Privacy statement

Download Privacy statement

V&A advocaten B.V., hereinafter referred to as: V&A, established in Rotterdam and registered with the Dutch Chamber of Commerce under the number 59456191, attaches great importance to the protection of personal data. This privacy statement explains how V&A handles information on identified or identifiable natural persons, as referred to in the General Data Protection Regulation (GDPR).

1. Application
This privacy statement is applicable to the following categories of natural persons whose personal data are processed by V&A:
a) (potential) clients and persons employed by (potential) clients;
b) visitors to the V&A office building;
c) participants in V&A meetings;
d) job applicants;
e) all other persons whose personal data are processed by V&A, with the exception of its employees and student-trainees.

2. Processing of personal data - how do we collect data?
V&A collects personal data which:
a) you as a data subject have provided (during a conversation or meeting) by telephone, in writing, or digitally (via email or web forms on the office website), such as contact details and - depending on the nature of the occasion or case - other personal data. The provision of personal data by an authorised representative is also regarded as the provision of data by you as a data subject;
b) an insurer, professional association, or trade association has provided;
c) V&A has derived from other sources, including professional social media platforms such as LinkedIn, public professional websites, the trade register of the Chamber of Commerce and the Land Registry Office. V&A’s website contains hyperlinks to websites of other parties and a social media button of LinkedIn. When these links or this button are clicked, personal data are processed by the social media platform in question. V&A is not responsible for the contents of these websites or the service of this social media platform. Nor is V&A responsible for the privacy policy and the use of cookies on these websites and this social media platform. For an answer to the question how LinkedIn handles personal data, we refer to the privacy statement of this platform.

3. Purposes of processing - why do we collect personal data?
V&A processes personal data for the following purposes:
a) to implement an agreement for the provision of legal services and billing for work performed;
b) to meet statutory obligations, including those arising from the Money Laundering and Terrorist Financing (Prevention) Act (Wet ter voorkoming van witwassen en financieren van terrorisme) (Wwft);
c) to maintain contact, by sending invitations for meetings and the information the data subject has asked for;
d) to improve product and service information and carry out targeted marketing actions, in order to provide clients/target groups with relevant information, without using any special personal data or confidential data for the combination and analysis of data required for this, and without creating individual client profiles;
e) to evaluate a meeting (such as a workshop or seminar) on the basis of evaluation forms completed by participants;
f) to guard access to the office and protect confidential data.
There are several purposes for collecting different types of personal data. V&A has drawn up a register with our processing activities, in which we record which data we collect for these various purposes.

4. Legal ground - on what basis do we collect personal data?
V&A processes personal data based on the following legal grounds:
a) consent of the data subject, which can be withdrawn at all times, without this affecting the legitimacy of the processing based on the consent given before the withdrawal. This legal ground applies for example when you agree to the cookie statement on our website;
b) to prepare for the execution of concluding an agreement for the provision of legal services including billing to third parties (e.g. insurance company). This legal ground applies for example if you wish to make use of our services and we draft an agreement for this with you;
c) a statutory obligation, e.g. pursuant to the Money Laundering and Terrorist Financing (Prevention) Act and the Legal Aid Act (Wet op de rechtsbijstand) which require attorneys to collect and record certain information;
d) a justified interest, such as the use of contact data for sending invitations for a meeting (such as a workshop or seminar).

5. Processors - who has access to the collected data?
For the processing of personal data V&A may engage service providers who process personal data exclusively in accordance with V&A’s instructions. For example, experts we hire to support the services we provide to you.
V&A enters into a processing agreement with processors that meets the requirements set by the GDPR. In this agreement, we make arrangements with the processor for example on the way in which they are allowed to deal with personal data and the security measures they need to take to protect your data.

6. Sharing personal data with third parties
V&A shares personal data with third parties if this is necessary for the handling of a case or to comply with a statutory obligation. For the handling of a case, it may be necessary to share personal data in the context of an advice or legal proceedings (such as against a judicial authority, an expert or the opposite party (or his attorney), to conclude an agreement (such as with the other contracting parties or their attorneys), to charge for the services (such as an insurer), or in connection with a court judgment (for example to a bailiff). Complying with statutory obligations could, for example, involve reporting unusual transactions to supervisory authorities. V&A does not share any personal data with third parties for commercial purposes.

7. Transfer outside the EEA
In principle, V&A does not transfer personal data to countries outside the European Economic Area (EEA). If it is necessary, V&A will ensure that the transfer only takes place if the European Commission has indicated that the country in question offers an adequate level of protection or if there are adequate safeguards within the meaning of the GDPR.

8. Retention of data
V&A does not retain personal data longer than necessary. In principle, V&A applies the following retention periods:
a) case file: 10 years after having physically archived the file and 20 years after having digitally archived the file;
b) data of job applicants: 4 weeks after completion of the application procedure, unless another term is agreed with the job applicant concerned;
c) data of (student) trainees: 4 weeks after completion of the student-traineeship (except for the confidentiality declaration);

9. Rights of data subjects
As a data subject under the GDPR, you have specific rights as far as your data are concerned:
a) Right to information. As a data subject, you have the right to receive clear information about the processing of your personal data. V&A informs you about the processing of your data, among other things via this privacy statement.
b) Right to access. As a data subject, you have the right to inspect the data that V&A has collected from you.
c) Right of rectification. As a data subject, you have the right to have data collected from you that is factually incorrect, corrected. This is the case, for example, if we have an incorrect bank account number linked to your name, or if we have incorrect address details. Any advice that has been discussed cannot be corrected. If you believe that a conversation report is a misrepresentation of facts, you can however have a comment added to this report.
d) Right to erasure. As a data subject, you have the right to request that personal data known to V&A be deleted. In principle, we will comply with this request, unless we are not permitted to destroy the data or we can no longer perform an agreement we have concluded with you at that time or we have a legitimate interest in the data. If we reject your request, we will always state the reason for the rejection.
e) Right to data portability. As a data subject, you have the right to request that your data be transferred in a digitally readable form. In principle, V&A shall always carry out this request, unless this is technically impossible. This situation may arise if you switch to another law firm and would like to have your data forwarded to this firm.
f) Right to restriction of the data processing. As a data subject, you have the right to (temporarily) restrict the processing of your data. For example, if you are of the opinion that the data we process are incorrect but you need time to investigate this. During the period you need for investigation, you can ask us to restrict the processing of your data to only the necessary processing.
g) Right to object. As a data subject, you have the right to object to the processing of your personal data. If you object, V&A will reconsider the processing of the data. This situation will arise, for example, if you have not provided the information to us yourself but the information has been provided to us by, for example, the (legal assistance) insurer. You can also invoke this right if you object to receiving direct marketing.
h) Right to object to automated decision-making. As a data subject, you have the right to object to a decision that has been taken automatically. In this event, V&A is obliged to reconsider the decision and must have it reconsidered by a person and not a machine. V&A only uses automated decision-making for the application of marketing.

10. Changes to the privacy statement
V&A may change this privacy statement at all times. The changes are published on the V&A website. It is wise to consult this privacy statement regularly, so that you are aware of any changes.

11. Requests, questions and complaints
A data subject may request V&A to inspect, rectify, delete, transfer, limit the processing and object to the processing of personal data. Requests can be submitted by a data subject by sending an email to and will in principle be assessed within one month after receipt.
If you have any questions or complaints about the way in which V&A processes personal data, you can also contact Chris Banis by sending an email to We will always attempt to resolve a complaint to your satisfaction. If this fails, you can contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) (AP).

This website uses cookies

This website uses cookies. By using this website, you agree to the use of cookies. read more