/

A so-called log data record (also known as server log files) is stored temporarily and anonymized on our web server. This log data record consists of:

the page from which the page was requested (so-called referrer URL),
the name and URL of the requested page,
the date and time of the access,
the browser type, version and language,
the IP address of the accessing computer,
the amount of data transferred,
the operating system,
the message whether the access was successful (access status/Http status code), and
the GMT time zone difference.

We store this data to ensure our website functions properly and remains secure. This also applies to the storage of your IP address, which is necessary and, under further conditions, can at least theoretically enable an assignment to yourself. In addition to the aforementioned purposes, we use server log files exclusively for the need-based design and optimization of our website for purely statistical purposes and without drawing any conclusions about your person. This data is not merged with other data sources, nor is it analyzed for marketing purposes.

We use your IP address only for the duration of your visit. Your IP address is stored on our web server for IT security purposes for a maximum of seven (7) days. Further storage of the data for logging purposes takes place exclusively in anonymized form by shortening the IP address so that it can no longer be assigned.

We process this data based on our legitimate interest (Art. 6(1) lit. f) GDPR) to provide a reliable and secure website experience.

We may collect information about how you interact with our website, including the referring URL, pages visited, time spent on pages, and links clicked. This data helps us understand usage patterns and improve our services.

We may automatically collect technical information such as your browser type, operating system, IP address, and device identifiers to help us secure our systems and understand user preferences.

We may share anonymised or pseudonymised data with analytics providers (e.g. Google Analytics) to help us understand website usage. We do not use your personal data for targeted advertising.

In addition to data you provide directly, we may collect personal data from publicly available sources (e.g. government databases, professional social networks), data providers, or third-party service providers, where legally permitted.

2. Newsletter

a) General Information
You can subscribe to our newsletter to stay informed about our venture capital activities and portfolio companies. To subscribe to our e-mail newsletter, in addition to your explicit consent, we only need your e-mail address to which the newsletter is to be send.

If you register for our newsletter, your e-mail address may be processed by us.

Moreover, we process all information you wish to provide us with voluntarily, e.g.:

your full name and the name of your company
function in the company.

b) Legal Basis
In order to use your data for sending the newsletter, we require your explicit consent, which we ask for separately when you register for our newsletter.

If you would like to read the content of our request again, you can do so below:

Registration notice for newsletters:

“Yes, I would like to receive the press announcements, which will be sent to me on a regular basis to the e-mail address I have provided. I agree that my e-mail address and the other information I have voluntarily provided, in particular my name, may be processed for this purpose.

I can revoke this consent at any time for the future by clicking on the unsubscribe link at the end of each newsletter and thus cancelling my subscription. Alternatively, I can also revoke my consent, for example by sending an e-mail to the contact details of the Data Protection Officer.

I am aware that the withdrawal of my consent does not affect the lawfulness of processing based on consent before my withdrawal.”

The aforementioned data processing is carried out on the legal basis of Art. 6 (1) lit. a) and Art. 7 GDPR, i.e. your consent to receive the newsletter.

We retain your consent for up to three years for legal and documentation purposes after your last newsletter or withdrawal. The legal basis for this is Art. 6 (1) lit. f) GDPR in conjunction with Art. 7 (1) and Art. 5 (2) GDPR due to our legitimate interest. Our legitimate interest is the proper documentation as well as the defense against or assertion of legal claims. The individual newsletter e-mails are only temporarily stored for the purpose of sending but are not stored beyond this.

c) Confirmation of registration and verification of your e-mail address
For security reasons, we use a procedure known as double-opt-in for newsletter registration: After registering for our newsletter, you will receive an activation e-mail at the e-mail address you provided. You will receive the requested e-mail newsletter only after you confirmed your registration by clicking on the link contained therein. This is to ensure that only you, as the owner of the e-mail address provided, can register for the newsletter.

If you do not confirm your registration within 48 hours of receiving the activation email, your newsletter registration will automatically be deleted for security reasons and you will need to register again, which is possible and welcome at any time.

The legal basis for processing in the context of verification is whether consent was indeed given (Art. 6 (1) lit. a) and Art. 7 GDPR), otherwise the deregistration for the newsletter is based on our legitimate interest in accordance with Art. 6 (1) lit. f) GDPR. Our interest follows from the principle of legality, as only by sending the first email for verification purposes we can ensure that the newsletter registration was correct.

d) Newsletter cancellation/revocation of consent
If you no longer wish to receive e-mail newsletters from us, you can unsubscribe from our newsletter at any time by either clicking on the unsubscribe link at the end of each newsletter e-mail or by sending an e-mail to legal@forbion.com. However, the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

3. Grievance

Anyone who, in connection with their professional activities with us or in anticipation of professional activities, obtained information about violations that are subject to criminal or administrative fines may contact us via our Grievance page. We process your personal data for the following purposes:

Handling your complaint.
Communicating with you about the progress and resolution of your complaint.
Complying with any legal obligations.

The legal basis for this processing is Article 6(1)(b) GDPR (performance of a contract or pre-contractual measures) and Article 6(1)(c) GDPR (compliance with a legal obligation).

Categories of Personal Data When you submit a complaint, we may collect and process the following categories of personal data:

Contact details (such as name, email address).
Content of the complaint.

Recipients of Personal Data Your personal data may be shared with the following recipients:

Internal departments involved in handling the complaint.
External service providers who support us in resolving the complaint (such as legal advisors).

Retention Period Your personal data will be retained for as long as necessary for the purposes mentioned above. After the complaint has been resolved, your data will be deleted after a reasonable period, unless you consent to a longer retention period.

Your Rights You have the following rights regarding your personal data:

Right of access (Article 15 GDPR).
Right to rectification (Article 16 GDPR).
Right to erasure (Article 17 GDPR).
Right to restriction of processing (Article 18 GDPR).
Right to data portability (Article 20 GDPR).
Right to object to processing (Article 21 GDPR).

To exercise these rights, you can contact us at Legal@forbion.com.

4. Application

You can apply for a job by sending your application documents via email, as specified in the job posting.

In accordance with Articles 13 and 14 of the GDPR, we would like to inform you about how we process your data during the application process.

a. Purposes and Legal Basis of Processing
We process your personal data for the following purposes:

Evaluating your application and suitability for the position.
Communicating with you during the application process.
Complying with any legal obligations.

The legal basis for this processing is Article 6(1)(b) GDPR (performance of a contract or pre-contractual measures) and Article 6(1)(c) GDPR (compliance with a legal obligation).

b. Categories of Personal Data
During the application process, we may collect and process the following categories of personal data:

Contact details (such as name, address, email address, phone number).
Application documents (such as CV, cover letter, references).
Information about your education and work experience.
Any other data you voluntarily provide.

c. Recipients of Personal Data
Your personal data may be shared with the following recipients:

Internal departments involved in the application process.
External service providers who support us in the application process (such as recruitment agencies).

d. Retention Period
Your personal data will be retained for as long as necessary for the purposes mentioned above. If your application is successful, your data will be included in your personnel file. If your application is not successful, your data will be deleted after a reasonable period, unless you consent to a longer retention period.

e. Your Rights
You have the following rights regarding your personal data:

Right of access (Article 15 GDPR).
Right to rectification (Article 16 GDPR).
Right to erasure (Article 17 GDPR).
Right to restriction of processing (Article 18 GDPR).
Right to data portability (Article 20 GDPR).
Right to object to processing (Article 21 GDPR).

To exercise these rights, you can contact us at Legal@forbion.com.

5. Further Processing Purposes

Notwithstanding the above list, further data may also be processed for the following purposes:

Compliance with legal requirements: We also process your personal data in order to fulfil other legal obligations that may apply to us in connection with our business activities. We process your personal data in accordance with Art. 6 (1) lit. c) GDPR for the fulfilment of a legal obligation to which we are subjected to.

Law enforcement: We also process your personal data in order to assert our rights and to enforce our legal claims. We also process your personal data in order to be able to defend ourselves against legal claims. Finally, we process your personal data to the extent necessary for the defense against or prosecution of criminal offences. In this context, we process your personal data to protect our legitimate interests in accordance with Art. 6 (1) lit. f) GDPR. Our legitimate interest arises from the fact that we assert legal claims or defend ourselves in legal disputes or want to prevent or solve criminal offences.

Consent: If you have given us consent to process personal data for specific purposes, the lawfulness of this processing is given on the basis of your consent. Consent that has been given can be withdrawn at any time. Please note that the withdrawal is only effective for the future and processing up to that point is not affected.

IV. Duration of data processing

Your personal data will only be stored for as long as it is needed for the respective processing purpose. This may also include the periods of time required for the initiation of a contract (pre-contractual legal relationship) and the execution of a contract. As soon as this point in time is reached and there are no legal storage obligations , or if measures continue to have an effect beyond such periods (e.g. company audits), you have not given us permission for further storage or have revoked it and we also do not need it for the assertion, exercise or defense of legal claims, the data will be deleted. When the retention period expires, the personal data will be blocked or deleted, unless further storage by us is required and there is a legal basis for this.

Your data is generally only stored on our servers in the EU subject to any disclosure that may be necessary in accordance with the information described in this privacy policy.

Processors engaged by us will only store your data on their system for as long as is necessary in connection with the provision of services for us in accordance with the respective assignment.

V. Transfer of personal data to third parties; basis for justification

Internally, access to your data is granted to those departments that need it to fulfil our contractual and legal obligations. In addition to the IT department, these are only such persons and departments required for the respective (and desired) processing of the data. Service providers and agents engaged by us may also receive data for these purposes. Your data will be passed on to technical service providers supporting us (including for website hosting, website support and quality assurance) for the purpose of providing this website and for the aforementioned purposes. We limit the disclosure of your personal data to the extent necessary, taking into account data protection requirements. In some cases, recipients receive your personal data as processors, Art. 28 GDPR, and are then strictly bound by our instructions when handling your personal data and are regularly monitored by us. In some cases, the recipients act independently under their own data protection responsibility and are also obliged to comply with the requirements of the GDPR and other data protection regulations. The legal basis for the transfer is then Art. 6 (1) lit. b) or lit. f) GDPR.

Moreover, your data will only be passed on to other third parties if this is expressly stated in this privacy policy or if there are other reasons for doing so. For example, we may transfer personal data to our legal or tax advisors in individual cases, whereby these recipients are obliged to maintain special confidentiality and secrecy due to their professional legal position. The legal basis for the transfer is then Art. 6 (1) lit. b) or lit. f) GDPR. If we are legally obliged to transfer your personal data, the legal basis is then Art. 6 (1) lit. c) GDPR.

In addition, we will only transfer your personal data to third parties in certain cases if you have given your express consent to do so in accordance with Art. 6 (1) lit. a) GDPR.

VI. Use of cookies, plugins and other services on our website

1. Cookie Policy

Cookies are small text files that are stored on your device when you visit our website. They help us enhance your user experience, analyze website usage, and provide relevant content.

a) Types of Cookies We Use

Functional Cookies: These are essential for the proper functioning of the website (e.g., language settings, navigation). No consent is required for these cookies.
Analytical Cookies: These are used to collect anonymized statistics about website usage. If fully anonymized, no consent is required.
Tracking Cookies: These track browsing behavior and are used to deliver personalized content or advertisements. Explicit consent is required before placing these cookies.

b) Consent and Cookie Preferences
Upon your first visit to our website, we display a cookie banner that allows you to set your preferences. You can withdraw or change your consent at any time via the cookie settings available at the bottom of each page.

c) Third-Party Cookies
Some cookies are placed by third parties, such as Google Analytics or embedded content from social media platforms. We ensure that these third parties comply with the GDPR.

d) Managing Cookies
You can manage cookies through:

Our cookie banner
Your browser settings (e.g., blocking or deleting cookies)

e) Consequences of Refusal
Refusing cookies may affect the functionality of certain parts of the website. However, access to the site must not be denied based on cookie preferences (cookie walls are prohibited under Dutch law).

2. Social Media Plugins

We do not use any social media plugins on our websites. If our websites contain symbols of social media providers (e.g. a LinkedIn symbol), we only use these to passively link to our company/profile page on LinkedIn.

VII. Data Transfer to Third Countries

Generally, your personal data will not be transferred to a third country. Exceptions may arise in the case of cookies. You can find more information on this in our cookie policy.

VIII. No automated Decision-Making (including profiling)

Automated decision-making (including profiling) is not applied.

IX. No Obligation to Provide Personal Data

In principle, you are free to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data.

X. Data Security

We apply appropriate technical and organizational measures to protect your personal data and privacy. The measures taken serve, among other things, to prevent unauthorized access to the technical facilities we use and to protect personal data from unauthorized access by third parties. In particular, this website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as your contact requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties. However, we would like to point out that data transmission over the internet (e.g. when communicating by e-mail) may still have security gaps. It is therefore not possible to provide seamless protection of data against access by third parties.

XI. Your rights

1. General

You can exercise your data protection rights at any time using the contact details provided above. As a data subject, you have the right, provided that the legal requirements are met,

to revoke the consent you have given us at any time in accordance with Art. 7 (3) GDPR. As a result, we are no longer allowed to continue the data processing based on this consent in the future;
in accordance with Art. 15 GDPR to request information about your personal data processed by us;
in accordance with Art. 16 GDPR to request the immediate correction of incorrect personal data stored by us or the completion of your personal data;
in accordance with Art. 17 GDPR to request the erasure of your personal data stored by us, unless processing is necessary for reasons arising from the law;
in accordance with Art. 18 GDPR to request the restriction of the processing of your personal data, insofar as the legal requirements are met;
in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller and
in accordance with Art. 77 GDPR to file a complaint with a supervisory authority. Generally, you can contact the supervisory authority at your regular place of residence for this purpose. In the case of Forbion, the responsible data protection supervisory authority is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority).

2. Right of Objection

If your personal data is processed on the basis of legitimate interests in accordance with Article 6 (1) lit. f) GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR if there are reasons for doing so that arise from your particular situation. If you wish to exercise your right to object, simply send an email to legal@forbion.com.

International Data Transfers

Our website and services are not intended for children under the age of 13. We do not knowingly collect personal data from children. If we become aware that we have inadvertently received personal data from a child under the age of 13, we will delete such information from our records.

XII. Changes to the Data Protection Information

As part of the further development of data protection law and technological or organizational changes, our privacy policy is regularly reviewed for the need for adaptation or supplementation. You will be informed of any changes on our website.

About us

Strategies

Portfolio

Team

Sustainability

News & Insights

/

Privacy policy

I. Controller

II. Contact details

III. Purposes of processing personal data and legal bases

1. Use of our Website