Stichting Trucks Cartel Compensation Privacy Statement
This privacy statement provides information about how the Stichting Trucks Cartel Compensation (the Foundation) processes personal data.
1. Controller responsible for data processing
The controller responsible for the data processing is the Stichting Trucks Cartel Compensation, Schiphol Boulevard 121, 1118 BG Schiphol, the Netherlands, and is referred to as ‘we’, ‘us’ etc. in this Privacy Statement.
2. Contact information
Please send any questions relating to personal data protection to firstname.lastname@example.org.
3. The purpose of our data processing
We process personal data for the following purposes:
- To communicate with our contact persons (for example with clients and suppliers);
- To review and evaluate prospective claims and other potential agreements;
- To determine whether we wish to enter into an agreement with a supplier or vendor;
- To settle legal claims;
- To conduct legal proceedings;
- To perform contracts with our clients, including claim enforcement;
- To perform contracts with our suppliers or vendors;
- To administer and maintain commercial relationships with our contact persons;
- To administer and archive case-related information;
- To administer our finances and fulfil our legal obligations in this respect;
- For quality management purposes;
- To protect our assets and business;
- To comply with requests, in the event that they arise, from competent government authorities;
- To identify the browser that website visitors use when visiting our website, through the use of
4. The legal basis for data processing
We process personal data on the following legal basis:
- The processing is necessary for the performance of a contract with the data subject or to take steps before entering into a contract; and/or
- The processing is necessary for the purposes of our, or a third party’s, legitimate interests; and/or
- The processing is necessary to comply with our legal obligations;
- For certain specific processing activities, such as sending email newsletters and retaining candidates’ personal data for longer than four weeks, we ask for the data subject’s prior consent.
5. Legitimate interest
The legitimate interest in processing personal data derives from the purpose of our business activities, which include the evaluation and management of our client’s legal claims.
6. Recipients or categories of recipients
We may share personal data with the following categories of recipients:
|Recipients / categories of recipients
|IT service providers|| These service providers are located and store personal data in the EEA.
|Omni Bridgeway BV
|Suppliers such as lawyers, bailiffs, advisors, auditors and translators
||We share personal data from our case files with suppliers who provide services on specific cases. Such suppliers are often established in the country where the legal proceedings take place or are intended to take place or where our clients are located; this can be anywhere in the EEA.
|Courts / arbitral tribunals / arbitral institutes (jointly: ‘courts’)
||We share personal data from specific case files with courts established in the country where the legal proceedings take place or are intended to take place or where our clients are located; this can be anywhere in the EEA.
|| Clients may receive personal data contained in their case files.
|| Limited personal data contained in case files may be shared with investors for investment decisions related to our cases.
7. Transfer of data to third countries
In the context of our activities, we must sometimes transfer personal data to third countries:
|| Safeguard / exception
|Switzerland||The European Commission has recognised Switzerland as providing an adequate level of personal data protection.
|Other|| As explained under 6. above, we may transfer personal data to recipients outside the EEA if this is necessary for the establishment, exercise or defence of legal claims.
To receive a copy of the safeguards we have put in place, please use the contact details listed under 2. above.
8. Duration of data storage
Personal data will be stored for as long as is necessary given the purposes for which it was collected. We will use the following (maximum) retention periods, unless an applicable legal statute of limitation regime requires a longer retention period.
|Personal data category
|| Retention Period
|Personal data in active case files||Until the case is closed and archived (see below)
|Personal data in archived case files||20 years from the date on which the case file is archived. If a case is reactivated and subsequently archived again, the retention period will be renewed
|Personal data in financial administration||10 years from the relevant fiscal year
|Contact details not included in case files||10 years from the year of last contact with the data subject
|Other personal data||5 years
9. Your rights
On the basis of the General Data Protection Regulation (GDPR), you have (at least) the following rights:
- to ask for access to your personal data;
- to have incorrect personal data corrected;
- to have incomplete personal data completed, taking into account the purposes for which they are processed;
- to have your personal data deleted or restricted;
- to object to the processing of your personal data;
- if you have given consent for a specific processing of your personal data, to withdraw that consent. The withdrawal of your consent shall apply to any subsequent processing of your personal data;
- if you have submitted personal data or if you have created them, and you have given your consent
or the data are required for the conclusion and/or the performance of the agreement with you,
and if the data are processed by automated means: you are entitled to receive your personal data
in a structured, commonly used and machine readable form and, if technically feasible, to transfer
those data in that manner to another party at your request;
- to submit a complaint with the competent data protection authority.
To exercise your rights, please contact us using the details listed under 2. above. The GDPR contains several exceptions to the aforementioned rights, which may lead to a specific request being rejected.
10. Sources of personal data
We collect or receive personal data from the following sources:
||Category of personal data
|Clients, counterparties and suppliers, such as Omni Bridgeway B.V., lawyers, advisors and information service providers||Name, contact details, information related to our case files etc.
|Public sources||Name, contact details, due diligence information, information relevant for our case files etc.
11. Provision of personal data
The provision of data is voluntary. However, to the extent that we require personal data to evaluate a legal claim, determine whether to enter into an agreement, carry out our duties under an agreement or comply with our obligations, the provision is mandatory in the sense that without the requested personal data, we reserve the right (i) not to enter into an agreement with the (legal) person in respect of which agreement the provision of personal data is required or (ii) to suspend or terminate any existing agreement in respect of which the provision of personal data is required but not provided.
12. Automated individual decision making
The Foundation does not engage in automated individual decision making.
We use certain cookies on our website. Some of them are essential to make our site work, others serve to provide you a better, faster and safer user experience by allowing us to improve claim checking flow and speed issues. Cookies are small pieces of data (data files) that are stored on your computer or other device via your browser.
On our website, we use the following cookies:
|Name of cookie
Type of cookie
|Purpose of the cookie
|This is required for logins and to keep track of users when navigating along pages. Disabling this cookie might make usage of the page impossible.
|gid, git, gat, ga
Analytical cookie with ‘privacy-friendly’ settings (Google Analytics)
|This cookie, provided by Google, Inc., allows us to recognize the visitors of our website, to count the number of visitors and to identify the way in which they navigate. This allows us to improve the user navigation and to ensure that visitors can find what they need quicker and easier. All settings are GDPR-correct:
1) The Google Analytics cookies have been set to be "privacy-friendly".
2) A data processing agreement with Google has been concluded.
3) IP addresses are masked during transfer (Google does not receive the full ip).
4) Information sharing within Google has been disabled in the settings.
5) No other Google services use this data or cookies.
You can also completely opt-out of Google Analytics for this site by clicking here.
Limited technical personal data are processed by Google in the United States, Google is certified under Privacy Shield (www.privacyshield.gov).
Analytical cookie (New Relic)
|A technical cookie provided by New Relic, Inc., which measures the health and speed of our IT system. The purpose is not to track the user as such, but to understand whether requested pages load quickly and without errors.
Where we process personal data through the cookies, we do so because this is necessary with a view to our legitimate interest in being able to operate our website and to offer a user-friendly website.
How can you manage / delete these cookies?
All major internet browsers offer the option to manage the cookies that were installed on your computer or other device. In case you do not wish this site to place cookies on your device, you may limit or delete these easily by adjusting your device or browser settings. In addition, you can set your device or browser settings so that you get a notification every time a cookie is to be placed on your computer or other device, so that you can decide whether you wish to accept this cookie or not.
Please note that when you disable certain cookies placed by us, certain parts of our website will no longer function properly and you may no longer enjoy an optimal user experience.