Privacy Policy | findlawyer.nl

Privacy Policy

Your privacy matters to us. This policy explains how findlawyer.nl collects, uses, and protects your personal data in full compliance with GDPR and Dutch privacy laws.

Effective Date: October 12, 2025
Last Updated: February 11, 2026
Version 2.0

1. Who We Are (Controller Identity)

This website and legal matching service is operated by Leadvise Legal BV ("we", "us", "our"). We are the data controller responsible for your personal data.

Legal Name: Leadvise Legal BV

Website: findlawyer.nl

Registered Address: Eschertoren 8, 2316 ET, Leiden, Netherlands

Chamber of Commerce (KvK): 98899120

General Email: leads@findlawyer.nl

2. Data Protection Officer (DPO)

Based on the nature and scale of our data processing activities, we are not legally required to appoint a Data Protection Officer under Article 37 GDPR. However, all privacy-related inquiries are handled with the same level of care and urgency.

For all privacy matters, contact: leads@findlawyer.nl

3. What Personal Data We Collect and Why

3.1 Legal Help Request Form

What we collect:

  • Required: Full name, email address, legal issue description, preferred location (city/region)
  • Optional: Phone number, additional case details, preferred contact method
  • Special category data: Your legal issue description may contain sensitive information about your health, criminal matters, religious beliefs, or other protected characteristics

⚠️ Important Notice About Sensitive Information:

By submitting the legal help form, you explicitly consent to our processing of any special category personal data (as defined in Article 9 GDPR) that you choose to include in your description. We only process this information to match you with appropriate legal counsel and will never use it for any other purpose without your explicit consent.

Why we collect it (Purpose): To match you with qualified English-speaking lawyers in your area who specialize in your legal matter

Legal basis:

  • Contractual necessity (Article 6(1)(b) GDPR) – to provide our lawyer matching service
  • Explicit consent (Article 9(2)(a) GDPR) – for special category data only

Consequences of not providing data: Without required information (name, email, location, legal issue), we cannot match you with suitable lawyers and cannot provide our service.

Retention period: 12 months from submission date OR until your inquiry is resolved and closed, whichever occurs first. After this period, data is securely deleted.

3.2 Lawyer Matching Algorithm (Automated Decision-Making)

🤖 Automated Processing Notice (Article 22 GDPR):

We use an automated matching algorithm to suggest suitable lawyers based on your legal issue, location, and lawyer availability. This automated process:

  • Analyzes keywords in your legal issue description
  • Matches your location with lawyer practice areas
  • Considers lawyer ratings, availability, and caseload
  • Generates a list of 3-5 recommended lawyers

Your rights: You have the right to request human intervention, express your point of view, and contest any automated decision. Contact privacy@findlawyer.nl to exercise this right. The final decision to engage a lawyer is always yours.

3.3 Newsletter Subscription

What we collect:

  • Required: Email address
  • Optional: Name, legal interests, frequency preference

Purpose: To send you legal tips, updates about our service, and information about Dutch law

Legal basis: Consent (Article 6(1)(a) GDPR)

How to withdraw consent: Click "Unsubscribe" in any email or email privacy@findlawyer.nl

Retention: Until you unsubscribe or withdraw consent

3.4 Contact Form Inquiries

What we collect: Name, email address, message content

Purpose: To respond to your questions and provide customer support

Legal basis: Legitimate interest (Article 6(1)(f) GDPR) – we have a legitimate interest in responding to inquiries about our service

Retention: 12 months from last correspondence

3.5 Website Analytics and Cookies

What we collect:

  • Technical data: IP address (anonymized), browser type, device type, operating system
  • Usage data: pages visited, time spent, click patterns, referral source
  • General location data (city/region level only, derived from IP)

Purpose: To understand how visitors use our site, improve user experience, and optimize our service

Legal basis: Consent (Article 6(1)(a) GDPR) for non-essential cookies; legitimate interest for strictly necessary cookies

Retention: Up to 26 months (Google Analytics default)

Third parties: Google Analytics 4 (see Section 6 for details)

3.6 Partner Lawyer Information

What we collect:

  • Professional details: Name, law firm, bar registration number, practice areas, languages spoken
  • Contact information: Email, phone, office address, website
  • Service data: Lead acceptance rate, response time, client feedback (aggregated and anonymized)

Purpose: To manage our network of partner lawyers and facilitate lawyer-client matches

Legal basis: Contractual necessity (Article 6(1)(b) GDPR)

Retention: Duration of partnership agreement plus 3 years for legal and contractual purposes

3.7 Job Applications

What we collect: Name, email, phone, CV, cover letter, work history, references

Purpose: To evaluate your application and contact you regarding employment opportunities

Legal basis: Legitimate interest (Article 6(1)(f) GDPR) and explicit consent for extended retention

Retention: 4 weeks after position is filled (unless you consent to longer retention for future opportunities)

4. Data Processing Summary Table

Data Category Legal Basis Retention Period
Legal help requests Contractual necessity + Explicit consent (sensitive data) 12 months or until resolved
Newsletter Consent Until unsubscribe
Contact inquiries Legitimate interest 12 months from last message
Analytics/Cookies Consent (non-essential) 26 months
Partner lawyer data Contractual necessity Partnership + 3 years
Job applications Legitimate interest + Consent 4 weeks (or longer with consent)
Financial records Legal obligation 7 years (Dutch law)

5. Who We Share Your Data With

5.1 Partner Lawyers (Independent Controllers)

When you submit a legal help request, we share your contact details and case description with 3-5 matched lawyers. Important: Once we pass your information to a lawyer, that lawyer becomes an independent data controller for any subsequent communication and engagement. Their handling of your data is governed by their own privacy policies.

5.2 Service Providers (Processors)

We work with trusted third-party service providers who process data on our behalf:

  • Web hosting: [Your hosting provider] – servers located in Netherlands/EU
  • Email services: [Your email provider] – for transactional emails and newsletters
  • Analytics: Google Ireland Limited (Google Analytics 4) – with IP anonymization enabled
  • CRM: [Your CRM provider] – for managing inquiries and partner relationships
  • Payment processing: [Your payment provider] – if applicable

All processors are bound by Data Processing Agreements (DPAs) that comply with Article 28 GDPR.

5.3 Legal and Regulatory Authorities

We may disclose your data when required by law, including:

  • Dutch tax authorities (Belastingdienst)
  • Autoriteit Persoonsgegevens (Dutch DPA) upon official request
  • Law enforcement agencies with valid legal orders
  • Courts and tribunals in legal proceedings

5.4 Business Transfers

If Leadvise Legal BV is sold, merged, or undergoes restructuring, your personal data may be transferred to the new owner. You will be notified of any such change, and the new owner will honor the commitments made in this policy (or obtain your fresh consent if needed).

6. International Data Transfers

Your personal data is primarily stored and processed within the European Economic Area (EEA). When we use service providers located outside the EEA (such as Google Analytics with US-based parent company), we ensure appropriate safeguards are in place:

  • EU-US Data Privacy Framework: For transfers to certified US companies
  • Standard Contractual Clauses (SCCs): EU-approved contract terms for international transfers
  • Adequacy decisions: Transfers to countries deemed adequate by the European Commission
  • Technical measures: Encryption in transit (TLS) and at rest, access controls, pseudonymization where possible

For more information about specific safeguards for a particular transfer, contact privacy@findlawyer.nl.

7. How We Protect Your Data

We implement technical and organizational security measures to protect your personal data against unauthorized access, loss, or misuse:

Technical Measures:

  • TLS/SSL encryption for all data in transit
  • Encryption at rest for sensitive databases
  • Secure password policies and multi-factor authentication for staff
  • Regular security patches and updates
  • Firewall protection and intrusion detection systems
  • Regular security audits and vulnerability assessments

Organizational Measures:

  • Access to personal data limited to authorized personnel only
  • Staff training on GDPR and data protection
  • Confidentiality agreements with all employees and contractors
  • Data breach response plan and incident management procedures
  • Privacy by design and by default in all new systems
  • Regular review and update of security policies

Data breach notification: In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours of becoming aware of the breach, as required by Article 33 GDPR.

8. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

8.1 Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and to receive a copy of that data along with information about how we use it.

8.2 Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your personal data when:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent (where processing was based on consent)
  • You object to processing based on legitimate interests
  • The data was unlawfully processed
  • Legal obligations require deletion

Limitations: We may need to retain certain data for legal compliance (e.g., tax records for 7 years) or to establish/defend legal claims.

8.4 Right to Restriction of Processing (Article 18)

You can request that we limit how we use your data while we verify its accuracy or assess your objection to processing.

8.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format (e.g., CSV, JSON) and to transmit it to another service provider.

8.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds that override your interests.

8.7 Right to Withdraw Consent (Article 7(3))

Where processing is based on consent, you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

8.8 Right Not to be Subject to Automated Decision-Making (Article 22)

You have the right to human intervention in automated decisions that significantly affect you, including our lawyer matching algorithm (see Section 3.2).

8.9 Right to Lodge a Complaint

If you believe we have violated your privacy rights, you can file a complaint with:

Autoriteit Persoonsgegevens (Dutch DPA)

Website: autoriteitpersoonsgegevens.nl

Phone: (+31) - (0)70 - 888 85 00

Address: Bezuidenhoutseweg 30, 2594 AV Den Haag, Netherlands

How to Exercise Your Rights

To exercise any of these rights:

  1. Send an email to privacy@findlawyer.nl with the subject line "GDPR Rights Request"
  2. Clearly state which right you wish to exercise
  3. Provide sufficient information to identify you (e.g., email address used for our service)
  4. We may request additional verification to ensure we don't disclose data to unauthorized persons

Response time: We will respond within 1 month. In complex cases, we may extend this by 2 additional months and will inform you of the delay.

Cost: Free of charge, unless your request is manifestly unfounded or excessive (in which case we may charge a reasonable fee or refuse the request).

9. Cookies and Tracking Technologies

9.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience and understand how our site is used.

9.2 Types of Cookies We Use

Strictly Necessary Cookies (No consent required):

  • Session cookies – maintain your session as you navigate the site
  • Security cookies – detect abuse and protect user accounts
  • Load balancing cookies – distribute traffic across servers
  • Cookie consent cookies – remember your cookie preferences

Analytics Cookies (Consent required):

  • Google Analytics 4 – understand visitor behavior, traffic sources, and popular content
  • IP anonymization enabled – last octet of IP addresses is masked

Marketing Cookies (Consent required, if used):

  • Currently, we do not use marketing or advertising cookies
  • If implemented in the future, we will obtain your explicit consent first

9.3 Cookie Consent Management

When you first visit findlawyer.nl, you will see a cookie banner asking for your consent to non-essential cookies. You can:

  • Accept all: Allows all cookies including analytics
  • Reject non-essential: Only strictly necessary cookies will be used
  • Customize: Choose which categories of cookies to allow

Your cookie preferences are stored for 12 months. You can change your preferences at any time by clicking "Cookie Settings" in the website footer or by clearing your browser cookies.

9.4 Browser Controls

You can also control cookies through your browser settings:

  • Most browsers allow you to block or delete cookies
  • Note: Blocking strictly necessary cookies may affect website functionality
  • For instructions, visit your browser's help section

Important: We do not use "cookie walls" that prevent you from accessing the website if you decline non-essential cookies. We do not use pre-ticked boxes for cookie consent.

10. Children's Privacy

findlawyer.nl is intended for adults aged 18 and over. We do not knowingly collect personal data from children under 16 years of age without parental consent, as required by Article 8 GDPR.

If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us immediately at privacy@findlawyer.nl. We will promptly delete such information from our systems.

11. Third-Party Websites and Services

Our website may contain links to external websites, including:

  • Partner lawyer websites
  • Legal resource sites
  • Social media platforms
  • Government websites (e.g., Rechtspraak.nl, Government.nl)

Important: We are not responsible for the privacy practices of third-party websites. When you click a link to leave findlawyer.nl, you should review the privacy policy of the destination website. This Privacy Policy applies only to findlawyer.nl.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our data processing practices
  • New legal requirements or regulatory guidance
  • User feedback and best practices
  • Introduction of new features or services

How we notify you of changes:

  • Material changes: Email notification to registered users, prominent website notice, or pop-up notification
  • Minor changes: Updated "Last Updated" date at the top of this policy

Continued use of our website after changes indicates acceptance of the updated policy. If you disagree with changes, please stop using our service and contact us to exercise your data rights.

Version history: Previous versions of this policy are available upon request at privacy@findlawyer.nl.

13. Legal Framework and Compliance

This Privacy Policy is designed to comply with:

  • General Data Protection Regulation (GDPR) – EU Regulation 2016/679
  • Dutch GDPR Implementation Act (Uitvoeringswet Algemene verordening gegevensbescherming) – national implementation law
  • Dutch Telecommunications Act (Telecommunicatiewet) – regarding cookies and electronic communications
  • Dutch Bar Association Rules – professional confidentiality requirements for legal services
  • ePrivacy Directive – EU Directive 2002/58/EC (pending ePrivacy Regulation)

14. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data practices:

Privacy Inquiries:

📧 Email: leads@findlawyer.nl (preferred method)

📍 Post: Leadvise Legal BV, Eschertoren, 2316 ET, Leiden, Netherlands

🌐 Website: findlawyer.nl

💼 KvK: 98899120

We aim to respond to all privacy inquiries within 48 business hours.

15. Definitions

To help you understand this policy, here are definitions of key terms:

  • Data Controller: The entity that determines the purposes and means of processing personal data (Leadvise Legal BV for this service)
  • Data Processor: An entity that processes personal data on behalf of the controller (e.g., our hosting provider)
  • Data Subject: The individual whose personal data is being processed (you)
  • Personal Data: Any information relating to an identified or identifiable natural person (name, email, IP address, location, etc.)
  • Special Category Data: Sensitive personal data requiring extra protection (health information, criminal records, religious beliefs, etc.)
  • Processing: Any operation performed on personal data (collection, storage, use, sharing, deletion, etc.)
  • Consent: Freely given, specific, informed, and unambiguous indication of your wishes (e.g., ticking an unticked box)
  • Pseudonymization: Processing data so it can no longer be attributed to a specific individual without additional information
  • Anonymization: Irreversible removal of all identifying information

16. Your Acknowledgment

By using findlawyer.nl, you acknowledge that:

  • You have read and understood this Privacy Policy
  • You consent to the collection and processing of your personal data as described herein
  • You understand your rights under GDPR and how to exercise them
  • For special category data submitted in legal inquiries, you provide explicit consent for its processing

If you do not agree with any part of this Privacy Policy, please do not use our website or services.