Privacy Policy

1. Introduction

InitLabs (“we”, “us”, “our”) is an IT staffing company registered in the Netherlands, located at Kelvinstraat 34A, 6601HE Wijchen. We connect businesses with skilled IT professionals through staffing, talent placement, team extension, project-based staffing, and direct hire services.

This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with the General Data Protection Regulation (GDPR) and the Dutch implementation of the GDPR (Uitvoeringswet AVG). It applies to all individuals whose data we process, including website visitors, IT professionals (candidates), and clients.

By using our website or engaging with our services, you acknowledge that you have read and understood this Privacy Policy.

2. Data We Collect

We collect and process different categories of personal data depending on your relationship with InitLabs.

Website Visitors

• Technical data: IP address, browser type, device information, operating system
• Usage data: pages visited, time spent on pages, referral source
• Cookie data: preferences, session identifiers, analytics data
• Contact form submissions: name, email address, phone number, message content

IT Professionals and Candidates

• Identity data: full name, date of birth, nationality
• Contact data: email address, phone number, residential address
• Professional data: CV/resume, portfolio, work history, education, certifications, technical skills, and competencies
• Preference data: desired role types, availability, location preferences, remote work preferences
• Financial data: salary expectations, rate information, payment details (when engaged)
• References: contact details of professional references (with their consent)
• Communication records: correspondence related to placements and engagements

Clients

• Company data: company name, registration number (KvK), VAT number, address
• Contact person data: name, job title, email address, phone number
• Project data: technical requirements, team composition needs, project descriptions
• Financial data: billing information, payment history
• Communication records: correspondence related to staffing engagements

3. Purpose of Processing

We process personal data for the following purposes:

• Talent matching and placement: To match IT professionals with suitable client opportunities based on skills, experience, preferences, and requirements.
• Service delivery: To manage and administer staffing engagements, contracts, and ongoing relationships between professionals and clients.
• Communication: To respond to enquiries, provide updates on opportunities, and maintain professional relationships.
• Recruitment: To build and maintain our talent pool, assess candidate suitability, and facilitate the hiring process.
• Financial administration: To process payments, generate invoices, and comply with tax and accounting obligations.
• Website operation: To ensure the functionality, security, and improvement of our website.
• Analytics: To understand how our website and services are used, enabling us to improve our offerings.
• Legal compliance: To comply with applicable laws, regulations, and legal processes.

4. Legal Basis for Processing

We process personal data based on the following legal grounds under Article 6 of the GDPR:

• Consent (Art. 6(1)(a)): Where you have given explicit consent, such as subscribing to communications, submitting your CV, or accepting cookies. You may withdraw consent at any time.
• Contractual necessity (Art. 6(1)(b)): Where processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract, such as processing your application for a staffing engagement.
• Legitimate interest (Art. 6(1)(f)): Where processing is necessary for our legitimate business interests, such as maintaining our candidate database, improving our services, and marketing our services to business contacts. We always balance our interests against your rights and freedoms.
• Legal obligation (Art. 6(1)(c)): Where processing is necessary to comply with a legal obligation, such as tax reporting, employment law requirements, or responding to lawful requests from authorities.

5. Data Sharing

We may share personal data with the following categories of recipients:

• Clients: When matching IT professionals with opportunities, we share relevant professional information (such as skills, experience, and availability) with prospective clients. We only share data necessary for the matching process, and we inform professionals before sharing their details with a specific client.
• IT Professionals: We may share relevant client and project information with professionals to facilitate the matching process.
• Service providers: We work with trusted third-party service providers who process data on our behalf, including hosting providers, email services, CRM systems, and accounting software. These providers are bound by data processing agreements.
• Professional advisors: We may share data with our legal, financial, or tax advisors where necessary.
• Authorities: We may disclose personal data to government authorities, regulators, or law enforcement when required by law or in response to valid legal processes.

We do not sell personal data to third parties. We do not transfer data outside the European Economic Area (EEA) unless adequate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

• Website visitor data: Analytics and cookie data is retained for up to 26 months. Contact form submissions are retained for up to 12 months after the enquiry has been resolved.
• Candidate data: Professional profiles and CV data are retained for up to 2 years after your last interaction with us. If you are placed in an engagement, data is retained for the duration of the engagement plus 2 years. You may request earlier deletion at any time.
• Client data: Data related to active business relationships is retained for the duration of the relationship plus 7 years for financial and tax records, as required by Dutch law.
• Contract and financial records: Retained for 7 years after the end of the financial year in which the contract ended, in accordance with Dutch fiscal retention requirements.

After the applicable retention period, personal data is securely deleted or anonymised.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may request correction of inaccurate or incomplete data.
• Right to erasure: You may request deletion of your personal data, subject to legal retention obligations.
• Right to restrict processing: You may request that we limit how we use your data in certain circumstances.
• Right to data portability: You may request to receive your data in a structured, commonly used, and machine-readable format.
• Right to object: You may object to the processing of your data based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at contact@initlabs.nl. We will respond to your request within 30 days.

If you believe that we have not handled your data correctly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). You can reach them at autoriteitpersoonsgegevens.nl or by phone at +31 (0)70 888 8500.

8. Cookies

Our website uses cookies to ensure proper functionality and to improve your experience. We use the following types of cookies:

• Strictly necessary cookies: Required for the website to function correctly. These cannot be disabled.
• Analytics cookies: We use analytics tools to understand how visitors interact with our website. This data is anonymised where possible and helps us improve our services.
• Functional cookies: These remember your preferences (such as language or cookie consent) to enhance your browsing experience.

When you first visit our website, you will be asked to consent to non-essential cookies. You can change your cookie preferences at any time through your browser settings or our cookie consent tool.

9. Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it, including:

• Encryption of data in transit (TLS/SSL) and at rest where applicable
• Access controls limiting data access to authorised personnel only
• Regular security assessments and updates of our systems
• Secure hosting within the European Union
• Employee awareness and training on data protection
• Incident response procedures to handle data breaches promptly and in accordance with GDPR requirements

While we strive to protect your personal data, no method of transmission or storage is completely secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email or through a prominent notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

InitLabs
Kelvinstraat 34A
6601HE Wijchen
The Netherlands

Email: contact@initlabs.nl
Phone: +31 (0)6 539 476 47

Last updated: 8 April 2026