Personal data is all information relating to an identified or identifiable natural person. We will only process your personal data in a controlled and ethical way and in accordance with the EU - and where applicable also the UK - General Data Protection Regulation (GDPR).
This Privacy Statement explains what personal data we collect, for what purposes, with whom we share it, what your rights are and how we keep your personal data safe. We also share our contact details in case you have questions about privacy and/or your personal data processed by us.
1. Who are we?
NautaDutilh is an international law firm with offices in Amsterdam, Brussels, London, Luxembourg, New York and Rotterdam. With over 400 lawyers, notaries and tax advisers, we are the largest independent law firm in the Benelux. Top specialists who set the tone on the world stage, and apply the same knowledge and skills to serve clients in our home markets. Please find more information about our offices on our website under Legal information.
2. Why do we process your personal data?
We process your personal data for the following purposes:
- To provide our services to you, your company or our clients in general (including training courses), and to handle requests, enquiries or complaints received ('Provision of Services')
- To manage our relationship with our suppliers and business partners (including a due diligence procedure) ('Procurement')
- To comply with regulatory and policy requirements ('Compliance')
- To identify services you may be interested in and to communicate with you about our services (e.g. via our newsletters or events) and to build or maintain a professional relationship ('Marketing and Relationship Management')
- To maintain, develop and improve our website, apps and social media pages, in particular by generating statistics regarding their use ('Internet Analytics')
- To protect our offices, business, property, people, visitors, network, website, apps and databases and to prevent, detect and combat any misuse or fraudulent/criminal behavior ('Security')
- To monitor, analyse and/or improve our services, business processes and systems ('Business Development and Continuity')
- To exercise our rights by establishing, exercising or defending a legal claim or in order to defend ourselves or our staff against a legal claim from third parties (including disputes, complaints, questions and/or investigations) ('Legal/Dispute Resolution')
- To handle your subscription to any of our recruitment services or events, handle your job application and assess your eligibility to work with us ('Recruitment')
3. What personal data do we process?
The personal data we process for the above-mentioned purposes may include:
- Personal data we receive or collect in the course of the provision of our services, which may contain information on legal issues, disputes, convictions, sanctions and fines. It may also include the name and contact details of other people related to you, such as your professional advisors, business contacts and/or family members;
- Information from trade registers and other public/private sources;
- Your national identification number (but only to the extent required or authorized by law);
- Your payment details, if necessary for invoicing or payment purposes;
- Your reviews with regard to our services;
- Information about your when you visit our firm (visitor registration, camera footage, license plate number);
- Interactions and correspondence with our firm;
- Personal data we receive or collect in the course of the provision of your services/goods, which may contain financial information (including invoices and VAT-numbers) and information with regard to your services/goods;
- Information related to your visit to our website, such as the type of your device, your IP ad-dress and the user-agent;
- Information on the use of our apps, like Dawn Raid (e.g., your e-mail address, moment of downloading and login, app version and platform used);
- Video call recordings by means of online communication and collaboration platforms (we might also process your name and photo for this purpose);
- Information about your attendance of our events, training courses and/or conference:
- The services you are or may be interested in and if and when you opened our marketing e-mails;
- Personal data that we need for compliance with our legal obligations (such as client identification data as part of our customer due diligence obligations);
- Your name, gender, (job) title, and the company you work for;
- Your contact details, such as your (business) e-mail address, department, company/home address and your (business) phone number;
- Your date of birth, place of birth and nationality;
- Your resume, cover letter, information about your application procedure and the results thereof, and any other information relevant for the position you apply for, which may also include an assessment and/or pre-employment screening;
- Relevant background information, such as your skills, your professional and/or educational background, your relationship to our client or supplier etc.
4. On what basis may we process your personal data?
We base the processing of your personal data for the purposes mentioned in 3, on the following legal bases:
- Provision of Services: If we provide the services directly to you, the processing of your personal data for this purpose is necessary for the performance of our contract with you. If we provide the services to your company or our clients in general, the processing of your personal data is in our legitimate interests to conduct business. For the provision of services, we might also need your personal data to comply with our legal obligations. With regard to our notarial services, the processing of your personal data may also be necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in our notaries. If you choose not to give us your personal data for this purpose, we might not be able to provide our services to you or your company.
- Procurement: If we procure goods or services directly from you, the processing of your personal data for this purpose is necessary for the performance of our contract with you. If we procure the goods or services from your company, the processing of your personal data is in our legitimate interests. For the procurement of goods and services, we might also need your personal data to comply with our legal obligations. If you do not provide us with your personal data for this purpose, we might decide not to engage you or your company.
- Compliance: The processing of your personal data if necessary for compliance with our legal obligations. This may include record keeping, compliance with statutory retention periods and reporting your personal data to official authorities for compliance with fiscal, anti-money laundering or other legal obligations. If you choose not to give us your personal data for this purpose, we might not be able to continue our contractual relationship with you or your company.
- Marketing and Relationship Management: if we do not ask for your consent, we base these activities on our legitimate interests. If you do not want to receive our marketing e-mail messages, you can refuse to give us your consent or you can click on the unsubscribe link at the bottom of each e-mail sent. If you refuse/withdraw your consent or opt-out of these communications, you will suffer no consequences other than no longer receiving them.
- Internet Analytics: if we do not ask for your consent, we base these activities on our legitimate interests. If you refuse/withdraw your consent or opt-out, you will suffer no consequences.
- Security: we use your personal data for this purpose to prevent, detect and combat fraudulent or criminal activity. We have a legitimate interest in protecting our offices, business, property, people, visitors, network, website, apps and databases and in preventing, detecting and combating misuse or fraudulent/criminal behavior in this regard.
- Business Development and Continuity: we have a legitimate interest in processing your personal data to maintain a healthy and prosperous business.
- Legal/Dispute Resolution: it is in our legitimate interest to be able to exercise our rights and to defend ourselves and our staff against legal claims;
- Recruitment: We process your personal data based on your consent, our legitimate interests to recruit integer and qualified professionals, or as necessary in the context of the intention to enter into a contract with you.
5. With whom do we share your personal data?
For the purposes stated in this Privacy Statement and their corresponding legal bases we may share your personal data with our NautaDutilh group companies and other third parties. This may include, but is not limited to third parties:
- Relevant to the Provision of our Services, such as judicial bodies, courts and tribunals, bailiffs, clients' counterparties and/or their representatives, public authorities, governmental organizations and law enforcement agencies.
- That are our suppliers (Procurement) such as IT providers, business partners, recruitment agencies and other suppliers.
- We engage with for Compliance, such as supervisory authorities, financial institutions (i.a. banks and insurance companies), The Chamber of Commerce and consultancy firms, accountancy firms and auditors.
- That we work closely with throughout the chain, like universities and schools.
Third parties receiving your personal data are themselves responsible for compliance with privacy legislation, if they act as independent controllers (e.g. clients, banks, insurance companies, accountancy firms, public authorities). We are neither responsible nor liable for the processing of your personal data by these third parties. If we transfer your data to third parties, acting as our processors or as joint controllers, we will enter into a data processing agreement or a joint controller agreement with these parties.
In case we share your personal data with third parties outside the European Economic Area, we will ensure appropriate safeguards in accordance with the GDPR.
6. How long do we keep your personal data?
We will keep your personal data no longer than necessary to achieve the purposes as stated in this Privacy Notice or as far as required by relevant laws and regulations.
7. How do we keep your personal data safe?
We are committed to keeping your personal data safe against accidental or unlawful destruction, loss, alteration and unauthorized disclosure or access. To this end, we have implemented appropriate technical and organizational measures as part of our information security framework (in line with industry best practices). These measures include firewalls, access control, virus scanners, encryption (of laptops and phones), screening of personnel and confidentiality provisions.
8. What are cookies and what type of cookies do we use?
Cookies are small text files with information. They are installed on your device when you visit a website. Some cookies are technically necessary for the proper operation of a website. This means that some activities within a website cannot be performed without the use of these cookies. These technical or session cookies do not require consent. Download here our cookie overview.
Functional cookies allow websites to remember your actions and preferences, which might be practical when you visit a websites again, or when you change pages within a website. These cookies do not require consent either. There are also cookies, which can be used for analytics (e.g., on how you use a website), or for tracking your behavior over the internet in order to show you targeted ads. These cookies usually require your consent. We do not use these types of cookies.
If you would like to share our content on social media through the social media share buttons on our websites, cookies may be set by these parties as independent controllers as well. This may also happen when you visit our social media pages on LinkedIn, Facebook, X and Instagram. Please find their cookie policies here: Facebook, LinkedIn and Instagram.
9. What are your rights as a data subject?
Under the GDPR you have certain rights. For instance, you may ask us about what personal data we have or to rectify/delete your personal data. Under circumstances you may also object to the processing, ask us to restrict the processing or to receive the personal data in a machine readable and structured way (for other organizations). You can find more information on your rights at https://www.autoriteitpersoonsgegevens.nl/themas/basis-avg/privacyrechten-avg
If you would like to exercise any of these rights, please send an e-mail to firstname.lastname@example.org. For your protection and the protection of the persons whose information we process in general, please allow us to verify your identity when you make a request.
If you have a complaint about how we handle your personal data, please send an e-mail to email@example.com. You also have the right to file a complaint at the Dutch Data Protection Authority, the Autoriteit Persoonsgegevens.
Please be informed that our lawyers and notaries must adhere to their professional duty of confidentiality. Therefore, it might not always be possible to disclose the information requested.
10. Contact details
Please be informed that we appointed a Data Protection Officer (DPO) for our offices in Amsterdam, Rotterdam, London and New York. You can reach out to our DPO for any questions or concerns with regard to the processing of your personal data by sending an e-mail to firstname.lastname@example.org
This Privacy Statement entered into force on 1 November 2023 and replaces the version of 22nd May 2022. We reserve the right to amend or update this Statement. Therefore, we invite you to visit our website regularly to find the latest version and stay informed on how we collect and use your personal data.