Date of most recent update: May 30th, 2024

This policy (hereafter “Gimv Privacy & Cookie Policy”) is provided by Gimv NV, with office at Karel Oomsstraat 37, 2018 Antwerp, Belgium, and registered under number 0220.324.117, on behalf of itself and its various divisions, subsidiaries, affiliates and any other associated companies but excluding any of its (direct or indirect) portfolio companies (hereafter “Gimv or “we” or “us” or “our”) and for the benefit our Visitors, Stakeholders and Other Data Subjects (hereafter referred to together as “Data Subjects”).

Gimv processes Personal Data in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of Personal Data (General Data Protection Regulation, ("GDPR")). Pursuant to Articles 13 and 14 of the GDPR, Gimv is obliged to provide Data Subjects with information regarding the processing of their Personal Data as mentioned in this Gimv Privacy & Cookie Policy. This Gimv Privacy & Cookie Policy sets out how Gimv intends to respect privacy and how it will process Personal Data by using the Gimv Website (see Section A) ; and/or in conducting our Business (see Section B).

Capitalized terms set out in this Gimv Privacy & Cookie Policy will have the meaning set out in Section H “Glossary” below. In case of questions regarding this Gimv Privacy & Cookie Policy, please email us at compliance@gimv.com.

A. The processing of Personal Data by using the Gimv Website

What personal data does Gimv process?
Gimv may process the following categories of Personal Data:

  • Identification data: names, national register numbers, copies of national identification cards or passports, dates of birth;
  • Contact data: phone numbers, email addresses, addresses;
  • Financial data: bank account numbers;
  • Professional information: title and professional assessments; and/or
  • Any other Personal Data contained in any document a Visitor provides to Gimv directly;

Save as legally required for recruiting purposes, it is the intention of Gimv not to seek any Sensitive Information through the Gimv Website. Therefore we recommend any Visitor to not provide Sensitive Information. If a Visitor wishes to provide Sensitive Information for any reason, Gimv accepts its explicit consent to use this Sensitive Information in the ways described in this Gimv Privacy & Cookie Policy or as described at the point where a Visitor chooses to disclose this Sensitive Information.

Why does Gimv process this data?
Gimv receives limited Personal Data, such as first name, last name and email address from Visitors, typically with the purpose of receiving more information from Gimv including but not limited to press releases.

Visitors are also able to send email through the site. Their messages will contain the Visitor's screen name and email address, as well as any additional information a Visitor may wish to include in the message. Because we use the Gimv Website as a recruiting tool, a visit to the Gimv Website may also result in a Visitor sending a resume to an individual within Gimv.

How do we obtain Personal Data
Gimv collects Personal Data that is provided specifically and voluntarily by Visitors. A Visitor may choose to provide personal data in the following examples (non-exhaustive):

  • contact us to propose investment opportunities;
  • subscribe to our press releases and/or other specific marketing materials;
  • submit resumes or work history information;
  • contact us for further information on Gimv and/or our Business; and/or
  • register for events.

Visitors provide Personal Data to Gimv through the Gimv Website, voluntarily. Should Visitors subsequently choose to unsubscribe from mailing lists or any other registrations, we will provide instructions on the appropriate website area or in communications to our Visitors; or a Visitor may contact compliance@gimv.com.

Gimv will make every practical effort to avoid excessive or irrelevant collection of data. If a Visitor of the Gimv Website believes that the Gimv Website has collected excessive information, we encourage such Visitor to contact us to raise any concerns. 

  • Google Analytics and LeadForensics

Information attained via the Gimv Website is used only for the intended purpose stated at the time that the information is collected. Next to the abovementioned ways of actively providing personal data to Gimv, personal data is also collected via the applications Google Analytics (in the context of the proper functioning of the Gimv Website) and LeadForensics (in the context of our pursuit of investment opportunities). LeadForensics is a third party tool that allows Gimv to obtain certain information about Visitors, providing us with details such as the IP address of the requesting computer, the date and duration of a Visitor's visit, and the pages of the Gimv Website they have accessed. Please note that the LeadForensics tool uses the IP address only to identify businesses and does not use actual Cookies (as defined below) to store information. We may use this information to contact different parties who are connected with our Business, including but not limited to M&A advisors, analysts, investment banks and finance providers, about their experience, but we will not share these data with any third parties. For more information on LeadForensics visit www.leadforensics.com.

  • Cookies and log file

The Gimv Website makes use of Cookies to assist us in providing a more customized website experience for our Visitors. For example, a Cookie can be used to store registration information in an area of the Gimv Website so that a Visitor does not need to re-enter it on subsequent visits to that area. Gimv uses the Cookies mentioned in this list.

We use Cookies to make navigation of the Gimv Website easier for Visitors and to facilitate efficient registration procedures. If a Visitor is concerned about Cookies, most browsers permit to decline Cookies. In principle, a Visitor may refuse a Cookie and still fully navigate the Gimv Website. However, please note that some functionalities may be no longer usable after declining (one or more) Cookies.

In order to properly manage the Gimv Website, we may anonymously log information on our operational systems, and identify categories of Visitors by items such as domains and browser types. These statistics are reported in an aggregated manner to our webmasters to ensure that the Gimv Website presents the best web experience for Visitors and is an effective information resource.

Today, the following Cookies are used:

  • functional Cookies that make sure that Cookie preferences, as indicated in the pop-up that appears upon first entry on the Gimv Website, are remembered.
  • statistical Cookies that generate statistical data on how Visitors use the Gimv Website (Google Analytics) or are related to content embedded in the website (YouTube). Information collected through these Cookies is stored anonymously and they expire based on their use case. 
  • commercial Cookies that collect information about browsing habits with the aim to build a profile of the Gimv Website Visitor's interests in order to show relevant and personalized Google advertising. Cookies expire based on their use case.

We refer to the aforementioned list for more detailed information per Cookie type.

What is the legal basis for processing this data
Gimv will limit the collection of Personal Data to only the minimum information necessary to complete a Visitor's request and will only process the Personal Data of our Visitors on the basis of our legitimate interest. Other than that, we process Personal Data pursuant to legal obligations we have under applicable laws, regulations and procedures.

Disclosure of Personal Data
We recognize that Personal Data of a Visitor is valuable and we take all reasonable measures to protect this Personal Data while it is in our care. Personal Data of a Visitor may be transferred to third party service providers who process information on behalf of Gimv, including providers of information technology, identity management, website hosting and management, data analysis, data back-up, security and storage services. 

As a result, the possibility exists that the personal data of a Visitor is transferred outside the country where such Visitor is located. This includes countries outside the European Economic Area (EEA) and countries that do not have laws that provide specific protection for personal data. By submitting Personal Data to the Gimv Website, a Visitor is providing explicit consent to the transfer of such data for the fulfilment of its voluntary requests.

Gimv may disclose the personal data of a Visitor to law enforcement, regulatory, or other government agencies or to other third parties as required by, and in accordance with, applicable law or regulation

The personal data of a Visitor is not shared with any third party, for any secondary or unrelated purposes unless otherwise disclosed at the point of collection. If there is an instance where such information may be shared, a Visitor will be asked for permission beforehand.

Except where Visitors explicitly choose to receive press releases or other specific marketing materials, if any, Gimv will not use Personal Data collected from the Gimv Website to facilitate unsolicited marketing activities.

Storage and deletion of Personal Data
Contact information about Visitors (such as information generated through registration for receiving information about Gimv such as press releases or other specific marketing materials) will be kept as long as the information is required to completely service the contact request or until a Visitor requests that Gimv deletes that information.

Mailing list information and email are kept for only the period considered reasonable to facilitate Visitor's requests. Resumes are disposed of when they are either no longer under consideration or are considered outdated.

Third parties links
There are several places throughout the Gimv Website, which may link to 
other websites not operating under the privacy practices of the Gimv Website. When a Visitor links to other websites, the Gimv Privacy & Cookie Policy no longer applies. We encourage Visitors to review each site's privacy policy before disclosing any Personal Data.

B. The processing of Personal Data of transacting parties

What Personal Data does Gimv process
Gimv may process the following categories of Personal Data:

  • Identification data: names, national register numbers, copies of national identification cards or passports, dates of birth;
  • Contact data: phone numbers, email addresses, addresses;
  • Financial data: bank account numbers;
  • Professional information: title and professional assessments;
  • Anti-money laundering related information; and/or
  • Any other Personal Data contained in any document a Stakeholder provides to Gimv (whether directly or indirectly, e.g., through an adviser);
  • Any data of persons who are data subjects of actual or prospective portfolio companies

Why does Gimv process this data?
Gimv processes the Personal Data mentioned under Section B.1. in the course of conducting our Business, including but not limited to:

  • Conducting due diligence;
  • Drafting and preparing transaction documents;
  • Risk mitigation and deal protection; and/or
  • Compliance with applicable laws, regulations, and procedures.

How do we obtain Personal Data?
Personal Data of Stakeholders is obtained directly from Stakeholders.

Personal Data of Other Data Subjects is obtained from an actual or prospective portfolio company of Gimv that processes this Personal Data and transfers it to Gimv.

What is the legal basis for processing this data?

For the purpose of conducting our Business, we process the Personal Data of our Stakeholders and Other Data Subjects on the basis of our legitimate interest.

We may also process the Personal Data for the performance of a contract that establishes the  rights and obligations of a Stakeholder or to take steps prior to entering into each of such contract. 

Other than that, we process Personal Data pursuant to legal obligations we have under applicable laws, regulations and procedures.

Disclosure of Personal Data
Personal Data may be disclosed internally within Gimv for the purposes mentioned in Section B.2.

Gimv may also disclose Personal Data with certain trusted third parties, including:

  • Service providers and contractors. Gimv discloses Personal Data to vendors, consultants and other service providers who assist us with our Business.
  • Law firms or other advisors. Gimv may disclose Personal Data to lawyers or legal consultants.
  • Government or administrative agencies. In the event of a legal obligation, Gimv reserves the right to disclose Personal Data if it is required to surrender it to competent authorities or law enforcement bodies.

Gimv takes care to limit access to Personal Data of Stakeholders and Other Data Subjects to only those who need access to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. Gimv entered into contracts with its processors, who are required to keep Personal Data confidential and who may not use it other than as Gimv asks them to and always in accordance with this Gimv Privacy & Cookie Policy.

Storage and deletion of Personal Data

We employ appropriate technical and organizational measures to protect Personal Data within our control against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of processing.

Personal Data may be kept for as long as it is required for legitimate business purposes, to perform (pre-)contractual obligations, or where longer, such longer period as is required by applicable legal or regulatory obligations or for any applicable limitation period under applicable law. Gimv will delete the Personal Data when it is no longer required for the fulfilment of the purposes specified in Section B.2. and for the (post-)contractual obligations of Gimv.

C. Rights of Data Subjects

Subject to applicable data protection laws, a Data Subject may have certain rights regarding the Personal Data Gimv holds. 

Each Data Subject has the right to request access to its Personal Data, to have it rectified or erased, to object to its processing or have it restricted. A Data Subject may also have the right to receive a copy of its Personal Data, to have its Personal Data sent to another party (portability) and/or the right not to be subject to any decision that significantly affects a Data Subject and is taken solely by automated processing, including profiling.

When Personal Data is retained, Gimv assumes responsibility for keeping an accurate record of the information once a Visitor has submitted and verified the data. Gimv does not assume responsibility for verifying the ongoing accuracy of the content of personal data.

When practically possible and if Gimv is informed that any Personal Data collected through a website is no longer accurate, Gimv will make appropriate corrections based on the updated information provided by the authenticated Visitor. Once a Visitor has provided personal data to Gimv in accordance with the Gimv Privacy & Cookie Policy, this Visitor can withdraw its consent at any time by sending an email to compliance@gimv.com. Such withdrawal does not affect the lawful character of past processing activities up until the moment of withdrawal. 

Gimv will process all requests in a timely manner in line with applicable laws. Such requests should be made in writing to compliance@gimv.com. Gimv may ask for additional information to confirm the identity of a Data Subject before actioning the request.

In certain instances, local data protection and privacy laws may allow to legitimately and properly refuse such requests (for instance, to protect the rights of third parties or if a Data Subject has asked to delete information which Gimv is required by law or have compelling legitimate interests to keep).

D. Security

Gimv has implemented generally accepted standards of technology and operational security in order to protect Personal Data from loss, misuse, alteration or destruction. Only authorized Gimv personnel is provided access to Personal Data and these employees have agreed to ensure confidentiality of this information.

E. Modification

Gimv reserves the right to modify or amend this Gimv Privacy & Cookie Policy at any time. The effective date thereof will be displayed at the beginning of this policy.

F. Data Protection Authorities

If a Data Subject has any concerns, or if a Data Subject believes that its data protection or privacy rights have been infringed, the Data Subject may lodge a complaint with its relevant supervisory authority or other public body with responsibility for enforcing data protection and privacy laws.

More information with respect to privacy rights can be found on the website of the relevant supervisory authority. Please find below an overview for our core countries:

G. Data Controller

The data controller collecting the data and responsible for the processing of Personal Data is Gimv: 

  • Address: Karel Oomsstraat 37, 2018 Antwerp, Belgium
    Phone: +32 3 290 21 00
    Email: compliance@gimv.com

H. Glossary

Business”: Gimv conducting its activities as a European investment company in the broadest sense of the term. 

"Consent": Freely given, specific, informed, and unambiguous indication of the data subject's agreement to the processing of their Personal Data for one or more specified purposes.

"Cookies": Small text files stored on a user's device by a website, typically used to track user activity, preferences, and authentication information.

GDPR”: Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of Personal Data (General Data Protection Regulation).

GimvPrivacyandCookiePolicy”: This policy.

Gimvwebsite”: Website with domain name “gimv.com”

"DataController": The entity responsible for determining the purposes and means of processing Personal Data, essentially deciding why and how the data is processed.

"DataProcessor": A person or entity that processes Personal Data on behalf of the data controller, following the controller's instructions and acting only under their authority.

"DataSubjects": Refers to individuals whose Personal Data is collected, stored, or processed by an organization.

"IPAddress": A unique numerical label assigned to each device connected to a computer network, enabling devices to communicate with each other over the Internet.

"LegitimateInterest": One of the legal bases for processing Personal Data under the GDPR, allowing processing when it is necessary for the legitimate interests pursued by the data controller or a third party, provided it does not override the rights and freedoms of the data subject.

OtherDataSubjects”: Natural persons whose Personal Data is processed by actual or prospective portfolio companies of Gimv.

"PersonalData": Information that can directly or indirectly identify an individual, including but not limited to names, contact details, and identification numbers.

"SensitiveInformation": Specific types of Personal Data considered highly confidential, such as information related to race, ethnicity, political opinions, religious beliefs, health status, or criminal record.

Stakeholders”: Natural persons (excluding those working for, or within, our organization), with whom we interact in the course of conducting our Business, including (i) managers of actual or prospective portfolio companies; (ii) persons selling or buying securities in those actual or prospective portfolio companies; or (iii) persons who invest alongside Gimv or are pre-existing shareholders in actual or prospective portfolio companies; or, in each of those cases, their representatives. 

Visitors”: natural persons (excluding those working for, or within, our organization), who use the Gimv website, and submitting any Personal Data.