Privacy policy.
As a client of RPS Legal, your privacy is of utmost importance to us. We are therefore dedicated to protecting your personal data and respecting your privacy. In this privacy notice, you can find out more about how we look after your personal data.
Accordingly, this privacy notice sets out relevant information related to the controller of data, the types of data we collect, the manner in which such information is processed and the rights of the data subject.
1 - THE CONTROLLER
RPS Legal is the controller and is responsible for your personal data. RPS Legal is registered with the Chambers of Commerce (KVK) with a registration number of 65102711, and is located at Joop Geesinkweg 841, 1114 AB, Amsterdam. We can be reached either by phone 020-6974000 or by email at info@rpslegal.nl.
2 - THE DATA WE COLLECT
The kind data we collect in this regard relates primarily to ‘personal data’ or ‘personal information,’ which is defined under art. 4 (1) GDPR as “any information relating to an identified or identifiable natural person.” The notion of Personal data therefore does not include anonymized data and, in some instances, pseudonymised data.
We may collect, use, store and transfer different kinds of personal data about you which may include:
Identity Data: such as first name, middle name, last name, username or similar identifiers, marital status, title, date of birth and gender.
Contact Data: such as billing address, delivery address, email address and telephone numbers.
Financial Data: such as bank account and payment card details.
Transaction Data: such as details about payments to and from you and other details of services you have engaged from us.
Technical Data: such as internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Profile Data: such as your username and password, your interests, preferences, feedback and survey responses.
Usage Data: such as information about how you use our website, products and services.
Marketing and Communications Data: such as your preferences in receiving marketing from us and our third parties and your communication preferences.
Aggregated Data: such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal the data subject’s identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. If the aggregated data can directly or indirectly identify a data subject, it will be treated as personal data.
3 - DATA COLLECTION PROCESS
Data can be collected through a number of different methods, such as:
Direct interactions: You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
seek legal advice from us;
apply for our services online via our contact form, enquiry form, chat function and other interactive platforms;
subscribe to our publications such as newsletters on our website; o request marketing to be sent to you;
give us some feedback; o attend our seminars, training programmes and presentation workshops; o enter a competition, prize draw or promotion.
Automated technologies or interactions. As the data subject interacts with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about the if you visit other websites employing our cookies.
Third parties or publicly available sources. We may receive personal data about the data subject from various third parties and public sources such as Technical Data including analytics providers such as Google, who is based outside the EU, advertising networks and search information providers. We may receive Contact Data through online publicly available sources for example, corporate websites, corporate profile sites such as LinkedIn and government registers such as Companies House.
4 - USE OF PERSONAL DATA & LAWFUL BASIS
Use of personal data will be based on a legal basis provided for by law and may include the following circumstances:
Performance of Contract: where we need to perform the contract or legal service, we are about to enter into or have entered into the data subject.
Legitimate Interest: Where it is necessary for our legitimate interests or those of a third party and, and when the data subject’s interests and fundamental rights do not override those interests. Our legitimate interest will include for example, market research purposes, marketing purposes and appropriate controls to ensure our website, processes and procedures are running effectively.
Compliance with a legal obligation: Where we need to comply with a legal or regulatory obligation. This will include maintaining records, compliance checks or screening and recording (e.g. anti-money laundering, financial and credit checks, fraud and crime prevention and detection, trade sanctions and embargo laws). This may include automated checks of personal data you provide about your identity against relevant databases and contacting you to confirm your identity or making records of our communications with you for compliance purposes.
Consent: Consent the data subject has provided either in the Client Agreement, General Terms and Conditions or through the website. The data subject maintains the right to withdraw such consent at any time by contacting us.
Below is a description of the ways and the legal basis upon which we process or use your personal data.
Purpose/ActivityType of DataLawful Basis for ProcessingBusiness DevelopmentIdentity; ContactConsent (art. 6 (1) (a); Legitimate Interest (art. 6 (1) (f)) Note: Necessary to improve quality and range of services received by clients.Register new clients and client engagementIdentity; ContactPerformance of contract (art. 6 (1) (b)); Compliance with a legal obligation (art. 6 (1) (c))Manage client-relationshipIdentity; Contact; Profile; Marketing & Communications; Financial DataPerformance of contract (art. 6 (1) (b)); Compliance with a legal obligation (art. 6 (1) (c)); Legitimate Interest (art. 6 (1) (f))Business Administration i.e., troubleshooting, data analysis, testing, system maintenance, etc.Identity; Contact; TechnicalCompliance with a legal obligation (art. 6 (1) (c)); Legitimate Interest (art. 6 (1) (f)) Note: Necessary for protecting the business and ensure network security, prevent fraud, etc.lDeliver relevant content and advertisements, as well as qualify the effectiveness of marketing measuresIdentity; Contact; Profile; Marketing & Communications; Financial Data; TechnicalConsent (art. 6 (1) (a); Legitimate Interest (art. 6 (1) (f)) Note: Necessary to analyze the use of our services, develop products and inform our marketing strategy.Use data analytics to improve website, products, etc.Technical; UsageLegitimate Interest (art. 6 (1) (f)) Note: Necessary to analyze the use of our services, develop products and inform our marketing strategy.Make suggestions and recommendations about our services, including promotionsIdentity; Contact; Usage; ProfileConsent (art. 6 (1) (a); Legitimate Interest (art. 6 (1) (f)) Note: Necessary to analyze the use of our services, develop products and inform our marketing strategy.
On Promotional Offers
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (marketing).
You will receive marketing communications from us if you have requested information from us or purchased our services and in that instance, you have not opted out of receiving that marketing.
On Opting Out
You can ask us or third parties to stop sending you marketing messages at any time by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or by contacting us at any time.
On Cookies
Please see our cookies policy to find out more about how we use cookies.
On Change of Purpose
RPS Legal will only use personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If the data subject wishes to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
On Personal Data relating to Minors
We process data related to minors only in very limited number of situations. In very limited cases where we have to request personal data regarding minors, we do so on basis of the legitimately obtained consent on a side of legally recognised parent/custodian responsible for the minor. In case it is required, the custodian will be sufficiently informed and the consent for processing of personal data related to a minor will be requested in accordance with applicable data protection legislation.
5 - DATA SECURITY
Appropriate security measures have been put in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, access to your personal data is limited only to those employees, agents, contractors and other third parties who have a need to know.
We have put in place procedures to deal with any suspected personal data breach and will notify relevant data subject’s and any applicable authorities of a breach where we are legally required to do so.
6 - DATA RETENTION
By law we have to keep basic information about our customers including Contact, Identity, Financial and Transaction Data for seven years after they cease being customers for tax and legal purposes.
Other information falling outside the scope of those required may also be retained as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your data (see section 8 below).
In some circumstances we may anonymise or pseudonymize your personal data so that it can no longer be associated with you for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
7 - YOUR DATA PROTECTION RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data. You can:
Request access to your personal data: This is commonly known as a "data subject access request." This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of your personal data: This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data: This enables you to ask us to delete or remove personal data where there is no good reason for us to continue retaining it. You also have the right to ask us to delete or remove your personal data where: (1) you have successfully exercised your right to object to processing (see below); (2) where we may have processed your information unlawfully or; (3) where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data: For example, where we are relying on a legitimate interest or those of a third party and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your applicable rights and freedoms.
Request restriction of processing your personal data: This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims or; (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request transfer of your personal data (data portability): We will provide to you, or a third party of your choice, your personal data in a structured, commonly used, machinereadable format.
Right to withdraw consent: Where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before consent was withdrawn. Note: if consent is withdrawn, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time of withdrawal.
On Exercising Rights under this Section
No fees will be required for a data subject to access their personal data or to exercise any of the other rights. Nonetheless, RPS Legal reserves the right to charge a reasonable fee if a request is clearly unfounded, repetitive or excessive. To ensure that data is only accessed by those who have a right to it, we may need to request specific information to help us confirm the data subject’s identity and ensure their right to access their personal data or to exercise any of their other rights.
We try to respond to all legitimate requests within one month. Occasionally, it may take longer than a month if the request is particularly complex or when a number of requests have been made. In this case, we will notify the data subject and keep him/her updated.
If you wish to exercise any of the rights set out above, please contact us.
8 - RIGHT TO COMPLAIN
Data subjects have the right to make a complaint at any time to the Dutch Data Protection Authority for data protection issues under the GDPR. RPS Legal would however value the opportunity to resolve whatever complaints or concerns that may arise in the first instance, before resort is made to the Dutch DPA. The DPA website and relevant procedures can be found here.
9 - CHANGES & MODIFICATIONS
We do our best to keep our data base accurate and up to date. We kindly request all our data subjects to keep us informed if any of their personal data changes during their relationship with us.
Similarly, we shall keep clients informed of certain changes that may take place with regard to our privacy policy. In that regard, RPS Legal reserves the right to amend this policy as it deems necessary in accordance with the law. Clients are advised to check the policy from time-to-time top stay up to date. However, in instances of drastic changes, clients will be informed accordingly.
Privacy Policy last updated: 15 Dec 2022