Privacy Policy
Last updated: July 2026
1. Who we are
LeadHarbors ("we", "us", "our") is a B2B lead generation agency operating from Amsterdam, Netherlands, serving clients across the DACH and EMEA regions. For any privacy-related question, contact us at n.wagner@leadharbors.com.
2. What personal data we collect
This policy addresses two different situations, because they involve different types of personal data:
2a. Visitors to this website
We collect personal data only when you actively provide it to us, primarily through our website contact form. This may include:
- Full name
- Work email address
- Company name
- The content of your message to us
We do not currently use cookies or automated visitor-tracking tools on this website. If that changes in the future, this policy will be updated accordingly and, where required, your consent will be requested first.
2b. Prospects contacted through our outbound campaigns
As a B2B lead generation agency, our core service involves identifying and contacting business professionals on behalf of our clients — via email, LinkedIn, and phone. If you have received outreach from us, we may hold and process:
- Your name and job title
- Your business/work contact details (email, phone, LinkedIn profile)
- Your company name and publicly available professional information
- Records of our communications with you
This data is typically sourced from professional networks (such as LinkedIn), publicly available business information, and verified B2B data providers — never from private or non-business sources.
3. Why we collect it (legal basis)
For website visitors (section 2a), we rely on:
- Consent — when you voluntarily submit the contact form.
- Legitimate interest — to respond to business enquiries and maintain records of our communications.
For outbound campaign contacts (section 2b), we rely on legitimate interest (GDPR Article 6(1)(f) and Recital 47, which specifically recognizes direct marketing as a potential legitimate interest). This is limited to professional, business-context outreach — we do not use this basis to contact individuals outside a B2B professional context. If you object to being contacted, we stop processing your data for this purpose immediately upon request — see Section 6.
Because this data is not collected directly from you, GDPR Article 14 requires us to inform you of this processing — which we do at the point of first contact, including how to opt out.
4. How long we keep it
Website contact form submissions (2a) are retained for as long as necessary to respond to your enquiry, and no longer than 24 months from your last contact with us, unless a longer period is required by law or you become a client.
Outbound campaign contact data (2b) is retained only for the duration of the relevant campaign plus a reasonable follow-up period, or until you object to further contact, whichever comes first.
5. Who we share it with
We do not sell or rent your personal data. Your data may be processed by service providers who help us run our business, specifically:
- Hostinger — our website hosting provider (EU-based infrastructure)
- Microsoft 365 — our business email provider, used to receive and respond to enquiries
- Data enrichment and outreach tools we use to run campaigns on behalf of clients
When we run outbound campaigns on behalf of a client, that client also receives the campaign results (e.g., meetings booked, replies received) as the intended outcome of our service. Our relationship with each client regarding this data processing is separately governed by a signed Data Processing Agreement (DPA), not by this public policy.
We do not transfer your data outside the European Economic Area (EEA) except where a service provider has appropriate GDPR safeguards in place (such as Standard Contractual Clauses).
6. Your rights under GDPR
If you are located in the EU/EEA, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data ("right to be forgotten")
- Restrict or object to our processing of your data
- Request a copy of your data in a portable format
- Lodge a complaint with your national data protection authority — in the Netherlands, this is the Autoriteit Persoonsgegevens
If you were contacted through one of our outbound campaigns (section 2b), you have a near-unconditional right to object to further contact for marketing purposes — simply reply "unsubscribe," "stop," or contact us directly, and we will stop processing your data for this purpose without needing further justification from you.
To exercise any of these rights, email us at n.wagner@leadharbors.com. We will respond within one month, as required by law.
7. Data security
We take reasonable technical and organizational measures to protect your data, including secure hosting and restricted access to stored information. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
8. Changes to this policy
We may update this policy from time to time as our practices or legal requirements change. The "last updated" date at the top of this page will reflect the most recent revision.