+31 20 522 44 20
info@acr.amsterdam

Keizersgracht 212
1016 DX Amsterdam
Get directions

Privacy Statement

  • 01

    This is the privacy statement of AC&R B.V., based at Keizersgracht 212, 1016 DX Amsterdam (“AC&R”). AC&R is responsible for the processing of your personal data.

  • 02

    In this statement we explain how AC&R uses personal data when we provide legal services, when you apply for a job or when you act as a supplier to AC&R. The statement describes the personal data we collect, the purposes we use your personal data for, the legal basis for the processing of your personal data, how long we store your personal data, who we share your personal data with, how we protect your personal data and your rights regarding your personal data.

  • 03

    This privacy statement applies to all personal data that we process in the context of rendering our services as a law firm.

Personal data client

  • 04

    If you, or the company you work for, is a client of our law firm, the personal data we process includes:

    • Your full name, gender and, if applicable, your title, function and the company you work for.

    • Your contact details, including your e-mail address and phone number(s).

    • Information necessary for processing invoices and financial administration.

    • Your bank account information if this is necessary to transfer payments to you, for example if we receive payments for you in our third party bank account.

    • Further personal data we may be required to ask of you pursuant to applicable laws and regulations governing the legal profession, such as your date of birth and passport copies.

    • Any other personal data relating to you that you provide to us.

  • 05

    We use the personal client data for the following purposes and to the extent necessary for these purposes:

    • In order to provide our services to you and handle cases you have entrusted to us.

    • For the processing of invoices and financial administration.

    • For specific purposes requested by you or agreed on with you.

    • In order to comply with the laws and regulations applicable to us, for example with regard to the archiving of our files.

    • For business development purposes, for example to send you newsletters and business gifts or to invite you for events.

    • To establish, defend and exercise our (legal) position.

Personal data third parties

  • 06

    If you are not a client of our law firm, we may obtain personal data about you in the following circumstances:

    • When you are a counterparty of one of our clients.

    • When you are a legal counsel of a counterparty of one of our clients.

    • When your personal data is provided to us by, or on behalf of our clients or generated by us in the course of providing services to them, which may include special categories of data.

    • Any personal data you may provide to us directly, for example in the context of a job application or subscription to any of our events.

    • When you are a supplier of our firm or if you render services to us.

  • 07

    The personal data we obtain in these circumstances may include your full name, gender and, if applicable, your title, position and the company you work for, your contact details, including your e-mail address and phone number(s) and any other information you may provide or which may be provided about you in the circumstances referred to above.

  • 08

    We use the personal third party data for the following purposes and to the extent necessary for these purposes:

    • In as far as this is necessary to handle a case entrusted to us.

    • To handle your job application or subscription to any of our events.

    • In order to respond to communications we receive from you.

    • In order to comply with the laws and regulations applicable to us, for example with regard to the archiving of our files.

    • To establish, defend and exercise our (legal) position.

    • In order to use services provided by you and to communicate with you about these services and the performance of a contract concluded with you.

    • For business development purposes, for example to send you newsletters and business gifts or to invite you to events.

Legal basis

  • 09

    We process your personal data only if and to the extent that at least one of the following applies:

    • You have given your consent for the processing of your personal data for one or more specific purposes.

    • The processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract.

    • The processing is necessary for compliance with a legal obligation to which we are subject.

    • The processing is necessary in the legitimate interest of our clients, ourselves or third parties, for example in order to handle a case entrusted to us against you or your client or for managing and administering the relationship with our clients and suppliers. When we process your personal data for our legitimate interests or the interests of a third party, we will take reasonable measures to prevent unwarranted harm to you.

    • If we process your personal data based on consent, you may withdraw your consent at any time by contacting us.

Archiving

  • 10

    We will keep your personal data no longer than necessary to achieve the purposes outlined in this privacy statement. In addition, the laws and regulations applicable to our profession require that we archive our files for a minimum period of 5 years.

Sharing your personal data with third parties

  • 11

    In connection with the provision of our services we may need to share your personal data with regulatory authorities, courts, tribunals, government agencies, law enforcement agencies and our clients. We will do this only to the extent allowed by law and the GDPR and to the extent necessary for legitimate purposes.

  • 12

    We may also need to allow our suppliers and sub-suppliers access to your personal data when they perform services on our behalf (mainly to maintain and support our ICT systems and for administrative purposes). Any transfer of personal data outside the EU/EEA is made in line with applicable data protection laws. Our international transfers of personal data outside the EU/EEA are based on the EU Commission’s Standard Contractual Clauses.

Protection of personal data

  • 13

    AC&R has taken appropriate technical and organizational measures to protect personal data against loss or against any form of unlawful processing. Our document management system, email system and the servers we use are certified in accordance with the internationally recognised security standard ISO 27001. Third parties we engage for the processing of personal data are required to adequately safeguard your personal data, subject to agreements that correspond to the requirements of applicable laws.

Your rights

  • 14

    You have the right to access the personal data we process about you, to rectification or correction of your personal data, to request us to remove your personal data from our files and systems, to object to or request restriction of our processing of your personal data, to data portability, to lodge a complaint with a supervisory authority and to withdraw your consent for the future to the extent that the processing of your personal data takes place on the basis of your consent.

  • 15

    If you have any questions or requests regarding the use of your data, please contact us at info@acr.amsterdam.

Cookies

  • 16

    We do not use functional cookies, tracking cookies and/or third party cookies.

We have updated this statement on 1 January 2023.

Get in touch.

info@acr.amsterdam