apply for a job with us, such as educational and work experience details;
• all other personal data that we acquire from you or about you, or that we are able to acquire ourselves and which we use for the purposes cited below.
2. How do we acquire personal data?
In most cases, we acquire your personal data from you, for example if you ask us to carry out an assignment for legal or tax services, you visit our website, you complete a form on our website, you apply for a job with us, you give us your business card or from information we acquire during (telephone) conversations and e-mail contact with you.
In addition, we may also acquire your personal data in other ways, such as from an opposing party or third parties in connection with a case that we are handling, from (public) registers (such as the Commercial Register of the Chamber of Commerce) or from public sources and websites.
3. For what purposes do we process personal data?
Personal data is necessary for all the relationships we enter into so that we are able to offer the best possible services and collaboration. We process your personal data for the following purposes:
Legal or tax services
We only process the data that is necessary for the preparation, implementation and completion (including invoicing) of the assignment in question (providing legal or tax advice, drawing up a notarial deed, conducting judicial proceedings, filing a tax return or providing legal knowledge).
Complying with statutory obligations and (professional) rules
We process personal data in order to fulfil statutory obligations as well as the applicable legislation and professional rules that apply to lawyers, civil-law notaries and tax consultants, such as identification, checking details, administrative requirements or retention periods.
Marketing and business development objectives
In order to maintain and expand our client base, we may approach you with information, publications or invitations that are relevant to you. We also do that in order to maintain the relationship we have with our partners, suppliers and other business contacts.
Use and improvement of our website
You can sign up for a newsletter through our website. You can also register yourself as user, which will allow you to manage your newsletter preferences and any participation in our events. In order to follow and to improve the contents and use of our website, we collect and analyse data about the browsing behaviour of the visitors to our website.
Participation in our events
When you sign up for one of our events, we will request your personal data. We use that in order to confirm your application, to provide you with up-to-date information about the event in question, to register your presence and to be able to send you proof of participation.
Following registration for an event, a personal account will be made on our website. You can amend your data through the personal account, as well as download proof of participation in our events.
We believe it is important for us to know what your experience is of our services. This means that we invite you to complete a client satisfaction survey once an assignment has been completed. We may also send you an invitation to assess an event after you have participated in that event.
Access control and security
We will record your name on your arrival at our offices. This allows us to know, in case of an emergency situation, who is currently visiting and also to ensure that no unauthorised persons are present in the building. CCTV cameras are used at the entrance and in the parking garage at our Bordelaise offices. Footage from these cameras is not saved.
Job applications and recruitment
In order to handle your job application or when you register for one of our recruitment activities, we will request your personal data. We will retain the data you provide us with via e-mail, the application form on www.werkenbijdirkzwager.nl and during (telephone) conversations until four weeks at the latest after the end of the job application procedure. If we want to contact you again for a job vacancy in the future, then we ask your permission to save your personal data for a longer period. That period will be no longer than one year.
4. On which grounds do we process your personal data?
We are only permitted to process your personal data if there is a legal ground for that. The processing cited above is carried out on the basis of the following legal grounds from the GDPR:
• For the implementation of an agreement
• Due to a statutory obligation
• With your permission
• Due to a justifiable interest and balancing of interests
5. With whom do we share your personal data?
Sometimes it is necessary to share your personal data with third parties. That may include the following situations:
• In order to provide our legal and tax services, for example when conducting judicial proceedings, for the purpose of drawing up a notarial deed or to file a tax return;
• In order to comply with statutory obligations, for example a registration in the land register or a report to a supervisory authority;
• External suppliers who we engage for processing, such as those described in this privacy statement, including our IT suppliers or a translation agency;
• Third parties who are involved in the hosting or organisation of our events;
• If necessary, written agreements are made with non-processors based on privacy covenants.
Third parties to whom we provide your personal data are also responsible themselves for the processing of those data and for compliance with the GDPR. If a third party processes your personal data as processor on behalf of Dirkzwager, then we enter into a data processing agreement that fulfils the requirements of the GDPR. If necessary, we enter into written agreements, such as privacy covenants with non-processors.
If one of our external suppliers processes personal data outside the European Economic Area, then our written agreement with them will contain suitable measures, which will usually comprise standard contract provisions.
In the case of our paid events, we use the services of Ingenico ePayments. Ingenico is responsible for any payments made between Dirkzwager and your bank or credit card company. We do not have access to your payment data: Ingenico will only inform us whether the payment has been successful and will forward the amount to us.
In order to follow and to improve the contents and use of our website, we collect data about the browsing behaviour of our website visitors. We do that using Google Analytics, but in a manner that is privacy-friendly: we have entered into a processing agreement with Google and your IP address is anonymised. We do not share the data with Google.
6. For how long do we retain your personal data?
We retain your personal data no longer than is necessary for the purpose for which we have collected and recorded the data.
If a statutory obligation exists to retain data or there is a retention period on grounds of professional or conduct regulations, then we observe such periods correctly.
7. How is the personal data safeguarded?
We have taken suitable technical and organisational measures based on ISO 27001 in order to prevent misuse, loss, unauthorised access, unwanted disclosure and unauthorised amendment of your personal data.
If you have any questions concerning the security of your personal data or if you suspect any misuse, please contact us via firstname.lastname@example.org.
8. What are your rights?
You may inspect the personal data we have recorded about you. You have the right to have your personal data amended or even deleted if the data is not or no longer correct, or if the processing is not or no longer justified. Under certain circumstances you may limit the processing, request us to transfer your data or object to the processing. We will assess whether we can comply with your request pursuant to the law.
The Data Protection Officer (DPO) will process your request or any complaint and can be reached by e-mail: email@example.com. We will provide a response within 30 days. However, this may take longer depending on the complexity of your request.
We may not be able to respond to your request within the period of one month. This could be because the processing of certain personal data is required in order for us to fulfil our legal and statutory obligations and/or professional requirements or due to other exceptions, such as the rights and freedoms of third parties or the interests of conducting legal proceedings. If we are unable to comply with a particular request, then we will of course provide you with substantiation for that.
You also have the right to submit any questions to the supervisory authority (the Data Protection Authority).
9. Contacting us
If you would like to know more or you have questions or any complaints about our processing of your personal data, you can contact our DPO as follows: firstname.lastname@example.org or Dirkzwager, attn Data Protection Officer, PO Box 111, 6800 AC Arnhem.
Because we may amend this statement from time to time, we recommend that you view this page regularly so that you can be aware of any changes we make. Should we need to make significant changes to our privacy statement, then we will publish that in a clear statement on our website. If we want to use your data for a different purpose of processing, then we will actively inform you of that.