Ovidius Law Privacy & cookie statement

Amsterdam, December 31st 2020

One of the fields that Ovidius advises on is privacy law, so you should rest assured that Ovidius treats your personal data with care. Ovidius explains how this is done in this privacy and cookie statement.


Background information on Ovidius, personal data and data processing

Ovidius Law B.V., hereinafter referred to as ‘Ovidius, we or us’, has its registered office in Amsterdam and is registered with the Chamber of Commerce under number 61229857. Ovidius is a law firm that specialises in employment law, contract law, corporate law and privacy law. We regard the privacy of our clients, employees, (website) visitors and other business contacts as extremely important.

Ovidius processes your personal data in accordance with the applicable privacy legislation, including the General Data Protection Regulation [Algemene Verordening Gegevensbescherming] (AVG). The term ‘personal data’ means any item of information that directly or indirectly leads to the identification of a natural person, such as a name, address and telephone number. The term ‘process’ means, for example, the collection, ordering, storing, changing, accessing, forwarding, deletion or destruction of data.

In principle, Ovidius is the controller with regard to your personal data. This means we have certain responsibilities and obligations regarding the way in which we process personal data.

You can contact us using the contact details on our website. If you have a question about this privacy and cookie statement or the way we process your personal data, please contact us via privacy@ovidius.law.

Who does this privacy and cookie statement apply to?

This privacy and cookie statement is applicable to all natural persons whose personal data is processed by Ovidius. Examples of this are:

  • Visitors to our website.
  • The (contacts or directors of) clients of Ovidius.
  • Potential clients of Ovidius.
  • Applicants.
  • The (contacts or directors of) suppliers of Ovidius.

How does Ovidius receive and/or collect your personal data?

Ovidius processes personal data which you have issued to us yourself, for example in the context of the services we provide, if Ovidius is or becomes a client of you/your organisation, or if you contact us. Ovidius also receives personal data from other organisations within the framework of the legal services we provide, for example when your personal data is issued to us by a supplier, client or counterparty. Ovidius also uses personal data from certain public sources, such as the commercial register of the Chamber of Commerce and the Cadastre, Land Registry and Mapping Agency. Lastly, Ovidius processes personal data, to a very limited degree, which has been generated during your visit to our website. You can find more information about this last category under the ‘Cookies’ button.

Which personal data does Ovidius process and why?

Ovidius generally processes the following personal data:

  • Name and address details and contact information:such as your name and any title(s), address, place of residence, telephone number, email address, Chamber of Commerce number and job (title).
  • Bank details: your bank account number, VAT number and other financial details which are necessary for invoices or the financial processes relating to our business relationship.
  • Employment history: your education and work experience. We may also request and receive references.
  • Details about your visit to our website and the equipment used: for example part of your IP address, MAC address and the software used.

The nature of our services means that we will not always know in advance what personal data about you we will receive (from you or third parties). If, for example, we are dealing with a dispute under employment law that you are involved in (as a client or counterparty), we may process your date of birth, nationality, place of birth, gender and employment history.

Ovidius generally processes personal data for the following purposes:

  • To identify our clients.
  • To maintain contact with you.
  • To provide services, namely legal advice according to Dutch law in the legal fields Ovidius is specialised in.
  • To fulfil our legal duties (to retain).
  • To complete an application procedure.
  • To protect (other) legitimate interests of Ovidius, for example in the context of dealing with a complaint or maintaining our (financial) records.
  • To protect, use and improve our website.
  • To improve the quality of the services we provide.

What are the grounds for the processing?

When Ovidius processes personal data we do so on one or more of the following grounds:

  • Execution of an agreement: It may be necessary to process personal data in order to conclude an agreement, or in the run-up to that. When you commission us to provide services, we process personal data if and insofar as that is necessary for the execution of that commission.
  • Permission: We process some personal data based on your permission. You can withdraw this permission at any point in time and for any reason (see also the section entitled ‘Which rights can you exercise with regard to your personal data?’). If Ovidius stops processing personal data at your request, that may have consequences for the services we provide to you.
  • Statutory obligation: Ovidius processes personal data in order to comply with applicable legislation and regulations. Examples include tax legislation or legislation in the field of social security, as well as situations in which Ovidius is ordered, or asked, to issue personal data by a competent authority.
  • Legitimate interest: Lastly, Ovidius processes personal data on the grounds of one of its legitimate interests, for example processing in the context of internal management (including the (financial) records), for effective communication, the provision of legal services and to improve quality.

How does Ovidius protect personal data?

Ovidius does all it can to take suitable technical and organisational security measures to protect your personal data against loss, or against any form of unlawful processing.

Among other things, the following applies within that framework at Ovidius:

  • Ovidius does not process more personal data than is needed in order to provide its services to you and to achieve the other goals referred to above.
  • All Ovidius employees are obliged to observe confidentiality and will not share personal data with third parties (more information can be found in the section entitled ‘Who can we share personal data with?’). If they discuss (privacy-)sensitive issues with you, they will choose the right moment and the right place to do so.
  • Ovidius only uses secure computer programs, servers and connections. Our systems are periodically checked for suspicious activities, via monitoring by a certified third party.
  • Physical dossiers are kept in locked cupboards.
  • Our office is located in premises where there is a doorman (between 9.00 and 17.00). These premises can only be accessed outside office hours using a tag. Our office is also secured protected by a tag system and an alarm code. Only authorised people can access our office.
  • Whenever Ovidius engages a third party to perform certain activities for, or on behalf of, Ovidius, the latter guarantees that said third party maintains the same level of security and confidentiality as Ovidius.

Who can we share personal data with?

Ovidius shares personal data if this is necessary in order to execute the agreement with you properly, if Ovidius has a legitimate interest in this respect (for example the provision of legal services to parties other than yourself), or on the grounds of a legal obligation. Examples of parties with which Ovidius can share personal data are counterparties and their legal advisers, (other) advisers of our clients, the courts and our own suppliers. It goes without saying that, when sharing your personal data, Ovidius always observes the applicable requirements, for example by concluding data processing agreements – when applicable – or by asking your permission. In such instances Ovidius will, of course, observe the duty of confidentiality which applies to lawyers.

Ovidius tries not to forward personal data to parties in countries outside the European Economic Area. Whenever Ovidius does so, it will comply with the conditions which are imposed by the applicable privacy legislation, including the General Data Protection Regulation (GDPR).

How long is your personal data kept for?

We do not keep personal data for longer than necessary for the purpose for which you issued it, unless it has to be kept for longer in order to fulfil a legal duty, or because Ovidius has a legitimate interest in doing so. For example, an administrative duty to retain of seven (7) years applies to certain data. On the advice of The Netherlands Bar [Nederlandse Orde van Advocaten] we also keep personal data (in dossiers) for a maximum period of 20 years after the dossier in question has been closed. Personal data which is issued to Ovidius in the context of an application is, in principle, kept for up to 4 weeks after the application procedure has been completed, unless you have agreed to it being kept for longer.

Which rights can you exercise with regard to your personal data?

As a data subject you can exercise certain rights with regard to our processing of your personal data:

  • Information: You have the right to information about the personal data we process on you.
  • Access: You can ask Ovidius for access to the personal data it processes on you and for a copy.
  • Rectification or supplementation: You can ask Ovidius to rectify or supplement your personal data because, in your opinion, it is incorrect, incomplete, irrelevant, or is being used in contradiction of the law.
  • Deletion/erasure: You can ask Ovidius to erase your personal data, for example because you do not agree (any longer) with the processing of your personal data by Ovidius or because you are of the opinion that the processing of your personal data by Ovidius is not necessary (any longer) for the purpose for which you issued it to Ovidius.
  • Restriction:You can ask Ovidius to process less personal data. You can do this if your data is (possibly) incorrect and you have asked us to rectify it, if the processing of your personal data is unlawful, or no longer necessary, but you do not want the personal data in question to be deleted, or if you have objected to the processing due to your specific situation and Ovidius has not yet taken a decision on this matter.
  • Objection: You can object to us processing your personal data.
  • Revocation of permission: If you have given us permission to process your personal data, you can revoke this permission.
  • Data portability: You can ask Ovidius to make your personal data available in digital form, either to you or directly to another organisation.

If you wish to exercise one or more of the aforementioned rights, you can submit a request to this effect by email to privacy@ovidius.law. Ovidius will process your request as soon as possible and, in any event, by the deadline stipulated in law. Although Ovidius will try to comply with your request, this will not always be (fully) possible or permitted. The reason for this may, for example, be that Ovidius has to (continue to) comply with a legal obligation, or that Ovidius has a legitimate interest which has to take precedence over your interest. In such situations, Ovidius will inform you appropriately and help you look for a suitable solution.

Cookies

Although Ovidius does not use its own cookies on its website, it does use Google Analytics and social media buttons.

  • Google Analytics: A cookie is a small text file that your web browser saves on your computer. Analytical cookies record how visitors use a website. Ovidius can use this information, for example, to analyse the use of its website and generate statistics. Ovidius has taken measures to set up Google Analytics in the most privacy-friendly way possible. Ovidius has concluded a data processing agreement with Google and has opted (a) to have the last three digits of each IP address masked, (b) not to give Google permission to share the data collected with third parties and (c) not to use other Google services in combination with the Google Analytics cookies. According to the data processing agreement between Ovidius and Google, Google is allowed to keep the collected data for a maximum of 24 months. For further information, please refer to the Google Analytics privacy policy.
  • Vimeo: In order to play the video on our homepage, Vimeo places cookies via our website. The Vimeo cookie policy   can be found here.
  • Social media buttons: Various social media buttons have been placed on the Ovidius website. If you click these buttons, you will leave our website. This privacy and cookie statement is not applicable to (the processing of personal data by) the websites of third parties. For further information, please refer to the privacy policy of the websites in question.

Client satisfaction

Ovidius considers client satisfaction to be extremely important. If you are not satisfied with something, please let us know via privacy@ovidius.law. We will do all we can to find a satisfactory solution. If you are still not happy, you can use our complaints procedure. In addition to this you always have the right to submit, and have the option of submitting, a complaint about the processing of personal data by Ovidius to the Dutch Data Protection Authority [Autoriteit Persoonsgegevens].

Amendments

Ovidius reserves the right to amend this privacy and cookie statement, for example when changes occur in relation to processing, or in the event of changes to applicable legislation. The amended privacy and cookie statement will apply from date of placement.

This privacy and cookie statement was last amended on 31 December 2020 and replaces our previous privacy and cookie statement.