1. Who is responsible for the use of my data?
coenttb is the controller when you visit our websites, when we handle job applications, when we provide legal services, when you provide us with goods or services, when we use contact data in our CRM system, and when you visit our offices. In certain exceptional cases the client is the sole controller and coenttb is the processor. For example, when you use our client portal Connect, for some applications the client may be the controller and coenttb the processor. Where applicable, we will then conclude a data processing agreement. If we are the processor, and you contact us with a privacy-related question, we will refer you to the organisation that is the controller.
2. When I visit the website, which data do you use, for what purpose do you use this data, and how long do you store it?
Our website, tenthijeboonkkamp.nl, is used to provide general information on coenttb. tenthijeboonkkamp.nl is hosted by Heroku on its Europe region.
For all the websites, we collect the following usage data: your IP address, your browser, the pages you visit, when you visit those pages, and (where applicable) the previous/subsequent site you visit.
We use this data to:
administer the sites
generate usage statistics
provide for (additional) functionality on the sites
manage the sites by resolving any technical faults or improving accessibility to certain parts of the sites
ensure the security of our IT systems
We process this data on the basis of our interest to ensure that websites and apps remain functional and secure. We retain this data for 14 months, unless stated otherwise below.
Our website might also allow you to create an account. If you create an account, we will collect your name, email address, password and, where applicable, your employer. We use this data to register you with our website and provide you with access to the website. We use your email address to restore your password and to send you updates about our service. We retain account data for as long as you have an account with us.
3. What cookies do you use, for what purpose, and how long are they stored?
When you visit tenthijeboonkkamp.nl, cookies are placed on your computer. coenttb uses two types of cookies:
Necessary cookies: coenttb uses a cookie in order to offer the website’s basic functionality and to remember your cookie settings. This cookie is called _gat. It is stored for 24 months. If the _gat-cookie is used to throttle the request rate, then it is stored for one minute.
Cookies for analytics: coenttb uses cookies to generate anonymous user statistics to make our websites more user-friendly. We do this through Google Analytics, a web analysis service offered by Google Inc. (Google). Google uses aggregated statistical information to provide coenttb with an understanding of how visitors are using our websites. To protect your privacy, we have configured Google Analytics to only store part of our visitors’ IP address and to not share data with others. Google may only provide this information to third parties if it has a statutory duty to do so or to the extent that the third parties are processing the information on Google’s behalf. We have signed a data processor agreement with Google. We use the following cookies for this purpose: _ga and _gid. These are stored for 24 months and 24 hours respectively. We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.
To help us improve our services, we may collect and analyze certain information about how you use our products. This includes data about your interaction with our services, the frequency of use, and the events that occur within our products. This data is anonymized and does not include any personally identifiable information.
4. When you provide legal services, which data do you use, for what purpose do you use this data, and how long do you store it?
coenttb provides legal services, such as in the context of investigations, litigation, corporate matters and notarial services. In the course of providing those services, we process personal data of different categories of people. These include clients, clients’ contact persons, witnesses, experts, counterparties, counterparties’ contact persons, counterparties’ lawyers and advisors, and persons whose personal data forms part of a file.
In particular:
When we assist in litigation and conduct investigations, we may search for relevant information in files provided by our clients or another party. We may use this information, including personal data, in documents we have drafted as part of our services. For litigation, this includes investigating and preparing court documents. For investigations, this includes reporting to a client on its compliance with applicable rules.
When we are engaged as advisor in corporate matters, we may set up or review a data room, which may contain personal data – for example, about employees. Or we might be asked to provide advice on corporate governance, which often involves analysing documents containing personal data. Sometimes we incorporate that information in documents we have drafted, such as reports or contracts.
We also offer notarial services, for example by providing legal advice, legalising documents, and preparing, handling, executing and storing notarial deeds.
We also process some of the personal data mentioned above for internal knowhow purposes. For example, we store relevant files (after removing most personal data) and some of our interactions with others, such as representatives of supervisory authorities, attorneys and judges, in our internal knowhow repository, to retrieve this information at a later date.
We do this processing on the basis of our clients’ legitimate interest in establishing, exercising and defending their legal rights, on the basis of our own commercial interest to offer high quality professional services and we may also do this because we are legally obliged to.
We will also use the contact details (name, address, email address) of our client (or their contact person) to send invoices. We do this to enable us to collect fees for our services, as part of the performance of the agreement between us and our client.
Lastly, we store this data to allow for a possible audit. We do this because we are legally obliged to.
We retain our files for 20 years after the matter is closed, unless we are required by law to retain the files for a longer period of no more than 30 years (for example, in certain environmental cases). After this period, we will offer to return original documents which were provided by the client, and we will securely destroy all files. For notarial files, the retention periods prescribed by law apply.
Prior to most engagements, we collect certain information to verify the identity of the client, in order to comply with anti-money laundering legislation and legislation governing Dutch legal professions. coenttb is obliged to report unusual transactions to the Financial Intelligence Unit (FIU-Nederland). In that case, coenttb must also provide the information it collected. coenttb retains this information for a period of five years after the termination of the relationship or the performance of the transaction, unless this information has become part of a matter, in which case it is retained as long as the file of the matter is retained.
Sometimes, we share information processed in the course of providing services, including with lawyers from other firms, other advisors to clients, and courts. But only if this is possible within the boundaries of the strict confidentiality imposed on lawyers and notaries. In some cases, this is because you have given us permission, and in other cases, this is because our clients have a legitimate interest in establishing, exercising or defending their legal rights.
When you digitally sign documents through Docusign in the context of our legal services, we collect your email address, IP address and an image of your signature, as well as the time and date on which you used the service. We store this information in the matter related to the document you signed, and use it to document the signing process. We do this because we have a legitimate interest in retaining evidence of the signing. This data is available to all parties on behalf of which this document is signed, who may be located outside of the European Union or the European Economic Area.
5. What data do you store in your CRM system and what happens with it?
coenttb uses a company-wide system to keep track of its contacts. For most persons, we store the name, email address, phone number, job title and work history (e.g., what organisation did someone work for previously, or is now working for). We sometimes also store additional information about someone, such as the industry they work in, gender, mailing language, areas of interest, home address, birthday, a spouse/partner’s name, hobbies, and other personal notes. We also keep track of the mailings we send to this person. For our alumni, we also note when someone has left the firm. If, in the past, you have been a client of coenttb, were subscribed to our newsletters, or have worked with coenttb, your records are probably in this system.
We use this data to:
address you personally and ensure that persons within the firm communicating with you know your relevant personal details
get a better overview of your network, the company you work for and its market(s)
send you newsletters, updates about our firm and invitations to our events
For the last purpose, we share your name, email address and areas of interest with Advanced Computer Software Group Ltd., who are our emailing provider for these kinds of communications. If you are not yet a subscriber, you can subscribe by sending an email to info@tenthijeboonkkamp.nl. You can always unsubscribe from receiving newsletters or change your preferences by sending an email to the same address.
We use your data on the basis of our interest in building and maintaining our network of personal contacts, with the exception of the sending newsletters, which we will only do with your consent.
We archive your data if it has not changed in 36 months and you have not received a mailing via our CRM system during this period.
6. Do you use my data for other purposes?
coenttb may also process some of the personal data described above to:
comply with a legal obligation
to investigate, establish, exercise or defend against legal claims
prepare for and give effect to a sale, merger or other transaction involving coenttb’s assets
For the first purpose, our legal basis can be found in the obligation to comply with legal obligations. For the other purposes, our processing for this purpose is based on our legitimate interest to do so.
7. How do you secure my data?
coenttb takes office-wide security measures as part of its information security framework. Technical measures include the use of access controls, firewalls, network segmentation, virus scanners, traffic monitoring, penetration tests, and encryption of laptops, phones and USB sticks. Organisational measures include a clear screen policy, confidentiality provisions, screening of personnel, privacy and security training and awareness, and implementing controls in contracts with suppliers.
8. How do you share data outside the EU?
In circumstances where coenttb transfers personal data to other parties, in those countries outside of the EU/EEA without an adequacy decision, transfer is usually necessary for the establishment, exercise or defence of legal claims. Otherwise, coenttb will ensure that it provides appropriate safeguards for this transfer in accordance with the GDPR. You can contact privacy@tenthijeboonkkamp.nl for more information about these safeguards.
9. What happens when you receive an order to disclose personal data?
While this is unlikely, we may be required to disclose personal data by a court order or to comply with other legal or regulatory requirements. We will do everything we reasonably can to notify the persons involved before we disclose this data, unless we are legally restricted from doing so.
10. To whom can I address my questions and requests for inspection, correction and removal of my personal data, and what other rights do I have?
You are entitled at any time to request inspection, correction, removal or restriction of the processing of your personal data by coenttb. In addition, in some cases you have the right to receive your data in a structured format (i.e., data portability). Please send your request, as well as other privacy-related questions you might have, to our Data Protection Officer at dpo@tenthijeboonkkamp.nl. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
11. Marketing
We may use your contact information to send you marketing communications. These may include notifications about our new features, products, or promotional offers. You can opt out of these communications at any time.