Privacy Policy
Last updated: April 2026
1. Introduction
TGC Capital Partners ("we", "us", "our"), a business of the Gateway Group of Companies, is headquartered in Zoetermeer, the Netherlands. We are committed to protecting and respecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Dutch GDPR Implementation Act (Uitvoeringswet AVG), and other applicable data protection legislation worldwide.
This Privacy Policy explains how we collect, use, store, share, and protect the personal data of visitors to our website (tgccapitalpartners.com), prospective partners, investors, and any individuals who interact with us. By using our website or providing your personal data, you acknowledge that your information will be processed in accordance with this policy.
If you have any questions about this Privacy Policy or our data practices, please contact us using the details provided in Section 14 below.
2. Data Controller
The data controller responsible for the processing of your personal data is:
- Entity: TGC Capital Partners (a business of Gateway Group of Companies)
- Address: Maria Montessorilaan 3, 2719 DB Zoetermeer, the Netherlands
- Email: hello@tgccapitalpartners.com
As data controller, we determine the purposes and means of processing personal data and are responsible for ensuring that all processing activities comply with applicable data protection laws.
3. Personal Data We Collect
We may collect the following categories of personal data depending on how you interact with us and our website:
| Category | Types of Data | How Collected |
|---|---|---|
| Identity Data | First name, last name, title, salutation | Contact forms, correspondence, meetings |
| Contact Data | Email address, telephone number, postal address | Contact forms, email, phone calls |
| Technical Data | IP address, browser type and version, device type, operating system, screen resolution, time zone | Automatically via cookies and server logs |
| Usage Data | Pages visited, navigation paths, time spent on pages, referral source, click patterns | Automatically via analytics tools |
| Communication Data | Content of contact form submissions, email correspondence, enquiry details | Contact forms, email, telephone |
| Professional Data | Company name, job title or role, industry sector, investment stage or interest | Contact forms, correspondence, meetings |
We do not intentionally collect any special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data) unless you voluntarily provide such information in correspondence with us.
4. Legal Basis for Processing
Under Article 6 of the GDPR, we process your personal data only when we have a valid legal basis to do so. The legal bases upon which we rely are:
- Consent (Article 6(1)(a)): Where you have provided clear, informed, and freely given consent for specific processing activities, such as subscribing to communications or newsletters. You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
- Contractual Necessity (Article 6(1)(b)): Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract, such as responding to partnership or investment enquiries.
- Legitimate Interests (Article 6(1)(f)): Where processing is necessary for our legitimate business interests, provided these interests do not override your fundamental rights and freedoms. Our legitimate interests include improving our website and services, evaluating potential partnerships, conducting business development activities, and ensuring the security of our systems.
- Legal Obligation (Article 6(1)(c)): Where processing is necessary for compliance with a legal obligation to which we are subject, such as maintaining financial records, complying with anti-money laundering requirements, or responding to lawful requests from regulatory authorities.
5. How We Use Your Data
We use the personal data we collect for the following purposes:
- Responding to enquiries: To process and respond to your questions, requests for information, or expressions of interest submitted via our contact forms or email.
- Evaluating partnerships and investment opportunities: To assess and explore potential business relationships, partnerships, or investment collaborations.
- Improving our website: To analyse how visitors use our website, identify trends, and improve functionality, content, and user experience.
- Sending communications: To send you relevant updates, news, or information about our services and activities where you have provided consent, or where we have a legitimate interest and you have not opted out.
- Complying with legal obligations: To meet our obligations under applicable laws, regulations, and industry standards, including record-keeping and reporting requirements.
- Ensuring security: To protect the security and integrity of our website, systems, and data against unauthorised access, misuse, or fraud.
We will not use your personal data for purposes incompatible with those described above without notifying you and, where required, obtaining your consent.
6. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your browsing experience and to gather information about how you use our site. A cookie is a small text file stored on your device when you visit a website.
6.1 Types of Cookies We Use
- Essential Cookies: These cookies are strictly necessary for the operation of our website. They enable core functionality such as page navigation, access to secure areas, and load balancing. You cannot opt out of essential cookies as the website cannot function properly without them.
- Analytics Cookies: We use Google Analytics to collect anonymised data about how visitors interact with our website, including pages visited, time spent on the site, and referral sources. Google Analytics uses cookies to generate statistical and aggregate information. This data helps us understand how our website is used and how we can improve it. Google Analytics data is processed in accordance with Google's privacy policy.
6.2 Managing Cookies
You can control and manage cookies through your browser settings. Most browsers allow you to:
- View, delete, and block cookies from specific or all websites
- Set preferences for certain types of cookies
- Receive notifications when cookies are being set
Please note that disabling certain cookies may affect the functionality of our website. For more information about managing cookies, visit allaboutcookies.org.
To opt out of Google Analytics tracking specifically, you can install the Google Analytics Opt-out Browser Add-on.
7. Data Sharing and Third Parties
We do not sell, rent, or trade your personal data to any third party. We may share your personal data with the following categories of recipients only where necessary and in accordance with applicable data protection law:
- Gateway Group affiliates: We may share data with other entities within the Gateway Group of Companies for internal administrative purposes and to support the services we provide to you. All Gateway Group’s affiliated entities adhere to equivalent data protection standards.
- Form processing (Formspree): When you submit a contact form on our website, your form data is processed through Formspree, a third-party form handling service. Formspree processes data as a data processor on our behalf in accordance with their privacy policy and our data processing agreements.
- Analytics (Google): We use Google Analytics to collect and analyse website usage data. Google processes this data as a data processor under our instructions and in accordance with applicable data protection requirements.
- Website hosting (Vercel): Our website is hosted on Vercel's infrastructure. Vercel may process limited technical data (such as IP addresses and server logs) as part of providing hosting services.
- Professional advisers: We may share data with our legal, accounting, or other professional advisers where necessary for the provision of their services to us.
- Regulatory and legal authorities: We may disclose personal data where required to do so by law, regulation, or court order, or in connection with legal proceedings.
All third-party service providers are required to process personal data only on our documented instructions and to implement appropriate technical and organisational security measures. We enter into data processing agreements with all processors in compliance with Article 28 of the GDPR.
8. International Data Transfers
As an international organisation with global operations, your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including but not limited to the United States and India.
Where we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place to protect your data, including:
- Adequacy decisions: We may transfer data to countries that the European Commission has determined provide an adequate level of data protection (for example, transfers to the United States may be covered under the EU-U.S. Data Privacy Framework where applicable).
- Standard Contractual Clauses (SCCs): Where no adequacy decision exists, we use the European Commission's Standard Contractual Clauses as a legal mechanism to safeguard data transfers. These clauses impose contractual obligations on the data importer to protect the transferred data.
- Supplementary measures: Where necessary, we implement additional technical, organisational, or contractual measures to ensure the effectiveness of the transfer mechanism used.
You may request a copy of the safeguards in place for international transfers by contacting us at the details set out in Section 14.
9. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by applicable law. The retention periods for personal data are determined based on the purpose of processing and any legal, regulatory, or business requirements, which are as follows:
- Enquiry and Correspondence Data: Retained for as long as necessary to address your inquiry or request. Once the matter is resolved, the data will be deleted unless a longer retention period is required by law, such as for contract execution or financial recordkeeping.
- Partnership and Investment Evaluation Data: Retained for the duration of any active business relationship and for a reasonable period thereafter, or for a longer period if required by applicable financial regulations, legal obligations, or for business analysis purposes.
- Analytics Data: Where you have provided consent, analytics data is processed using tools such as Google Analytics, with IP addresses anonymised where supported. Data is retained only as long as necessary for analytics purposes and is then deleted or aggregated. You may withdraw your consent at any time through your cookie preferences.
- Cookie Data: Cookies are retained only for as long as necessary to fulfil their specific purpose, in accordance with applicable data protection laws. Session cookies are temporary and are deleted automatically when you close your browser. Persistent cookies remain on your device for a defined period or until you delete them. Where cookies are used based on your consent (such as analytics or marketing cookies), they will only be stored for the duration of your consent or until they expire, whichever occurs first. You may withdraw or modify your consent at any time through your cookie preferences or browser settings.
Once the personal data is no longer necessary for the purposes for which it was collected, it will be securely deleted or anonymized so that it can no longer be associated with you.
10. Your Rights Under the GDPR
As a data subject under the GDPR, you have the following rights in relation to your personal data. You may exercise any of these rights free of charge by contacting us at the details set out in Section 14:
- Right of Access (Article 15): You have the right to request confirmation of whether we process your personal data and, if so, to obtain a copy of that data along with information about how it is processed.
- Right to Rectification (Article 16): You have the right to request that we correct any inaccurate personal data we hold about you without undue delay. You may also request completion of incomplete data.
- Right to Erasure (Article 17): You have the right to request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected, or when you withdraw your consent.
- Right to Restriction of Processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or when you have objected to processing pending verification of our legitimate grounds.
- Right to Data Portability (Article 20): You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to request that we transmit that data to another controller where technically feasible.
- Right to Object (Article 21): You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes. Where you object, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
- Right to Withdraw Consent: Where we rely on your consent as the legal basis for processing, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
- Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes the GDPR. The relevant supervisory authority for TGC Capital Partners is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):
- Website: autoriteitpersoonsgegevens.nl
- Address: Bezuidenhoutseweg 30, 2594 AV The Hague, the Netherlands
- Phone: +31 (0)70 888 8500
However, we encourage you to contact us first at dpo@tgccapitalpartners.com so we can address your concerns directly. We will respond to all legitimate requests within the applicable timeframe for the queries related to the personal data and for any other query within one month. In exceptional circumstances, this period may be extended by a further two months where the request is complex or we have received a high number of requests, in which case we will inform you of the extension and the reasons for it.
11. Data Security
We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include:
- Encryption: Data transmitted between your browser and our website is protected using Transport Layer Security (TLS/SSL) encryption.
- Access controls: Access to personal data is restricted to authorised personnel on a need-to-know basis. Staff who handle personal data receive appropriate training on data protection obligations.
- Secure infrastructure: Our website is hosted on enterprise-grade infrastructure with built-in security features, including DDoS protection, automated backups, and network isolation.
- Vendor management: We evaluate the security practices of our third-party service providers and require them to maintain appropriate levels of data protection through contractual agreements.
- Incident response: We maintain procedures for detecting, reporting, and responding to personal data breaches in accordance with GDPR Article 33 and Article 34 requirements.
While we strive to protect your personal data, no method of transmission over the Internet or method of electronic storage is entirely secure. We cannot guarantee absolute security, but we are committed to continuously reviewing and improving our security measures.
12. Children's Privacy
Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16 years of age. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us immediately at the details set out in Section 14, and we will take steps to delete such information from our systems.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or business operations. Any material changes will be posted on this page with an updated “Last updated” date at the bottom of the policy.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. Where changes are significant, we will make reasonable efforts to notify you, for example by placing a prominent notice on our website.
Your continued use of our website after any changes to this Privacy Policy constitutes your acknowledgement of the updated policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, or if you wish to exercise any of your data protection rights, please contact us at:
- Email: hello@tgccapitalpartners.com
- Post: TGC Capital Partners, Maria Montessorilaan 3, 2719 DB Zoetermeer, the Netherlands
- Phone: +31 (0) 79 3200 980
- Data Protection Officer (DPO): If you have any data protection-related inquiries, you can reach our Data Protection Officer at: dpo@tgccapitalpartners.com
We aim to respond to all enquiries within a reasonable timeframe and in any event within the periods required by applicable data protection legislation.