General Terms and Conditions of Fox en Suurenbroek Fiscaal juristen B.V.

Article 1 – Applicability

  1. Wherever ‘general term and conditions’ is referred to below, this is understood to mean these general terms and conditions including the appendix ‘Processing personal data’.
  2. These General Terms and Conditions are applicable to all legal relationships between Fox en Suurenbroek Fiscaal juristen B.V. and to the client which Fox en Suurenbroek Fiscaal juristen B.V. declared these General Terms and Conditions applicable.
  3. The client is deemed to also accept the applicability of these conditions with regard to additional and follow-up instructions to Fox en Suurenbroek Fiscaal juristen B.V.
  4. These General Terms and Conditions are applicable to all associates, employees and other parties who in any way carry out work for, are in the employment of or otherwise affiliated to Fox en Suurenbroek Fiscaal juristen B.V., as well as to all shareholders, directors and authorised representatives of Fox en Suurenbroek Fiscaal juristen B.V.

Article 2 – Instructions

  1. Fox en Suurenbroek Fiscaal juristen B.V. considers all instructions given by clients as given solely to Fox en Suurenbroek Fiscaal juristen B.V., even if it is the explicit or implicit intention that an instruction is to be carried out by a certain person.
  2. The scope of section 7:404 of the Dutch Civil Code, which provides for the case last referred to, and the scope of section 7:407, subsection 2, of the Dutch Civil Code, which attaches joint and several liability in the cases with regard to which two or more persons receive an instruction, are excluded.

Article 3 – Rates; costs; payment; advances

  1. The client owes Fox en Suurenbroek Fiscaal juristen B.V. a fee, as well as reimbursement of costs incurred, in accordance with the usual rates, calculation methods and procedures applicable at Fox en Suurenbroek Fiscaal juristen B.V.
  2. Payments must be made by transfer into the bank account stated on the invoice, within fourteen days of the invoice date.
  3. In the event of failure to pay as referred to in paragraph 2, the client will be in default by operation of law and owe default interest equal to the statutory interest.
  4. All extrajudicial costs incurred by Fox en Suurenbroek Fiscaal juristen B.V. in connection with the collection of a claim against the client will be payable by the client, subject to a minimum of 10% of the outstanding balance.
  5. All costs incurred by Fox en Suurenbroek Fiscaal juristen B.V. in connection with legal proceedings against the client will be at the expense of the client, also insofar as these costs exceed the order to pay the costs of the proceedings, unless the court rules against Fox en Suurenbroek Fiscaal juristen B.V.
  6. Prior to or in order to continue its service provision, Fox en Suurenbroek Fiscaal juristen B.V. is entitled to demand from the client one or more advance payments.
  7. If an invoice is not paid within the payment term, Fox en Suurenbroek Fiscaal juristen B.V. will be entitled to suspend the work for the client. Fox en Suurenbroek Fiscaal juristen B.V. cannot be held liable for any damage caused as a result of this work being suspended.

Article 4 – Intellectual property

  1. All rights with regard to products of the mind developed or used by Fox en Suurenbroek Fiscaal juristen B.V. as part of the execution of the instruction, including advice, methods of operation, (model) contracts, systems, system designs and computer programs, will be vested in Fox en Suurenbroek Fiscaal juristen B.V., insofar as not already vested in third parties.
  2. The client, with or without the help of third parties, is not permitted to multiply, publish or exploit products of the mind, or to record them on data carriers, unless Fox en Suurenbroek Fiscaal juristen B.V. has granted its explicit, prior and written approval.

Article 5 – Hiring third parties

  1. If and insofar as required for the proper execution of an instruction, Fox en Suurenbroek Fiscaal juristen B.V. is entitled to have certain work carried out by third parties.
  2. Fox en Suurenbroek Fiscaal juristen B.V. cannot be held liable for any failures caused by these third parties. The client indemnifies Fox en Suurenbroek Fiscaal juristen B.V. against all third-party claims.
  3. It is possible that persons called in for the execution of an instruction wish to limit their liability in that respect. Fox en Suurenbroek Fiscaal juristen B.V. assumes and, if so required, hereby stipulates that all instructions given to Fox en Suurenbroek Fiscaal juristen B.V. imply the authority to accept such a limitation of liability, also by order of those clients.

Article 6 – Liability

  1. A claim for compensation of any damage or losses must be submitted to Fox en Suurenbroek Fiscaal juristen B.V. no later than three months after the client has discovered or could have reasonably discovered the damage, failing which the right to compensation lapses.
  2. In the event of an incident occurring during the execution of an instruction for which Fox en Suurenbroek Fiscaal juristen B.V. is held liable, this liability will be limited to the amount paid under the professional liability insurance of Fox en Suurenbroek Fiscaal juristen B.V., in the relevant case. An incident as referred to in the previous sentence is understood to include any omissions.
  3. If and insofar as, for whatever reason, no payment is made under the professional liability insurance, each and every liability of Fox en Suurenbroek Fiscaal juristen B.V. will be limited to the amount of the fee received by Fox en Suurenbroek Fiscaal juristen B.V. within the framework of that instruction, or at least for that part of the instruction which the liability applies to, subject to a maximum of €20,000.
  4. Damage and losses are solely understood to mean injury to persons, damage to property and direct financial losses. Fox en Suurenbroek Fiscaal juristen B.V. can never be held liable for indirect damage or losses, including consequential damage, lost profits, missed savings and losses due to business interruptions.
  5. The exclusions of liability described in these General Terms and Conditions also apply to the failure of equipment, software, data files, registers or other resources, none excluded, used by Fox en Suurenbroek Fiscaal juristen B.V. as part of the service provision, as well as to the interception of audio and/or data transmissions by telephone, fax or e-mail. All e-mail, data, audio, fax and telephone traffic and transmissions will be unencrypted, unless the client explicitly requests otherwise in writing.

Article 7 – Third-party claims

  1. The instructions given will be performed for the benefit of the client only. Third parties cannot derive any rights from the contents of the work performed. The client indemnifies Fox en Suurenbroek Fiscaal juristen B.V. against all third-party claims in connection with all work performed by Fox en Suurenbroek Fiscaal juristen B.V. for the client.

Article 8 – Expiry period

  1. Insofar as not otherwise stipulated in these General Terms and Conditions, rights of action of the client, for whatever reason, vis-à-vis Fox en Suurenbroek Fiscaal juristen B.V. in connection with work carried out by the contracted party, will in any event expire one year after the time that the client became aware of or could reasonably have been aware of the existence of these rights.

Article 9 – Obligation to retain

  1. Fox en Suurenbroek Fiscaal juristen B.V. is entitled to remove files and any documents therein from the archives and to destroy them, without prior notification, after 10 years have lapsed since the conclusion of a case dealt with by Fox en Suurenbroek Fiscaal juristen B.V.

Article 10 – Applicable law

  1. The legal relationship between the client and Fox en Suurenbroek Fiscaal juristen B.V. is governed by the laws of the Netherlands. The courts in the Netherlands have exclusive jurisdiction to take cognizance of any disputes between the client and Fox en Suurenbroek Fiscaal juristen B.V.

Article 11 – Filing

  1. The General Terms and Conditions have been drawn up in the Dutch and English language and filed with the Commercial Register of the Chamber of Commerce in Amsterdam under file reference number 34276161. The wording of the conditions in Dutch takes prevalence over the English version. The text of the Dutch general terms and conditions shall prevail over the English text. A digital version of the General Terms and Conditions is available on the website of Fox en Suurenbroek Fiscaal juristen B.V. They are also open for inspection at its offices.

Appendix – Processing personal data

If Fox en Suurenbroek Fiscaal juristen B.V. processes personal data, as defined below, when carrying out the assignment for the client, the terms and conditions below (hereinafter referred to as: ‘Terms and Conditions for Processing Personal Data’) shall apply in addition to the general terms and conditions. In the case of a conflict between the Terms and Conditions for Processing Personal Data and the general terms and conditions excluding the Terms and Conditions for Processing Personal Data, the Terms and Conditions for Processing Personal Data shall prevail.

Article 1 – General

  1. The terms in the Terms and Conditions for Processing Personal Data that are defined in the General Data Protection Regulation (hereinafter referred to as: ‘GDPR’) have the meanings ascribed to them in the GDPR:
    1. personal  data:  all  information  about  an identified or identifiable natural person, as referred to in Article 4 under 1 of the General Data Protection Regulation, which Fox en Suurenbroek Fiscaal juristen B.V. shall process on behalf of the client;
    2. security breach: a failure in or breach of the security of personal data;
    3. data breach: a breach of the security of personal data that leads to a substantial chance of serious adverse consequences, or which has serious adverse consequences, for the protection of personal data, as referred to in Article 33 subsection 1 of the GDPR;
    4. processor: Fox en Suurenbroek Fiscaal Juristen B.V.;
    5. controller: client.

Article 2 – Purposes of processing

  1. The processor will undertake to process personal data in accordance with the Terms and Conditions for Processing Personal Data on the instructions of the controller.
  2. Processing will exclusively take place within the context of the assignment and those purposes that will be determined with further agreement.
  3. The processor will not process the personal data for any other purpose than that which has been determined by the controller.
  4. The processor will not take any independent decisions about the processing of personal data for other purposes, including the provision thereof to third parties and the duration of the storage of data. The control over personal data provided to the processor within the context of the assignment, as well as over the data processed by the processor in that context, rests with the controller.
  5. The personal data to be processed on the instructions of the controller shall remain the property of the controller and/or the data subjects in question.

Article 3 – Obligations of the Processor

  1. The processor guarantees compliance with the applicable legislation and regulations, including in any case the legislation and regulations in the field of protection of personal data, such as the GDPR.
  2. The processor will inform the controller, should it so demand, of the measures taken by it with regard to its obligations under the Terms and Conditions for Processing Personal Data and the GDPR. In addition, the processor will provide the controller with all necessary assistance for the fulfilment of its (statutory) obligations.
  3. The obligations of the processor, which arise from the Terms and Conditions for Processing Personal Data, shall also apply to those persons who process the personal data under the authority of the processor, including but not limited to employees, in the broadest sense of the word.
  4. The processor indemnifies the controller against any claims and procedures from third parties, expressly including regulatory authorities such as the Dutch Data Protection Authority and parties involved, based on or arising from an infringement of the GDPR and/or the Processing personal data terms and conditions by the processor or any third party brought in by it.

Article 4 – Transfer of personal data

  1. The processor may only process the personal data in countries within the European Economic Area. Transfer of personal data to countries outside of the European Union is only permitted with prior written consent from the controller.
  2. If requested, the processor will notify the controller of the country or countries in which the personal data will be processed.

Article 5 – Division of responsibility

  1. The processor is responsible for the processing of the personal data under the Terms and Conditions for Processing Personal Data, which it carries out or has carried out by a third party engaged by it, in accordance with the instructions of the controller.
  2. The controller is responsible for its own processing of personal data, in which the processor is not involved.

Article 6 – Engaging third parties

  1. The processor may make use of a third party within the context of the Terms and Conditions for Processing Personal Data, provided that proper performance of the assignment is required.
  2. If requested, the processor will notify the controller of which third parties are or will be engaged by the processor.
  3. The processor will, in any case, ensure that these third parties assume the same or more stringent obligations as applicable under the Terms and Conditions for Processing Personal Data. The controller is entitled to inspect any agreements involved in this. The processor guarantees proper compliance with these duties by these third parties and is personally liable in the event of mistakes by these third parties for all resulting damages. The processor indemnifies the controller against claims from third parties in connection with this.
  4. The controller can request in writing that the engagement of a third party be discontinued at any time.

Article 7 – Duty to report

  1. In the case of a (suspected) security breach and/or data breach, the processor will inform the controller of this immediately, or no later than within 24 hours after the breach has become known to the processor or a third party engaged by the processor, in response to which the controller will assess whether or not it will inform the parties involved and/or the relevant regulatory body or bodies. The processor guarantees that the information provided is complete, correct and accurate. The duty to report applies regardless of the impact of the breach.
  2. The processor will report the breach to the client by email and telephone.
  3. The controller will subsequently be responsible for fulfilling any (statutory) duties to report. The processor will cooperate with this by providing additional information promptly, if the controller requests this.

Article 8 – Security

  1. Notwithstanding the security measures and standards that the processor and controller may have agreed in another manner, the processor guarantees that is has taken adequate and appropriate organisational measures at all times with regard to the processing of personal data to be carried out, against loss or against any form of unlawful processing.
  2. The security measures include in any case:
    1. measures  to  ensure  that  only  authorised persons have access to the personal data of the controller;
    2. measures whereby the processor exclusively gives employees, representatives and/or third parties access to the personal data of the controller via registered accounts that only give access to the personal data to which access is necessary for the person in question and whereby the use of the accounts is logged properly;
    3. measures to properly protect the personal data of the controller against unintentional or unlawful  destruction,  loss,  modification, storage, access or disclosure;
    4. measures in order to identify weak spots in the security of the personal data of the controller;
    5. measures to safeguard the timely availability of the personal data.
  3. The processor will apply an appropriate and up-to-date security policy at all times in which the technical and organisational security measures are set out. The processor will allow the controller, at its request, to inspect the security policy.
  4. The processor is responsible for compliance with the measures agreed, and to be taken, by the processor and the controller as referred to in the previous subsections of this article.

Article 9 – Handling requests from parties involved

  1. In the event that a party involved wishes to exercise one of its statutory rights and submits a request to this end to the processor, the processor will forward this request to the controller. The controller will subsequently be responsible for the handling of the request. The processor may inform the party involved of this.

Article 10 – Confidentiality

  1. All personal data that the processor receives from the controller and/or collects itself within the context of the assignment is subject to a duty of confidentiality. The processor will not use this information for a purpose other than that which it has received it for, not even if this is presented in such a form that it cannot be traced back to the parties involved.
  2. The processor will not inspect the personal data that it processes for the controller, unless the inspection is explicitly agreed in writing, the inspection is unavoidable or necessary for the provision of the agreed services and the performance of the agreed processing, or if the processor is required to do so in accordance with an authorised order. In such cases, the processor will limit the inspection to the absolute minimum.
  3. A (derivative) right of non-disclosure and a duty of confidentiality is vested in the controller with respect to personal data that it possesses and (possibly) has processed by the processor. The processor is not permitted to supply any information to a third party unless the processor has received explicit written consent for this from the controller, irrespective of a possible action brought by a third party to receive the information.
  4. If the processor, or a third party engaged by it, receives an authorised order from a Dutch or foreign government body, regulatory authority, investigative authority, prosecution authority, national security authority or any other authority that related to personal data of the controller, the processor will not comply with the order before it has informed the controller of the order and has received instructions from the controller, unless the processor is explicitly forbidden to inform the controller of the order. The processor will follow the instructions of the controller when dealing with the order.
  5. If the processor is explicitly forbidden to inform the controller of the order described in the previous subsection, the processor guarantees that it will represent the interests of the controller as well as possible. To this end, the processor will in any case:
    1. carry out a thorough legal review (or have it carried out), in which it will be assessed whether the processor is actually obliged to comply  with  the  order  and  whether  the processor   is   actually   forbidden   from informing the controller of the order;
    2. lodge  an  objection  against  the  order,  if possible, or against the ban on informing the controller of the request or order;
    3. only comply with the order if it has been established that it is actually obliged to do so; never provide more personal data to the authority concerned than is strictly necessary given the authorised order;
    4. immediately inform the controller, as soon as the processor is allowed to do so.
  6. The processor will contractually require its employees who are involved in the processing of personal data, as well as all third parties engaged by the processor, to preserve the confidentiality of all the personal data of the controller, and will properly instruct them with regard to the secrecy and confidentiality of the personal data in question.

Article 11 – Audit

  1. The controller is entitled to have audits conducted by an independent third party that is bound to secrecy in order to check compliance with all points under these terms and conditions and everything that is associated with this.
  2. The controller can have this audit conducted once every year, or more often if there is a concrete suspicion of misuse of personal data.
  3. The processor will cooperate with the audit and provide all information and employees that are reasonably relevant to the audit as soon as possible.
  4. The findings arising from the audit conducted will be assessed by the processor and the controller in joint consultation and, in response to this, will or will not be implemented by the processor and/or the controller.
  5. The costs of the audit will be borne by the one who incurs the costs. The costs of the audit will, however be borne by the processor if it turns out work was not performed in accordance with the Terms and Conditions for Processing Personal Data, and/or mistakes were discovered in the findings, which must be attributed to the processor.

Article 12 – Duration

  1. The Terms and Conditions for Processing Personal Data apply to the same period as the assignment or, failing that, for the duration of the processing of personal data by the processor.
  2. The Terms and Conditions for Processing Personal Data may only be amended in writing by mutual agreement.
  3. In the event of termination of the assignment, the processor will provide all personal data at the request of the controller in the manner and in the format that controller desires and, if requested, arrange for the destruction of the personal data. Where applicable, the processor will instruct any third parties engaged by it to do the same and monitor compliance with these instructions.
  4. The processor and controller will cooperate fully with amending the Terms and Conditions for Processing Personal Data and making them suitable for any new or changing privacy legislation.