This Privacy Statement applies to the processing of the personal data of (the contact people at) our clients, business relations and referrers, recipients of our communications and those who attend our events, as well as to the visitors to our website www.bestacking.com.
BeStacking B.V. is the controller for the processing of your personal data. We may amend this Privacy Statement from time to time, if there are changes to how we process your personal data, for instance, or if this is necessary on the basis of regulations. We shall inform you of essential changes.
Content of the Privacy Statement:
- To whom does this Privacy Statement apply?
- What personal data does BeStacking process in relation to you?
- For which purposes do we process your personal data? ?
- What is the legal basis for the processing of your personal data?
- How did we obtain your personal data?
- How long do we keep your personal data?
- Who has access to your personal data?
- Transfer of personal data to countries outside the EEA
- How do we secure your personal data?
- Your rights
- Third-party websites
- Our contact details
1.To whom does this Privacy Statement apply?
This Privacy Statement applies to everyone who visits our website and to people whose personal data are processed by BeStacking.
People whose personal data are processed by BeStacking in the context of its provision of legal services are:
- Contact persons at our clients;
- Contact persons at our potential clients;
- Contact persons at our business relations;
- Contact persons at our referrers;
- Recipients of our communications, such as our newsletters and invitations to events organised by or in cooperation with BeStacking;
- Visitors to our website www.bestacking.com;
- People who contact us otherwise or whose personal data we process otherwise in the context of our service provision.
2.What personal data does BeStacking process in relation to you?
The personal data we process in relation to you are:
- Personal data you have provided to us;
- Personal data that give insight into the use of our website or other electronic means of communication and;
- Personal data obtained from other sources.
Personal data provided by you
- contact details and other personal data which are needed for your case to be handled by a lawyer, civil-law notary or tax consultant. One the one hand these include details such as your name, address, telephone number, email address, job title(s) and (details of) your identification documents (identification data), and on the other hand, case details (client file);
- contact details and other personal data filled in on contact forms or other web forms. The precise content of the data depends on the content of the contact forms and web forms;
- contact details provided during initial meetings, events, seminars, etc. These may include details provided on business cards;
- Other personal data that are provided by you.
Personal data that give insight into the use of our website or other electronic means of communication. These could include data such as:
- IP address (unique number identifying your device when you connect with the internet), which we use to measure your interest in our website;
- your browsing behaviour on the website, including data on your first visit, previous visit and current visit, the
- visited pages and how you navigate through the website and the kind of device you are using; and
- the opening and reading of a newsletter or commercial email. This also includes clicking behaviour in the email or newsletter. In this context, we also refer to our Cookie Statement
Personal data obtained from other sources:
- personal data available on public professional social media platforms such as LinkedIn. These are names and contact details;
- personal data obtained from the Trade Register of the Chamber of Commerce and the Land Registry Office. This could include a Chamber of Commerce number and contact details; and
- personal data available on public professional websites, such as company websites.
3.For what purposes do we process your personal datas?
We may use your personal data for the following purposes:
- To perform a contract.
- To invoice for services rendered.
- To comply with our statutory obligations.
The State Taxes Act requires us to process and store certain personal data.
- To stay in contact with you.
We feel it is important to contact you with information that is relevant for you. We combine and analyse the personal data available to us in order to be able to do so. Based on this, we determine what information and channels are relevant and which moments are most suitable for providing information or making contact
- For (the communication regarding) webinars
When registering for a webinar, we ask for your email address to enable us to communicate with you regarding the webinar. You will receive a registration email at the email address you have provided. After the webinar you will also receive an email including a link to the recorded webinar. You will also receive this email if you indicated that you cannot attend the live webinar.
Furthermore, we ask you to provide the name of your company and your job title on a voluntary basis. If you provide that information, it will enable us to tailor the webinar to you more effectively.
In order to attend a webinar, you need to register your name and email address via the link we send you. We shall process the data regarding the webinar attendance (including registration details, time of registration, time of attendance and duration of your attendance).
With prior consent from you, we shall contact you to evaluate the content of the webinars and to check if we can be of further assistance to you. In the latter case, we may contact you through various communication channels, including by telephone, if you have filled in your phone number.
The list of participants will be shared internally with our Education department for the purpose of allocating training points. We shall also analyse this data to enable us to improve our webinars.
The participants are not audible or visible during the webinar, nor are their names visible. When asking questions during the webinar, the name of the individual asking the question will only be visible to the host (BeStacking) and not to the other participants. We shall process this data to enable us to answer questions during or, if necessary, after the webinar.
- To evaluate
With your consent, we shall send you an email including a link to the evaluation, an online questionnaire. Participation is on a voluntary basis and can be done anonymously. Prior to the evaluation, you will receive further information on how we shall handle the obtained information.
- To prepare analyses
To prepare analyses we use:
– Interaction data:
Personal data obtained from contact between BeStacking and you. For example, on your use of our website or supporting applications. This also applies to offline interactions, including how often there is contact between BeStacking and you.
– Behavioral data:
Personal data that BeStacking processes on your behaviour, such as your preferences, opinion, wishes and needs. We can derive these data from your browsing behaviour on our website, for instance, the reading of our newsletters or because you requested information. But also from inbound telephone conversations and email contact with our employees. We collect and use information obtained via tracking cookies only with your consent, which you can withdraw at any time. See also our Cookie Statement
- To conduct client satisfaction surveys.
We sometimes ask clients to participate in a client satisfaction survey, through an online questionnaire. Participation is voluntary. Before each client satisfaction survey, you will receive further information on the procedure and the way in which we handle the information obtained.
- To improve and secure our website.
- To prepare user statistics.
The user statistics from the website enable us to get a picture of, among other things, the number of visitors, the duration of the visit, what parts of the website are viewed and the clicking behaviour of visitors. These are generic reports without any information on individual persons. We use the information obtained to improve the website.
- To monitor access to the office building and protect safety.
When you visit our office, we take down your name upon arrival. There are surveillance cameras on the exterior of the office building, at the entrances and the exits of our office building, in the basement car park belonging to the office building and at the reception desk. We do this in order to have a record of who is in the building in case of an emergency and to ensure that unauthorised people cannot gain access to the building. In principle, the camera footage will be destroyed within 4 weeks.
- To perform audits.
4.What is the legal basis for the processing of your personal data?
We process your personal data only when this is permitted on grounds of one of the legal bases cited in the General Data Protection Regulation (GDPR). We are guided by the following legal bases:
- We ask your consent for participation in a client satisfaction survey.
- We ask your consent for direct marketing purposes, which will be specified in detail when you give your consent. You can find more information on this subject in this Privacy Statement.
- If we have requested and obtained your consent to process your personal data, you have the right to withdraw such consent at any time. You can do this here or by contacting us.
The processing is necessary in order to establish a contract or in the run-up to the establishment of a contract
- If you give us an assignment, we process personal data if and to the extent this is necessary in order to perform the assignment.
- We may also process personal data if we have a legitimate interest and this does not breach your privacy disproportionately. We use your contact details to invite you to seminars and events, for instance.
- We also have a legitimate interest if we use your personal data to contact you after you have approached us yourself.
- We do not always need permission to contact you. If we obtain your email address as a result of providing services, we can offer you similar services via direct marketing. In that case, we have a legitimate interest in offering you these services.
5.How did we obtain your personal data?
We obtain some information automatically when you visit our website. We collect this information via cookies, for instance. In this context, we also refer to our Cookie Statement.
We obtain other information if you actively provide it to us. For example, if you are or become our client or if you sign up for newsletters or events.
We also obtain information from third parties, such as personal data from the Trade Register of the Chamber of Commerce and the Land Registry Office, or personal data available on public professional websites. We also obtain information from professional social media sources like LinkedIn.
6.How long do we keep your personal data?
We will not keep your personal data longer than strictly necessary for the purposes for which they are processed, unless statutory requirements obligate us to keep your personal data longer. More specifically, the applicable retention periods are listed below.
- We will delete your personal data if you have withdrawn your consent or have decided to opt out.
- We will keep your personal data in our contact database for up to two years from the day the business relationship ends. After this period of two years we shall delete your personal data.
- The personal data that were processed to verify the identity of a client or its representative will be kept for five years from the day the business relationship ends.
- The retention period of the client files is subject to several factors, including the type of matter it concerns. We usually keep client files for a period of five or twenty years after the file is closed. It depends on the applicable time limit of the file in question. We shall keep certain documents in accordance with the statutory retention periods. These retention periods are 20 or 30 years, or even indefinitely.
- In the event that you have registered for a webinar, we shall delete your registration details from our CRM system after we have sent you the recording of the webinar, unless you have given us your consent to use your details in the future. In that case, such data processing is subject to the applicable retention periods.
- The information regarding the webinar, which has been provided to or registered by our supplier will be stored for one year, to enable us to analyse and continue to improve the webinars.
- For the reasons described above, evaluations of the webinar will be stored for six months. In the event that you have provided your telephone number and/or email address with the evaluation, we shall delete that information as soon as we have contacted you.
- Camera footage will be destroyed within four weeks, unless there is an incident which requires us to hold on to the footage for longer.
- We will delete visitor registration details within seven weeks from the date the right to access the information expires or from the date of the visit.
7.Who has access to your personal data?
Your personal data are only accessible to people at BeStacking authorised to access them on a ‘need-to-know’ basis. Outside of the situations mentioned in this Privacy Statement, we will not disclose your personal data unless we deem this disclosure necessary in order to satisfy our statutory obligations, to protect our rights or someone else’s rights, or to enforce compliance with this Privacy Statement.
Sometimes it is necessary to share your personal data with third parties. Depending on the circumstances of the case, this may be necessary in order to handle your file. There are also statutory obligations which mean that personal data must be passed on to third parties
Personal data are provided to third parties in the following cases, among other things:
When handling a file, it may be necessary to share your personal data with third parties.
Your personal data are not shared with third parties for commercial purposes. There is one exception to this. We sometimes work with other organisations to organise a joint activity, such as an event or seminar. In that case, only the necessary contact details will be exchanged.
Personal data may also be provided to third parties in the event of a reorganisation or merger of our business or sale of (part of) our business.
We may engage service providers (processors) for the processing of your personal data, who process personal data exclusively on our instructions. We conclude processing agreements with these processors which fulfil the requirements of the General Data Protection Regulation (GDPR).
We work with service providers who provide SaaS (software as a service) solutions or hosting services. There are also ICT service providers who help us keep our systems secure and stable. We also use third-party services to send newsletters and commercial emails.
8.Transfer of personal data to countries outside the EEA
When your personal data are processed, your personal data may be shared with third parties. These parties may be located outside the EEA. When applicable, we have taken appropriate security measures for sharing the personal data. The processor outside the EEA which provides us with services in the sending of online newsletters and email campaigns
and the processing of data filled in on the web forms on our website is located in the United States and has a registration for the EU-US Privacy Shield. More information on this can be found at: https://www.privacyshield.gov/welcome
9.How do we secure your personal data?
We do our utmost to take appropriate technical and organisational security measures to protect against the loss, abuse and alteration of your personal data for which we are responsible.
To ensure the security of your personal data, we have taken the following technical and organisational measures, among other things:
- Availability and continuity: We do our utmost to ensure optimal availability and continuity of our website and our systems.
- Device management and security: Exclusively devices managed by BeStacking have direct access to our systems.
Devices that are not managed by BeStacking only have access to our system via a VPN connection secured by means of passwords and two-factor authentication.
- Physical security: Our building is secured by physical access control and camera security. Only people authorised to access our building may enter.
- Authorisations: The access to our systems is protected via role-based security.
- Encryption: We use encryption to secure our laptops and the exchange of data with you can, on request, also take place using encryption.
- Thread protection: Various systems have been put in place to prevent unauthorised access and exchange of personal data.
- GDPR design: Every new system we consider adopting must be tested in advance for the principles of privacy by design and privacy by default.
- Data Protection Impact Assessments (DPIA): Before we put a new system into use, we will also subject that system to a data protection impact assessment, if required by law.
You have various privacy rights pursuant to the privacy regulations.
You can request:
- to inspect the personal data we process in relation to you.
- to amend your personal data or supplement these if you believe that the personal data we process in relation to you are incomplete or inaccurate.
- to have certain personal data relating to you erased.
- to have your data transferred to another party.
- you can also object to the processing of your personal data.
For more information on the rights you can exercise on the basis of the privacy regulations, please see the website of the Dutch DPA. See this webpage for an overview of your rights under the privacy regulations. In cases that arise, you also have the right to submit a complaint to the Dutch DPA.
13.Our contact details
Please contact us, if you have any questions or comments with regard to how we handle your personal data:
7665 AZ Albergen (NL)
Chamber of Commerce number: 88130967
Or via email: firstname.lastname@example.org