PRIVACY STATEMENT HELEX Advocaten & Rechtsanwälte
1. General remarks
HELEX Advocaten and Rechtsanwälte, hereinafter referred to as “HELEX”, processes personal data in the context of rendering its services. HELEX respects the personal data from others and ensures that these are treated confidentially. Personal data is all information relating to a person. Data that indirectly refers to a person is also personal data.
This privacy statement implements the General Regulation on Data Processing, hereinafter referred to as “GDPR”, formally known as EU Regulation 2016/679, which has been in force since 25 May 2018. The GDPR is the starting point for the legitimacy of all processing of personal data. The GDPR includes an obligation for the recipient of the personal data (the “controller”) to provide information to the persons whose personal data it processes.
2. Controller of the personal data
The controller of the personal data within the meaning of the DGPR is HELEX, domiciled at Stationsplein 45, 3013 AK Rotterdam, the Netherlands.
3. Purposes for processing personal data
HELEX processes personal data for the following purposes only:
- to provide legal services including advice and litigation;
- to comply with regulatory and policy requirements;
- the collection of declarations;
- for business development activities;
- in the context of recruitment and selection of personnel.
HELEX will continuously check the processing of personal data on its legality in relation to the above-described purposes, whereby data provided to HELEX which is not necessary or relevant for the purposes as described will not be processed.
4. Categories of personal data
HELEX processes the following categories of personal data:
- basic personal information, such as name, title, position, the company you work for, your relationship to a person;
- contact details;
- data that is needed for our invoicing;
- data relating to your attendance of events;
- personal data that we need for compliance purposes;
- any other personal data that was provided to us in the context of rendering services, which may include special categories of data within the meaning of the GDPR.
This may concern personal data that HELEX has obtained from you as our client or potential client on your own initiative or upon our request, or that we have received otherwise in the context of our services, for example when the personal data has been received by us from third parties, including counterparties, or when we obtain personal data through public sources such as the Chamber of Commerce.
5. Basis for processing personal data
HELEX will process the above-mentioned personal data solely on the following basis within the meaning of article 6 of the GDPR:
- to conclude and perform a contract;
- to comply with regulatory and policy requirements;
- with your consent;
- for a legitimate interest (e.g. managing and administering the relationship with clients and other business relations).
6. Transfer of personal data to third parties
In relation to the provision of our services and to regulatory processes HELEX may need to share personal data of data subjects with third parties. This will always take place with due observance of the purposes laid down in this privacy statement. Examples include:
- sharing personal data with an expert who we commissioned in one of our legal files, or;
- sharing personal data with another third party on behalf of HELEX, such as an IT supplier, or;
- providing personal data in connection with (legal) proceedings or correspondence with the counterparty, or;
- sharing personal data with another lawyer who looks after the practice.
In addition, HELEX may provide personal data to a third party with public authority such as a supervisory authority, insofar as there is a legal obligation to do so.
HELEX ensures to conclude a processor agreement with third parties who process personal data on behalf of HELEX, whereby the third party is obliged to comply with the GDPR as well. Third parties engaged by HELEX, who offer their services as controller of the personal data, such as an accountant or a civil-law notary, have their own responsible for complying with the GDPR.
7. Security of personal data
Taking into account the state of the art and the costs of implementation, HELEX guarantees the implementation of technical and organizational measures to ensure a level of security appropriate to the risk involved. In case HELEX engages the assistance of third parties for this, such as an IT supplier, it will establish an agreement with such third party to ensure adequate security measures to protect the personal data involved.
8. Data storage time
HELEX will keep your personal data no longer than is necessary to achieve the purposes of data processing stated in this privacy statement or is required by law and regulation.
9. Privacy rights of the personal data subject
For clarification purposes, your rights and the rights of others whose personal data we process include:
a. the right to information (by receiving this privacy statement);
b. the right to access of your personal data (with the exception of personal notes from controller);
c. the right to rectification or correction, removal or blocking of your personal data (only factual data);
d. the right to object;
e. the right to data portability;
f. the right to restriction of processing of your personal data;
g. the right to withdraw your consent for the future to the extent that the processing of your personal data takes place on the basis of your consent;
h. the right to lodge a complaint with the Dutch Data Protection Authority. You can find more information about this on the website of this organization: https://autoriteitpersoonsgegevens.nl.
A request relating to the subsections a to g can be addressed in writing to:
HELEX Advocaten & Rechtsanwälte, Mrs. M.H.J. van der Tol, Stationsplein 45, 3013 AK Rotterdam, the Netherlands, P.O. Box 302, 3000 AH Rotterdam. Or via the email address of Mrs. van der Tol: m.vandertol@helex-advocaten.com.
To ensure that HELEX provides the relevant personal information to the right person following your request, we kindly ask you to attach to your request a copy of a valid passport, driving license or identity card with a protected passport photo and BSN number. HELEX only handles requests that relate to your own personal data.
You will receive further notice from HELEX within four weeks of receipt of your request.
There may be circumstances in which HELEX cannot, or cannot fully, implement your request. These include our duty of confidentiality as attorneys at law or statutory obligations.
10. HELEX website disclaimer and cookie statement
On the website of HELEX you will find a cookie statement as well as a disclaimer in relation to the use of the website. We kindly refer you to this information in our website.
11. Amendment of privacy statement
HELEX has the right to change the contents of this privacy statement at any time without prior notice. Amendments to the privacy statement are published on the website of HELEX. Therefore, we recommend consulting our website regularly.
12. Questions and Contact
For questions or comments about the processing of your personal data and this privacy statement, please contact:
HELEX Advocaten & Rechtsanwälte, Mrs. M.H.J. van der Tol, Stationsplein 45, 3013 AK Rotterdam, the Netherlands, P.O. Box 302, 3000 AH Rotterdam. Or via the email address of Mrs. van der Tol: m.vandertol@helex-advocaten.com.
This privacy statement was adopted 1 May 2018.