General Provisions

This Personal Data Processing Policy (hereinafter referred to as the “Policy”) is drafted in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation, GDPR) and defines the procedure for processing personal data and the measures to ensure their security undertaken by Engelbertink Law (hereinafter referred to as the “Controller”).

1.1. The Controller aims to respect the rights and freedoms of individuals when processing their personal data, including the right to privacy and the protection of personal and family data.

1.2. This Policy applies to all information that the Controller may obtain about visitors to the website http://engelbertink-consult.com/


Key Definitions

2.1. Personal Data — any information relating to an identified or identifiable natural person.
2.2. Processing of Personal Data — any operation or set of operations performed on personal data, including collection, recording, systematization, storage, modification, use, deletion, and transfer.
2.3. Data Subject — a natural person to whom the personal data relates.
2.4. Controller — a legal entity that determines the purposes and means of processing personal data.
2.5. Confidentiality of Personal Data — the obligation not to disclose or disseminate personal data to third parties without the consent of the data subject.
2.6. Cross-Border Transfer of Personal Data — the transfer of personal data to the territory of a foreign state.


Rights and Obligations of the Controller

The Controller is obliged to:

• ensure the lawfulness and transparency of personal data processing;
• comply with GDPR requirements when processing personal data;
• implement appropriate technical and organizational measures to protect personal data;
• notify data subjects of personal data security breaches in accordance with applicable law.

Rights of Data Subjects

Data subjects have the right to:

• access their personal data;
• rectification of inaccurate data;
• erasure of data (the “right to be forgotten”);
• restriction of processing;
• data portability;
• object to processing;
• withdraw consent at any time;
• lodge a complaint with a supervisory authority.

Personal Data Processed by the Controller

The Controller may process the following personal data:

• First and last name;
• Contact information (phone number, email address);
• Transaction and contract data;
• Anonymized data (cookies, IP address, etc.) collected through analytics tools.

Purposes of Data Processing

• Provision of consulting and legal services;
• Communication with users and informing them about the progress of service delivery;
• Analytics, service quality improvement, and website content optimization;
• Compliance with regulatory and legal requirements.

Legal Grounds for Processing

• Consent of the data subject;
• Necessity for the performance of a contract;
• Compliance with legal obligations;
• Legitimate interests of the Controller that do not override the rights of data subjects.

Conditions of Processing and Storage

• Personal data is stored no longer than necessary for the purposes for which it was collected;
• Access to personal data is restricted and protected by technical and organizational measures;
• Transfer of personal data to third parties is carried out only on lawful grounds and in accordance with GDPR;
• Personal data may be transferred abroad provided that an adequate level of data protection is ensured.

Data Subject Requests and Policy Updates
Any requests related to the processing of personal data may be sent to the following email address: support@engelbertinklaw.com
The current version of this Policy is published at: http://engelbertink-consult.com/
Last updated: 01 June 2025.