PRIVACY POLICY AND DATA PROTECTION

This Privacy Policy explains how Nexus Law Firm collects, uses, stores, and protects your personal data. This policy is in accordance with the General Data Protection Regulation (GDPR) and applies to all visitors to our website and all clients who engage our services.

1. CONTROLLER OF PERSONAL DATA

Nexus Law Firm, registered with the Chamber of Commerce in Zwolle under number 99949687, is the controller of your personal data. This means we are responsible for how your data is handled. You can contact us regarding data privacy matters at info@nexuslawfirm.nl.

2. WHAT PERSONAL DATA WE COLLECT

We collect different types of personal data depending on how you interact with us.

If you use our free calculators, we collect the following information: the characteristics of your rental property (size, number of rooms, construction year, location), the amount of rent you pay, the landlord's name, and your initial assessment results. We do not collect your name, email address, or phone number from calculator users unless you voluntarily provide it.

If you visit our website, we collect technical information through standard web server logs: your IP address, the browser type you use, the pages you visit, the time you spend on pages, and any links you click. This information helps us understand how our website is used and to improve our service.

If you request our services by filling out our intake form, we collect the following information: your full name, email address, phone number, your address, your employment situation if relevant, details about your property, copies of your lease agreement, proof of rent payments you have made, information about your landlord, and any special circumstances relevant to your case.

Additionally, if you engage our services, we collect information about the case itself: correspondence with your landlord, copies of any formal letters sent, details of any Huurcommissie proceedings, information about the outcome of your case, and financial information related to fees and payments.

3. WHY WE COLLECT THIS DATA

We collect personal data for specific, legitimate purposes. We use your data to evaluate your case and determine whether we can assist you. We use your information to communicate with you about your case, to conduct negotiations with your landlord on your behalf, and to prepare legal documents and arguments for any Huurcommissie proceedings. We use your data to manage payments and invoicing for our services.

We also use your information for administrative and accounting purposes, including record-keeping as required by Dutch tax and legal requirements. Finally, we use technical information from our website to ensure our systems function properly and to prevent security issues.

4. LEGAL BASIS FOR DATA PROCESSING

We process your data based on several legal grounds. When you engage our services, processing is necessary for the performance of our contract with you. When you are a prospect considering our services, processing is based on our legitimate interest in evaluating whether we can assist you. For tax and accounting purposes, we process data based on our legal obligation to comply with Dutch tax law and accounting regulations.

When you provide consent, such as consent to receive updates about your case or permission to contact your landlord on your behalf, we process data based on that consent. In situations where it is necessary for the establishment, exercise, or defense of legal claims, such as potential disputes over our services, we process data for these legal purposes.

5. HOW LONG WE RETAIN YOUR DATA

We retain your personal data for different periods depending on the context. If we conduct an intake assessment but do not take your case, we retain your information for one month after the assessment, after which it is permanently deleted. If we accept your case, we retain all case-related data for seven years from the conclusion of your case. This seven-year retention period is required by Dutch tax law and Dutch legal professional standards.

Information collected through our website, such as technical data and server logs, is retained for a maximum of twelve months. After twelve months, this information is deleted.

If you make a purchase on our website, such as ordering a contract review or rent increase check, we retain your payment information and the work product for seven years from the date of the transaction.

Specifically, data collected from calculator use but not linked to a case submission is not retained by us. If you use our calculator but do not submit a case, we do not store your calculator results or any information associated with that use. Each time you use the calculator, it operates independently and no permanent record is kept.

6. WHO CAN ACCESS YOUR DATA

Your personal data is only accessed by Nexus Law Firm staff who need it to work on your case. If you have engaged our services, the information is available to the legal professional providing your services, and to administrative staff who handle case management and billing.

Your data is not shared with third parties except in the following circumstances: we share your information with the Huurcommissie when required to file a formal objection or case. We share information with your landlord or his representative when necessary for negotiation. We share information with our accountant for tax and accounting purposes only. We share information with a collection agency if you owe us fees that remain unpaid after fourteen days. We share information with our insurance company if a claim is filed against us related to your case. Finally, we share information when legally required by court order, government agency, or law enforcement.

We do not share your data for marketing purposes. We do not sell your data to data brokers. We do not use your data for any purpose other than those described in this policy.

7. INTERNATIONAL DATA TRANSFERS

All your data is stored on servers located within the European Union. We do not transfer your data to countries outside the EU or to countries that do not have an adequate level of data protection as recognized by the European Commission.

8. DATA SECURITY

We implement multiple security measures to protect your data against unauthorized access, loss, or damage. Your data is stored using encryption (AES-256 standard). Access to your data is restricted to authorized staff members only and requires authentication. We maintain regular backup copies of all data. All computers and servers used to store your data are protected by firewalls and security software. We maintain written security policies and conduct regular security reviews.

However, we cannot guarantee absolute security. No system is completely immune to attacks. You use our services at your own risk regarding security, although we take all reasonable precautions.

9. YOUR DATA RIGHTS

Under the GDPR, you have several rights regarding your personal data. You have the right to request access to your data, meaning we must tell you what data we hold about you. You have the right to request correction of inaccurate data. You have the right to request deletion of your data, subject to legal retention requirements. You have the right to restrict processing of your data in certain circumstances. You have the right to data portability, meaning we must provide your data in a structured, machine-readable format if you request it. You have the right to object to processing of your data in certain situations.

To exercise any of these rights, you must submit a written request to info@nexuslawfirm.nl. Please include your name, the nature of your request, and any case numbers or references we have for your matter. We will respond to your request within 30 days. For access requests, we provide the information at no cost. For additional requests, we do not charge a fee unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.

Please note that certain legal retention requirements mean we cannot delete all data you request deleted. For example, if you request deletion of case files, but we are required by tax law to retain these files for seven years, we will decline that portion of your request. We will explain which data cannot be deleted and why.

10. DATA BREACH NOTIFICATION

If your personal data is compromised due to a security breach, we will notify you of this breach. We are required to notify you without undue delay if the breach poses a risk to your rights and freedoms. We will provide information about the nature of the breach, the data affected, the likely consequences, and the measures we are taking to address the breach and prevent future occurrences.

We will also notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours of discovering the breach, unless we determine the breach poses no risk. We may notify law enforcement authorities if the breach involves criminal activity.

11. COOKIES AND WEB TRACKING

Our website uses basic cookies to maintain your session and remember preferences. These are essential cookies without which our website cannot function properly. We do not use cookies for tracking your behavior across the internet or for marketing purposes.

If we implement additional analytics or marketing cookies in the future, we will update this policy and provide you with the ability to opt out of such tracking before we activate it.

12. THIRD-PARTY SERVICES

We use the following third-party services that may collect or have access to your data: Tally for our intake forms and secure form submission; Gmail for email communication; and basic website hosting. Each of these services has their own privacy policy. When you provide information through Tally, that information is subject to Tally's privacy policy in addition to ours. We have verified that these services comply with GDPR requirements.

13. CHANGES TO THIS POLICY

We may update this Privacy Policy at any time. Any changes will be posted on our website and will take effect immediately. Continued use of our services after changes are posted means you accept the updated policy. We encourage you to review this policy periodically to stay informed about how we protect your data.

14. CONTACT INFORMATION

If you have questions about this Privacy Policy or about how we handle your data, please contact us at info@nexuslawfirm.nl. If you believe we have violated your data protection rights, you can file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at www.autoriteitpersoonsgegevens.nl.