Privacy and cookie statement Legal ICT

Summary of our privacy and cookie statement

When processing personal data, we work in accordance with the requirements for the processing of personal data as laid down in the GDPR. This means we:

• Clearly specify our purposes before we process personal data, by using this privacy and cookie statement.
• Limit our collection of personal data to only the personal data needed for legitimate purposes.
• First ask for explicit permission to process your personal data in cases where your permission is required.
• Take appropriate security measures to protect your personal data and we demand the same from parties who process personal data on our behalf.
• Respect your right, such as the right to access, correct or delete your personal data held by us.

Purposes for which we process your personal data

In this privacy and cookie statement we explain what personal data we, at Legal ICT collect from you and for what purposes the personal data is used. By using our services or visiting our website www.ictrecht.nl/en, we obtain various personal data from you. For each purpose it is indicated what personal data we obtain from you, for what purpose we process this personal data and for how long the personal data will be retained. If you have any questions or would like to know exactly what personal data, we have from you, please contact us via the contact details at the bottom of this privacy and cookie statement.  

Providing our services

As an organization you can use our legal services.

For this purpose, we process the following personal data:

• Name contact person
• (Business) telephone number
• (Business) email address
• Name organization (optional)
• Payment details
• Invoice details
• Any content of correspondence

We need this information because of our agreement with you and to maintain the relationships resulting from this agreement. We store this information for the duration of the agreement. Certain information will be retained for a longer period if we are obliged to do so (for example because of the legal tax retention period of seven years).

Placing and handling orders

On our website (ICTRecht documents shop) you can place an order. When you place an order with us, we obtain certain personal data from you. We need this information to process your order.

For this purpose, we process the following personal data from you:

• Name
• Address details
• Invoice details
• Delivery address
• (Business) email address
• (Business) telephone number (optional)
• Payment details
• IP address

We need this information because of our agreement with you. We store this information until your order has been completed. Certain information will be retained for a longer period if we are obliged to do so (for example because of the legal tax retention period of seven years).

Academy

Legal ICT provides (in-house) training courses via the Academy. On our website you can sign up for a training or request a quotation for an in-house training.

For this purpose, we process the following personal data:

• Name participant
• Name organization (optional)
• (Business) telephone number
• (Business) email address
• Address details organization
• (Business) invoice details
• (Business) payment details
• Job title and background participant
• Purchase number/reference
• Academy progress
• Any content of correspondence
• Any dietary requirements

We need this information to send you the training materials and practical information, to issue a certificate of participation and to invoice you. We store this information until you have completed the training and until the payment has been made. Certain information will be retained for a longer period if we are obliged to do so (for example because of the legal tax retention period of seven years).

We usually provide training at a training location. For training, both the public training courses and the training courses within the training programs, we use an online learning environment too. For this purpose, we will create an account for you in our online learning environment. This account will be saved for half a year in case of a separate training course and for one and a half year in case of a one-year training program. To ensure that participants, who participate in a training program, who are (partially) unable to attend, can still attend the courses, we record the majority of the training courses within the one-year training programs. This is also part of the execution of the agreement. In the case of training courses within a training program, recordings are retained for as long as we deem necessary. In case of IAPP courses recordings are retained for three months. The recordings are published in our online learning environment, which is only accessible to fellow participants who participate in a training program. If they participate in a training course that is recorded and we record personal data in the process, we do so based on our legitimate interest, namely the interest to fulfill the agreement with the participants in the training course (as described above). Should you, as a single participant, object to this, you can make this known at the start of the training or via the contact details at the bottom of this statement. No recordings will be made of separate training courses that do not form part of a training program.

IAPP

Legal ICT is an official training partner of the International Association of Privacy Professionals (IAPP). Through the IAPP you can obtain certain internationally recognized certifications. To be able to follow the official IAPP training (CIPP/E, CIPT or CIPM) and gain access to the IAPP portal with relevant training material, including a voucher for the IAPP exam (and therefore to be able to execute the agreement with you), we provide your personal data to the IAPP. This includes your:

• Name participant
• Name organization and address
• Contact details
• Which certification you wish to obtain, and which date you will follow the training

The IAPP is responsible for the use of your personal data. Consult the privacy statement of the IAPP for more information. We retain your personal data until the training is completed and for one year thereafter.

Anonymization

We may anonymize personal data obtained through the use of this website. This means that the personal data originally obtained by us is made anonymous in such a way that the person concerned can no longer be identified on the basis of this data. The data therefore are no longer considered personal data and there are no privacy risks associated with the data.

We have a legitimate interest in making the data anonymous. By means of these anonymized data we can carry out statistical research and improve our website.

Contact

We offer various ways to contact us. You can contact us by phone, but also via e-mail or our contact form.  

For this purpose, we process the following personal data:

• Name
• (Business) e-mail address
• (Business) telephone number
• Name organization (optional)
• Any information you enter yourself as the contact of a message

We use this information to properly handle your request to contact you and to carry out the agreement with you to this end. We store this information until we feel that you are satisfied with our response.

Applying for a job with us

Have you responded to one of our vacancies or submitted an open application? If so, we will process your personal data in order to process your application.

For this purpose, we process the following personal data:

• Name
• Address details
• Telephone number
• Curriculum Vitae
• Motivation letter
• Salary indication
• References
• Any other information you enclose with your application

We need this information in preparation for the possible conclusion of an employment contract. If we do not hire you, we will store your application details for a maximum of six weeks after the position has been filled.  This way, we can still approach you if, on second thought, the previous candidate turns out not to be suitable. If we are unable to offer you a job at this time, we may – with your permission – keep your application details for a further year. You can withdraw your consent at any time by sending us an email. If you come to work for us, we will save your application data in the personnel file.  

Part of the application procedure is a social media and internet check. This is necessary to ensure that our image is maintained when hiring new staff. We do this on the basis of our legitimate interest. For this purpose, we search your name on Google and, if necessary, your profile(s) on social media. This of course, for as far as these profiles are public; we will not ask you to grant us access to a protected social media page or to make a connection with us. The results of this social media and internet check will be discussed with you. We do not reject people just because of screening results. If you object to this, you can indicate this by e-mail at the time of your application. 

If we need help from external HR consultants with regard to your application, we may forward your data to them. We may also forward your application to other ICTRecht B.V. affiliated companies if your application is relevant to them.

When can we provide your personal data to third parties?

Legal ICT only shares your data with third parties when this is allowed by current legislation. It may happen that we provide your personal information to third parties, because:

• we have engaged them to process certain data;
• it is necessary to carry out the agreement with you;
• you give permission for this;
• we have a legitimate interest in this;
• we are legally obliged to do so (e.g. if the police demand this in case of a suspicion of a crime).

The parties that process personal data in our or your assignment:

• Cookie service providers (please see the cookie table below)
• IT suppliers and service providers
• Our hosted e-commerce platform
• Online tools for examination and evaluation
• Delivery service
• Payment service providers (and debt collection agency)
• Consultants
• Event organizations and locations

In order to provide its service, Legal ICT may provide your personal data to parties established outside the European Economic Area (EEA). Legal ICT will only do this if there is an adequate level of protection for the processing of personal data. This means, for example, that we use a model agreement from the European Commission or make agreements about the handling of personal data.

Security

We take appropriate security measures to limit misuse of, and unauthorized access to, your personal data. For example, we ensure that only the necessary people have access to your personal data, that access to your personal data is secured and that our security measures are checked regularly. Amongst other things, we take the following security measures:

• logical access control on our laptops and systems, using passwords;
• physical access security measures, including access chips and camera security in our office building;
• encryption of digital files;
• organizational measures for access security;
• security of network connections via Transport Layer Security (TLS) technology;
• purpose-bound access restrictions and data storage within the EU.

We work digitally as much as possible: we shred old paper and digital documents are secured.

Social media buttons

On our website we use social media buttons, which redirect you to the social media platforms. The buttons are active because of bits of code that come from the social media networks. If you want to know what the social media platforms do with your personal data, please read the relevant privacy statement:

• LinkedIn (privacy policy)
• Twitter (privacy policy)
  

Use of cookies

We use first- and third-party cookies on our website. Cookies are small information files that can be automatically stored on, or read out from, the device (including a PC, tablet or smartphone) of the website’s visitor. This is done through the web browser on the device.

We, as well as third parties, use cookies on our website for the following purposes:

• to enable the functionality of our website (technical and functional cookies);
• to gain insights in the usage of our website and to improve our website on the basis of this information (analytical cookies);
• to enable us to provide you with advertisements relevant to you (marketing cookies).

These cookies collect the following data from you:

• IP address
• Cookie-ID
• Website and click behavior
• Referral URL

When you visit our website for the first time, we will display a message with an explanation about the cookies we use. We will ask for your consent to place the cookies, when we are required to do so.

In the table below you will find an overview of the cookies we use.