Privacy Policy

Effective Date: April 11, 2025
Last Updated: April 11, 2025

This Privacy Policy (“Policy”) describes the policies and procedures of LSZ Consultancy, a company duly established and existing under the laws of The Netherlands, with its principal place of business at Horsterweg11-17, 3225 LS Hellevoetsluis – The Netherlands (hereinafter referred to as “LSZ Consultancy”, “we”, “us” or “our”), with respect to the collection, use, retention, disclosure, and protection of personal data processed through its publicly accessible website: https://lsz-consultancy.com (“Website”).

This Policy is issued in accordance with the requirements set forth in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, commonly referred to as the General Data Protection Regulation (GDPR), as well as applicable implementing legislation within The Netherlands.

We are fully committed to safeguarding the privacy rights of individuals and ensuring that their personal data is handled responsibly and lawfully. This Policy is intended to inform visitors, users, and prospective clients (collectively, “data subjects”) of their rights and our obligations as a data controller.

1. Data Controller Identification

Pursuant to Article 4(7) of the GDPR, the entity responsible for determining the purposes and means of processing personal data collected via this Website is:

Name of Data Controller: LSZ Consultancy
Registered Office Address: Horsterweg 11-17, 3225 LSZ Hellevoetsluis – The Netherlands
Email Contact: roy.de.haan@lsz-consultancy.com
Place of Establishment: The Netherlands
Applicable Law: Dutch Data Protection Law and EU GDPR

As the data controller, LSZ Consultancy undertakes to process all personal data in a fair, lawful, transparent, and secure manner.

2. Categories of Personal Data Collected

We only collect personal data that is voluntarily submitted by users through the contact form available on the Website. The types of personal data collected include, but may not be limited to:

• Full name (first and last name);
• Email address;
• Contact telephone number;
• Job title or professional designation;
• Name of employer or associated company.

No user account registration is required or supported by our Website. We do not collect passwords, usernames, or payment information. All data provided is submitted by the user freely and with full knowledge that such submission constitutes consent to processing in accordance with this Policy.

We do not knowingly collect data from individuals under the age of 16. If we become aware that personal data has been inadvertently collected from a minor without verified parental consent, we will promptly delete such data.

3. Purpose and Legal Basis for Processing

We process the personal data collected via our Website for the following specified and legitimate purposes:

• To communicate with prospective clients who submit inquiries through the contact form;
• To provide information about our consultancy services and respond to specific requests;
• To carry out follow-up correspondence where necessary to explore a potential business relationship;
• To perform direct business-to-business (B2B) marketing, including outreach via digital platforms and follow-up;
• To evaluate the performance of our marketing campaigns and site usage via analytic tools.

The legal bases upon which we rely to process personal data include:

• Article 6(1)(f) GDPR – Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by LSZ Consultancy in conducting B2B marketing and business development, provided that such interests are not overridden by the rights and freedoms of the data subject;
• Article 6(1)(a) GDPR – Consent: For certain optional features (e.g., cookie tracking), we may rely on the explicit consent of the user, obtained via a cookie banner or equivalent mechanism.

We do not process special categories of personal data (as defined in Article 9 of the GDPR) and do not engage in automated decision-making or profiling under Article 22.

4. Data Retention Policy

We retain personal data collected through our contact form for no longer than is necessary to fulfill the purposes for which it was collected. Specifically:

• Personal data will be retained for a maximum period of twelve (12) months from the date of last contact or submission;
• At the end of this period, or upon request by the data subject, the personal data will be securely and permanently deleted from our systems, unless legal or regulatory requirements mandate extended storage (e.g., for contractual claims or compliance with accounting obligations).

All retention is done in accordance with Article 5(1)(e) GDPR, which mandates that personal data shall be kept in a form that permits identification of data subjects for no longer than necessary.

5. Use of Cookies and Tracking Technologies

Our Website employs cookies and third-party tracking technologies to enhance user experience, analyze traffic, and support targeted advertising. The cookies in use may include:

• Google Analytics – to collect anonymized information about user behavior and interaction with the Website;
• LinkedIn Ads – to deliver targeted advertisements and track advertising conversion metrics;
• LinkedIn Sales Navigator and RocketReach – for professional networking, contact research, and B2B lead generation.

Users are presented with a cookie banner upon accessing the Website and may accept or manage cookie preferences at any time. All cookie use complies with the ePrivacy Directive (Directive 2002/58/EC) and applicable Dutch regulations.

Cookies may include necessary, analytics, and advertising types, each with defined expiration periods and opt-out mechanisms.

6. Disclosure and International Transfer of Data

LSZ Consultancy maintains a strict policy of non-disclosure of personal data to third parties, except where:

• Disclosure is required by law, court order, or regulatory authority;
• Disclosure is made to third-party service providers acting as data processors under written contracts that bind them to confidentiality and data protection standards equivalent to this Policy.

At the time of this Policy, no cross-border transfers of personal data are made outside the European Economic Area (EEA). Should such transfers become necessary, they will only occur under lawful transfer mechanisms such as:

• Adequacy decisions by the European Commission;
• Standard Contractual Clauses (SCCs) adopted by the European Commission;
• Binding Corporate Rules (BCRs) where applicable.

7. Data Subject Rights

Pursuant to Articles 12 through 23 of the General Data Protection Regulation (GDPR), all individuals whose personal data is processed by LSZ Consultancy (hereinafter “data subjects”) are entitled to exercise the following rights at any time, subject to applicable limitations and conditions:

• Right of Access (Article 15 GDPR): You have the right to request confirmation of whether your personal data is being processed by us, and where that is the case, to obtain a copy of such data together with information about the purposes of processing, categories of data involved, recipients of the data, and other legally required details.
• Right to Rectification (Article 16 GDPR): You have the right to request the correction of inaccurate personal data concerning you, and to have incomplete personal data completed, including by means of providing a supplementary statement.
• Right to Erasure (“Right to be Forgotten”) (Article 17 GDPR): You may request that we delete your personal data, particularly where it is no longer necessary for the purposes for which it was collected, or if you withdraw consent (where applicable), or object to the processing and there are no overriding legitimate grounds.
• Right to Restriction of Processing (Article 18 GDPR): You may request a temporary suspension of processing where:
  • You contest the accuracy of the data;
  • The processing is unlawful and you oppose erasure;
  • We no longer need the data but you require it for legal claims;
  • You have objected to processing pending verification of overriding grounds.
• Right to Object (Article 21 GDPR): You have the right to object, on grounds relating to your particular situation, to processing of your personal data which is based on our legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds which override your interests or rights, or the processing is necessary for the establishment, exercise, or defense of legal claims.
• Right to Data Portability (Article 20 GDPR): Where the processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance.

To exercise any of the rights listed above, please submit a request via email to: roy.de.haan@lsz-consultancy.com.

We will respond to all data subject requests within one (1) calendar month of receipt, in accordance with Article 12(3) GDPR. Where legally permissible, this period may be extended by an additional two months for complex or voluminous requests, in which case the data subject will be informed of the delay and the reasons for it.

8. Data Security

LSZ Consultancy takes the security of your personal data seriously. We implement and maintain appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

These measures include but are not limited to:

• Use of TLS/SSL encryption protocols for data transmission over public networks;
• Role-based access control mechanisms to restrict access to authorized personnel only;
• Regular data protection impact assessments for new tools or processing activities;
• Secure and monitored data storage infrastructure;
• Scheduled audits and vulnerability scans to assess system resilience.

All personnel with access to personal data are bound by strict confidentiality obligations, and undergo regular training in data protection principles and procedures.

9. Automated Decision-Making and Profiling

LSZ Consultancy does not engage in any form of automated decision-making or profiling as defined in Article 22 of the GDPR that would produce legal or similarly significant effects on data subjects.

Should we ever introduce such functionality in the future (e.g., automated lead qualification), you will be notified in advance, and your rights, including the right to obtain human intervention, will be fully respected in accordance with applicable law.

10. Policy Updates

We reserve the right to modify or update this Privacy Policy at our discretion and at any time, to reflect changes in legal obligations, regulatory guidance, or our internal data protection practices.

Whenever we make a significant change to this Policy, we will:

• Update the “Last Updated” date at the top of this document;
• Post a notice of the change on the Website, or notify users directly if required under applicable law

We encourage all users to review this Privacy Policy regularly to remain informed of how we collect, use, and protect your personal data.

11. Supervisory Authority Contact

If you believe that LSZ Consultancy has infringed your data protection rights, you have the right to lodge a complaint with the competent supervisory authority in The Netherlands:

Autoriteit Persoonsgegevens (Dutch Data Protection Authority)
Website: https://autoriteitpersoonsgegevens.nl
Postal Address:
Bezuidenhoutseweg 30,
2594 AV The Hague,
The Netherlands
Telephone: +31 (0)88 1805 250

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or the manner in which your personal data is handled, please contact:

LSZ Consultancy
Principal Office: Horsterwewg 11-17, 3225 LS Hellevoetsluis – The Netherlands
Email: roy.de.haan@lsz-consultancy.com
Website: https://lsz-consultancy.com