(version dated 22 May 2018)
Smeets Gijbels B.V. (SG) is responsible for processing various personal data. A description of which personal data are processed and how SG handles them is provided below.
1. Personal data processed by SG
SG processes personal data that have been provided to SG by job applicants, clients, potential clients, business or other relations, suppliers, or opposite parties to SG. SG may also process personal data not provided by you, but which are required for the instigation, execution, or substantiation of a legal claim. Only personal data that are sufficient, relevant, and limited to what is necessary to achieve the intended objectives will be processed. SG shall not use personal data it has acquired for any purpose other than that for which they were obtained.
It concerns the following personal data:
- contact details and other personal data necessary to deal with your case;
- contact details provided during acquisition meetings, introductions, seminars and other events;
- personal data made available through public sources or obtained from the Chamber of Commerce Trade Register or the Land Registry;
- personal data in relation to an application, such as your contact details, date of birth, nationality, civil status, or other contact details mentioned on or during your application.
Contact details are defined as:
- your first and last name;
- your address;
- your telephone number;
- your e-mail address;
- your ‘Burgerservicenummer’ (BSN, or citizen service number);
- your gender;
- your nationality;
2. Grounds for processing
SG will only process personal data if and insofar at least one of the following conditions is met:
- the person involved has given permission to process his personal data for one or more specific purposes;
- the processing is necessary for the execution of an agreement to which the involved person is a party, or at the request of the involved person to take measures prior to the conclusion of an agreement;
- the processing is necessary to fulfil a legal obligation by the person processing the data;
- the processing is necessary to protect the vital interests of the involved person or of another natural person;
- the processing is necessary for the fulfilment of a task in the public interest or of a task in relation to the execution of public authority delegated to the person processing the data;
- the processing is necessary for the representation of the legitimate interests of the person processing the data or of a third person, except when the interests or fundamental rights and freedoms of the involved party requiring the protection of the personal data outweigh those interests, in particular if the involved party is a minor.
3. Purpose of processing
SG processes personal data for the purpose of executing the agreement under which you have instructed SG to provide our legal services. Depending on the details of your instruction/case, your personal data will be processed, and that of other persons may be processed, for the purpose of dealing with your case/instruction. Your data will also be used to provide you with information you have requested, for maintaining contacts (for example, in relation to newsletters or invitations to events), sending invoices, job applications, or the fulfilment of legal obligations.
As soon as personal data are used for purposes other than that for which they were obtained, a new assessment of the legal grounds for such processing will be carried out. If such legal grounds are lacking, permission will be requested again.
There may be situations in which SG shares your personal data with third parties, because it is necessary for dealing with your case, for example (such as in relation to legal proceedings). Personal data will not be shared with third parties for commercial purposes. At events, however, the contact details of attendees may be exchanged.
4. Retention periods
The starting point is that personal data will not be retained any longer than necessary for the purpose of processing or fulfilling a legal obligation. When the applicable retention period has lapsed, the relevant data will be destroyed.
5. Rights of the persons involved
Anyone is entitled to view, correct, or delete their personal information. In addition, any person has the right to withdraw their consent for their data to be processed or to object to the processing of their personal data by SG. Any person also has the right to data portability. This means you may submit a request to us to send your personal data processed by us in a computer file to you or to another organisation nominated by you. However, SG will have to verify in advance that any such request is indeed made by the involved person.
Requests to view, correct, delete, or transfer your personal data or to withdraw your consent or make an objection to the processing of your personal data should be sent to email@example.com. For the sake of completeness, it should be noted that the right to have personal data deleted does not apply if the processing of the data is necessary for the instigation, execution, or substantiation of a legal claim.
6. Sending data abroad
In the event that personal data are sent abroad, checks will be carried out to ensure that sufficient guarantees relating to the protection of personal data exist. It should be pointed out in this connection that the level of data protection throughout the European Union is the same. Therefore, whenever personal data are transferred to an organisation in the EU (and the EEA), then it is sufficient that the organisation in question is GDPR compliant. Different rules apply for the transfer of personal data to countries outside the EU. The principle rule applied by SG is that personal data may only be sent to countries with a suitable level of protection.
7. Security of personal data
SG takes the protection of personal data very seriously and takes appropriate measures to prevent misuse, loss, unauthorised access, undesirable disclosure, or unauthorised modifications. This entails SG taking both technical measures (security of systems) and organisational measures, including informing its employees about the GDPR, obliging its employees to respect confidentiality, and striving towards a clean-desk policy. The number of persons with access to the data is kept as small as possible.
If you have reason to believe that your data are not protected properly or that there are indications of misuse, please contact SG.
A processor as defined by the GDPR, when processing personal data, acts on the instruction of the person responsible for processing data, but he does not directly come under the authority of that person. For the purpose of processing your personal data, SG may use processors (such as our ICT service providers).
SG has concluded processing agreements with existing service providers that meet statutory requirements.
9. Contact details
The authority responsible for processing data is Smeets Gijbels B.V., established on Westersingel 84, 3015 LC Rotterdam and on Jacob Obrechtstraat 70, 1071 KP Amsterdam.
You can contact us at +31 (0)10 2666666 and +31 (0)20 5747722 or by e-mail at firstname.lastname@example.org. Your contact person in matters relating to the GDPR is Ms. M. van Leeuwen-van Vliet.