Privacy & Cookie Statement
Version 3.2, May 2022
Privacy is of utmost importance at De Clercq advocaten en notariaat (“De Clercq”). With this privacy and cookie statement (“Statement”), we inform our (potential) clients, website visitors, newsletter subscribers, event participants, job applicants, and other associates about the information we collect about them and how we use this information.
Your personal data
1.1 Clients
From our clients, we process (business) name and address details (NAW), gender, date of birth (if relevant for the Notary), contact information, bank account number, and other data necessary for handling a file (such as possibly a copy of an identity document). Without this information, we cannot process a file. In addition, we process any additional personal data that you provide to us as part of your file. The mentioned data may also concern a counterparty or other third party.
We process this data for our legal and notarial services, for the associated administration, for accounting audits, or other types of audits (for example, by the dean who oversees compliance with the Lawyers Act), and for the execution or application of laws and regulations.
We process this data to fulfill the agreement we have with you, or in preparation for it, as well as to comply with a legal obligation. Additionally, we may process personal data to pursue our legitimate interests, such as improving our services or protecting our financial interests.
The written data that are part of a file handled by De Clercq for a client are retained for the legal profession for a period of ten years and for the notarial profession for a period of twenty years. It may be that we retain a file longer, for example, when this is necessary to comply with a legal retention obligation, it concerns deeds, or it is relevant in connection with potential proceedings, claims, or disputes.
1.1.a Digital meetings
Contact with clients increasingly takes place via Microsoft Teams in this digital age. When you participate in a digital meeting, Microsoft processes your (organization) name, contact details, technical data (such as IP addresses), and information about your contribution to the meeting (such as video recordings, chat messages, shared files, etc.). This processing is based on our legitimate interest. If you object to this, it is of course also possible to communicate via other channels. We have made arrangements with Microsoft to ensure the careful handling of your personal data (including any transfer to the United States), of which the Standard Contractual Clauses (SCCs) are a part.
1.1.b Secure emailing
For secure emailing with our clients, associates, and other entities (such as the Judiciary), we utilize Zivver. If you wish to send us secure emails (possibly with large files), you can do so by using a link that we will gladly provide upon request. Additionally, it is possible for our clients to create a (free) Zivver account. Please note: When you create a (free) Zivver account, your personal data will be processed by Zivver according to Zivver’s terms and conditions. We do not have control over this.
1.2 Anti-Money Laundering and Counter-Terrorist Financing Act (Wwft)
Under the Anti-Money Laundering and Counter-Terrorist Financing Act (Wwft), lawyers and notaries are obligated to identify and verify clients for certain designated services and to report any unusual transactions conducted or planned within the scope of their services.
The obligations under the Anti-Money Laundering and Counter-Terrorist Financing Act (Wwft) apply to lawyers when they provide advice or assistance in the field of real estate, valuable goods (such as money and gemstones), tax matters, financial transactions, real estate transactions, and the establishment, transfer of (parts of) and the creation of rights on legal entities. The Wwft obligations do not apply to lawyers when they provide services for the determination of someone’s legal position, their representation and defense in court, and providing advice before, during, and/or after legal proceedings.
For notaries, the Wwft obligation applies to all services except for services in the field of family and inheritance law. Additionally, there is an exception for handling simple income tax returns and inheritance tax returns, for which no mandatory client investigation needs to be conducted.
1.2.a. Client due diligence
Employees of De Clercq, who provide services falling under the obligations of the Anti-Money Laundering and Counter-Terrorist Financing Act (Wwft), must process the following (personal) data:
Natural persons:
- Name, Address, and Residence (NAW) details
- Date of Birth
- Copy of a valid identification document
Legal entities:
- Extract from the Trade Register
- Information from the Ultimate Beneficial Owner (UBO) register
- Trusts or other legal entities:
The purpose and nature of the trust or other legal entity;
The law under which the trust or other legal entity is governed. De Clercq is obligated to use the above-mentioned data for client due diligence and to retain it for up to five years after the termination of the relationship and/or transaction.
1.2.b Reporting obligation
Under the Wwft, employees of De Clercq are required to report (intended) unusual transactions they encounter during the execution of their services (to the extent that these fall under the Wwft obligations) to FIU-Netherlands. In such a report, De Clercq must provide the (personal) data collected during the client due diligence to FIU-Netherlands. Additionally, FIU-Netherlands may request additional (personal) data.
1.3 Website visitors
Through our website, we can process your personal data in various ways. Below is a specification.
1.3.a Cookies
Our website (www.declercq.com) uses cookies. A cookie is a simple small file that is sent along with pages of this website and stored by your browser on your computer, phone, or tablet. We use these cookies to make the website function (necessary cookies), to ensure that the website is displayed in a way that matches your preferences (preference cookies), to gain insight into its usage (statistical cookies), and to measure and improve the effectiveness of advertising campaigns (tracking cookies). The cookies we use may collect the following personal data from you:
- IP address;
- Cookie ID;
- Website and click behavior;
- Referrer URL.
The only cookies we place without your prior consent are necessary cookies. For all other types of cookies, we request your prior consent. You can change or withdraw this consent at any time via the button on the cookie banner that remains active in the bottom left corner of our website. Additionally, you can block or delete cookies through your browser.
In our cookie banner (under ‘Details’), you will find more information about the specific cookies we use, including their purpose, retention period, and a link to the privacy policy of the cookie provider. Below is a general specification of the cookie providers we have engaged, their location, and (if relevant) the appropriate safeguards that have been implemented:
Analytical cookies
Provider Location & Safeguard Cybot
A/S (Cookiebot) Denmark
De Clercq Netherlands
Google LLC (Google and YouTube cookies) United States SCCs
HubSpot, Inc. United States, SCCs
LinkedIn Ireland Ireland
1.3.b Social media buttons
Through the social media buttons on our website, you can view our social media pages. De Clercq uses the following social media buttons:
The above social media parties determine on their own how they handle your personal data when you click on the button and/or visit our social media page.
1.3.c Whitepapers
De Clercq regularly posts whitepapers on its website. To download a whitepaper, you need to fill in your (organization) name, position, and email address. We process this data to send you the whitepaper, based on your consent. Based on our legitimate interest, we may also use your data to contact you to verify if you have any questions about the whitepaper and/or if you are interested in further communication about it. If you do not wish this, you can always indicate this during the initial contact. We will retain your personal data regarding the whitepaper until the periodic renewal moment of our website.
1.3.d Contact
If you wish to get in touch with De Clercq, you can do so by contacting us via the contact form on our website, through social media, via email, or by phone. In this case, we process your (organization) name, contact details, and the content of your message. We use this information to engage in the desired communication with you. We will retain your data for as long as necessary to fully address your inquiry and/or maintain the desired communication.
1.4 Event participants
De Clercq regularly organizes events, including training sessions and webinars. In order to register for an event, we may collect your (organization) name, position, contact details, invoice details, payment information, information about your attendance, and any comments/requests (such as dietary preferences). We use this information to send you relevant information about the event or similar events, to invoice you, for our administration, and/or to provide refreshments. We base this on the preparation/execution of the agreement we enter into with you and our legitimate interest.
We retain the aforementioned data until the administration and communication related to the event are completed.
If we organize an event together with another partner, it’s possible that your personal data may also be shared with this partner. In that case, our partner determines how they handle your personal data. For jointly organized events, we will indicate whether your personal data will also be shared with our partner. Additionally, we will inform you about where you can find more information about the handling of your personal data.
1.4.a Webinars
For webinars, we use the GoToWebinar tool (by LogMeIn, Inc.). When you participate in a webinar, the tool processes your (organization) name, email address, technical data (such as IP addresses), and information about your contribution to the webinar (such as responses to polls and chat messages). This processing is based on our legitimate interest. If you object to this, please let us know so that we can explore an alternative with you. We have made agreements with LogMeIn, Inc. to ensure the careful handling of your personal data (including any transfer to the United States), of which the Standard Contractual Clauses SCCs are a part.
1.5 Newsletter subscribers
De Clercq sends a digital newsletter to contacts. Regarding the newsletter, we process your email address, name, the organization you work for, the time when a newsletter is opened, and which links in the newsletter you have clicked.
You will only receive the newsletter if you have given consent or if you have not objected to it. If you no longer wish to receive the newsletter, you can unsubscribe at any time. There is an unsubscribe link in every newsletter.
When you unsubscribe, we keep your data in our client database, indicating that you no longer wish to receive newsletters from De Clercq. We store statistics about the opening and clicking in the newsletter in anonymized form.
1.6 Participants in client satisfaction surveys
To assess how we can improve our services, we conduct client satisfaction surveys. This may involve sending out a questionnaire after participating in a webinar or asking for your review via Advocaatscore. For this purpose, we process your (organization) name, contact information, and the content of your response. We do this based on our legitimate interest. If you object to this, you can choose not to participate in the client satisfaction survey.
We retain your response for one year.
1.7 Job applicants
De Clercq processes the data provided by the applicant during the job application process. For example, personal information such as name, address, contact details, data on work experience, education, courses, and internships, information gathered during assessments, a Certificate of Good Conduct (VOG), and other relevant data for the purpose of fulfilling the position. Without this information, we cannot process an application.
As part of the recruitment process, we may conduct a social media and internet check. This means that we search for the name of an applicant on Google and LinkedIn. We only look at publicly accessible information. We will not ask to connect with us or to disclose protected information. Any findings from this check may be discussed with the applicant during the recruitment process.
We process the personal data of applicants based on De Clercq’s legitimate interest. This interest consists of finding suitable personnel and ensuring that our reputation is maintained. Additionally, we process this personal data to prepare for any potential employment contract, and when we hire an applicant, to fulfill the employment contract. The data is not used for other purposes and is only provided to those responsible for recruitment activities at De Clercq or those necessarily involved therein.
We retain the data collected during the application process for a maximum of four weeks after the end of the application process, unless the applicant has expressly consented to the data being retained for six months. If we hire the applicant, we retain the relevant personal data as part of the personnel file.
1.8 Other relationships
De Clercq processes name, address, and contact information, as well as bank account numbers and other data of individuals employed by or associated with suppliers that are necessary for deliveries, orders, or the procurement of services.
We process this data for deliveries, orders, or the procurement of services, for maintaining the associated administration, for accounting purposes, and for compliance with applicable laws and regulations. We process this data based on the agreement we have with the supplier, to comply with legal obligations, and based on our legitimate interest in conducting business operations effectively.
The personal data of contacts at suppliers are deleted no later than two years after the relevant transaction has been completed, unless we are required to retain the personal data for a longer period to comply with legal retention obligations (such as tax retention obligations) or the contractual relationship continues for a longer period.
2. Disclosure to third parties
2.1 General
We only disclose your data to third parties when permitted by law and regulations. For example, we may provide your personal data to third parties when necessary for our services (such as judicial authorities, arbitration institutes, or bailiffs) or to comply with a legal obligation.
2.2 Processors
We utilize services provided by third parties, such as IT vendors for our website, webinars, online meetings, reviews, secure email transmission, AML investigations, and administrative systems. In this context, we provide personal data to these third parties. These third parties are only allowed to process your personal data on behalf of De Clercq and not for their own purposes. We have made agreements with these parties to ensure the careful handling of your personal data.
2.3 Transfer outside the European Economic Area (EEA)
It may occur that we transfer your data to countries outside the European Economic Area (EEA). We only transfer your personal data to countries outside the EEA if there is an adequate level of protection, such as when an adequacy decision applies, when Standard Contractual Clauses (SCCs) are applicable, or when it is necessary for the performance of the contract we have with you.
2.4 Links to third-party websites
Our website may contain references (such as hyperlinks, banners, or buttons) to other websites. This does not automatically imply that De Clercq is affiliated with these other sites or their owners. It is possible that a different privacy policy applies to the use of these third-party websites.
3. Security
We take appropriate technical and organizational measures to prevent misuse of, and unauthorized access to, your personal data. To this end, we implement the following security measures:
- Only necessary individuals have access to your personal data;
- All systems and devices are equipped with logical access control, using passwords and, where possible and relevant, multi-factor authentication;
- We have an internal security policy that is regularly reviewed and updated;
- We implement physical access control measures;
- Our network connections are secured using Transport Layer Security (TLS) technology.
4. Your rights
Under privacy legislation, you have several rights regarding the processing of your personal data. These rights include:
- Requesting access, correction, rectification, or deletion of your personal data, or restriction of the processing of your personal data;
- Objecting to certain processing activities, noting that we do not use your personal data to make automated decisions about you;
- Requesting the transfer of your data to a third party;
- Withdrawing consent at any time, without affecting the lawfulness of the processing based on consent before its withdrawal.
Please note: We may not be able to fulfill all requests related to your statutory rights in all cases. For example, we may limit your right to access personal data that we process based on AML obligations.
If you have a complaint about the processing of your personal data, we will do our best to find a solution together with you. However, if you still believe that we have not assisted you adequately, you have the right to lodge a complaint with the Autoriteit Persoonsgegevens.
5. Changes and contact
We may update this Statement. We will always publish new versions on our website. Therefore, we recommend that you regularly consult this Statement to stay informed about any changes.
If you have any questions regarding this Statement, you can contact us via email at [email protected] or by phone at 071-5815352.
De Clercq Advocaten Notariaat
Hoge Rijndijk 306
2314 AM Leiden
KvK: 27335947