Privacy Policy

seventytwo B.V. (seventytwo, us or we) respects the privacy of those who provide personal data to us. This privacy policy describes how and why we collect, store and use your personal data, and provides information about your rights.

What basis do we have for the processing of your personal data?  

We will only process personal data where we have a lawful reason for doing so. The lawful basis for processing personal data by us will be one of the following:

  • the processing is necessary for the performance of a contract you are party to or in order to take steps at your request prior to you entering into a contract;

  • processing is necessary in order for us to comply with our legal obligations (such as compliance with anti-money laundering legislation);

  • the processing is necessary for the pursuit of our legitimate business interests (including that of the delivery and the promotion of our services);

  • processing is necessary for the establishment, exercise or defence of legal claims; or

  • your consent to the processing of your personal information for one or more specific purposes.

When we provide legal services, which personal data do we use, for which purpose do we use this personal data and for how long do we store it?

In the course of providing legal services, we process various categories of personal data of different categories of individuals, including of clients, clients’ contact persons, witnesses, experts, counterparties, counterparties’ contact persons, counterparties’ lawyers and advisors and persons whose personal data forms part of a file. This includes the following (categories of) personal data:

  • basic information, such as your name, title, position, the company you work for, your relationship to a person;

  • contact details;

  • data relating to the handling of a case or the settlement of a dispute, including data concerning the counterparty and third parties, as provided by the client, a counterparty and/or a third party or obtained from a public source

  • data for the purpose of calculating and recording fees and expenses, making payments and recovering claims, including the bank account number provided by the client;

  • other data obtained from public sources (such as the Chamber of Commerce) or data provided to us by third parties in the context of the handling of a case or the settlement of a dispute.

We process such personal data, in particular, for the following purposes:

  • Providing legal services: we will use and disclose personal data in such a manner as we believe is reasonably necessary to provide our services, for example we may need to instruct overseas counsel on your behalf (including correspondence with you), to liaise with other professional service providers in relation to matters that we are handling, or because we need to liaise with the opposing party on a matter you have instructed us on.

  • Administration: to collect our fees or costs in connection with other legal enforcement, we will use personal data to agree payment arrangements, and to collect our fees and costs owing to us in connection with legal enforcement.

  • Managing client relationships: providing clients with information on our services and legal updates that we consider may be relevant to them; arranging and hosting events; and identifying where we may make improvements in service delivery.

  • Client engagement: as part of our client onboarding process we carry out certain background searches to verify whether or not there are any potential issues that may mean we are not allowed to work with a particular person (to identify criminal convictions, politically exposed persons, sanctions or other potential reputation issues).

  • Compliance with anti-money laundering laws and regulations: we may use your personal data (e.g. evidence of your identity) in order to fulfil our obligations to check the identity of our clients in compliance with anti-money laundering laws and regulations.

  • Regulatory: compliance with our legal and regulatory obligations as a law firm, including auditing and reporting requirements.

  • Communications: sending emails, newsletters and other messages to keep you informed of legal developments, market insights and of our services (based on your consent where required).

If suppliers provide goods or services to us, which personal data do we use, for what purpose do we use this personal data, and for how long do we store it?

  •  If you provide services or goods to us, we may collect the following (categories of) personal data:

  • name and address details (name, first names, initials, titles, address, postal code, residence) as provided by the supplier;

  • other contact details (telephone number, e-mail address and similar data required for communication) as provided by the supplier;

  • data for the purpose of placing orders or purchasing services, calculating and recording fees and expenses and making payments, including the bank account number as provided by the supplier;

  • other data of suppliers of which the processing is required by or necessary to comply with applicable laws and regulations.

We process such personal data, in particular, to receive the goods or services from the supplier, to manage the relationship with the supplier (including administration), and for the provision of services to our clients if a supplier is assisting us in delivering services to our clients.

If you subscribe for seventytwo’s insights, which personal data do we use, for what purpose do we use this personal data, and for how long do we store it?

If you subscribe for our insights, we collect your name, email address and the name of your company. We use this data to provide you with our insights. You may unsubscribe at any given time by sending an email to info@seventytwo.law or by clicking the unsubscribe-link in our insights-emails.

 Disclosures of your personal data

On occasion, we may need to share your personal data with third parties. We will only share personal data where we are legally permitted to do so and within the boundaries of the strict confidentiality imposed on lawyers. This might be because, for example, we may pass your personal data to third parties such as:

  • business partners, service providers and other affiliated third parties: to enable us to provide our services to you, we may need to share your personal data with our business partners (including other professional advisers such as accountants or auditors), external service providers and/or foreign legal counsel.

  • events: we may need to pass on your personal data (e.g. name, company, occupation) to a third party in connection with management of an event, in which case the details will only be used by the third party for that specific purpose;

  • disclosures required by law or regulation: in certain circumstances, we may be required to disclose personal data under applicable law or regulation, including to law enforcement agencies or in connection with proposed or actual legal proceedings.

Transfers of your personal data outside the EEA

When processing your personal data for the purposes specified above, in some cases we may disclose your personal data to organizations located outside the European Economic Area (EEA). In such situations we will ensure that appropriate safeguards are in place that offer an adequate level of protection of your rights and freedoms as a data subject in accordance with applicable laws and regulations. We do this, for example, by concluding standard contractual clauses approved by the European Commission for the transfer of personal data. If you wish, you may request a copy of the existing model contractual clauses by using the contact information below.

Data Security

We take office-wide security measures as part of our information security framework. Technical measures include the use of access controls, firewalls, network segmentation, virus scanners and encryption of laptops and phones. Our practice management software is ISO 27001-certified, which demonstrates that it has implemented information security measures according to internationally acknowledged standards. Our redundant data storage is monitored in real time by the security specialists McAfee and Norton Symantec. Organisational measures include confidentiality provisions, screening of personnel, privacy and security training and awareness, and implementing controls in contracts with suppliers.

How long we keep your personal data

We do not retain your personal data in an identifiable form for longer than is necessary to achieve the purposes included in this policy. More specifically, we apply the following retention periods:

  • the files of the cases handled by seventytwo will be kept in accordance with the archiving manual of the Netherlands Bar Association for at least five and at most twenty years after our involvement in the case has ended;

  • personal data that must be kept on the basis of Article 52 of the Dutch General Tax Act will be kept for 7 years (from the end of the year in which the data in question have lost their current value for the (tax-) related business operations) in connection with the tax retention obligation incumbent on seventytwo pursuant to Article 52(4) of the Dutch General Tax Act.

The abovementioned specific retention periods can be extended if statutory retention obligations apply or will become applicable. We may also retain the personal data for a longer period of time if this is necessary for the handling of incidents or legal disputes.

Your legal rights

In accordance with applicable law, you have the right of access, the right of rectification, the right to erasure, the right to restriction of processing, the right to data portability and the right to object. Please find below more details and information on how and when you can exercise your rights. We will respond to your request within one month, but have the right to extend this period with two months.

You have the following rights with regard to your personal data:

  • The right to request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

  • The right to request to correct your data if it is inaccurate. You may also supplement any incomplete data we have, taking into account the purposes of the processing.

  • The right to request deletion of your personal data if:

    • your personal data is no longer necessary for the purposes for which we collected or processed it; or

    • you withdraw your consent if the processing of your personal data is based on consent and no other legal ground exists;

    • you object to the processing of your personal data and we do not have an overriding legitimate ground for processing;

    • your personal data is unlawfully processed; or

    • your personal data has to be deleted for compliance with a legal obligation.

  • The right to object to the processing of your personal data. We will comply with your request, unless we have a compelling overriding legitimate interest for processing or we need to continue processing your personal data to establish, exercise or defend a legal claim.

  • The right to restrict the processing of personal data, if:

    • the accuracy of your personal data is contested by you, for the period in which we have to verify the accuracy of the personal data;

    • the processing is unlawful and you oppose the deletion of your personal data and request restriction;

    • we no longer need your personal data for the purposes of processing, but your personal data is required by you for a legal claim; or

    • you have objected to the processing, for the period in which we have to verify overriding legitimate grounds.

  • The right to data portability. You may requests us to receive the personal data that concern you. You may also request us to send this personal data to a third party, where feasible. You only have this right if (i) it regards personal data you have provided to us, (ii) the processing is based on consent or necessary for the performance of a contract between you and us, and (iii) the processing is done by automated means.

  • The right to revoke your consent, in the event that consent is the legal basis on which we process your personal data.

  • The right to opt-out of receiving any marketing communications at any given time.

To exercise your rights you can file a request by e-mail to info@seventytwo.law. We aim to respond to your request within one month after receiving such a request. However, this one-month term may be extended with two months. In such event, we will inform you within one month after receipt of your request and explain why the extension is necessary.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Complaints, questions and contact details

Our full details are:

seventytwo B.V.

Postal address: Oosterparkstraat 28, 2042 AS Zandvoort

Email address: info@seventytwo.law If you have any questions or complaints about the processing of your personal data by us, please contact us on the details above. You also have the right to lodge a complaint to the supervisory authority about the way we process your personal data. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.

 

1 January 2021