BosBoon Expertise Group B.V., hereinafter referred to as BosBoon, processes personal data in the role of the controller as set out in the General Data Protection Regulation (GDPR).

This privacy statement was last modified on May 24, 2018.

1. What personal data do we process?

Personal data concerns all information that allows a natural person (the data subject) to be identified or identifiable. The personal data that we may process from you (i.e. from receiving and storing to customization, forwarding and deletion) include:

  • Basic information such as your first and last name, title, gender, the company where you work or your function;
  • Contact information such as mailing address, (mobile) telephone number or e-mail address;

  • Additional personal data such as identity document, date of birth, nationality and marital status;

  • Financial information, such as your bank account number;

  • Personal data that you give us when you apply to us, such as training and career data;

  • All other personal data that we receive from or about you or which we may obtain ourselves and which we use for the purposes set out below.

2. How do we obtain personal data?

In most cases, we obtain your personal data from your insurer or your insurance broker, for example if these parties give us an assignment to provide expertise, you apply to us, give your business card to us or Information we receive during (telephone) conversations and email contact with you.

In addition, we may also obtain your personal data in other ways, for example from a counterparty or from third parties in the context of a case we treat, via (public) registers (such as the Trade Register of the Chamber of Commerce) or from Public sources and websites.

3. What do we process personal data for?

In All the relationships we enter, personal data is needed to ultimately provide the best possible service and cooperation. We process your personal data for the following purposes:

Expertise work/related services

We only process those data that are necessary for the preparation, execution and rounding (including invoicing) of the relevant expertise assignment (research on cause, determination of damage and/or budgeting of costs, drafting of Expertise reports, services in the context of claims handling).

Complying with legal obligations and (professional) rules

We process personal data in order to comply with legal obligations and regulations and professional rules applicable to experts and claims handlers, such as identification, data verification, administrative requirements or retention periods.

Marketing and business development purposes

In order to maintain and expand our customer base we can contact you with relevant information, publications or invitations. We also do this to maintain the relationship with our partners, suppliers and other relationships.

Participation in our meetings

When registering for one of our meetings we ask for your personal data. We use these to confirm your registration, to keep you informed of the meeting in question, to register your presence and to send you a participation certificate.

Satisfaction Surveys

We think it is important to know what you think of our services. Therefore, after completing an assignment, we may invite you to complete a customer satisfaction survey. After a visit to one of our meetings, we can also send you an invitation to review the relevant meeting.

Access control and security

When you visit one of our offices, we note your name on arrival. In this way we know in a calamity who is a guest with us and we ensure that there are no unauthorized persons in the building.


In order to be able to handle your application on current vacancies, we receive your personal data. We will keep the information you share with us by e-mail or by post up to four weeks after the end of the application process. If we would like to contact you again in the future for a vacancy, we will ask you to allow your personal data to be stored for a longer time. That will be a maximum of one year.

4. On what grounds do we process personal data?

We may only process your personal data if a legal basis exists for that purpose. The above processing operations take place on the basis of one of the following legal bases in the GDPR:

  • For the performance of an agreement;

  • Due to a legal obligation;

  • With your consent;

  • Due to a legitimate interest.

5. With whom do we share personal data?

We may need to share your personal data with third parties. This may include the following cases:

  • To be able to provide our expertise services;

  • To be able to fulfil legal obligations, for example a registration in the Land Registry or a report to a supervisor;

  • Third-party vendors that we enable for processing as described in this privacy statement, such as our ICT suppliers or a translation agency;

  • Third parties involved in hosting or organizing our events;

Third parties to whom we provide your personal data are also responsible for the processing of such data and for compliance with the GDPR. If a third party processes your personal data as a processor on behalf of BosBoon, we will conclude a processing agreement that complies with the requirements of the GDPR.

If one of our external suppliers processes personal data outside the European Economic Area, our written agreement with them will include appropriate measures, usually standard contractual clauses.

6. How long do we keep personal data?

We do not store your personal data for longer than is necessary for the purpose for which we have collected and recorded it.

If there is a statutory retention obligation or a retention period on the basis of professional or behavioural rules, then we will keep those deadlines.

7. How is the personal data secured?

We have taken appropriate technical and organisational measures to prevent misuse, loss, unauthorised access, unwanted disclosure and unauthorized alteration of your personal data.

If you have any questions about the security of your personal data or if you suspect misuse of it, please contact us at

8. What rights do you have?

You can see the personal data we process about you. You have the right to have your personal data changed or even deleted if the data is not (longer) correct, or if the processing is not (longer) justified. You can also restrict processing under certain circumstances, request us to transfer your data or object to the processing. We will assess whether we are able to meet your request under the law. You also have the right to complain to the supervisor (the Dutch Data protection authority).

We may not be able to fulfill your request. For example, because the processing of certain personal data is required to comply with our legal and legal obligations and/or professional requirements or because of other exceptions, such as the rights and freedoms of third parties or the importance of a legal procedure. If we cannot give a hearing to a specific request, we will of course make this motivated to you.

9. Contacting us

If you want to know more or have questions or complaints about our processing of your personal data, you can contact us at

Since we may amend this statement from time to time, we recommend that you periodically review this page so that you are aware of the changes. If we change our privacy statement radically, we will also publish it via a clear message on our website. If we want to use your data for another processing, we will inform you actively.