Privacy and Cookie Policy

How we protect your data

PRIVACY AND COOKIE POLICY IA GROUP

This is the Privacy and Cookie Policy of IA Group B.V. based at Van Boshuizenstraat 12, 1083 BA in Amsterdam, the Netherlands, its subsidiaries and IA’s representation offices, hereinafter jointly referred to as “IA”. In this document, IA explains how IA uses personal data in the context of the services provided by IA and we provide you with information about your privacy rights. The concept of ‘personal data’ includes all information about an identified or identifiable natural person.

Contacting IA

If you have any questions about how IA uses your personal data, you can contact IA via privacy@iagroup.com or by post via:

IA

Attn. Legal Department

Van Boshuizenstraat 12

1083 BA Amsterdam

The Netherlands

IA’s services and the personal data that IA may process.

IA is generally engaged for document review, trade, claim and shipment investigations, bilateral and multilateral negotiations, debt management, debt restructuring, litigation, arbitration, insolvencies and legal advice.

When providing these services IA may process personal data of different categories of people.

Below we indicate which personal data we may process of (contact persons of) clients, debtors, suppliers, job applicants and (other) third parties.

Clients

IA may process the following (categories of) personal data of clients and their contact persons:

  • Name and address details (name, first names, initials, titles, gender, address, postal code, job title) as provided by the client.
  • Other contact details (telephone number, e-mail address and similar data required for communication) as provided by the client.
  • Payment details, including bank account information as provided by the client.
  • Additional information, such as the client’s industry and information about the contact person’s work history (e.g. previous organizations some worked at before), gender of the contact person(s), mailing language, areas of interest, home address, birthday, a spouse/partner’s name, hobbies, and other personal notes as collected during contacts with the contact person(s) of the client.
  • File reference numbers and information about client’s clients.
  • In addition, if you use IA’ Portal: login-details such as username and password and any personal data relating to you that you enter into the open text field.
  • Other data of which the processing is required by or necessary to comply with applicable laws or regulations, as provided by the client, obtained from a public source, obtained from supervisory or regulatory authorities or another third party.

Debtors

If you are a debtor in a file that is entrusted to IA by a client, IA performs an in-depth investigation. Through this investigation, IA may process the following (categories of) personal data obtained via our client, via public sources, obtained from supervisory or regulatory authorities or another third party or directly from you if you provide such personal data to us:

  • Name and address details (name, first names, initials, titles, gender, address, postal code, job title).
  • Other contact details (telephone number, e-mail address and similar data required for communication).
  • Claim amount.
  • Commercial, financial and trade history.
  • Shareholder and/or director’s information.
  • Information regarding assets, bank accounts and other sources of income.
  • Additional such as the industry the debtor works in, work history (e.g. previous organizations some worked at before), gender, mailing language, areas of interest, home address, birthday, a spouse/partner’s name, hobbies, and other personal notes.
  • Other data of debtors of which the processing is required by or necessary to comply with applicable laws or regulations.

IA’ clients can obtain access to IA’ Portal in which they can find information about their cases. The Portal contains general file information including the name of the debtor, the claim amount, information about IA’ client’s client and IA’ file reference number and the client can add additional information in an open text field.

Suppliers

IA may process the following (categories of) personal data of persons from whom IA purchases products or services or who work for these suppliers:

  • Name and address details (name, first names, initials, titles, gender, address, postal code, residence) as provided by the supplier.
  • Other contact details (telephone number, e-mail address and similar data required for communication) as provided by the supplier.
  • Data for the purpose of placing orders or purchasing services; calculating and recording fees and expenses and making payments, including the bank account number as provided by the supplier.
  • Other data of suppliers of which the processing is required by or necessary to comply with applicable laws or regulations as provided by the supplier, obtained from a public source, obtained from supervisory or regulatory authorities or another third party.

Job applicants

When you apply for a job at IA, we may process the following data to deal with your job application:

  • Name and address.
  • Contact details, including telephone number and email address.
  • Bank details.
  • Gender.
  • Date of birth.
  • Educational attainment.
  • Availability.
  • Content of your CV.
  • Cover letter with your reasons for applying, certificates, references and where relevant: assessment results.

Third parties

When rendering services IA may process personal data from other third parties, for example shipping agents, port authorities, witnesses, experts, court officials, receivers, clients of IA’ clients, governmental officials, lawyers, advisors and notaries with whom IA is in contact. IA may process the following (categories) of personal data:

  • Name and address details (name, first names, initials, titles, gender, address, postal code, residence), as far as known to IA.
  • Other contact details (telephone number, e-mail address and similar data necessary for communication), as far as known to IA.
  • Data relating to electronic messages originating from or intended for third parties and data required to maintain contact with these third parties.
  • Other data from third parties obtained from public sources or provided to IA by clients (e.g. in IA’ Portal), supervisory or regulatory authorities or another third party or the third party itself

Camera surveillance

Please note that IA may use camera surveillance at our offices. If this is the case, it will be clearly indicated.

On the basis of which legal processing grounds and for which purposes does IA process your personal data?

IA processes your personal data on the basis of one or more of the following legal processing grounds:

a) If this is necessary for the performance of an agreement to which you are a party or to perform precontractual acts at your request.

b) If this is necessary to comply with statutory obligations.

c) If this is necessary to justify our legitimate interests or the interests of a third party.

d) Your consent.

If IA processes your personal data on the basis of your consent, IA will ask you for it separately. You may withdraw your consent at any time. IA draws your attention to the fact that the withdrawal of your consent does not affect the lawfulness of the processing of your personal data prior to the withdrawal of your consent.

IA uses the above personal data for the purposes stated below, in respect of which we have indicated for each purpose on the basis of which of the abovementioned legal processing grounds (a through d) IA does so. If the processing is based on the principle of ‘legitimate interest’, we briefly explain this interest. If you have any specific questions in this respect, please do not hesitate to contact us.

Purposes with corresponding processing grounds

We may process your personal data to:

  • To provide the requested services (a, b and c: being able to offer and improve our services).
  • To provide clients with access to IA’ Portal, in which a client can see general information about a case, including, but not limited to the status of the file and the pending amount (a and c: optimizing our services), see also under “Cookies”.
  • For IA’s administration, including the calculation or recording of fees or benefits, income and expenses, the payment and collection of claims (including the use of collection agencies or bailiffs)(a, b and c: the importance of keeping proper records).
  • To be able to deal with any complaints and disputes about our services (a, b and c: to defend rights, to maintain and improve existing relationships by means of proper handling of complaints, to improve the quality of our services).
  • To maintain contact and communicate with you (a, b, c: the interest in bringing IA’ services to the attention of existing clients).
  • To handle your job application, more specifically:
    • Recruitment and selection
    • Assessment of suitability for a position with IA
    • Dealing with any expenses incurred
    • Internal checks and business security service
    • Improving our job application procedure
    • Dealing with your questions, comments, and complaints
    • Analyzing and reporting on questions, comments, and complaints
    • Regulatory compliance and compliance with court orders

(a, b, c: our legitimate interest in assessing whether you are suitable for the job opening and d: consent if you wish to remain in our portfolio, see the header: “How long does IA retain your personal data?”)

  • For internal know-how purposes and training (c: our interest in optimizing our services and training our staff adequately).
  • For placing orders or purchasing services (a, b and c: our interest in being able to keep proper records).
  • For conducting audits and other internal controls (a, b and c: our interest in being able to keep proper records).
  • For the security and access control of our premises property and the protection of our employees and visitors, and for following up incidents (c: our interest in using camera surveillance to protect our visitors, employees, and property).
  • To comply with our legal and statutory obligations(b, c: the interest of being able to meet these obligations).

Data security

IA takes office-wide security measures. Technical measures include the use of access control and restrictions based on function level and jurisdictional clearance. IA also uses firewalls, virus scanners and traffic monitoring. Additional measures include a clean desk and screen policy, confidentiality provisions with IA’s employees’ and IA’s service providers.

If you have any questions about the security of your personal data, or if you suspect or see signs of misuse, please contact us via privacy@iagroup.com.

Cookies

When you choose to use our IA Portal, we will place certain cookies on your device (e.g. your computer, smartphone or tablet) in order to ensure that the IA Portal works properly. Cookies are small data files that are stored by your browser on your device read out when you use the IA Portal. IA uses the following functional cookies, also known as necessary cookies:

NameProviderPurposeExpiry date
ia_portal_sessionIAThis cookie contains a unique id to link a request to a session on the server and to check whether a user is logged in and thereby enables tracking of the session of the user.Session
XSRF-TOKENIAThis cookie contains a random unique ID in order to prevent cross-site request forgery (that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated).Session

To whom does IA provide your personal data

IA does not provide your personal data to third parties (‘recipients’ within the meaning of the applicable privacy legislation), unless this is necessary for the proper performance of the purposes set out in this Privacy and Cookie Policy, if the law requires IA to do so or if you have provided your consent to this end. The third parties to whom the personal data are made available are obliged to handle your personal data confidentially. If these parties qualify as a ‘data processor’ within the meaning of the applicable privacy legislation, IA will ensure that a data processing agreement is concluded with these parties, which complies with the requirements included in the GDPR.

Third parties which offer services to IA as an independent data controller, such as accountants, civil law notaries experts engaged to provide an opinion or export report, are themselves responsible for the (further) processing of your personal data in accordance with the applicable privacy legislation.

IA can e.g. share personal data with:

  • Our local offices and agents.
  • Suppliers (for example software suppliers, bailiffs, courier services, translation agencies, accountants, assessment companies etc.).
  • With IA’s legal successors if IA is acquired by or merged with another company, for example through bankruptcy and also with third parties involved in such proposed or actual business transaction.
  • Courts and government institutions.
  • Regulators and other authorities.

By nature of our services, personal data of debtors will be shared with the client that has entrusted the respective corresponding file to us.

To provide our services, IA might need to transfer your personal data to a recipient in a country outside the European Economic Area with a lower degree of protection of personal data than the European law offers. In that case, IA will ensure that such a transfer of personal data is in accordance with the applicable laws and regulations, for example by concluding a model contract prepared and approved for that purpose by the European Commission and will assess whether any additional measures are necessary to guarantee an appropriate level of protection of your personal data. Please do not hesitate to reach out to IA if you wish to receive more information about the appropriate or suitable safeguards in place for data transfers outside of the European Economic Area or if you would like to obtain a copy of them.

How long does IA retain your personal data?

IA does not retain your personal data in an identifiable form for longer than is necessary to achieve the purposes included in this Privacy and Cookie Policy. More specifically, IA applies the following retention period

  • Personal data that must be kept on the basis of Article 52 of the Dutch State Taxes Act will be kept for 7 years (from the end of the year in which the data in question have lost their current value for the (tax-) related business operations) in connection with the tax retention obligation incumbent on IA pursuant to Article 52(4) of the Dutch State Taxes Act.
  • The personal data you provide to IA for your job application will be retained for up to four weeks after the end of the application procedure. With your consent, IA will retain your personal data in our portfolio up to one year after termination of the application process. This will give us the possibility to contact you for possible future job openings at IA. Personal data that you have provided in the context of your application will become part of your personnel file when you start working for IA.
  • Camera images and corresponding information (date and time stamp) are kept for 72 hours.

The abovementioned specific retention periods can be extended if statutory retention obligations apply or will become applicable. IA may also retain the personal data for a longer period of time if this is necessary in light of IA’ legitimate interests,e.g. for the handling of incidents and/or legal disputes. For more information regarding the retention periods related

to the use of cookies, IA kindly refers you to the section “Cookies” in this Privacy and Cookie Policy.

Your privacy rights.

You have the following rights in respect of the processing of your personal data by IA:

  • the right to request whether IA processes your personal data and if so, the right to access your personal data and to receive information about the processing of your personal data.
  • the right to rectification of your personal data if these are incorrect or incomplete.
  • the right to have your personal data deleted (‘right to be forgotten’).
  • the right to object to the processing of your personal data or to limit the processing of your personal data.
  • the right to withdraw your consent for the processing of your personal data, if the processing is based on your consent.
  • the right to receive or surrender your personal data to a third party appointed by you in a structured, customary and machine-readable form (‘right to data portability’).

IA does not use automated decision-making within the meaning of Article 22 GDPR.

Exercising your privacy rights

To exercise your privacy rights, you can contact IA via privacy@iagroup.com or by post using the contact details stated above.

If you live or work in the UK, you can also contact our data protection representative for the UK via iagroup@lionheartsquared.co.uk or by post via:

Lionheart Squared Limited

FAO IA Group

17 Glasshouse Studios, Fryern Court Road

Fordingbridge, Hampshire

SP6 1QX

United Kingdom

To prevent that IA discloses information to the wrong person, IA can ask you for additional information to verify your identity. In principle, IA will inform you of whether IA can comply with your request, within one month after receipt. In specific cases, for example when it concerns a complex request, this term may be extended by two months. IA will inform you of such an extension within one month after receiving your request. On the basis of the applicable privacy legislation, IA can refuse your request under certain circumstances. If this is the case, IA will explain to you why. You can find more information about your privacy rights on the website of the Dutch Data Protection Authority.

Complaints

If you have a complaint about the processing of your personal data by IA, IA will be happy to work together to find a solution. If this does not lead to the desired result, you will have the right to file a complaint with the competent supervisory authority. In the Netherlands, this is the Dutch Data Protection Authority. If you live or work in another country of the European Union, you can file a complaint with the supervisory authority of that country. In the United Kingdom, individuals can file a complaint with the Information Commissioner’s Office.

Amendments

This Privacy and Cookie Policy was last amended on July 24th, 2023. IA reserves the right to amend this Privacy and Cookie Policy. The most recent version of this Privacy and Cookie Policy will always be posted on our website.