Trains & Co B.V. (hereinafter referred to as: “Trains & Co” or “us” or “we”) respects your privacy and processes personal data as a data controller in accordance with the General Data Protection Regulation (hereinafter referred to as: “GDPR”).
2. PERSONAL DATA
Personal data is any information relating to an identified or identifiable natural person and may include:
- Basic information such as your first and last name, prefix, title;
- Contact details such as your e-mail address, postal address and phone number;
- Data related to the device you use to visit our website, such as an IP address;
- Data related to your visit to our website;
- Personal data you provide us for the purpose of attending events or meetings, such as access and dietary requirements;
- Personal data you may provide us for the purpose of a job application, such as your full name, date of birth, address, phone number, nationality, marital status and any other personal data set out in your application.
- Any other personal data relating to you which you may provide us or that we may obtain in relation to the purposes and based on grounds set out below.
We collect this personal data because you provided this data to us, e.g. when entering into an agreement with us, by entering your data on our website, by giving us your business card or by applying for a job. We may also collect your personal data from other sources, such as local counsel, counterparties, the Trade Register, the Land Registry or by using publically available sources.
3. PURPOSES AND LEGAL BASIS
Trains & Co may process your data to:
- Provide our services;
- Comply with our legal and regulatory obligations;
- For marketing and business development activities, such as news updates, invitations for our events, seminars and other marketing communications that may be of interest to you;
- To handle your job application or subscription to any of our recruitment services and events;
- To generate statistics regarding the use of the website and/or to analyze and improve the website.
We will process your personal data using one or more of the following legal grounds:
- Performance of a contract;
- Compliance with a legal obligation;
- Legitimate interest;
- Your consent.
4. RETENTION PERIOD
Trains & Co will not store your personal data any longer than is necessary to achieve the purposes stated in this Privacy Statement or to comply with the relevant laws and regulations.
5. DISCLOSURE TO OTHERS
We will in principle not disclose your personal data to third parties. However, in some cases it is necessary to share your personal data with third parties. This may include, but is not limited to:
- Third parties relevant to the legal services that we provide, such as counterparties, local counsel, courts, translation offices, regulatory authorities and governmental institutions;
- Third parties that we engage with, such as supervisory authorities and other bodies, in order to comply with legal obligations;
- Third party suppliers in connection with the processing of your personal data for the purposes described in this Privacy Statement, such as IT providers, communication service providers or other suppliers to whom we outsource certain support services.
We will only disclose your personal data to the abovementioned third parties for the purposes and on the legal grounds stated in this Privacy Statement.
Third parties to whom we disclose your personal data are themselves responsible for compliance with privacy legislation. Trains & Co is neither responsible nor liable for the processing of your personal data by these third parties. To the extent that a third party processes your personal data as a data processor for us, we will conclude a processor agreement with such party that meets the requirements set out in the GDPR.
To be able to provide our services, it may be necessary for us to transfer your personal data to a recipient in a country outside of the European Economic Area. In that case we will ensure that the data transfer is compliant with the applicable law.
Trains & Co undertakes to ensure an appropriate level of security to protect your personal data from unauthorized or unlawful processing and from loss, destruction, damage, alteration or disclosure. If you have any questions regarding the security of your personal data, or if there are indications of misuse, please contact us.
7. YOUR PRIVACY RIGHTS
You, as a data subject, have a number of legal rights:
- Right of access. This means you can make a request to obtain access to the personal data concerning you;
- The right to rectification or correction of your personal data if it is inaccurate or incomplete;
- The right to erasure of the personal data that relates to you. Please note that there may be circumstances in which we are required to retain your data in order to meet our legal and regulatory obligations;
- The right to object to or to request restriction of the processing;
- The right to data portability. This means that you have the right to receive your personal data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller;
- The right to object to profiling;
- The right to lodge a complaint with a supervisory authority;
- The right to withdraw your consent. Again, there may be circumstances in which we are entitled to continue processing your data, in particular if the processing is required to meet our legal and regulatory obligations.
Please note that there may be circumstances in which we are entitled to refuse your request to exercise your rights with regard to your personal data, for example based on legal professional privilege.