Privacy Policy

Stichting Environment and Fundamental Rights



Your privacy is important to Stichting Environment and Fundamental Rights. This Privacy Policy explains how we collect, use, and process your personal data, and how we comply with our legal obligations. We are committed to protecting and safeguarding your data privacy rights and comply with the General Data Protection Regulation (EU 2016/679), the “GDPR”.

We also comply with the Brazilian Lei Geral de Proteção de Dados (Lei n. 13.853, 2019) and the Peruvian Ley de Protección de Datos Personales.

The term “Personal Data” means any information relating to you, who can be identified, directly or indirectly, by reference to other information that we have access to.

FAQs surrounding data and privacy:

The information described below is in addition to any personal data we are required by law to process in any given situation.

CLIENT DATA: When joining a litigation case, we may collect contact and identity details such as name, telephone number, email, postal addresses, date of birth, payment details, tax residence information, copies of photo identifications such as your driving license and/or passport/identity card, information about nationality/citizenship/place of birth, your national identification number, identity verification documents and signature in order to comply with our legal and regulatory obligations.

We may also collect special categories of more sensitive data such as health, physical and mental health information, depending on the necessity of the legal case.

Where relevant, we may also hold additional information that someone in your organisation has chosen to disclose to us.

If we need any additional personal data for any reason, we will inform you.

SUPPLIER DATA: We may collect your contact details or the contact details of individuals within your organisation (such as names, telephone numbers, email and/or postal addresses). Depending on the circumstances, we may also collect bank details for payment purposes.

WEBSITE USERS: We collect a limited amount of data from our website users which we use to help us  improve your experience when using our website and to help us manage the services we provide. This includes information such as how you use our website, including the time and duration of your visit, your CPU speed, the operating system/platform you are using, the frequency with which you access our website, your browser type, the location you view our website from, and the language you choose to view it in.  We may record site traffic patterns, “clickstreams”, and the times that our website is most popular. If you contact us via the website, we will collect any information that you provide to us, for example, your name and/or contact details. We may use that information to assess and respond to your application or enquiry.

We collect personal data through the website in two ways:

  • Personal data that we receive directly from you.
  • Personal data that we collect automatically when you use our website.

DIRECTLY FROM YOU: We receive personal data directly from you

  • Where you contact us proactively, usually via an online form, by phone or email; and/or
  • Where we contact you, whether by phone, email or any other form of communication.

WEBSITE USERS: When you visit our website, there is certain information that we may automatically collect, whether or not you decide to use our services. This includes your IP address, the date and the times and frequency with which you access the website and the way you browse its content. We will also collect data from you when you contact us via our website, for example, when you submit a query.

We collect your data automatically via cookies, in line with cookie settings in your browser. You can also opt out of non-essential cookies through the cookies settings on our homepage.

The personal data that we collect is utilised to enhance our professional relationship with you. These are our legal bases for processing data under arts. 6 and 9 of the GDPR, and under the LPDP and the LGPD.

USING CLIENT DATA: Below are the various ways in which we use your data in order to ensure the smooth running of our agreements and dealings with you:

  1. Professional services activities – Processing your data in order to store your details (and updating them when necessary) on our database, so that we can contact you in relation to our relevant activities; and keeping records of our conversations and meetings, so that we can provide targeted services to you and in order to comply with our legal and regulatory obligations.

We may use your personal data for these purposes if we deem this to be necessary for our legitimate interests.

  1. To help us to establish, exercise or defend legal claims – We may use your personal data to help us to establish, exercise or defend legal claims.
  2. For the performance of a contract – If you have entered into a contractual agreement with us, we will need to process your personal data in order to fulfil our contractual obligations. We note that the processing is limited to what is necessary for the contract’s performance.

In order to facilitate the pursuit of legal claims and the performance of any contracts you have with the Stichting, your data may be shared with PGMBM B.V. Nederland and PGMBM Law Limited t/a Pogust Goodhead. The Stichting will ensure that any disclosure is done in accordance with appropriate safeguards to protect the confidentiality and privacy of your data.

Additionally, the Stichting may share your data with third parties, including defendants to any lawsuit which you have assigned to the Stichting, in view of legal proceedings or negotiations on a settlement.

USING SUPPLIER DATA: We will only use your information:

  1. To store (and update when necessary) your details on our database, so that we can contact you in relation to our agreements or our dealings with you;
  2. To facilitate our payroll and invoicing processes, for example, in relation to consultants or self-employed contractors; and
  3. To us to establish, exercise or defend legal claims.


We can process your data where it is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights or freedoms, which require protection of personal data. These interests were identified by carrying out a Legitimate Interests Assessment.

You have the right to object to us processing your personal data on this basis. If you would like to know more about how to do so, please contact


To ensure that we provide you with the best service possible, we use and store your personal data and/or the personal data of individual contacts at your organisation as well as keeping records of our conversations and meetings.

We think this is reasonable – we deem these uses of your personal data to be necessary for our legitimate interests in order to carry out our business activities.

We have to make sure our business runs smoothly, so that we can carry on providing services. We therefore also need to use your data for our internal administrative activities, such as invoicing where relevant.

We have our own obligations under the law, which is a legitimate interest of ours to insist on meeting. If we believe in good faith that it is necessary, we may therefore share your data in connection with crime detection or tax collection.


We use and store the personal data of individuals within your organisation in order to facilitate the receipt of services from you as one of our suppliers. Where you are a sole trader, we also hold your financial details, so that we can pay you for your services.

We deem all such activities to be necessary within the range of our legitimate interests as a recipient of your services.


In certain circumstances, we are required to obtain your consent to the processing of your personal data in relation to certain activities. Depending on exactly what we are doing with your information, this consent will be opt-in consent or soft opt-in consent. In all cases where we rely on consent:

  1. You have to give us your consent freely, without us putting you under any type of pressure; and
  2. You have to know what you are consenting to – so we’ll make sure we give you enough information.

We will keep records of the consents that you have given in this way.

In some cases, we will be able to rely on soft opt-in consent. We are allowed to market products or services to you which are related to the services we provide as long as you do not actively opt-out from these communications.

As we have mentioned, you have the right to withdraw your consent to these activities. You can do so at any time by emailing


We also have legal and regulatory obligations that we need to comply with.

If we believe in good faith that it is necessary, we may share your data in connection with crime detection or tax collection.

We also may share your data with regulatory agencies or other relevant bodies in order to comply with our regulatory obligations.

We will keep records of your personal data (including personal data contained in communications and calls) in accordance with our legal and regulatory rights and obligations.


We can process your data where we are carrying out necessary steps in relation to a contract to which you are party or prior to you entering into a contract, for example, because you wish to instruct us to carry out legal services for you.


Sometimes it may be necessary for us to process personal data and, where appropriate and in accordance with local laws and requirements, sensitive personal data, in connection with exercising or defending legal claims.

This may arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.

Where appropriate and in accordance with local laws and requirements, we may share your personal data, in various ways and for various reasons, with the following categories of people:

  • Where needed for the purposes of pursuing a legal claim on your behalf, we will share data with law firms, including PGMBM Nederland B.V. and PGMBM Law Limited t/a Pogust Goodhead;
  • Tax, audit, regulatory bodies or other authorities, when we believe in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority, in connection with any anticipated litigation or in compliance with our legal and regulatory obligations);
  • Third party service providers (including suppliers) who perform functions on our behalf (including benefit providers such as pension providers, private medical insurance, dental insurance and childcare providers, external consultants, business associates and professional advisers such as lawyers, auditors and accountants, transport and distribution suppliers, technical support functions and IT consultants carrying out testing and development work on our business technology systems);
  • Third party outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protections) in place;
  • Marketing technology platforms and suppliers (cookie data only); and
  • If the Stichting merges with or is acquired by another business or company in the future, we may share your personal data with the new owners of the business or company (and provide you with notice of this disclosure).

We do not sell any personally identifiable information provided to us to any unrelated third party, but, as set out above, we may share it with related entities or with unrelated third parties in connection with our own marketing activities or the maintenance and operation of our site, or as may be legally required. Please do not to send confidential or sensitive information to us through this site.

We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of necessary technical and organisational measures including but not limited to encrypted systems, to hold your personal data securely in both electronic and physical form.

All our Partners, staff, third party services and cross borders who have or may have access to your personal data, are instructed and subjected to confidentiality obligations. We take all the appropriate measures to maximally secure personal information and to deal with any suspected data breach.

We will ordinarily process your data throughout the course of our interactions and will then generally retain it for an appropriate amount of time after we have parted ways, depending on local law requirements, type of data in question, any overarching legal and regulatory requirements, and our legitimate business and risk-management needs. We may, for example, be required to retain certain data for the purposes of tax reporting or responding to tax queries.  In other instances, there may be some other legal, regulatory or risk-management requirements to retain data, including where certain data might be relevant to any potential litigation (bearing in mind relevant limitation periods).

In determining the appropriate retention period for various types of personal data, in addition to ensuring that we comply with our legal, regulatory and risk-management obligations, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we need to process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

You retain various rights in respect of your data, even once you have given it to us. These are described below:

  • Right to be informed
  • Right to access*
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights in relation to automated decision making and profiling

*Right to access: This right enables you to ask us to confirm what information we hold about you at any time, and request us to modify, update or delete such information. This is called Data Subject Access Request (SAR). We may ask you to verify your identity and for more information about your request. The SAR has no costs for you, unless your request is “manifestly unfounded or excessive”. If you request further copies of this information from us, we may charge you a reasonable administrative cost where legally permissible. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will always tell you the reasons for doing so.

To get in touch or exercise any of these rights, please contact our Data Protection Officer, at We will seek to deal with your request without undue delay, and in any event within one month of receiving it (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.

In order to provide you with the best service and to carry out the purposes described in this Privacy Policy, your data may be transferred:

  • to third parties (such as regulatory authorities, advisers or other suppliers to the Stichting)
  • to overseas suppliers; and
  • to a cloud-based storage provider.

We want to make sure that your data is stored and transferred in a way which is secure. We will therefore only transfer data outside of the European Economic Area (EEA) and the United Kingdom where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:

  • by way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by data controllers in the UK or EEA to data controllers and processors in jurisdictions without adequate data protection laws;
  • transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation;
  • where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer data outside the EEA in order to meet our obligations under that contract if you are a client of ours); or
  • where you have consented to the data transfer.

To ensure that your personal information receives an adequate level of protection, we have put in place appropriate procedures with the third parties we share your personal data with, to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the laws on data protection.


Cookies are small text files that can be used by nearly all websites to make a user’s experience more efficient. It allows the website to recognise that user’s device and store some information about the user’s preferences or past actions.


This website uses cookies. We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

Your consent applies to the domain [], and you can at any time change or withdraw your consent from the Cookie Declaration on our website.

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies. color: black
Name Provider Purpose Expiry Type
__cfduid Used by the content network, Cloudflare, to identify trusted web traffic. 29 days HTTP
CookieConsent Cookiebot Stores the user’s cookie consent state for the current domain 1 year HTTP

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Name Provider Purpose Expiry Type
_ga Google Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 2 years HTTP
_gat Google Used by Google Analytics to throttle request rate 1 day HTTP
_gid Google Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 1 day HTTP

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
Name Provider Purpose Expiry Type
ads/ga-audiences Google Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor’s online behaviour across websites. Session Pixel
Cookie Description Duration Type
__adal_ca This cookie is set by Adalyser for analytics and stores which TV advertising campaign was used. 6 months Advertising
__adal_cw This cookie is set by Adalyser for analytics and ties back conversion events to earlier visits. The data collected is date and time of last visit. 1 week Advertising
__adal_id This cookie is set by Adalyser for analytics and identifies the device used to access the website. The data collected is a device id (generated). Session Advertising

If you have any questions about this privacy policy or how we handle your personal information, please contact us at

As a data subject, you are entitled to contact a Data Protection Authority if you have enquiries, concerns, or complaints regarding the processing of your data: