Below you find an overview of the personal data that the Foundation processes:

Personal data refers to all information and data that can be used to identify you:

• Basic data, such as your first and last name, nationality, date of birth and BSN number;
• Contact details, such as your e-mail address, postal address, residential address and telephone number;
• Data concerning the device you use to visit our website, such as an IP address, and your activities on our website;
• All other personal data relating to you that you provide to us or that we can obtain in connection with the purposes set out below and the grounds on which we can obtain it, such as the area(s) of law on which you wish to be advised and all information/documents that are important for drawing up a (legal) opinion that is suited for your particular situation;
• Personal data that you provide to us for the purposes of a job application, such as your first and last name, address, telephone number, nationality, and any other relevant personal data specified in your application. 

Special and/or sensitive personal data processed by the Foundation

The Foundation processes the following special and/or sensitive personal data from you if necessary:

• Personal data concerning health;
• Personal data relating to any (possible) criminal record;
• Personal data relating to persons under the age of 16: our website and/or services do not intend to collect data on visitors to our website who are under the age of 16, unless they have permission from their parents or guardians. However, we cannot verify whether a visitor has already reached the age of 16, and for this reason we recommend that parents be involved in their children’s online activities to avoid collecting data without parental consent. If you feel that we have collected personal information about a minor without such consent, please contact us by email at info@prometheuslegalconsultancy.nl.

Purposes of data processing by the Foundation

The Foundation will process your (special) personal data exclusively for the purposes specified in this paragraph. The processing of your (special) personal data is necessary in order to contact you when you have requested our help and for the performance of our services as a legal consultancy firm, including the execution of the agreement that you concluded with the Foundation. In addition, the Foundation uses your (special) personal data for its internal business operations (including its management, recruitment and selection and policy purposes), for its marketing and communication activities, for evaluation and/or improvement of our services (including the website) and to comply with any legal obligations or to provide accountability to third parties. The Foundation does not collect more data than strictly necessary for the purposes of data processing specified in this paragraph. 

Foundations of data processing by the Foundation

The Foundation may process your (special) personal data on the basis of one or more of the following legal grounds:

• Your permission, for example by filling in the contact form on our website; 
• The execution of a contract or to provide you with (legal) advice;
• To comply with (a) legal obligation(s);
• In the event that we have a legitimate interest and we do not disproportionate infringe your privacy.

Retention periods
The Foundation will not retain your personal data longer than necessary to achieve the purposes stated in these privacy regulations or to comply with applicable laws and regulations. After your case has been fully settled, your file will be archived with the removal of the personal data that are not necessary for archiving. Archiving will take place with due regard for the legal retention periods.

Sharing personal data with third parties
The Foundation will provide your personal data to third parties only insofar as this is necessary for the performance of its services in accordance with the above-mentioned purposes or to comply with a legal obligation(s). Sharing will only happen after consultation with you and only with your explicit consent. Personal data will not be shared with third parties for commercial purposes. When providing data to third parties, the Foundation complies with all applicable laws and regulations in that regard. 

The website and social media
On its website, the Foundation uses hyperlinks to other parties’ websites and social media buttons, such as LinkedIn, Instagram and/or Facebook. The Foundation does not monitor and is not responsible for the processing of your personal data by and through such third parties. The use of such media is at your own risk. It is advisable to consult the privacy policies of those third parties before using their (online) services.

Duty of confidentiality of volunteers regarding personal data processing
Volunteers of the Foundation sign a confidentiality agreement. In this agreement they declare that they will keep secret all information about (the file of) the clients of the Foundation that they have become aware of by virtue of their employment. At all times will our staff handle your personal data with care and integrity and they will respect your privacy.

Security of personal data
The Foundation takes appropriate technical and organizational measures against unauthorized or unlawful processing and to prevent loss, unauthorized access, unwanted disclosure and unauthorized modification of your personal data. Personal information is stored digitally in such a way that it can only be accessed by volunteers of the Foundation through authentication, and the transmission of this information is made via a secure internet connection. The Foundation uses the encryption protocol TLS (formerly SSL) on its website to secure communications over the Internet. In case you have the impression that your data is not properly secured, please contact us by e-mail at info@prometheuslegalconsultancy.nl and we will get back to you at our earliest convenience. 

Automated decision making
The Foundation does not use automated decision making in any way in the performance of its services. Personal data that the Foundation works with is always processed by a volunteer and is not subject to automated computer programs or systems.

Right to view, modify or delete personal data 
The rights you can exercise against data processing by the Foundation can be traced back to the General Data Processing Regulation (GDPR). In this context, you have the following rights with respect to your personal data and its processing:

• The right of access, which means that you can make a request to see the personal data that the Foundation has collected from you;
• The right to information regarding how the Foundation processes your personal data;
• The right to rectification or correction of your data if it is incorrect or incomplete;
• The right to the deletion of your personal data, in which case you do need to take into account that there may be circumstances in which the Foundation is required to retain your data in order to comply with its legal and regulatory obligations;
• The right to object or request the restriction of the processing of your personal data, where also applies that there may be circumstances preventing the Foundation from complying with your request;
• The right to data portability, which means that you have the right to receive your data in a structured, common and readable form. In doing so, you have the right to transfer this data to another responsible party;
• The right to object to the processing of your personal data;
• The right to file a complaint at the Personal Data Authority;
• The right to withdraw your previously given consent, where circumstances may also arise where the Foundation is authorized to continue processing your data, in particular if processing is a requirement in order to comply with its legal and regulatory obligations.

A request to access, correct, delete, withdrawal of consent or objection can be sent by e-mail to info@prometheuslegalconsultancy.nl. Please accompany such a request by a copy of a valid passport, driver’s license or identity card in which your passport photo, the MRZ (the bottom two lines of numbers on the passport/identity card) and your BSN number are protected in order to respect your privacy.

Amendments
Amendments to the Foundation’s privacy regulations are published on its website. We therefore recommend that you consult our website regularly.

Complaints Procedure
If you have a complaint about the processing of your personal data by the Foundation, you can contact the Dutch Data Protection Authority (AP) here. We strive that – before consulting the AP  – in case of any objections or complaints, you will report them to us as soon as possible so that we can offer you an appropriate solution.