Privacy verklaring

Privacy Statement for (Legal) Services - Kienhuis Legal

In this statement, we explain how we handle privacy when you use our (legal) services in the broadest sense of the word. We inform you about why we collect your personal data, what we do with it, on what legal grounds this occurs, how we secure it, and what your rights are under the General Data Protection Regulation (GDPR). "Personal data" refers to all information that can be directly or indirectly traced back to a natural person, such as your name, address, email address, phone number, or bank account number.

Kienhuis Legal N.V. (hereinafter referred to as "we" or "us") is the data controller within the meaning of the General Data Protection Regulation (GDPR) for the processing of personal data referred to in this privacy statement.

We believe it is important to handle your personal data carefully and ensure that the personal information you provide to us is treated confidentially. In short, this privacy statement explains that we:

  • Use your personal data only for the purposes for which it was collected;

  • Process your data only when we have a legal basis to do so;

  • Do not share your data with others, unless otherwise specified in this privacy statement;

  • Secure your data carefully.

If you have any questions that are not answered in this privacy statement, if you have suggestions or comments regarding its content, or if you have any concerns or complaints about how we handle your personal data, you can contact us. You may do so by email or by using the contact details at the bottom of this page.

This privacy statement applies to all (legal) services provided by Kienhuis Legal N.V. For information on the processing of personal data related to your visit to our websites, or your registration and attendance at our events, masterclasses, and other Academy events, please refer to the specific privacy statement for our websites.

This document contains the following information:

1. Processing Purposes

2. Legal Grounds

3. Recipients

4. Retention Periods

5. Newsletter

6. Security

7. Your Rights Regarding Your Personal Data

8. Complaints

9. Changes

10. Identity


1. Processing Purposes

We process your personal data in connection with our (legal) services only for the purposes described in this privacy statement, unless we obtain your prior consent to process your data for other purposes. We process your personal data to:

1. Provide (continue to provide) our (legal) services to you, including but not limited to: advice, support, assistance in legal proceedings, offering courses, taking on new cases, etc.;

2. Inform you about our (legal) services and any associated changes and updates;

3. Share our expertise with you through events and masterclasses (and to be able to invite you to them);

4. Send you newsletters and marketing communications (for marketing purposes);

5. Contact and maintain communication with you regarding submitted callback requests, submitted messages, or other communications;

6. Manage creditors and debtors and, where necessary, take actions in this regard (such as involving a debt collection agency).


2. Legal Grounds

Necessary for the performance of a contract

We process your personal data because it is necessary for the performance of the agreement you enter into with us regarding our (legal) services. Without this personal data, we cannot provide our services or meet the obligations of the agreement we have with you. If you do not provide the necessary personal data, we cannot enter into an agreement with you or provide you with our services.

Legal Obligation

In some cases, we process personal data because we are legally required to do so. For example, under the Dutch Anti-Money Laundering and Anti-Terrorist Financing Act (Wwft), we are required to record certain information. Another example is the obligation of notaries to record certain personal data in a notarial deed pursuant to the Dutch Notarial Law. Without the relevant personal data, we cannot comply with these legal obligations. Therefore, if we request personal data, it is important that you provide the personal data that is subject to the legal obligation.

Legitimate Interest

Some personal data is processed based on our legitimate interests. This includes, in particular, processing personal data of employees of organizations with which we contract. Our legitimate interest is to be able to provide our services as effectively as possible and to carry out our normal business activities. For example, we may store the names of contacts at clients (legal entities) in a specific file. Additionally, we have an interest in sending you commercial communications – for our marketing purposes – regarding services similar to the ones you have received, such as invitations for events and masterclasses.

Consent

Finally, for some processing of your personal data, we request your explicit consent. For example, to process your personal data for marketing purposes that are not directly related to similar services we offer. This may include sending newsletters. If you do not provide consent, we will not process your personal data for these purposes. You have the right to withdraw your consent for specific processing of your personal data at any time. However, this does not affect the lawfulness of the processing based on consent before its withdrawal.

3. Recipients

Only those within our organization who need access to your personal data will have access to it. This includes, for example, individuals you address messages to, our lawyers, notaries, and legal staff involved in providing (legal) services to you, support staff who must work with your data (such as the relevant secretariat), and, under certain circumstances, staff from our finance, IT, and marketing departments. Our lawyers, notaries, and other staff, as well as third parties to whom personal data is provided, are required to respect the confidentiality of your personal data. We also impose this obligation on processors – through a processing agreement – whom we engage in providing our services.

We do not generally share your personal data with third parties unless it is necessary for providing our (legal) services and related services, or if it is done at your request or is legally required. In this context, we share your personal data with our hosting provider and server administrator Felloo B.V., on whose servers we store data. Additionally, we may share your personal data, if necessary for our services or required by law, with organizations such as the Dutch Employee Insurance Agency (UWV), the Social Insurance Bank (SVB), registrars, consultancy firms, the tax authority, the Legal Aid Board, courts, appellate courts, opposing parties, and partners. In exceptional cases, software vendors may gain access to your personal data, but only to the extent necessary for maintaining and operating our software. Where required, we have entered into data processing agreements with these third parties in accordance with applicable privacy laws. We may also provide personal data to third parties if required by law, a court order, or an order from a competent authority. Additionally, at your request (for example, when exercising your right to data portability), we may share your personal data with third parties.

4. Retention Periods

We do not keep your personal data longer than necessary to provide our services to you, unless there is a legal obligation to retain data for a longer period or if personal data can be processed for a new purpose under a valid legal basis. For instance, we retain data we receive as part of your file only as long as strictly necessary, considering issues such as evidentiary requirements and legal obligations such as tax retention periods.

Documents submitted to us as part of a service we provide are generally retained for 5 years. Personal data relevant for tax purposes is retained for 7 years in accordance with the tax retention obligation. If there is a legitimate reason to anticipate liability issues, your personal data may be retained for up to 20 years. Additionally, we may retain judgments and any related personal data for up to 20 years if necessary for enforcement of these judgments.

Certain types of services may have different legal retention periods.

Once you no longer use our services and there is no legal basis to retain your personal data, your personal data will be deleted as soon as possible.

5. Newsletter

As mentioned earlier, you can subscribe to our newsletters. In this context, we process certain personal data that is necessary to send the newsletter to you. Each newsletter provides the option to unsubscribe. You can also unsubscribe at any time by contacting Kienhuis Legal N.V. via email or by using the contact details at the bottom of this privacy statement.

6. Security

We take appropriate technical and organizational measures to protect your personal data from loss or unlawful use. For example, secure connections are used to transmit your personal data over the internet. Personal data is also securely stored and processed in a certified data center and shielded from search engines. Access within our organization is restricted to authorized personnel.

7. Your Rights Regarding Your Personal Data

If your personal data is processed by us, you have various rights under the GDPR. These rights include:

  • The right to request access to the personal data we process about you;

  • The right to request correction, deletion, or restriction of your personal data;

  • The right to data portability (to have your data transferred to another party);

  • The right to object to the processing of your personal data based on legitimate interest, or to object to the processing for direct marketing purposes.

We will respond to such requests as promptly as possible or explain why your request cannot be fulfilled. To verify your identity, we may ask for additional details.

You can send your request or objection to the contact details provided below.

8. Complaints

You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or, if applicable, the supervisory authority in your country if you believe we are processing your personal data in violation of applicable laws.

9. Changes

This privacy statement may be amended. The latest version will be published on our websites. Therefore, we recommend that you regularly check this privacy statement, for example, via our websites. Upon specific request, we will also send you a copy of the latest version of this privacy statement by email.

10. Identity

Kienhuis Legal N.V. is responsible for processing personal data in connection with our (legal) services and the use of our websites.

Kienhuis Legal N.V. is the data controller under the GDPR:

Kienhuis Legal N.V. 
Pantheon 25
7521 PR Enschede

P.O. Box 109
7500 AC
Enschede
+31 (0)53 480 42 00
CoC 08124589

If you have any questions regarding this privacy statement of Kienhuis Legal N.V., you may contact us by email at privacy@kienhuislegal.nl or by mail (to the attention of the chairman of the board).

This privacy statement was last updated on April 12, 2024.

Do you have any questions?
Please contact us

+31 88 480 40 00

Get in touch