Nineyards Law is a limited liability company under Dutch Law and an internationally operating legal and notarial firm, with registered office and place of business in (1083HJ) Amsterdam, Netherlands at the Boelelaan 30 (Zuid-As)
Below, we will explain how Nineyards Law handles personal data in light of the General Data Protection Regulation, as well as on the basis of our professional rules and what your corresponding rights are.
Confidentiality in the relationship between a lawyer, notary and you as a client is secured by law through an obligation of secrecy for the lawyer and notary (“professional secrecy”) and the lawyer’s and notary’s right to stand by their obligation of secrecy (“legal privilege”). The professional secrecy is not absolute. For example, under the Dutch Law for the prevention of money laundering and terrorism financing (“Wwft”) also lawyers and the notaries can be under an obligation to report unusual transactions when a suspicion of money laundering or the financing terrorism is apparent, to the competent authorities, (see also below: ‘Legal grounds’ and ‘Sharing of personal data with third parties’).
All information about a -directly or indirectly- identified or identifiable natural person (“personal information” or “personal data”), which is provided to us as a lawyer or notary or which we obtain otherwise, is thus firstly treated as confidential based upon our legal obligations.
In addition, we as lawyers and notaries comply with the obligations with regard to the protection of personal data, resulting from the European General Data Protection Regulation 2016/679 and the Dutch Data Protection Implementation Act, inter alia by further informing you hereunder about the purposes and grounds of processing of personal data and to inform you about your rights
For suppliers, applicants, employees and contractors we refer to the information below. First we will discuss the processing of personal data of clients and third parties in the context of legal services.
We process personal data on particular for the purposes of our legal and/or notarial services.
This may be because the personal data have been provided by the data subject on his own initiative or because these data have otherwise been obtained in the context of the service; have been made known to us by third parties, including counterparties, or have become known through open sources.
We process these personal data in order to be able to communicate with the client or parties which are involved in the case at hand and to be able to execute the legal services agreement; for notarial activities (including identification and authentication); the setting up, defence or exercise of legal claims or conducting (legal) proceedings; (legal) advice, mediation and reference; paying, sending and collecting invoices; and to comply with our legal obligations. We can also process personal data for marketing activities, such as to invite you for a seminar or sending a newsletter.
We process personal data if this is necessary to comply with (a) legal obligation(s). For example, in the context of the Law on prevention of money laundering and terrorism financing (Wwft), we in some cases need to request and process further identification and information. We may also make and keep a copy of your identity document when we have to prove that we have complied with the legal identification requirement. We must also be able to process personal data for legal proceedings in order to comply with legal obligations.
Performance of the contract
In addition, we process personal data of which processing is necessary for the performance of the contract under which we provide our legal and/or notarial services. This may be necessary to deal with disputes or to be able to conduct legal proceedings, but also to be able to make payments or to collect claims.
In some cases we may also process personal data on the basis of a legitimate interest. For example, we may also process personal data of third parties or the counterparty in a legal proceedings in the context of establishing, exercising or defending of or against legal claims, or in the context of the legal proceeding, or in an administrative or out-of-court procedure. We may also sometimes have to process special personal data for that reason if the processing is necessary for the establishment, exercise or defence of legal claims. The processing of personal data in order to invite you for seminars or to send you a newsletter also serves a legitimate interest to inform our clients about our services and share knowledge.
Insofar we cannot base the lawfulness of the processing on one of the abovementioned grounds, we will always explicitly ask for consent of the data subject(s).
We will only share your personal data with third parties when necessary for the services as long as it is in compliance with the aforementioned purposes. For example, sharing personal data with another lawyer, notary or legal advisor for the handling of a case, for carrying out an expert review or involving of another third party in the context of our services, for example IT suppliers or a translation agency, and also the provision of your personal data for the purpose of (legal) proceedings or correspondence with the counter party. In addition, we have to provide personal data in exceptional circumstances to a supervising- or other public authority, insofar as we are under a legal obligation to do so. We do this only insofar as this is necessary and with observance of the abovementioned lawyer’s and notary’s professional secrecy and legal privilege.
We conclude a data processing agreement with third parties that processes personal data on our behalf, assuring that the third party will also abide by the rules of the GDPR. Third parties engaged by us, who offer services as controller of personal data, have an own responsibility to comply with the GDPR for (further) processing your personal data. This can be an accountant, a notary or an engaged third party for providing a second opinion or expert report.
Given that we are an internationally operating law firm, this may mean that we have to transfer personal data to another country. Insofar this concerns a country outside the European Union, or the European Economic Area, that provides less legal protection for personal data, we will ensure that an adequate level of protection is available.
From time to time, we use a web application MailChimp for managing and sending newsletters. This may mean that business e-mail addresses from a contact person of our client may be saved on a server in the United States of America. MailChimp is, however, a party to the EU-US Privacy Shield, which guarantees sufficient privacy protection (MailChimp is a product of The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA). For further information about the way MailChimp processes data, we refer to https://mailchimp.com/legal/privacy).
Our suppliers are in principle legal persons, but sometimes we need to process the personal data of the contact persons of our suppliers. This will always involve a limited number of data, for example contact details and other data required for communication and payment.
It will be clear that we only collect these data for implementing an agreement that we have concluded with the supplier or to comply with a legal duty or if a legitimate interest, such as security, requires so.
Contact persons of suppliers to Nineyards Law can always ask for access to their personal data which we process and/or exercise one or more of the other rights mentioned below. (See below for contact details)
For further information about het processing of personal data of applicants, employees and (legal) contractors of Nineyards Law, we kindly refer to privacy statements made available to them personally.
a) rights of access, rectification, portability or erasure of personal data
You have the right to and can request at any time to access, correct, transfer and/or delete your personal data.
b) right to restriction of processing and right to object to the processing of personal data
You may also submit a request to restrict the processing your personal data, such as for the receiving the newsletter or invitations or seminars, or to object to (certain) processing or – if we have obtained your explicit consent for (certain) processing, to withdraw your consent.
c) right of complaint
For complaints concerning the processing of personal data by Nineyards law B.V. we request you to inform us about your complaint using below contact details or otherwise. Furthermore, you have the right to lodge a complaint with the Dutch supervisory authority (“Autoriteit Persoonsgegevens”) in The Hague.
There may be circumstances where we cannot or cannot (fully) meet your request. For example, our professional secrecy or statutory retention periods may stand in the way.
We do not need to inform a third party data subject (for example a counterparty in a legal proceeding) about the processing of his/her personal data, if the personal data must remain confidential due to our professional secrecy obligations. The right to remove personal data can also not be exercised against us when we need the data for establishment, exercise or defence of or against legal claims. For the same reason, the processing of personal data can also not be restricted including a need to protect the rights of another natural or legal person.
The website of Nineyards Law only uses functional cookies. A cookie is a small file that is placed on a computer or mobile device of an Internet user by a web browser. On the website of Nineyards Law only session cookies are used. Session cookies are functional cookies intended for the website to work properly. These cookies are automatically deleted when you close your Internet browser.
From time to time, we use the web application MailChimp for managing and sending newsletters (see above). For further information about the cookies of MailChimp we refer to: https://mailchimp.com/legal/cookies/. You can also disable the cookies by indicating this in your browser.
We will, taking into account the state of the art, provide for appropriate technical and organizational measures that ensure an appropriate level of security. In case we use the services of third parties, for example IT suppliers, we will, in the context of protecting personal data, contractually assure adequate security measures.
Nineyards law keeps personal data for no longer than is necessary for the above-mentioned data processing purposes or is required by applicable laws and regulations.
For example, in order to comply with tax legislation, our accounts have to be kept for 7 years. Case files are, depending on the legal obligations, kept for 5 or 20 years.