Privacy Policy

Overview

At DFDL, we value your privacy and are committed to safeguarding the personal information that you have entrusted us with. Furthermore, we embrace transparency as a means of fostering trust and confidence with you. It is of paramount importance for us to enlighten you on our practices with regard to data privacy by providing meaningful and effective information.

This Privacy Notice applies to our website and our management of personal information obtained in the course of provision of services for you.

This Privacy Notice (“Notice”) describes DFDL’s approach to privacy as a data controller, i.e. the organization which determines the purposes and means of processing personal data. The Notice further details ‘how’ and ‘why’ we may handle personal data, how we protect this data and your rights with regard to your personal data. Please read this Notice carefully and feel free to contact us should you have any further questions at dataprotection@dfdl.com.

In this Notice, personal data means any data relating to a person which enables the identification (whether directly or indirectly) of such a person, excluding a deceased person in particular.

This Notice outlines:

    • What personal data DFDL may collect;

    • How DFDL may collect your personal data;

    • How and why DFDL may use your personal data;

    • How DFDL may share your personal data;

    • How DFDL protects your personal data;

    • Your rights with regard to your personal data; and

    • Contact details and further information.

References

Any reference in this Notice to “we”, “us” or “our” refers to DFDL law firm. Please note that it does not refer to DFDL’s collaborating firms, which have their own privacy policies.

Also, references to “you” or “your” are references to visitors to our website, contact persons for our clients and/or prospective clients, attendees to our conferences and webinars and contact persons for suppliers of good and services whose personal data are processed by DFDL.

1. What personal data DFDL may collect

We may collect the following categories of personal data:

    • Basic data: Name, gender, title, organization, job responsibilities, phone number, mailing address, email address, and contact details. Registration data: newsletter request/subscriptions, event/seminar registrations, downloads

    • Client service data: personal data received from clients in respect of their employees, customers or other individuals known to clients, invoicing details and payment history and client feedback;

    • Marketing data: data about individual participation in conferences and in-persons seminars, credentials associations, product interests and preferences;

    • Compliance data: government identifiers, passports or other identification documents, beneficial ownership data and due diligence data;

    • Job applicant data:  Data provided by job applicants or others on our websites or offline means in connection with employment opportunities, which also may be subject to an additional relevant local recruitment privacy policy; and

    • We may also collect, store and use information about special requirements for your attendance at any event, including dietary or accessibility requirements.

2. How DFDL may collect your personal data

We are dedicated to process personal data in a fair and transparent manner. As such, we will do our utmost to collect your personal information only in a way that you would reasonably expect.

Direct collection of your personal data

Your personal information may be collected from you when you voluntarily submit it to us or interact with us directly, and/or as part of our contractual relationship.

Indirect collection of your personal data

Personal information might also be collected from publicly available sources, e.g. your company’s website, and/or from third parties. In this case, we will obtain your permission at the time or prior to collection of your personal data if you had not authorized such a third party to provide us with your information.

Why and how DFDL may use your personal data

As part of a fair and equitable process, we will use our best efforts to assess at all times the impact that the use of your personal information may have on you and your rights. Hence, we will not process your data if it may result in unjustified adverse effects on you.

Legal basis for processing your personal data

To collect and use your personal information, we will rely on the following legal bases only:

    • Where it is needed for the performance of a contract with you;

    • Where it is related to a legal or regulatory obligation;

    • Where you have expressly consented to it; and

    • Where your data privacy is not threatened by use of your personal information which appears necessary in our legitimate interests.

Purposes for which we process your personal data

As a result, the personal information you provide us will thus only be used for the following specific purposes:

    • To provide legal and tax services upon request,

    • To share legal and tax updates with you or your company,

    • To keep you or your company updated on any event that we organize or services we offer,

    • To invite you to and manage your attendance at any event that we may organize,

    • To manage payments in relation to our mandate with you or your company or in regard to attendance of any event that we organize,

    • To keep our website information up-to-date and improve its functionality for the benefit of its users,

    • To request provision of a service from you or your organization as needed and manage payments for such service(s) (e.g. maintenance of premises, audits),

    • For general record-keeping and client management in connection with our services provided to you,

    • To comply with legal or regulatory obligations to which we are subject to (e.g. tax compliance, reporting requirements); and

    • For any additional purposes that we advise you of and for which we have a legal basis, which may for instance be your consent when so required by law.

Failure to provide your personal data

Please note that if you fail to provide certain personal information when required, we may not be able to perform our obligations resulting from a contract entered into with you or fully comply with our legal obligations, which might be detrimental to you.

Period of retention of your personal data

Your personal information will only be retained for as long as is reasonably necessary to fulfill any of the purposes set out above in accordance with applicable laws.

4. How and why DFDL may share your personal data

Disclosure of your personal data

We may need to share your personal information with any member of DFDL’s network, namely our offices, the HR team, accounting team, the IT staff and DFDL’s associated law firms.

    • Your personal information may also be disclosed in certain circumstances to third parties, insofar as reasonably necessary for the purposes set out in Section 3 or as follows:

    • As permitted or required by applicable law or regulatory requirements. In such a case, we will use our best efforts not to disclose more personal information than is required under the circumstances;

    • To comply with valid legal processes such as search warrants, subpoenas or court orders;

    • To protect the rights and property of DFDL;

    • During emergency situations or where necessary to protect the safety of a person or group of persons;

    • Where your personal information is publicly available; or

    • With your consent where such consent is required by law.

Third parties may include third party service providers that process data on our behalf (e.g. IT, accounting firms, law firms, security services), and government authorities, courts and any other legal or regulatory body. Third-party service providers are permitted to process your personal data for specified purposes and in accordance with our instructions only.

Some of these data recipients may be located overseas. Where personal data is to be transferred outside of your country, we ensure that such transfer is made in accordance with the requirements prescribed under the applicable data protection law.

5. How DFDL protects your personal data

Measures undertaken

We have measures in place to protect your personal data against loss, unauthorized or illegal access, use, modification, amendment or disclosure:

    • We implement and maintain sophisticated technical measures to ensure that your personal data is recorded and processed in complete confidentiality and security;

    • We review these measures when necessary or when there is a change in technology to ensure appropriate and effective security maintenance; and

    • We implement and maintain appropriate restrictions on accessing your personal data, and monitor the access, use and transfer of personal data.

Limits

Though DFDL will take reasonable measures to protect your personal data, no method of transmission over the internet or method of electronic storage is completely secure.

6. Your rights with regard to your personal data

Subject to the Personal Data Protection Act of 2012 (No. 26 of 2012), you may have the following rights regarding your personal data:

    • Withdraw the consent you granted at any time, unless your right to withdraw such consent is limited by law or by any contract to which you are a party. Note that the withdrawal of your consent shall not prejudice the collection, use or disclosure of personal data to which you previously and lawfully granted consent;

    • Request for access to and a copy of the personal data relating to yourself which is stored on our systems;

    • Request for disclosure of how unauthorized personal data was obtained;

    • Request us to transfer your personal data, provided that such personal data is in a readable format and generally used by automatic devices, to you or to third parties when such a transfer can be processed automatically;

    • To object to the collection, use or disclosure of your personal data in certain specific situations as follows: (1) where your personal data is collected under specific exemptions to requiring your consent as provided under the Personal Data Protection Act of 2012 (No. 26 of 2012); or (2) the collection, use or disclosure of your personal data is for direct marketing; or (3) the collection, use or disclosure of your personal data is for scientific, historical or statistical research.

    • Request the deletion, destruction or anonymization of your personal data in certain specific situations as follows: (1) your personal data is no longer necessary in relation to the purposes for which we collected your personal data; or (2) you withdraw your consent to the collection, use or disclosure of your personal data or (3) you object to the collection, use or disclosure of your personal data.

    • Request us to suspend the use of your personal data in some specific situations as follows: (1) during a pending request to update, complete or modify your personal data; or (2) during a pending request to delete, destroy or anonymize your personal data; or (3) when it is no longer necessary for us to retain your personal data in relation to the purposes for which we collected your personal data; or (4) when specific exemptions to requiring your consent are pending verification.

    • Request us to update, complete or modify your personal data. In case we object to such request, we will be required to record your request with the reason of objection for your inspection; and

    • To file a complaint with your local data protection authorities in certain jurisdictions, in the event that we are in breach of applicable laws and regulations including Personal Data Protection Act of 2012 (No. 26 of 2012).

Contact and further information

In conclusion, the protection of your data matters to us. Should you have any question about this Policy or would like to provide comments, do not hesitate to contact us at dataprotection@dfdl.com.