Privacy Statement

DayOne Advocaten respects your privacy and ensures that the personal data we receive will be treated confidentially. DayOne is responsible for the careful processing of personal data in accordance with the General Data Protection Regulation (GDPR). This privacy statement sets out how and why we use and process your personal data.

 

Personal Data

DayOne is the data controller as defined in the GDPR. Personal data means any information that relates to an identified or identifiable natural person. DayOne processes personal data to offer and improve its services and to communicate with you as the subject. Personal data are processed because you as the subject have provided these data at your own initiative, have been collected in the context of our services, have been provided by third parties including opposing parties, or from public sources. The personal data we process relate to the relationship between DayOne and you as the subject.  

 

Examples of the personal data that we process are:

  • Contact details (name, address, e-mail address and telephone number)
  • Information needed for invoicing such as the invoice address and bank account number
  • Information on the employer and position
  • Personal data of opposing parties required to execute our services
  • In particular cases: special categories of personal data
  • Image and/or sound materials

 

Purpose of Data Processing

DayOne processes your personal data only if required for the purposes listed below:

  • Provision of legal services (brief) such as advice and litigation;
  • Sending and collecting invoices;
  • Compliance with statutory obligations and obligations imposed by the Dutch Bar Association (NOvA);
  • Preventing and fighting fraud and misuse;
  • Handling complaints and questions;
  • Maintaining contact;
  • Providing information;
  • Improving our services;
  • Recruitment and selection (job applications);
  • Personnel records;
  • Absenteeism and reintegration.

 

DayOne processes personal data of:

  • DayOne clients and other subjects (including opposing parties) insofar as required for our legal services;
  • Recipients of DayOne newsletters and invitations;
  • Participants in meetings and courses organised by DayOne;
  • (borrowed) Personnel and job applicants.

 

Principles of Processing

DayOne processes your data based on your consent, or because this is necessary to execute the agreement (such as contracts for legal services or (to enter into) an employment contract), to establish, exercise or defend legal claims. You may withdraw your consent at any time.

DayOne can furthermore be required to process your data because of legal obligations, for instance to demonstrate that it complies with the GDPR rules or its obligations as an employer.

On a final note, DayOne may process data based on the legitimate interests of DayOne or of third parties.

 

Who Has Access to Your Personal Data?

DayOne’s staff and the third parties engaged by DayOne as processors have access to your data if necessary for exercising their duties. All parties are bound to confidentiality by the GDPR and/or their contracts with DayOne.

 

Sharing Data with Third Parties

DayOne may share your data with third parties if necessary for its services, taking account of the purposes listed above. Examples are having an expertise done, engaging IT providers or civil law notaries, but also providing your personal data in connection with proceedings, legal or otherwise, or correspondence with opposing parties.

DayOne can further provide personal data to third parties such as supervisory authorities or other public authorities, if required by law.

DayOne enters into data processing agreements with third parties processing your personal data on behalf and on the instructions of DayOne. Under such data processing agreements third parties are also required to comply with the GDPR. Third parties engaged by DayOne who offer services as data controllers, like civil law notaries and accountants, are responsible for compliance with the GDPR in (further) processing your personal data.

 

Protection of Your Personal Data

DayOne and its processors keep records of when and to whom they provide which data. The protection and security of your personal data is very important to DayOne. Taking account of the state of the art, we have appropriate technical and organisational measures in place to safeguard an adequate level of protection given the risks. If using the services of third parties, DayOne will agree on appropriate security measures in the data processing agreement to protect your personal data. If required, DayOne will inform you as soon as possible about the loss, theft or misuse of personal data.

 

Retention Periods

DayOne will not keep your data for longer than necessary for the purposes stated above or for DayOne’s legitimate interests. After expiry of the retention period your personal data will be removed.

 

Social Media, Cookies and User Data Website 

DayOne may keep user data for statistical purposes. The data collected from the website are anonymous and will not be sold by DayOne to third parties. On its website, DayOne does not use cookies. The website contains buttons and/or links to web pages or to social (media) networks or third-party websites like Twitter, LinkedIn or Facebook. DayOne does not monitor and is not responsible for the processing of your personal data by and through such third parties. For that reason, you use those media at your own risk. Before using third-party services, it is advisable to first read their privacy statements. Please use your browser’s help function to learn how you can enable, disable or remove cookies.

 

Your Rights

You have:

  • A right of access to your data;
  • The right to have your data rectified (modified or supplemented) or erased;
  • The right to have the processing restricted.
  • The right to object to the processing and use of your data.
  • The right of data portability. This means you have the right to receive your data for personal (re-)use or transfer to another organization;
  • All if and when the restrictions arising from the GDPR (Article 23) do not oppose the exercise of your rights.

 

If you would like to know which personal data DayOne processes, you can submit a request for access. Are your data incorrect, incomplete or irrelevant? In that case you can submit an additional request to have your data rectified or supplemented. You can send requests for access, rectification restriction, portability, erasure, withdrawal of consent or objections to the contact stated below. We will send you a reply within four weeks of receipt of your request.

There are circumstances that prevent DayOne from (fully) complying with your request. Examples are client confidentiality and statutory retention periods.

DayOne is not required by law to appoint a data protection officer. You can address any requests as referred to above to our contact person Gerben Metz at: metz@dayonelegal.nl.

Moreover, if you believe your data are being processed inappropriately, you can file a complaint with the supervisory authority, the Dutch Data Protection Agency. For contact details, see www.autoriteitpersoonsgegevens.nl/en.

You can always unsubscribe from our newsletters and invitations.

 

Changes

DayOne has the right to change the content of this privacy statement at any time without prior notice. Changes will be published on the website. We therefore recommend that you visit our website regularly.