Ten Thije Boonkkamp is the controller when you visit our websites, when we handle job applications, when we provide legal services, when you provide us with goods or services, when we use contact data in our CRM system, and when you visit our offices. In certain exceptional cases the client is the sole controller and Ten Thije Boonkkamp is the processor. For example, when you use our client portal Connect, for some applications the client may be the controller and Ten Thije Boonkkamp the processor. Where applicable, we will then conclude a data processing agreement. If we are the processor, and you contact us with a privacy-related question, we will refer you to the organisation that is the controller.

Our website, tenthijeboonkkamp.nl, is used to provide general information on Ten Thije Boonkkamp. tenthijeboonkkamp.nl is hosted by Heroku on its Europe region.

For all the websites, we collect the following usage data: your IP address, your browser, the pages you visit, when you visit those pages, and (where applicable) the previous/subsequent site you visit.

We use this data to:

1. administer the sites

2. generate usage statistics

3. provide for (additional) functionality on the sites

4. manage the sites by resolving any technical faults or improving accessibility to certain parts of the sites

5. ensure the security of our IT systems

We process this data on the basis of our interest to ensure that websites and apps remain functional and secure. We retain this data for 14 months, unless stated otherwise below.

Our website might also allow you to create an account. If you create an account, we will collect your name, email address, password and, where applicable, your employer. We use this data to register you with our website and provide you with access to the website. We use your email address to restore your password and to send you updates about our service. We retain account data for as long as you have an account with us.

When you visit tenthijeboonkkamp.nl, cookies are placed on your computer. Ten Thije Boonkkamp uses two types of cookies:

• Necessary cookies: Ten Thije Boonkkamp uses a cookie in order to offer the website’s basic functionality and to remember your cookie settings. This cookie is called _gat. It is stored for 24 months. If the _gat-cookie is used to throttle the request rate, then it is stored for one minute.

• Cookies for analytics: Ten Thije Boonkkamp uses cookies to generate anonymous user statistics to make our websites more user-friendly. We do this through Google Analytics, a web analysis service offered by Google Inc. (Google). Google uses aggregated statistical information to provide Ten Thije Boonkkamp with an understanding of how visitors are using our websites. To protect your privacy, we have configured Google Analytics to only store part of our visitors’ IP address and to not share data with others. Google may only provide this information to third parties if it has a statutory duty to do so or to the extent that the third parties are processing the information on Google’s behalf. We have signed a data processor agreement with Google. We use the following cookies for this purpose: _ga and _gid. These are stored for 24 months and 24 hours respectively. We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

To help us improve our services, we may collect and analyze certain information about how you use our products. This includes data about your interaction with our services, the frequency of use, and the events that occur within our products. This data is anonymized and does not include any personally identifiable information.

Ten Thije Boonkkamp provides legal services, such as in the context of investigations, litigation, corporate matters and notarial services. In the course of providing those services, we process personal data of different categories of people. These include clients, clients’ contact persons, witnesses, experts, counterparties, counterparties’ contact persons, counterparties’ lawyers and advisors, and persons whose personal data forms part of a file.

In particular:

1. When we assist in litigation and conduct investigations, we may search for relevant information in files provided by our clients or another party. We may use this information, including personal data, in documents we have drafted as part of our services. For litigation, this includes investigating and preparing court documents. For investigations, this includes reporting to a client on its compliance with applicable rules.

2. When we are engaged as advisor in corporate matters, we may set up or review a data room, which may contain personal data – for example, about employees. Or we might be asked to provide advice on corporate governance, which often involves analysing documents containing personal data. Sometimes we incorporate that information in documents we have drafted, such as reports or contracts.

3. We also offer notarial services, for example by providing legal advice, legalising documents, and preparing, handling, executing and storing notarial deeds.

4. We also process some of the personal data mentioned above for internal knowhow purposes. For example, we store relevant files (after removing most personal data) and some of our interactions with others, such as representatives of supervisory authorities, attorneys and judges, in our internal knowhow repository, to retrieve this information at a later date.

We do this processing on the basis of our clients’ legitimate interest in establishing, exercising and defending their legal rights, on the basis of our own commercial interest to offer high quality professional services and we may also do this because we are legally obliged to.

We will also use the contact details (name, address, email address) of our client (or their contact person) to send invoices. We do this to enable us to collect fees for our services, as part of the performance of the agreement between us and our client.

Lastly, we store this data to allow for a possible audit. We do this because we are legally obliged to.

We retain our files for 20 years after the matter is closed, unless we are required by law to retain the files for a longer period of no more than 30 years (for example, in certain environmental cases). After this period, we will offer to return original documents which were provided by the client, and we will securely destroy all files. For notarial files, the retention periods prescribed by law apply.

Prior to most engagements, we collect certain information to verify the identity of the client, in order to comply with anti-money laundering legislation and legislation governing Dutch legal professions. Ten Thije Boonkkamp is obliged to report unusual transactions to the Financial Intelligence Unit (FIU-Nederland). In that case, Ten Thije Boonkkamp must also provide the information it collected. Ten Thije Boonkkamp retains this information for a period of five years after the termination of the relationship or the performance of the transaction, unless this information has become part of a matter, in which case it is retained as long as the file of the matter is retained.

Sometimes, we share information processed in the course of providing services, including with lawyers from other firms, other advisors to clients, and courts. But only if this is possible within the boundaries of the strict confidentiality imposed on lawyers and notaries. In some cases, this is because you have given us permission, and in other cases, this is because our clients have a legitimate interest in establishing, exercising or defending their legal rights.

When you digitally sign documents through Docusign in the context of our legal services, we collect your email address, IP address and an image of your signature, as well as the time and date on which you used the service. We store this information in the matter related to the document you signed, and use it to document the signing process. We do this because we have a legitimate interest in retaining evidence of the signing. This data is available to all parties on behalf of which this document is signed, who may be located outside of the European Union or the European Economic Area.

Ten Thije Boonkkamp uses a company-wide system to keep track of its contacts. For most persons, we store the name, email address, phone number, job title and work history (e.g., what organisation did someone work for previously, or is now working for). We sometimes also store additional information about someone, such as the industry they work in, gender, mailing language, areas of interest, home address, birthday, a spouse/partner’s name, hobbies, and other personal notes. We also keep track of the mailings we send to this person. For our alumni, we also note when someone has left the firm. If, in the past, you have been a client of Ten Thije Boonkkamp, were subscribed to our newsletters, or have worked with Ten Thije Boonkkamp, your records are probably in this system.

We use this data to:

1. address you personally and ensure that persons within the firm communicating with you know your relevant personal details

2. get a better overview of your network, the company you work for and its market(s)

3. send you newsletters, updates about our firm and invitations to our events

For the last purpose, we share your name, email address and areas of interest with Advanced Computer Software Group Ltd., who are our emailing provider for these kinds of communications. If you are not yet a subscriber, you can subscribe by sending an email to info@tenthijeboonkkamp.nl. You can always unsubscribe from receiving newsletters or change your preferences by sending an email to the same address.

We use your data on the basis of our interest in building and maintaining our network of personal contacts, with the exception of the sending newsletters, which we will only do with your consent.

We archive your data if it has not changed in 36 months and you have not received a mailing via our CRM system during this period.

Ten Thije Boonkkamp may also process some of the personal data described above to:

1. comply with a legal obligation

2. to investigate, establish, exercise or defend against legal claims

3. prepare for and give effect to a sale, merger or other transaction involving Ten Thije Boonkkamp’s assets

For the first purpose, our legal basis can be found in the obligation to comply with legal obligations. For the other purposes, our processing for this purpose is based on our legitimate interest to do so.

Ten Thije Boonkkamp takes office-wide security measures as part of its information security framework. Technical measures include the use of access controls, firewalls, network segmentation, virus scanners, traffic monitoring, penetration tests, and encryption of laptops, phones and USB sticks. Organisational measures include a clear screen policy, confidentiality provisions, screening of personnel, privacy and security training and awareness, and implementing controls in contracts with suppliers.

In circumstances where Ten Thije Boonkkamp transfers personal data to other parties, in those countries outside of the EU/EEA without an adequacy decision, transfer is usually necessary for the establishment, exercise or defence of legal claims. Otherwise, Ten Thije Boonkkamp will ensure that it provides appropriate safeguards for this transfer in accordance with the GDPR. You can contact privacy@tenthijeboonkkamp.nl for more information about these safeguards.

While this is unlikely, we may be required to disclose personal data by a court order or to comply with other legal or regulatory requirements. We will do everything we reasonably can to notify the persons involved before we disclose this data, unless we are legally restricted from doing so.

You are entitled at any time to request inspection, correction, removal or restriction of the processing of your personal data by Ten Thije Boonkkamp. In addition, in some cases you have the right to receive your data in a structured format (i.e., data portability). Please send your request, as well as other privacy-related questions you might have, to our Data Protection Officer at dpo@tenthijeboonkkamp.nl. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

We may use your contact information to send you marketing communications. These may include notifications about our new features, products, or promotional offers. You can opt out of these communications at any time.