Privacy and cookie statement

We are Project Moore, an Amsterdam law firm specialising in IT-law and privacy. Our official name is Project Moore Advocaten B.V.

As a law firm, we process lots of data. Some of it might be yours – so we would like to explain why we collect your data, what we do with it and how we protect it.

We’ve put together a list of the most usual ways in which people interact with Project Moore. Click on the one that applies to you, and we will tell you exactly how and why your data is stored.

In every case, we take every step possible to protect your data. We only ask for it when we have to, and store it no longer than is legally necessary.

If you have any questions or concerns, please don’t hesitate to contact us via:

info@projectmoore.com
020 520 0870
Hamerstraat 19
1021 JT Amsterdam
The Netherlands

 

What’s your relationship with Project Moore?

  1. I’m a job applicant
  2. I’m a client
  3. I’m involved in a case Project Moore is handling
  4. I work together with Project Moore
  5. I supply services to Project Moore
  6. I’ve attended a Project Moore training session
  7. I’m a Project Moore website visitor
  8. I’ve contacted Project Moore

 

Data topics that relate to everyone:

  1. Are there any other reasons you might use my data?
  2. How do you protect my data?
  3. Is my data ever sent outside Europe?
  4. What are my rights regarding my data?

 

 

1. I’m a job applicant

What happens with my data if I apply for a job at Project Moore ?

If you apply for a job at Project Moore, we will ask you to supply the following information:

  • Your name
  • Your address
  • Your email address
  • Your date and place of birth
  • Your education details
  • Your application and attachments (e.g. grades and diplomas)

This is because this information is relevant to your job application. Sometimes we might not receive this information directly from you, but from a recruiting firm.

In addition, we will store the following data concerning your application:

  • The date of your application and interview
  • All our internal correspondence and notes related to your application
  • Our internal assessment report (only for certain positions)

We use this data to evaluate every candidate and, ultimately, to select who will work with us.

In legal terms, it’s because we have a legitimate interest in using the data for these purposes – and if we offer you a job, we will use some of this data to create your contract with us.

For some positions, we might share your application with a firm that conducts assessments on our behalf.

If you are not offered a job, we will delete your data within six weeks after informing you that your application is unsuccessful. All we will keep is a note of your name and application, which will stay in our records for 4 years.

If you come to work with us, we will keep your application file until 2 years after the end of your employment at Project Moore.

We store the data mentioned above in our Microsoft-provided systems.

 

2. I’m a client

How is my data used if a company I represent is a Project Moore client?

If the company you work for, or are involved with, becomes our client, we may ask you to provide:

  • Your name
  • Your date of birth
  • Your address
  • A copy of a document with your Dutch personal identification number (BSN)
  • A document or email showing the nature of your relationship to the company (including whether you are an ultimate beneficial owner)
  • Your signature

We use this information, together (where necessary) with information from trade registers, to verify the identity of our client and the people representing our client. We do this because we have a legal obligation to do so.

We are obliged to keep this information strictly confidential. However, we may be required to disclose it to the dean (deken) of the Amsterdam bar upon request. If this is necessary, we will inform you as soon as possible, unless we are prohibited from doing so.

All the above data is stored for 20 years after the case related to the company you represent is closed. It is stored in our Microsoft-provided systems.

 

3. I’m involved in a case Project Moore is handling

How is my data handled if it is part of a case?

Your personal details might be part of a case we work on, in particular if you are: 

  • A client
  • A representative of a client
  • An advisor
  • A lawyer for the opposing party
  • A lawyer working with us
  • A representative of the opposing party

If you fall into one of these categories, we will usually store the following data in our systems: 

  • Your name
  • Your email address
  • Your phone number
  • Your contributions to a document (if any)
  • Your personal data included in a document (if any)

We use this data to provide our services to our clients. Your name may also be used in descriptions of our activities used for our invoices.

In legal terms, we do this because we have a legitimate interest in using the data for these purposes.

We may share your data with:

  • The lawyer working for the opposing party
  • The law firm working with Project Moore
  • The arbitration tribunal
  • The court
  • The bailiff
  • The mediator

We describe our activities (which may include your name) in our billing platform provided by our billing service provider. The data is stored in our Microsoft-provided systems.

We store invoices for 7 years after the year they are sent. We store data related to cases for 20 years after the case is closed.

 

4. I work together with Project Moore

How do you use my data as a business contact?

We use a CRM-system to process data on our business contacts, such as:

  • A client’s contact person
  • Lawyers we work with or that are in our network

We process the following data:

  • Your name
  • Your email address (private and business)
  • Your address
  • Your position and company
  • Your date of birth (if available)
  • Which mailings you have been sent
  • Which mailings you have opened
  • Which relevant interests you have

We use this data for the following purposes:

  • To send targeted emails, like an invitation for an event
  • To send newsletters or legal alerts

In legal terms, we send targeted emails because we have a legitimate interest in using the data for these purposes.

We may also send you newsletters or legal alerts, unless you opt out. In legal terms we do this because we have a legitimate interest in doing so. If you are not a client or do not have any other relationship with us, we will only send these communications if you consent. You can always opt out of receiving these communications by sending an email to info@projectmoore.com or by using the unsubscribe link at the bottom of the email.

Your data is stored in a CRM system offered by a CRM service provider. We also share your data with our mailing list service provider in order for them to send out targeted emails, newsletters and legal alerts. In both cases, your data is sent to servers in the United States. For more information on this subject, please click here.

We store this data for as long as Project Moore exists, or until you withdraw your consent.

 

5. I supply services to Project Moore

How is my data processed if I work as a supplier for Project Moore?

If you work for an external supplier to Project Moore, or you provide external services to us (e.g. creative services) we will store the following data related to your invoices:

  • Your name
  • Your email address
  • Your telephone number
  • Invoice description
  • The date and time of your invoice
  • Your signature

We use this data for the following purposes:

  • To obtain services or products from the supplier you work for
  • To pay the invoice
  • To create our financial reports (including annual reports)
  • To prepare our tax statements

In legal terms, we do this because it is necessary to perform the agreement we have with you (when you are the supplier) or because we have a legitimate interest in using the data for these purposes (in other cases).

We forward these invoices to our accounting service provider, who may share specific data with our financial IT service provider. We also share some invoice details with our bank.

We store this data for 7 years after receiving the invoice, unless the invoice has become part of a case, for example in the case of a legal claim. Invoices are stored in our Microsoft-provided systems.

 

6. I’ve attended a Project Moore training session

How is my data handled during and after a Project Moore training session?

If you register for and attend one of our training sessions, either online or in-person, we will ask for the following data:

  • Your name
  • Your email address
  • The name of the company your work for
  • Your position
  • The name of the training course you attend
  • The time and date of your attendance
  • Your signature

We use this data to provide you with our training and any relevant educational credits.

In some cases, we may record a training session – for instance, to send it to people who were unable to physically attend the session, or for internal learning. Such a recording will generally only include the speakers, but can in some cases participants and their contributions may also be featured, in discussions for example. If a session is recorded, we will always let participants know in advance.

In legal terms, we do this because it is necessary to perform the agreement we have with you, or your employer, regarding the training session and because we have a legitimate interest in using the data for these purposes.

We store this data for 2 years to comply with accreditation requirements. It is stored in our Microsoft-provided systems.

 

7. I’m a Project Moore website visitor

How is my data processed and what cookies do you use when I visit the Project Moore website?

When you visit our website, we collect the following data:

  • The date and time of your website page visit
  • Your IP address
  • Your website visit status (first time or returning)
  • The previous website you visited
  • Your interaction with the Ask Moore tool
  • The status of the user’s action list (for Ask Moore)

We use this data for the following purposes:

  • Securing the systems of the Project Moore website
  • Obtaining information about the quality and effectiveness of the Project Moore website

In legal terms, we do this because we have a legitimate interest in using the data for these purposes.

Our website is hosted by a hosting service provider, who also generates logs for us containing the above data. We use cookies, JavaScript, pixel tags and similar technologies on this website and our Ask Moore tool. While these cookies fall under the legal exception for privacy-friendly analytic cookies, we still like to tell you how and why we use these cookies.

The data collected by these analytic cookies helps us understand how people use our website. For example, it can show us which the most popular pages are. We use insights like this to make sure our website content stays relevant and to determine the effectiveness of our marketing campaigns.

We gather this data with a self-hosted open source software tool called Matomo. We enhance your privacy by using Matomo’s features, such as anonymising user IP addresses. We retain this information for 2 years.

Here are the specifics:

Cookie Purpose Expiration
‘_pk_id’ cookie Is a visitor new to the site or a repeat visitor? 18 months
‘_pk_ses’ and ‘PIWIK_SESSID’ cookie Which pages were visited? 30 minutes
‘_pk_ref’ cookie From which site did the visitor come? Session

 

8. I’ve contacted Project Moore

What data do you store if I contact you?

If you contact Project Moore – via email, telephone, online conference tools or our website – we generally process the following data:

  • Email: Recipient’s email address, sender’s email address and the date and time the email was sent or received.
  • Phone: Telephone numbers involved in the communication, and the date, time, and duration of the call.
  • Website chat function: The date and time a chat message is sent and received, the identity of the sender and recipient of a chat message, and the content of a chat message.
  • Video conference: The name, date and time of a video conference and the names of the conference participants.
  • A shared document: Name, date, time, contribution to document, telemetry data collected in the context of collaborating on a document.

We use this data to communicate with other parties, such as contact persons of clients, of opposing parties, and of suppliers.

In legal terms, we do this because we have a legitimate interest in using the data for these purposes.

Some of this data is shared with our telephone provider, and our email, chat, video conference and document collaboration provider (Microsoft).

Email, chat and video conference data are stored for 20 years after the end of the employment with the person of Project Moore who was sending or receiving emails. Telephone data is stored for 7 years after the year in which the conversation took place. Shared documents that we contribute to are stored for as long the case to which the document relates is open.

 

 

Data topics that relate to everyone

1. Are there any other reasons you might use my data?

In addition to the purposes described above, we may process some or all of your data:

  • To comply with a legal obligation
  • In case of a merger, sale or acquisition of the whole or part of Project Moore
  • To establish, exercise, support and defend against legal claims

We may store this data as long as is legally necessary for these purposes.

 

2. How do you protect my data?

Your data is protected with a range of security measures, including encryption, multifactor authentication, logging, and firewalls. These measures are regularly reviewed to make sure we use the highest level of security possible. However, as we have assisted several clients with data breaches, we know that absolute security is impossible. That’s why we are also prepared for when things go wrong, in which case we will inform you when appropriate and prevent this from happening again.

 

3. Is my data ever sent outside Europe?

We do our best to keep as much of your data as possible within the European Economic Area. There are two exceptions: 1) We store certain contact details in our CRM systems; 2) Contact details might be shared with our mailing service provider for communication purposes. In both cases, your data is sent to servers in the United States.

For these transfers, we have concluded controller-to-processor standard contractual clauses as prescribed by Decision 2021/914 of the European Commission. If you would like a copy of this document, please contact us here.

 

4. What are my rights regarding my data?

Under the GDPR, you can request access to, and have the opportunity to correct, delete or export any personal data of yours that we have stored. You may also request to restrict, or object to, the processing of your personal data. These rights may be limited in some situations – for example, when we have a legal requirement to process your data, or because we must protect the privacy of others.

To make such a request, please contact us here. For security reasons, we will authenticate your identity when following up on your request.

Finally, if you believe that we are not treating your personal data appropriately, you have the right to lodge a complaint with the Dutch Data Protection Authority.

 

* * *