Switch language to Dutch
Privacy

Privacy Policy

What we do with data

WELCOME

This statement should be read in conjunction with the General Terms & Conditions of Use. Definitions from the General Terms & Conditions apply accordingly.

Welcome to the website of Eyevestor B.V. ("Eyevestor"). Eyevestor is a Software as a Service solution for organisations enabling them and their stakeholders to share in the success of their enterprise through digital shares in ventures.

1. DATA CONTROLLER

The website and platform are managed by Eyevestor B.V., Europalaan 100, 3526 KS Utrecht, CoC: 67783309. Eyevestor is the data controller within the meaning of the General Data Protection Regulation (GDPR).

For questions about data processing: compliance@eyevestor.com.

2. WHAT DATA IS COLLECTED AND PROCESSED?

User data

Upon registration, Eyevestor collects personal information for creating user profiles, accounts and login credentials. Depending on your role and actions, additional information may be requested, including:

  • Name, address, date of birth, email address and phone number
  • Copy of identity document or passport (for KYC verification)
  • Bank account(s) as counterpart account
  • Chamber of Commerce number and articles of association (for ventures/legal entities)
  • Shareholder register and board documents
  • Source-of-funds declaration (if required under AML legislation)
  • Certificate of good conduct or background declaration (if requested)

Automatically generated information

Eyevestor automatically collects information about your browsing behaviour: IP address, browser type, pages visited and session data. Information may also be collected via cookies.

3. PURPOSE AND LEGAL BASIS FOR PROCESSING

Eyevestor processes personal data for the following purposes and on the following legal bases (GDPR Art. 6):

Purpose / Legal basis

  • Platform access and user registration / Performance of contract (Art. 6(1)(b) GDPR)
  • Execution of share agreements and transactions / Performance of contract (Art. 6(1)(b) GDPR)
  • Identity verification (KYC) and onboarding / Legal obligation under AML legislation and ECSPR (Art. 6(1)(c) GDPR)
  • Prevention of money laundering and terrorist financing (AML) / Legal obligation (Art. 6(1)(c) GDPR)
  • Compliance with ECSPR requirements and AFM reporting obligations / Legal obligation (Art. 6(1)(c) GDPR)
  • Support and customer service / Performance of contract and legitimate interests (Art. 6(1)(b)/(f) GDPR)
  • Commercial communications, newsletter, updates / Consent or legitimate interests (Art. 6(1)(a)/(f) GDPR)
  • Fraud and security management / Legitimate interests (Art. 6(1)(f) GDPR)
  • Website analytics and platform optimisation / Consent or legitimate interests (Art. 6(1)(a)/(f) GDPR)

4. SHARING DATA WITH THIRD PARTIES

Eyevestor does not share personal data with third parties without prior consent, except in the following circumstances:

  • Payment service providers (PSPs) for processing transactions, under strict data processing agreements.
  • Ventures and Eyevestor partners, to the extent necessary for performance of the agreement.
  • In case of bankruptcy, merger or acquisition, where legally required or permitted.
  • Authorities (e.g. AFM, FIOD), where legally required.

Third parties contracted as processors are bound by a data processing agreement and must comply with Eyevestor's privacy policy.

Sub-processors

Eyevestor uses the following categories of sub-processors:

  • Hosting providers and cloud infrastructure (e.g. Google Cloud)
  • Payment service providers (e.g. Online Payment Platform B.V.)
  • CRM and marketing tools (e.g. HubSpot)
  • Customer service and support tools (e.g. Freshdesk)
  • Analytics tools (e.g. Google Analytics)
  • Consent management (Cookie-Script) for managing cookie consent in accordance with GDPR and the ePrivacy Directive

A current list of processors is available on request via compliance@eyevestor.com.

International data transfers

Some sub-processors are located outside the EEA. Eyevestor ensures such transfers take place on the basis of appropriate safeguards, such as Standard Contractual Clauses (SCCs) or equivalent European Commission adequacy decisions.

5. SECURITY

Eyevestor takes appropriate technical and organisational measures to protect personal data against loss, unlawful access or other forms of unlawful processing, including encryption, access controls and regular security audits.

6. RETENTION PERIODS

Personal data is not retained longer than necessary for the purposes for which it was collected:

  • User and transaction data: minimum 7 years after the end of the business relationship (fiscal and AML retention obligation).
  • KYC/AML documents: minimum 5 years after the end of the business relationship under AML legislation.
  • Platform logs and security data: maximum 12 months, unless longer retention is required for legal purposes.
  • Marketing data: until consent is withdrawn or the data subject objects.

7. RIGHTS OF DATA SUBJECTS

Under the GDPR you have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR), e.g. for direct marketing
  • Right to withdraw consent at any time, without affecting the lawfulness of prior processing

Requests may be submitted via: compliance@eyevestor.com. Eyevestor will respond within two weeks.

You also have the right to lodge a complaint with a supervisory authority. In the Netherlands: Autoriteit Persoonsgegevens (AP), P.O. Box 93374, 2509 AJ The Hague, www.autoriteitpersoonsgegevens.nl.

8. EMAIL PREFERENCES AND OPT-OUT

Users manage their email preferences in their user profile settings. Opting out of commercial communications is possible via the unsubscribe link in each email. Legally required platform communications cannot be disabled.

9. LIABILITY AND THIRD-PARTY LINKS

The website and platform may contain hyperlinks to third-party websites. Eyevestor has no control over these websites and accepts no liability for their content or privacy practices.

10. COOKIES

What are cookies?

Cookies are small memory files stored by your browser when visiting websites. Eyevestor uses cookies to improve the user experience, remember preferences and gather analytical insights.

Consent management

Eyevestor uses Cookie-Script as its consent management platform (CMP) for managing cookie consent. Upon your first visit to the website, a cookie banner will appear allowing you to grant or refuse consent for non-functional cookies. You can adjust your preferences at any time via the cookie settings on the website. Cookie-Script complies with the requirements of the GDPR and the ePrivacy Directive.

Types of cookies

  • Functional cookies: necessary for the functioning of the platform (no consent required).
  • Analytical cookies: for measuring website usage, e.g. via Google Analytics (consent required).
  • Marketing cookies: for personalised communications and tracking (consent required).

Disabling cookies

You can also disable cookies via your browser settings. Please note: this may limit the functionality of the platform.

11. CHANGES TO THIS PRIVACY POLICY

This privacy policy may be expanded or amended. All changes will be published on the website. For material changes, Eyevestor will notify active users by email.

12. CONTACT

For questions, feedback or complaints:

  • Email: compliance@eyevestor.com
  • Address: Europalaan 100, 3526 KS Utrecht, the Netherlands
  • Complaints procedure: eyevestor.com/complaints

Eyevestor aims to respond within three business days.

MAY 2026