EMPIQ PRIVACY NOTICE – Version 8 April 2026
Introduction
This Privacy Notice is provided by EMPIQ BV, a company with limited liability incorporated under the laws of the Netherlands. We have our official seat in Amsterdam and our registered office is at Keizersgracht 62, 1015 CS Amsterdam, the Netherlands. (Trade register number 82912521)
Minors: our services are directed at businesses and professionals. We do not knowingly collect or process personal data of individuals under 16 years of age. In accordance with Article 8 GDPR and the UAVG, if we become aware that personal data of a child under 16 has been provided to us without the consent of a parent or legal guardian, we will delete that data promptly. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us immediately at privacy@empiq.nl.
This Notice describes how we collect, use or otherwise process your personal data and for what purpose we may use your personal data in the context of offering and providing our legal services.
Pursuant to the General Data Protection Regulation (GDPR) - in Dutch: ‘de Algemene Verordening Gegevensbescherming’ (AVG) - we will qualify as controller with respect to the personal data that we process. As a controller we have certain duties and responsibilities regarding our processing activities, and this means that we will only process personal data that are reasonably necessary in connection with the purposes set out in this Notice.
This Notice includes information regarding your rights with respect to the processing of your personal data.
We have not appointed a data protection officer as our processing activities do not meet the mandatory criteria set out in Article 37 of the GDPR.
How do we collect your personal data?
In the context of EMPIQ’s offering and providing legal services, we may collect your personal data in the following ways:
Directly from you:
- Contact details that you provide to us as a representative of our contractual business relationship (e.g., client, supplier, service provider).
- Personal data that you provide to us as an applicant for a job at EMPIQ.
- Personal data that you provide to us when being hired by EMPIQ as an employee or as an independent professional.
- Personal data that you provide to us by filling out a request form on our website (www.empiq.nl).
Indirectly from you:
- your contact details, as provided to us by our client.
- your contact details, as provided to us by our supplier, or our service provider.
Otherwise:
- Information that we automatically collect from your use of our website, e.g., by using cookies or other technologies.
For what purposes do we use your personal data and what is our legal basis for processing?
| Personal data client | Purposes and legal basis for processing activities |
|---|---|
| Contact information (name, company, position, business email address, business/mobile number Company and billing information: VAT number, bank account number, Chamber of Commerce registration number, website Communication: letters and e-mail messages with contact persons Information on the legal services provided to our clients and information on the subject matter |
We rely on the performance of a contract with our client: For management of our business relationship For performance of contracted legal services Financial management and administration of contracted services To maintain up to date contact information into our systems We rely on our legitimate interest: To ensure network and information security For legal compliance purposes Providing updates to our clients about our legal services To deal with possible complaints To establish, defend and exercise our legal position |
| Personal data supplier or service provider | Purposes and legal basis for processing activites |
|---|---|
| Your contact details (name, company, business email address, business and/or private mobile number) Business related information: VAT number, Chamber of Commerce registration number, bank account number, website |
We rely on the performance of a contract: For performance of contracted services, including day-to-day operational purposes For administrative purposes, including payment of invoices To maintain up to date contact information into our systems For invitations to business events and/or to receiving business related information We rely on our legitimate interest: To deal with possible complaints To establish, defend and exercise our legal position |
| Personal data of a Job Applicant | Purposes and legal basis for processing activities |
| Your personal contact information: name, surname, postal address, job title, title, home number and/or mobile phone number, email address Business related information: VAT number, Chamber of Commerce registration number, bank account number, website Basic information in the recruitment procedure: your curriculum vitae, your application letter, your assessment and/or other information, such as references |
We rely on your consent for using your personal data: For recruitment activities and handling of job applications To assess the suitability of the applicant For offer and acceptance details We rely on our legitimate interest For security purposes or for the protection of our interests, the interests of other personnel or clients, such as preventing fraud, corruption or other offences or illegal activities |
| Personal data Employee | Purposes and legal basis for processing activities |
|---|---|
| Your contact details (name, surname, email, home address, business/mobile number Basic onboarding data, including nationality, marital status, birth date, bank account information, copy passport and tax identification number Job related data, including work permit (if applicable), compensation and allowances, information related to pensions, information related to insurances, sick leave related information (no health information) Information collection in the application procedure as well as during the employment, including certificate of conduct, development assessments and other relevant information Security related data such as logging records of your use of our IT systems, records of internal awareness training |
We rely on a legal obligation as an employer: To withhold taxes and pay social security premiums To establish, exercise or defend legal claims in the context of EMPIQ’s liability as employer We rely on the performance of a contract with our employees: To keep, maintain and administer personnel records, payroll and salary records, To determine and pay out salaries and other remuneration To withhold and pay out to the competent tax authorities the required (wage) taxes To execute pension To arrange for insurances To assist you and help re-integrate you after sickness or accidents To evaluate your performance To optimise your work activities To terminate your employment |
| We rely on our legitimate interest: For security purposes or for the protection of our interests, the interests of other personnel or clients, such as preventing fraud, corruption or other offences or illegal activities To ensure compliance with our code of conduct, internal policies and procedures and other instructions |
| Personal data Independent Professional | Purposes and legal basis for processing activities |
|---|---|
| Your contact details (name, surname, company, address, email address, business/mobile number Business related information: VAT number, Chamber of Commerce registration number, bank account number, website Security related data such as logging records of your use of our IT systems, records of internal awareness training |
We rely on the performance of a contract with you for using your personal data: For performance of contracted services For administrative purposes, including payment of invoices To maintain up to date contact information into our systems For invitations to business events and/or for receiving business related information We rely on our legitimate interest: For security reasons or for the protection of our interests, the interests of our personnel or clients, such as preventing fraud, corruption or other offences or illegal activities To ensure compliance with our code of conduct, internal policies and procedures and other instructions |
| Personal data visitors to our website | Purposes and legal basis for processing activities |
|---|---|
Your contact details (name, title, company, email address, business phone number Technical information such as your IP-address, device type, browser type and settings, dates and times connecting to our website Consent records: records of consent that you have given, together with date and time and related information (e.g., subject matter of consent) Necessary cookies for usage statistics, usage data |
We rely on your consent For communicating with you in relation to your visit to our website For tracking and analyzing your surfing behavior For using your contact details for marketing purposes We rely on legitimate interest: To improve our services and the quality thereof For aggregate statistical information |
Explanatory notes to the legal bases for processing:
- We may use your personal data for the performance of a contract in the context of our business relationship and/or in the context of the performance of contracted services
- We may use your personal data for our legitimate interests, to the extent these legitimate interests are not overridden by your interests, fundamental rights, or freedoms.
- We may process your personal data based on your consent only for processing that is completely voluntary, and therefore based on your explicit confirmation (e.g., ticking a box or signing a document), based upon clear and transparent information. Your consent can be withdrawn at any time.
- We may use your personal data to comply with a legal obligation in accordance with applicable law.
With whom do we share your personal data?
- We may share your personal data with our contracted service providers, suppliers and other third-party data processors who act on our behalf and only process personal data in accordance with our prior documented instructions. These recipients are authorised to use personal data only as necessary to provide us with their services. With whom and/or what categories of recipients your Personal data may be shared is described here below.
- Applicants:
- With suppliers who have information on your suitability (e.g., assessment and employment agencies) or provide us with information (e.g., references) at your request, such as current or former employers.
- Employees:
- With administrative bodies or organisations (e.g., social security and pension funds).
- Clients:
- With parties involved in our services (e.g., legal professionals, translation agencies).
- Website users/visitors
- Suppliers that maintain the user statistics of our website.
- Other third parties with whom personal data is shared if visitors have given consent.
- A list of our third-party data processors to whom we disclose personal data – with the associated purpose – can be requested at our operations manager (see contact details under section 7).
- We will only share personal data with third parties that guarantee to implement appropriate security measures to ensure that the processing activities meet the requirements of the applicable Data Protection Legislation and that ensure the protection of your individual rights (see under 8).
- We may share personal data with legal authorities and external advisors as necessary in connection with legal proceedings, and for investigating, detecting, or preventing criminal offences.
- Where we transfer your personal data from the Netherlands to recipients located in countries outside the EEA that are not recognised by the European Commission as having an adequate
jurisdiction, we will do so on the basis of the European Commission’s Standard Contractual Clauses (latest version 4 June 2021). The applicable Standard Clauses set out the rights and obligations for us as a responsible data controller and for the receiving data processing party to ensure appropriate data protection safeguards for the transfer to the receiving party. The Standard Clauses will also include specific technical and organizational measures implemented by the receiving party to ensure that the security of your personal data will be essentially equivalent to the GDPR requirements. Where transfers are made to countries that the European Commission has determined provide an adequate level of data protection (adequacy decisions under Article 45 GDPR), no additional safeguards are required. You have the right to request further information about the international data transfers we make and to obtain a copy of the applicable transfer safeguards. Please contact our operations manager at privacy@empiq.nl to exercise this right.
How do we secure your personal data?
We have taken appropriate technical and organisational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, and unauthorised access. The measures ensure the confidentiality of your personal data, and the maintenance of the integrity and availability of your personal data.
Measures include events logging of user activities on data processing systems, restricted access to networks and systems, ensuring automatic back up of personal data and its availability in the event of a security incident.
Unfortunately, no data storage system or data transmission can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately (see contact details under 8).
Personal data breaches: In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Autoriteit Persoonsgegevens without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Article 33 GDPR. If the breach is likely to result in a high risk to your rights and freedoms, we will also communicate the breach to you without undue delay, in accordance with Article 34 GDPR, unless we have implemented appropriate technical and organisational protection measures (such as encryption) that render the data unintelligible to any unauthorised person, or we have taken subsequent measures that ensure the high risk is no longer likely to materialise.
How long do we retain your personal data?
We will not retain your personal data for any longer period than necessary or permitted by law to fulfill the purposes for which your personal data was obtained. The criteria for determining our retention periods include:
- The duration of our ongoing business relationship with you
- where we provide services and/or carry out a contract with you and/or your employer
- where you are lawfully included in our mailing list and have not unsubscribed
- Where we have a legitimate interest in processing the personal data for the purposes of operating our business and fulfilling our obligations with you and/your employer
- In compliance with legal obligations to which we are subject in the Netherlands we have statutory retainment periods:
- 7 years after the end of the relevant tax year: to keep your personal data for payroll, salary administration and tax requirements.
- A minimum period of 5 years after the end of the employment contract: to keep your employment contract.
- A minimum period of 2 years after the end of the employment contract: to keep employment related records.
- A limited period of 4 weeks after the recruitment period: for applicants that are not hired (if the applicant has consented to keep the personal data set longer: a maximum of 12 months)
- Protecting our legal position
- To preserve evidence during any applicable limitation period under Dutch law (any period during which any person could bring a legal claim against us in connection with your personal data, or to which your personal data are relevant for defending our interests in the context of judicial proceedings).
- Client and supplier contact data: retained for the duration of the business relationship and for a period of 7 years thereafter, to comply with legal obligations (including tax and accounting requirements) and to establish, exercise, or defend legal claims.
- Website usage and analytics data (cookies): retained in accordance with the cookie retention periods set out in section 10.2 above (up to 2 years for Google Analytics cookies).
- Correspondence and support records: retained for 3 years following the end of the relevant matter or relationship, to provide support and to establish, exercise, or defend legal claims.
What are your rights and how can you exercise them?
Under the Data Protection Legislation, you have the following rights that you may exercise in the context of our processing your personal data:
- The right of information about the personal data that we process about you. This includes the right to request access to, or receive copies of, your personal data, together with information regarding the nature, purposes of processing and with whom we have shared your personal data.
- The right to request rectification of any inaccuracies in your personal data.
- The right to request, on legitimate grounds:
- The erasure of your personal data and/or the right to be forgotten
- Restriction of processing of your personal data (e.g., for direct marketing purposes)
- The right to have your personal data transferred to another organisation in a structured, commonly used and machine-readable format, to the extent applicable (the right to portability).
- The right to object to processing of your personal data.
- Where processing of your personal data is based on consent, the right to withdraw your consent to such processing (this does not affect the lawfulness of any processing prior to the date of such withdrawal).
- The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (Article 22 GDPR). Where we carry out automated decision-making, you have the right to obtain human intervention, express your point of view, and contest the decision. We do not currently make decisions based solely on automated processing that produce legal effects or similarly significantly affect you.
Our contact details
If you wish to exercise any of your rights, you can reach us by contacting our operations manager at privacy@empiq.nl.
If you are not satisfied with the way we respond to your request, please let us know.
If you feel your rights have been violated, you may file a complaint with the Dutch Data Protection Authority, the Autoriteit Persoonsgegevens: Postbus 93374, 2509 AJ Den Haag, the Netherlands | Telephone: +31 (0)70 888 8500 | Website: https://www.autoriteitpersoonsgegevens.nl. You may also lodge a complaint with the supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.
Use of cookies and other technologies
- What are cookies:
A cookie is a small text file that is stored on your device by means of the website that you visit. Cookies can be accessed by your webserver or your device. As the administrator of our website, we may set cookies on your device. These cookies are called ‘first party’ cookies. Some cookies may also be set on your device by other parties, such as our advertisers or parties that set cookies to display certain content on our website (e.g., videos). These cookies are called ‘third party’ cookies.
This Notice does not apply to the use of the cookies, set via our website by third parties. We cannot guarantee that these third parties will use your (personal) data in the most reliable and secure manner. Therefore, we cannot take any responsibility for the way these third parties make use of your cookies. For more information about how these third parties use your (personal) data, we refer to the privacy notices of these third parties.
- Type of cookies
- On EMPIQ’s website the following functional, analytical, and tracking cookies or similar technologies can be used.
Functional cookies:
These cookies are necessary and make a website usable by enabling basic functions like navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Analytical cookies:
These cookies help website owners to understand how visitors interact with websites by collecting and reporting information. They allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site
Targeting/tracking cookies:
These cookies are used for marketing and advertising and can be set through our site by our (advertising) partners. They may be used by us or those companies to build a profile of your interests and show you relevant content and ads on other sites. They work by uniquely identifying your browser and device. If you do not allow these cookies, you will not experience targeted advertising across other websites.
On our website we use the following cookies:
WordPress
Functioneel
WordPress
Functioneel
Gebruik
We gebruiken WordPress voor website development. Lees meer over WordPress
Delen van gegevens
Deze data wordt niet gedeeld met derde partijen.
WPML
Functional
WPML
Functional
Gebruik
We gebruiken WPML voor locale management. Lees meer over WPML
Delen van gegevens
Deze data wordt niet gedeeld met derde partijen.
Google Analytics
Statistics
Google Analytics
Statistics
Gebruik
We gebruiken Google Analytics voor website statistieken. Lees meer over Google Analytics
Delen van gegevens
Voor meer informatie, lees de Google Analytics Privacyverklaring.
Adobe Fonts
Marketing
Adobe Fonts
Marketing
Gebruik
We gebruiken Adobe Fonts voor display of webfonts. Lees meer over Adobe Fonts
Delen van gegevens
Voor meer informatie, lees de Adobe Fonts Privacyverklaring.
Marketing
Naam
Expiratie
Functie
Google Fonts
Marketing
Google Fonts
Marketing
Gebruik
We gebruiken Google Fonts voor display of webfonts. Lees meer over Google Fonts
Delen van gegevens
Voor meer informatie, lees de Google Fonts Privacyverklaring.
Marketing
Naam
Expiratie
Functie
Google reCAPTCHA
Marketing
Google reCAPTCHA
Marketing
Gebruik
We gebruiken Google reCAPTCHA voor spam prevention. Lees meer over Google reCAPTCHA
Delen van gegevens
Voor meer informatie, lees de Google reCAPTCHA Privacyverklaring.
Google Maps
Marketing
Google Maps
Marketing
Gebruik
We gebruiken Google Maps voor maps display. Lees meer over Google Maps
Delen van gegevens
Voor meer informatie, lees de Google Maps Privacyverklaring.
Marketing
Naam
Expiratie
Functie
Complianz
Functioneel
Complianz
Functioneel
Gebruik
We gebruiken Complianz voor cookie consent management. Lees meer over Complianz
Delen van gegevens
Deze data wordt niet gedeeld met derde partijen. Voor meer informatie, lees de Complianz Privacyverklaring.
Functioneel
Naam
Expiratie
Functie
Naam
Expiratie
Functie
Naam
Expiratie
Functie
Naam
Expiratie
Functie
LinkedIn
Functioneel, Marketing, Statistieken, Voorkeuren, Functional
Functioneel, Marketing, Statistieken, Voorkeuren, Functional
Gebruik
We gebruiken LinkedIn voor display of recent social posts and/or social share buttons. Lees meer over LinkedIn
Delen van gegevens
Voor meer informatie, lees de LinkedIn Privacyverklaring.
Functioneel
Naam
Expiratie
Functie
Naam
Expiratie
Functie
Marketing
Naam
Expiratie
Functie
Naam
Expiratie
Functie
Naam
Expiratie
Functie
Naam
Expiratie
Functie
Naam
Expiratie
Functie
Statistieken
Naam
Expiratie
Functie
Naam
Expiratie
Functie
Voorkeuren
Naam
Expiratie
Functie
Naam
Expiratie
Functie
Naam
Expiratie
Functie
Naam
Expiratie
Functie
Diversen
Doel wordt onderzocht
Diversen
Doel wordt onderzocht
Gebruik
Delen van gegevens
Het delen van gegevens is in afwachting van onderzoek
Doel wordt onderzocht
Naam
Expiratie
Functie
Naam
Expiratie
Functie
Naam
Expiratie
Functie
Naam
Expiratie
Functie
Naam
Expiratie
Functie
Naam
Expiratie
Functie
Naam
Expiratie
Functie
Naam
Expiratie
Functie
Naam
Expiratie
Functie
Google Analytics 4 cookies process personal data (including IP addresses and device identifiers) and therefore require prior user consent under Article 11.7a Telecommunicatiewet and the GDPR. For more information, see Google’s privacy policy: https://policies.google.com/privacy.
- Enabling and disabling cookies
You can set your browser in such a manner that it is merely allowed to store cookies with your consent. For more information, please consult your web browser’s manual. Please note that many websites do not work optimally if cookies are disabled. You can also choose to delete cookies manually. For more information, please consult your web browser’s manual.
- Legal basis for cookies and consent mechanism
In accordance with Article 11.7a of the Dutch Telecommunicatiewet (implementing Article 5(3) of the ePrivacy Directive), we may only place or access cookies on your device with your prior consent, except where the cookies are: (a) strictly necessary to deliver a service you have explicitly requested (e.g., functional cookies); or (b) used solely to collect limited analytical information about website quality and performance, where the cookies have no or minimal impact on your privacy and do not process personal data.
For all other cookies, including analytical cookies that process personal data and tracking/targeting cookies, we obtain your explicit, informed, and freely given consent before placing them on your device. You can manage your cookie preferences and withdraw your consent at any time through: (i) the cookie banner displayed when you first visit our website, where you may accept all cookies, reject non-essential cookies, or customise your preferences; (ii) the [Cookie Settings] link in the footer of our website; or (iii) your browser settings. Withdrawing or refusing consent is as easy as giving it. Refusing non-essential cookies will not prevent you from accessing and using our website.
Updates to our Privacy Notice
This Notice may be amended or updated from time to time to reflect changes in our practices with respect to the processing of personal data, or changes in applicable law. In these cases, the adapted Privacy Notice will be published on our website. In case of material changes we will do our best to inform you directly. We encourage you to read this Notice carefully. If you have any questions regarding the processing of your personal data, please contact our operations manager (see contact details under section 7).
Statutory or contractual requirement to provide personal data
In some cases, the provision of personal data is:
(a) Required by law: we may be legally required to collect certain personal data to comply with tax, employment, anti-money laundering, or other regulatory obligations.
(b) Necessary to enter into or perform a contract: for example, we need your contact and billing details to enter into and perform our engagement letter and to provide our legal services to you.
(c) Voluntary: in other cases, providing personal data is optional, but failure to provide it may mean we are unable to provide certain services or fulfil certain requests.
Where the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, we will inform you at the time of collection. We will also inform you of the possible consequences of not providing the data (e.g., we may be unable to perform the requested service or comply with a legal obligation).
Effective: 8 April 2026