Privacy Policy on the processing of personal data

This privacy policy (the “Privacy Policy”) governs the manner in which WVT, (hereafter “we” or “WvT” or “us”) as data controller processes the personal data collected in the context of (i) the internet website (the “WvT Websiteʺ) or during exchanges between WvT and any person who is not a WvT client, and (ii) WvT’s performance of its activity of legal counsel.

This Privacy Policy aims at informing you (hereafter “you” or “your”) about who we are, what personal data (hereafter “Data”) we collect and process, how, why and on which legal basis we process Data, who has access to the Data, if Data gets transferred across borders, how long data is kept, how Data is secured, what Data you must supply and outlines your rights according to the applicable Data protection laws according to the EU General Data Protection Regulation (EU) 2016/679 (hereafter “GDPR”).

As confidentiality and privacy are taken very seriously by WvT, we ask you to carefully read this Privacy Policy and immediately contact us if you have any request, question, or concern. This Privacy Policy and the applicable Data protection laws apply in addition to our professional duty of confidentiality.

If you send us Data (personal data as defined according to GDPR Art. 4 (1)) from other persons than you (for example your employees, family members etc.) please ensure, that the respective persons know this Privacy Policy and please only send us Data if you have the permission to do so, and that the Data is correct.

A) Compliance with Data Protection Law

WvT undertakes and does everything in its power to comply with the laws and regulations governing the processing of personal data, including, but not limited to, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”) and any other national laws or regulations in force governing the processing of personal data.

B) Data Protection Officer

The person in charge of the processing of personal data is the relevant entity of our group with which you are in contact, as further described below. Our Data Protection & Privacy Lead (the “DPO”) in charge of the implementation of the personal data processing policy can be contacted at

C) Who are we ?

WvT is an international law firm having in Europe offices in The Netherlands, Luxembourg, and Switzerland, which are companies which are legally independent from each other. Your engagement with WvT is or will be only with one of these offices. However, the same Privacy Policy applies to all WvT offices. For practical reasons, we refer to “WvT” in this Privacy Policy, while, depending on your engagement letter, only one of the offices mentioned below is meant. Hence, depending on with which office you signed an engagement letter, “WvT” refers to that specific office in this Privacy Policy. Pursuant to applicable data protection and privacy legislation, the relevant entity of WvT who you are in contact with qualifies as the controller with respect to the personal data that we process. The specific contact details of the respective office are:

WvT Switzerland GmbH
Neuhofstrasse 12
6340 Baar ZG Switzerland
T +41 (0)44 991 13 68
F+ 41 (0)44 912 27 15

The Netherlands
WvT Netherlands B.V.
Prins Mauritslaan 5
1171 LP Badhoevedorp The Netherlands
T +31 (0)20 3055700

WvT Luxembourg S.à r.l.
5, rue de la Reine
L-2418 Grand Duchy of Luxembourg
Grand Duchy of Luxembourg Registered with the Luxembourg Bar
T: +352 26 44 160 11

Please contact us at the contact details of the company listed above with which you have signed an engagement letter or at if you have any request, question or concern relating to our Data processing and/or this Privacy Policy.

D) Who are the Data Subjects?

The Data Subjects (the ʺData Subjectsʺ), being the persons whose personal data WvT processes are:

• WvT Website users (the ʺUsersʺ) or any other person who contacts WvT without being a client, particularly in the context of events organized by WvT;
• WvT’s natural person clients or representatives and/or employees of WvT’s legal person clients (the
ʺClientsʺ); and
• Any other natural person the personal data of whom is submitted to WvT by a Data Subject, a partner, or an opposing party. The personal data of these other persons is submitted to WvT under the responsibility of the Data Subjects who commit to transmitting it to WvT in compliance with the applicable legal provisions. The data will only be used by WvT if it is necessary in the context of WvT’s providing its legal advisory services.

E) Which Data do you need to provide?

We ask you to provide us the Data necessary to establish a business relationship, enter and execute the necessary contracts and perform the contractual and legal obligations in connection with the contract between you and us. Under certain circumstances we are obliged to further verify and process your Data before entering in a contractual relationship with you (e.g. to comply with laws regarding anti-bribery and corruption, money laundering, terrorism financing etc.). If we do not receive the Data necessary to enter in a contractual relationship, we will be unable to commence or continue a business relationship with you. If any Data changes during the course of the business relationship, you are required to notify us immediately.

F) Data we collect and process

Source of Data:

We obtain certain personal data directly from the Data Subjects. However, in particular in the context of the exercise of our mandate, we may obtain personal data indirectly. This would be the case, for example, when verifying the information transmitted in relation to our anti-money laundering and counter terrorist financing obligations, when the Data Subject’s opposing party, colleague or partner transmits to us a Data Subject’s Data, or when our relationship is established through a third party.

In a general manner, we process Data:

• received from you directly;
• received from thirdparties
• in connection with the performance of the agreement you have with WvT;
• in connection with regulatory or contractual obligations we must comply with;
• which is Publicly available (for example in registers or made public on the internet);
• received from affiliated firms or firms we work with to get expert advice in connection with the service provided to you;
• received from public authorities and institutions;
• received via our website (we use cookies on our website regarding google analytics and so- called plug-ins. Please see our website cookies policy at

Type of Data:

We will or may collect, inter alia, the following Data:
• Any type of contact details (e.g. name, address, phone number, electronic contact details etc.);
• Data allowing to identify you (e.g. date of birth, citizenship, Data on identification documents such as passport or identity cards etc., sample signatures, authentication Data such as passwords and login credentials, online presence Data, professional activities Data, membership Data etc.);
• Data to verify your credentials, status, associations, membership, partnership, authorizations, ownership, rights and obligations etc.;
• Any Data necessary in connection with providing you the service you requested and Data relating to the matter you are seeking advice for;
• Any Data necessary for the performance of the contract between you and us or Data resulting from the performance of such contract;
• Any Data relating to your financial situation such as for example creditworthiness, source of income and funds, insurance and tax details, banking details etc.;
• Any Data comparable to the just mentioned Data such as for example record keeping Data (e.g. telephone conversation memorandums, meeting minutes etc.), instruction Data, consent Data, order Data, service Data etc.
• Content and metadata: These correspond to transactions carried out on the WvT Website, meaning the flow of Data generated by the activity of the Users. In principle, this data is not used by WvT as the WvT Website is simply the medium for the exchange of that Data. However, certain elements could be used by WvT to allow WvT to better understand how the Users interact with the WvT Website and improve its functioning.
• Technical information: Technical information can be the type of navigator; language, country or time zone parameters; ID and cookie parameters; type of device used for the connection; hardware model and operating system; unique identifiers such as the IDFA (for iOS), MAC address or user id; IP addresses and information on the mobile network; sharing on social networks; or, geolocalisation data. WvT never uses the localization given by GPS of the User’s device without having received the User’s explicit consent. This Data is used to ensure optimal use of the WvT Website and personalize the WvT Website to each User (for example, by adapting the language in which the WvT Website is displayed or proposing the mobile version of the WvT Website if the connection comes from a mobile telephone).

G) Profiling and automated data processing

Generally, no automated decision-making, including profiling, is undertaken by us regarding your Data. Only in order to prevent money laundering, the financing of terrorism, and criminal acts in general we may process data in an automated or semi-automated manner.

H) Biometric data

We do not process any biometric Data. In particular we do not process photographs through specific technical means allowing the unique identification or authentication of a natural person.

I) Our purpose and the legal basis for Data processing

Performance of our contract with you

Necessary Data may be processed in connection with steps taken to enter into a contract. Data is processed to provide advice and legal services according to the contract with you. Hereby we are also under the legal obligation to continuously update our client files. The Data processing is mainly driven by your requests and the contract with you. We may also process Data to identify our clients’ potential additional needs, to extend the existing contract or enter into another contract.

Our legitimate interests or those of a third party

We only use your personal data when there is a legitimate reason to do so. We may process Data for our following legitimate interests or the legitimate interests of a third party, only to the extent that our or third party interests are proportionate and compatible with your interests, rights or freedoms:

• Ensuring IT-security and operations, general security, preventing unauthorized access and loss or alternation of Data and conducting backups;
• Case management and getting external expert advice;
• Communicating with third parties and answering their requests (in context of e.g. a media request, merger and acquisition, job application, research request etc.);
• Ensuring the confidentiality of information including third party information received from client such as e.g. Data of clients’ employees, partners, affiliates etc.;
• Identifying or preventing criminal acts or other misconducts;
• Handling of legal claims, litigations, debt collection, billing process, insurance claims and getting insurance coverage and prevention and/or investigation of criminal acts;
• Improving processes, efficiency, training, professional development and quality controls and case handling;
• Development of new services and products;
• Management and development of our business, products and services, general security and business continuity purposes, financial planning, accounting and auditing, work allocation, risk management, ensure compliance with internal policies and the law in general, due diligence and mergers and acquisitions;
• Conduct research and statistical analysis, marketing and corporate events and provide updates (if the required consent has been obtained).

Statutory requirements or in the public interest

For example, in the following cases we will process Data in order to comply with statutory requirements:

• To ensure compliance with tax, privacy, anti-bribery and corruption, anti-money laundering and confidentiality laws and/or any other applicable law requiring us to ensurecompliance;
• To protect our clients’ information, property and assets or any other interest we are legally obliged to protect;
• If we are required to work with public authorities such as responding to their requests for information, undertaking internal investigations, money laundering and terrorist financing reporting requirements etc.;
• In any other case where we have a legal obligation involving the processing of Data.

On the basis of your consent

We process Data covered by a consent given by you, to us. You may withdraw at any time your consent. Please contact us if you wish to withdraw any consent given and please note that the withdrawal of consent has no retroactive effect on the use of your Data.

J) Who has access to your Data?

For the performance of the contract we have with you and to comply with any statutory legal obligations WvT shares Data where appropriate with its employees, partner firms and affiliates based in various locations. The locations are listed on WvT Website under the menu “offices”.

Data is also shared in fulfillment of the contract we have with you and or in compliance with statutory legal obligations with other external third parties such as persons related to you (e.g. appointed by you or in a other business relationship with you) or persons related to us (e.g. appointed by us) and public bodies and institutions (courts, tax authorities etc.). For example, such external parties may include agents, experts, service providers, insurers, auditors, banks, counterparties, beneficiaries, debt collection agencies, local lawyers and advisors etc.

It may also be necessary, that access to Data is granted to service providers in connection with tasks not related to the fulfillment of our contract with you but to ensure build and maintain the necessary infrastructure that comes with our business and in cases we outsource tasks which are necessary in context with our business. For example, a third party may be entrusted with the task to maintain, repair or expand our IT-Infrastructure or we outsource the billing processing to an external service provider or we entrust a service provider with backing up our Data and deleting Data according to our instructions etc.

In any event we are bound to applicable professional secrecy according to applicable laws.

K) Do we transfer Data across borders?

WvT may transfer your Data and Data received from you cross borders including to countries outside Switzerland and outside the European Economic Area (EEA) if:

• It is required for the fulfillment of the contract between you and us such as for example where there is an international dimension to the matter in which we are advising you;
• You or related persons to you or to us or public bodies and institutions as described above under section 4 are based outside the EEA or Switzerland;
• There is a statutory requirement (e.g. disclosure obligations under tax law, court orderetc.);
• You have given us your consent ;
• Such transfer is based on an Adequacy Decision adopted by the European Commission. The countries covered are referenced in: dimension-data-protection/adequacy-decisions_en ;
• Such transfer is based on appropriate standard contractual clauses; or
• Such transfer is based on any other data transfer mechanism valid under the GDPR, particularly in case of necessity for the performance of a contract between the Data Subject and WvT.

Where relevant, we will share your personal data with our affiliated companies, the Dutch Center for Reporting Unusual Transactions (in Dutch: Meldpunt Ongebruikelijke Transacties), the Luxembourg Financial Intelligence Unit (in French: Cellule de Renseignement Financier), debt-collection agencies, relevant tax authorities within the EU, and third parties, where this is required for the purposes as set out above or where these third parties assist us in this respect. The recipients of your personal data may be located in countries outside the European Union (EU) and Switzerland (CH), which countries may offer a lower level of data protection than the country in which we are established. For example, we may need to engage a debt-collection agency established outside the EU or CH, for instance in case you or your company is based in a non-EU country and outside CH. In such case, WvT will strictly comply with the special rules under European and Swiss Data protection laws and provide appropriate safeguards. Please contact us if you would like further information.

L) How long is Data kept?

WvT takes all reasonable measures to ensure that the personal data is processed and stored during the minimal period necessary for the purposes indicated in this Privacy Policy.

Unless a more specific provision is indicated in this Privacy Policy, the general principle applied by WvT is to retain personal data according to the following criteria:

• For Data Subjects who are not WvT Clients: five (5) years from the end of the relationship between the Data Subject and WvT;
• For Data Subjects who are WvT Clients: according to the duration set in the engagement letter signed with WvT, or failing that, for a duration of ten (10) years starting from the end of the calendar year during which WvT ended its representation, unless there is a statute of limitations or longer legal retention requirement.
• For all Data Subjects: WvT’s setting up of backups ensures the availability of data as well as access thereto in the required timelines in case of a material or technical incident. The data stored in the backups is retained until it is overwritten by a new backup. It is data ʺout of useʺ which is used for backup purposes only. In the event of erasure of such personal data by a Data Subject, the personal data in the backups will be deleted to the extent technically possible.

WvT commits to deleting and anonymizing your personal data by the expiration of the relevant retention period as described above, increased by a few days or weeks, proportionate to the duration indicated above, should that be

necessary to ensure the deletion or anonymization of the relevant data in practice, unless there a compelling reason not to, should arise (in the context of a dispute, for example).

M) How is your Data secured?

We have appropriate technical and organizational measures in place to protect Data from unauthorized access or use and from accidental loss. Such measures include IT and network security solutions, encryptions, back up and access controls.

WvT puts in place appropriate security measures during the entire Data life cycle with a view to protecting it against unauthorized access, falsification, personal identification data disclosure or destruction and, as soon as possible, pseudonymizes the Data Subject’s personal data.

Data Subjects are responsible for ensuring that all personal data they send to WvT is sent in complete security. WvT takes reasonable measures to ensure that:

• Your Data is exact and, if necessary, updated by allowing Data Subjects to modify inexact Data at any time; and
• Data Subjects’ personal data is collected according to the needs defined in this Privacy Policy.

N) Use of social networks

Data collected in the context of social network use may be processed by WvT which has a legitimate interest in using it for marketing and improving its advertising media as well as its image based on voluntary information transmitted or published by the Data Subjects.

WvT is on various social networks and is a joint data controller with them for certain processing, particularly when the logo of the social network used is on the WvT Website.

For more information on personal data processing on the different social networks, Data Subjects may consult the following notices:

• LinkedIn: privacy policy ;
• Google: privacy policy ;

WvT may add other social networks at any time.

O) Web browser cookies

WvT also uses “cookies” to improve the User’s navigation on the WvT Website or to compile aggregate and anonymous statistics enabling the Users to understand the use of the WvT Website and to improve its structure and content.

Certain cookies do not require the Users’ consent because they are purely technical, and their use falls in the scope of WvT’s legitimate interest. For the others, WvT collects Users’ consent prior to collecting their personal data via cookies.

For more information, particularly on the duration of retention of cookies, Users may consult WvT’s cookie policy at

P) Referrals

With Clients’ prior consent, WvT may also transmit their names, as a business reference to: (i) professional directories such as Chambers and Partners, Legal 500, Leaders League, IFLR1000, and/or (ii) it other Clients or prospects in the context of requests for proposals.

A referee Client’s quote may, as applicable, be accompanied by an explanation of the file, pursuant to the information requested by the directory professional. In principle, what will be requested is a résumé of the Client’s files with WvT, WvT’s role as legal counsel, the amount(s) of the transaction(s) concerned as well as the Client of the contact person information.

Such processing is done solely based on the consent of the Client, who always has the option of withdrawing its consent at any time, with no fee or penalty. However, such withdrawal shall not adversely affect the legitimacy of the data processing done based on consent given prior to its withdrawal.

Q) Electronic Communications

WvT may send informative emails for similar services provided by WvT (the “Electronic Communicationsʺ) to the Data Subjects whose electronic contact information WvT obtained by providing services when those Data Subjects in question did not object to such use when obtaining their email address.

The Data Subjects also have the option of objecting to such use of their email address, at no cost and simply by (i) clicking on the “unsubscribe” link in each Electronic Communication, or (ii) directly contacting the DPO at the contact information indicated above.

If a Data Subject objects to receiving Electronic Communications, he/she will receive none as soon as he/she has demonstrated his/her opposition thereto by one of the means identified in the preceding paragraph.

This processing is based on WvT’s legitimate interest in informing on its activity and legal news, thus allowing WvT to continue to provide its services and promote its image vis-à-vis Data Subjects.

Any other unsolicited electronic communication not covered in the above provisions shall be effectuated based exclusively on the Data Subject’s consent. Each Data Subject may at any time withdraw his/her consent by contacting the DPO at the above-listed contact information or by any other means established by WvT. However, such withdrawal shall not adversely affect the legitimacy of the data processing done based on consent given prior to its withdrawal.

R) Events and conferences

WvT organizes events, in particular online conferences, organized either directly or through other partners (ʺWvT Events”). When a Data Subject participates in the WvT Events, WvT collects personal data concerning him/her such as his/her identity, contact information as well as the data related to his/her presence at the WvT Event and any other personal data or business information that he/she may spontaneously provide to WvT (such as his/her food preferences) to allow the organization and carrying out of the WvT Event. The Data Subject’s contact information may also be used for sending Electronic Communications using the above-mentioned modalities.

This personal data is processed directly by WvT or by its partners organizing the WvT Event, as applicable.

This personal data is retained for the period necessary for the organisation and completion of the event, with the exception of the identity, contact information and reference of the WvT Event to which the Data Subject was invited or in which he/she participated. That data will be retained for a period of five (5) years starting from the end of the relationship between the Data Subject and WvT.

The Data Subject shall be informed that he/she may appear in photos or videos taken during his/her participation in the WvT Event (the ʺImagesʺ). The Images may be published in paper or digital format via the usual media channels and will be archived internally to document WvT’s history. The Data Subject may oppose the processing of the Images concerning him/her by contacting the DPO at the above-indicated contact information to allow WvT to take the necessary measures, to the extent possible.

The processing in the context of WvT Events is based on the performance of a contract when the Data Subject is registered for a WvT Event, and WvT’s legitimate interests for the rest, in particular the management of invitations and the organization of an event prior to the Data Subject’s acceptance of the WvT Event invitation. WvT’s legitimate interests are its wish to inform and contribute to the education of individuals as well as to bring together its partners and Clients at WvT Events to promote each of them with respect to common values.

S) Your rights

You have the right to:

• information about the processing of your personal Data;
• obtain access to the personal Data held about you;
• ask for incorrect, inaccurate or incomplete personal Data to be corrected;
• request that personal Data be erased when it is no longer needed and there is no legal obligation to retain Data or if processing it is unlawful;
• object to the processing of your personal Data for marketing purposes or on grounds relating to your particular situation (e.g. if we process Data based on legitimate interests and you opinion our legitimate interests do not outweigh your interests, legal rights or freedoms);
• request the restriction of the processing of your personal Data in specific cases (e.g. incorrect Data, deletion);
• receive your personal Data in a machine-readable format and send it to another controller (”Data portability”);
• request that decisions based on automated processing concerning you or significantly affecting you and based on your personal Data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision;
• withdraw at any time any consent given relating to Data processing (see already above under section 3 last paragraph).

To exercise your rights, you should contact us at the contact details provided above in section B. You may be asked to provide information to confirm your identity in order to exercise your rights. Those rights may only be exercised within the limits of the relevant texts, in particular of any contractual or legal obligation. We will not be able to comply with your request in certain circumstances, for example where your request is unlawful, manifestly unfounded, or excessive.

Finally, you have the right to lodge a complaint with the relevant Data Protection Authority, such as the Dutch Data Protection Authority, the Luxembourg National Commission for Data Protection or the Swiss Federal Data Protection and Information Commissioner. You can find the contact details of these authorities on:

T) Changes to this Privacy Policy

WvT reserves the right to update this Privacy Policy at any time. At that time, WvT shall revise the date of the latest update at the bottom of this page. WvT encourages Data Subjects to frequently verify whether changes have been made to this page. WvT has put in place various means for Data Subjects to consult this Privacy Policy and Data Subjects acknowledge and agree that it is their responsibility to regularly review this Privacy Policy and inform themselves of amendments hereto.

Last updated: June 2023

Cookie Policy

This cookie policy (the ʺCookie Policyʺ) applies to the website, marketing/advertising pages on third-party platforms (such as LinkedIn) and to applications accessible or used through those websites which are utilized by or on behalf of WVT (the ʺWvT Websitesʺ)

The purpose of this Cookie Policy is to complete the privacy policy accessible by consulting the following link: [
] and/or the information accessible on third-party platforms concerning the use of cookies.

When consulting the WvT Websites, you may receive cookies pursuant to this Cookie Policy. In this Cookie Policy, you will find information on the type of cookies used as well as on the manner in which they may be accepted or refused, either in their entirety or depending on their type.

What is a cookie?

Cookies are small files or bits of information that may be stored in your computer (or other devices connected to the Internet such as a smartphone or tablet) when you visit the WvT Websites. A cookie generally contains the name of its website of origin, the cookie’s ʺexpiration dateʺ (how long it will stay on your device) and a value, which is generally a randomly-generated unique number.

You can have more information about cookies at

What types of cookies do we use?

The WVT website uses functional cookies. The website automatically generates log files that register the use by you and other users of the website. WVT maintains user data, such as source addresses of pages requested, IP (internet protocol) addresses and domain names, dates and times of page requests, links from other websites and other parameters in the URLs (universal resource locators). These log files and data will be used, on an anonymous basis, for statistical purposes and for improving the Services offered via the WVT website.

In some cases, WVT uses strictly necessary cookies, to ensure that the website is as efficient as possible. If you do not want WVT to use cookies with your browser, the settings on your browser can be changed so that the cookies are deactivated.

If you do not allow the use of cookies and have deactivated the cookies or arranged to have the cookies deactivated, this may have consequences for the ease of use of the WVT website.

Do we use third-party cookies?

The WvT Websites may utilize certain services proposed by third-party websites. More particularly, these include:

• Sharing buttons (LinkedIn, Twitter, Facebook, Email) ;
• Videos shown on the WvT Websites;
• Interactive maps (Google Maps) ;
• Captchas to verify that you are not a bot (Google).

These features use third-party cookies posed directly by their services. We strive to identify those cookies so that you may decide whether or not to accept them. Should you refuse them, it is possible that you will no longer be able to access those services and certain pages on the WvT Websites may not work properly or no longer be accessible. You may indicate your preferences as indicated below.

How can I control or delete cookies?

You may also control or delete cookies via the settings of your Internet browser. Most Internet browsers are set to automatically accept cookies. You may change those settings to block cookies or to alert you when cookies are sent to your device. There are several different ways to manage cookies. Please refer to your browser’s instructions or help service for more on how to adjust or modify its settings.

If you use several devices to access the WvT Websites (for example, your computer, smartphone, tablet, etc.) you should ensure that the browser for each one of those devices is set at the cookie settings you have specified. If you disable the cookies that we use, that may have an impact on your experience as a visitor on the WvT Websites. Do not hesitate to contact us in case of difficulties.

For further information on this Cookie Policy or other technologies, please email us at:

Last updated: June 2023