Dunia Brackeniers holds a Master of Law from UCLouvain, and a specialised Master’s degree in Intellectual Property and ICT Law from KU Leuven. Her areas of interest include Data, Privacy, AI, IP/ICT and business law. Alongside her legal studies, she completed a Bachelor’s degree in music at the Royal Conservatory of Namur, illustrating a diverse background combining legal and artistic training. Dunia speaks French, English and has a good command of Dutch.
Skip to Content

Our Privacy Policy

Last updated: the 8th of May 2026

1. Introduction

KaizenLaw (hereinafter "we", "us", or "our") is a Belgian law firm specialising in legal insourcing services. We are committed to protecting the privacy and personal data of visitors to our website https://www.kaizenlaw.eu (hereinafter the "Website") and of individuals who engage our legal services. This Privacy Policy explains who we are, how we collect, store, share, and use your personal data, and how you can exercise your privacy rights.

This Privacy Policy is drafted in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the "General Data Protection Regulation" or "GDPR").

2. Data Controller

The controller responsible for the processing of your personal data is:

​KAIZENLAW

​Charlotte De Raef SRL

​N° BCE : BE0758.448.146

​Hertstraat 38, 3090 Overijse

​cdr@kaizenlaw.eu

(hereinafter the "Data Controller")

3. Personal Data We Collect

Our Website is primarily an informational ("showcase") website that presents the legal services and areas of expertise offered by KaizenLaw. We collect personal data only when you voluntarily provide it to us through our contact form or by other means of communication made available on the Website.

3.1. Data Provided via our Contact Form

When you submit a message through our contact form, we collect the following personal data:

·        First name

·        Last name

·        Email address

·        Telephone number

·        The content of your message

This data is collected solely for the purpose of responding to your enquiry and is processed only with your consent, which you provide by voluntarily submitting the contact form.

3.2. Data Collected Automatically

When you visit our Website, certain technical data are collected automatically through strictly necessary cookies (see Section 9 below). This includes:

  • The user's active session identifier
  • Display language preference
  • Time zone setting
  • Cookie consent choice

4. Purposes and Legal Bases for Processing

4.1. Responding to Your Enquiries

Purpose: To respond to messages submitted through our contact form, including providing information about our legal services and scheduling consultations.

Legal basis: Your consent (Article 6(1)(a) GDPR), which you provide by voluntarily submitting the contact form. You may withdraw your consent at any time by contacting us at the address indicated in Section 13 below.

4.2. Website Operation and Security

Purpose: To ensure the proper functioning and security of our Website, including diagnosing technical issues.

Legal basis: Our legitimate interest (Article 6(1)(f) GDPR) in maintaining a secure and functional Website.

4.3. Website Analytics and Optimisation

Purpose: To analyse how visitors use our Website in order to improve its performance and user experience.

Legal basis: Your consent (Article 6(1)(a) GDPR), provided via the cookie consent banner displayed upon your first visit to the Website. You may withdraw your consent at any time by adjusting your cookie preferences (see our Cookie Policy[DB1] ).

4.4. Pre-contractual and Contractual Processing

Purpose: To take steps at your request prior to entering into a contract for legal services, including assessing your legal needs, preparing engagement letters, and onboarding you as a client in the context of our legal insourcing services.

Legal basis: The processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract (Article 6(1)(b) GDPR).

4.5. Compliance with Legal Obligations

Purpose: To comply with legal and regulatory obligations applicable to us as a law firm, including anti-money laundering legislation, professional ethics rules, and tax obligations.

Legal basis: The processing is necessary for compliance with a legal obligation to which we are subject (Article 6(1)(c) GDPR).

5. Recipients of Personal Data

We do not sell, rent, or trade your personal data to third parties.

Your personal data may be shared with the following categories of recipients, solely to the extent necessary for the purposes described in this Privacy Policy:

·        Lawyers and staff of KaizenLaw, who require access to your data in order to respond to your enquiry and provide legal services

·        IT service providers and hosting providers (including Odoo S.A., which hosts our Website), acting as data processors on our behalf

·        Regulatory or judicial authorities, where we are required to disclose personal data by law or in connection with legal proceedings

All third-party recipients are required to process your personal data in accordance with applicable data protection laws and only for the purposes specified by us. In all cases, the sharing of personal data is subject to our professional obligation of confidentiality as lawyers.

6. International Data Transfers

Your personal data is primarily processed within the European Economic Area ("EEA"). In the event that your personal data is transferred to a country outside the EEA, we will ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR, including but not limited to:

·        An adequacy decision by the European Commission

·        Standard contractual clauses adopted by the European Commission

·        Any other appropriate safeguard recognised under the GDPR

7. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. The specific retention periods are as follows:

·        Contact form data: Your personal data submitted through the contact form is retained for a maximum of one (1) year from the date of your last communication with us, unless a client relationship is established, in which case the data is retained in accordance with our professional obligations

·        The logs: 13 months from their creation;

·        Your IP address : 24 hours

·        Cookie data: See our Cookie Policy [DB2] for specific retention periods applicable to cookies

At the end of the applicable retention period, your personal data will be securely deleted or anonymised.

8. Your Rights Under the GDPR

In accordance with the GDPR and applicable Belgian data protection legislation, you have the following rights with respect to your personal data:

·        Right of access: You have the right to obtain confirmation as to whether your personal data is being processed and, if so, to access that data and receive a copy thereof

·        Right to rectification: You have the right to request the correction of inaccurate personal data and the completion of incomplete personal data

·        Right to erasure: You have the right to request the deletion of your personal data where, inter alia, the data is no longer necessary for the purposes for which it was collected, or you withdraw your consent

·        Right to restriction of processing: You have the right to request the restriction of the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data

·        Right to data portability: Where processing is based on consent and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller

·        Right to object: You have the right to object to the processing of your personal data where such processing is based on our legitimate interests, on grounds relating to your particular situation

·        Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out prior to the withdrawal

To exercise any of these rights, please contact us using the details provided in Section 13 below. We will respond to your request within one (1) month from receipt, in accordance with the GDPR.

If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the Belgian Data Protection Authority:

Autorité de protection des données

Rue de la Presse 35, 1000 Brussels, Belgium

Telephone: +32 (0)2 274 48 00

Email: contact@apd-gba.be

Website: www.dataprotectionauthority.be

9. Cookies and Similar Technologies

Our Website uses strictly necessary cookies to ensure its proper functioning. A cookie is a small text file placed on your device (e.g., computer, smartphone) when you access our Website.

These cookies are technically required for the provision of the service and are therefore placed without prior consent. As our Website does not use any non-essential cookies (such as analytical, functional, or marketing cookies), no cookie consent mechanism is required. For more information, please refer to our Cookie Policy.

10. How We Keep Your Data Secure

We use appropriate technical and organisational measures to protect the personal data that we collect and process.

While we take all reasonable precautions to protect your personal data, please be aware that no method of transmission over the internet or method of electronic storage is entirely secure. We cannot guarantee the absolute security of your data.

11. Updates to this Privacy Policy

We may update this Privacy Policy from time to time in response to legal, regulatory, or operational developments. When we update this Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make.

You can see when this Privacy Policy was last updated by checking the date indicated at the top of this document.

12. Governing Law and Jurisdiction

This Privacy Policy is governed by and construed in accordance with Belgian law. The courts of Belgium shall have exclusive jurisdiction over any dispute arising out of or in connection with this Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please do not hesitate to contact us:

KaizenLaw - Charlotte De Raef SRL

Email: info@kaizenlaw.eu

Website: www.kaizenlaw.be

Last updated: May 2026.