Privacy policy

Version 2025

1. Introduction
Legista Legal takes the protection of your personal data seriously. This Privacy Statement explains how we collect, use, share and protect your personal data when you use or your organisation uses our services.

2. Which personal data do we process?
We may collect and process the following categories of personal data if you are a (contact person of) client or a (contact person of) a third party (such as a counterparty, witness, business relation):
• Business contact details
Your name, address, telephone number and email address.
• Professional information
Your job title and the name of the organisation you work for.
• ID copy
A copy of your passport or other proof of identity, collected to comply with the statutory requirement for lawyers to verify the identity of their clients.
• Communication
Our communication with you, including emails, meeting notes and other correspondence, necessary for providing our services and managing our relationship.
• Case information
information relevant to our client’s case which may contain your personal data (legal position, contracts, financial information, role in proceedings, authority, activities).

3. How do we use your personal data?
Your personal data is used for providing legal services to clients, managing our client relationships (including communication and invoicing), complying with statutory and regulatory obligations, and improving our services.

4. Legal bases for processing
Your personal data is processed on one of the following legal bases:
• Performance of a contract
If processing is necessary to provide our legal services to you.
• Legal obligation
If processing is necessary to comply with statutory and regulatory requirements, such as tax law, anti-money-laundering legislation or professional conduct rules.
• Legitimate interests
We process personal data for relationship management, improving our services and maintaining and expanding our professional network.
• Consent
In specific situations we process personal data based on your consent (e.g. publishing testimonials), which consent may be withdrawn at any time.

5. With whom may we share your personal data?
We only share your personal data with third parties when this is necessary for the performance of our services, or to comply with statutory obligations. Examples of such third parties include courts, counterparties in legal proceedings, external advisors. Additionally, we share your personal data with our processors, providing services such as IT support, administrative support and data storage. These processors act under our instructions and are contractually required to protect your data.

6. How long do we retain your data?
We do not retain your personal data longer than necessary for the purposes for which they were collected, unless a longer retention period is legally required or necessary for establishing, exercising or defending legal claims. Retention periods may vary, depending on the type of data, the type of document and applicable regulations:
• Legal and business files
Retained in accordance with statutory retention periods, for example pursuant to professional rules and limitation periods for legal claims.
• Contractual and administrative data
Retained for as long as necessary for the performance of the services and in accordance with tax and administrative obligations.
• Communication and relationship-management data
Retained for as long as it is relevant to our business relationship or until deletion is requested.
• Copy of ID
Where we are legally required to identify you, the copy of your ID will be deleted immediately after identification.
At the end of the applicable retention period, the data will be securely deleted or anonymised.

7. How do we protect your data?
We take appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. If you would like more information on these measures, please contact us (see our contact details at section 9).

8. Your rights
You have the right to request access to the personal data that we keep of you, to request us to correct or delete them, and, in certain circumstances, restrict their processing or to object to the processing. You may also request the transfer of your personal data, in a structured, commonly used and machine-readable format, to you or another organisation.

To submit your request, please contact us (see section 9 below). If you have, subsequently, complaints about how we process your personal data, you may lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or another supervisory authority in your EU Member State.

9. Contact information
If you have any questions or concerns regarding our processing of your personal data, you can contact us at: mhoevenaars@legistalegal.nl.

10. Amendments to this Privacy Statement
This Privacy Statement may be changed from time to time in relation to changes in our processing operations or in statutory regulations. We recommend to consult this Privacy Statement regularly, to stay informed of how we protect your personal data.