Legal documents on desk

Legal

Privacy Policy

Privacy Policy

How we handle your data

Last updated: 24 March 2026

KPR Capital Management B.V. ("KPR Capital", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website kpr-c.nl (the "Website") or interact with us, in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Dutch GDPR Implementation Act (Uitvoeringswet AVG).

1. Data Controller

The data controller responsible for the processing of your personal data is:

KPR Capital Management B.V.
Flight Forum 760, 5657 DT Eindhoven, The Netherlands
KvK: 99737590
BTW: NL869111899B01
Email: info@kpr-c.nl
Phone: +31 85 4012377
Website: kpr-c.nl

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

a) Data you provide directly

  • Name and contact details (email address, phone number) when you reach out to us
  • Company name and professional title
  • Content of your correspondence with us
  • Any other personal data you voluntarily provide

b) Data collected automatically

  • IP address (anonymised where possible)
  • Browser type and version
  • Operating system
  • Referring website
  • Pages visited, date and time of access
  • Device information

3. Purpose and Legal Basis for Processing

We process your personal data for the following purposes and on the following legal bases under Article 6(1) GDPR:

  • Responding to inquiries — Processing is necessary for the performance of a contract or to take pre-contractual steps at your request (Art. 6(1)(b) GDPR), or based on our legitimate interest in responding to your communication (Art. 6(1)(f) GDPR).
  • Website functionality and security — Processing is necessary for our legitimate interest in maintaining a secure and functional website (Art. 6(1)(f) GDPR).
  • Analytics and improvement — Where applicable and with your consent, we may use analytics to understand how visitors use our Website to improve its performance and content (Art. 6(1)(a) GDPR).
  • Legal compliance — Processing may be necessary to comply with a legal obligation to which we are subject (Art. 6(1)(c) GDPR).

4. Cookies and Tracking Technologies

Our Website may use cookies and similar technologies. Cookies are small text files placed on your device when you visit our Website.

Types of cookies we may use:

  • Strictly necessary cookies — Essential for the Website to function properly. These do not require your consent.
  • Analytical cookies — Help us understand how visitors interact with our Website. These are only placed with your consent.

You can manage your cookie preferences through your browser settings at any time. Disabling cookies may affect the functionality of the Website. For more information, visit allaboutcookies.org.

5. Third-Party Services

We may use the following third-party services that process personal data on our behalf:

  • Website hosting — Our Website is hosted by a third-party provider that may process technical data (such as IP addresses) to deliver the Website to you.
  • Google Fonts — We use Google Fonts to display web fonts. When you visit our Website, your browser may connect to Google servers. See Google's Privacy Policy.
  • LinkedIn — Our Website contains a link to our LinkedIn company page. If you follow this link, LinkedIn's privacy policy applies.

We ensure that appropriate data processing agreements are in place with third-party service providers that process personal data on our behalf, in accordance with Article 28 GDPR.

6. Data Sharing and International Transfers

We do not sell, trade, or rent your personal data to third parties. We may share your personal data with:

  • Service providers who assist us in operating our Website and conducting our business, subject to appropriate data processing agreements
  • Professional advisers (such as lawyers and accountants) where necessary
  • Regulatory authorities or law enforcement, when required by law

Where personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or an adequacy decision.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Specifically:

  • Contact inquiries — Data from correspondence is retained for up to 2 years after the last contact, unless a business relationship is established.
  • Website analytics data — Anonymised analytics data may be retained for up to 26 months.
  • Legal and regulatory obligations — Certain data may be retained for longer periods where required by Dutch or EU law (e.g., fiscal record-keeping obligations of 7 years).

8. Your Rights

Under the GDPR, you have the following rights with respect to your personal data:

  • Right of access (Art. 15 GDPR) — You may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16 GDPR) — You may request correction of inaccurate or incomplete personal data.
  • Right to erasure (Art. 17 GDPR) — You may request deletion of your personal data, subject to legal obligations.
  • Right to restriction of processing (Art. 18 GDPR) — You may request that we limit the processing of your personal data.
  • Right to data portability (Art. 20 GDPR) — You may request to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21 GDPR) — You may object to the processing of your personal data based on legitimate interests.
  • Right to withdraw consent (Art. 7(3) GDPR) — Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at info@kpr-c.nl. We will respond to your request within one month, as required by the GDPR. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

9. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include, where appropriate, encryption, access controls, and regular security assessments. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The updated version will be posted on this page with a revised "Last updated" date. We encourage you to review this Privacy Policy periodically.

11. Contact

If you have any questions about this Privacy Policy or our data processing practices, please contact us:

KPR Capital Management B.V.
Flight Forum 760, 5657 DT Eindhoven, The Netherlands
KvK: 99737590 | BTW: NL869111899B01
Email: info@kpr-c.nl
Phone: +31 85 4012377
LinkedIn: KPR Capital Management