Privacy Policy

Last update: 22 March 2026

European Oak Capital BV, registered at Frankrijklei 5, 2000 Antwerp in Belgium and registered at the Crossroads Bank for Enterprises (CBE) under number [Company Number], is the data manager for the processing of personal data as described in this privacy policy.

At European Oak Capital BV, we find it important to adequately protect and keep your personal data safe while complying with all applicable regulation, such as the General Data Protection Regulation (EU) 2016/679 in the European Union commonly referred to as GDPR.

On this page, we explain the most relevant aspects of our data collection and storage process.

In case you have additional questions or a complaint we prefer to discuss this with you directly, resolve any issues and rectify the situation if necessary. You can contact us directly via our contact page.

1. What personal data do we store?

We collect and process various types of personal data depending on legal requirements and based on how you interact with us. This includes the following:

Identification data: your first and last name, role, telephone number and company name. In case of a contractual agreement (e.g. supplier or client) additional data is collected and stored safely.
Technical data: your IP address in anonymised format, browser type and version, operating system, language preferences and data about your activity on our website.
Data from contact forms and emails: all information you provide when you fill out a contact form on our website or communicate with us via email.
Marketing data: your preferences for receiving marketing communication from us.

2. Why do we process your data and on what legal basis?

We process your personal data for specific, explicit, and legal purposes. We will not process your data in a way that is incompatible with the following purposes:

To offer our services: necessary to comply with our agreements (Article 6(1)(b) GDPR).
To respond to your questions and requests: our legitimate interest to communicate effectively and manage inquiries (Article 6(1)(f) GDPR).
To send marketing communication (e.g. newsletter): after your consent (Article 6(1)(a) GDPR), which you can withdraw at any time.
To improve our website and services: to provide the best user experience possible and to improve user experience (Article 6(1)(f) GDPR).
To comply with legal and regulatory obligations: necessary for compliance with our legal obligations as a company (Article 6(1)(c) GDPR).

3. How long do we keep your data?

We do not store your personal data longer than necessary. The retention period depends on the purpose for which the data was collected:

Operational data: We retain data of our operations and stakeholders duringt the mandatory legal retention period (i.e. seven years in Belgium).
Potential client data: data stored for a period of three years.
Website visitor data: typically stored for a maximum of 26 months.
Data from contact forms: retained for as long as necessary to handle your request and a reasonable period thereafter (i.e. in case the same issue occurs again).

4. Who has access to your data?

We have strict access controls implemented both on an organisational and technical level. Access to your personal data is restricted to authorized employees with role-based access controls (RBAC). They can only access your data to perform their professional duties. If we are obligated to send your data to another firm, we expect that they treat your data with the same care as we do. If you notice that this is not the case, please let us know via our contact page.

For an overview of other cybersecurity measures, read '5. How do we protect your data?' below.

5. How do we protect your data?

We have implemented cybersecurity measures on an organisational and technical level to protect your personal data against unlawful access to your data and ensure cyber resilience of our company. These cybersecurity measures include the following:

Internal risk management policies;
Data encryption;
SSL certification: secure connection with encryption;
RBAC: strict internal role-based access controls;
Password policies;
Record rules;
2FA: two-factor user authentication;
User session inactivity rules: automatically logging off after a period of inactivity;
Cybersecurity assessments;
Mandatory incident reporting framework;
and training of personnel.

The ERP platform we use is designed to prevent the most common security vulnerabilities outlined by OWASP (Open Web Application Security Project). In addition to that, they perform independent security audits on a regular basis, have a community of independent security researchers, and release regular security updates and patches to ensure your data remains safely stored.

6. What are your rights?

Based on GDPR, you have the following rights:

Right of access: you can request a copy of the personal data we store.
Right to rectification: you can ask us to correct any inaccurate or incomplete data.
Right of erasure (i.e. the right to be forgotten): you can request to delete your personal data under certain conditions.
Right to restrict processing: you can ask us to limit the processing of your data under certain circumstances.
Right to data portability: you can request to receive your data in a structured, commonly used, and machine-readable format.
Right to object: you have the right to object to the processing of your data, for example for direct marketing purposes.
Right to withdraw consent: if we process your data based on your consent, you can withdraw that consent at any time.
Right to complain: you have the right to file a complaint if your data is not processed correctly. If you have a complaint, we prefer to resolve the issue with you directly and rectify the situation. In case that the issue is not resolved, you have the right to file a complaint at the Belgian Data Protection Authority (DPA).

To exercise any of these rights, please submit a request via our contact page and we will get back to you as soon as possible.

7. Do we sell your data to third parties?

No, we will never sell your personal data to third parties.

8. Is my personal data shared with others?

That depends, in certain instances we are required to process your data with third parties (e.g. a bank to process your payment). If this is the case, we only share your data if this is absolutely necessary and only with trusted service providers.

9. Are minors allowed?

No, we do not provide services to minors (i.e. persons below the age of 18).

10. What about cookies?

We use cookies and similar technologies on our website. Cookies are small text files placed on your device to collect standard internet log information, your preferences (e.g. language) and web page visits. For more details on which cookies we use and how you can manage them: read our cookies policy.

11. What about any changes to this privacy policy?

We can update this privacy policy to reflect changes in our operations or changes in the legal or regulatory framework we operate in as a company. Therefore, check this page from time to time to remain up-to-date.

12. How can I contact European Oak Capital?

You can contact us directly via our contact page.

13. What about the European Data act?

The Data Act, or Regulation (EU) 2023/2854, aims to facilitate a competitive European data market by making data, more specifically industrial data and data from internet-of-things (IoT), more accessible and usable. It empowers users of connected products to have greater ownership of their data. Furthermore, the act engourages data-driven innovation and improves data availability. We consider this a business opportunity and are impacted in the following manner:

Compliance: We uphold the legal framework to protect the data we store, both the data in scope of GDPR and the Data Act, and have implemented necessary safeguards against unlawful access or transfer of data. We review our contracts and data processing practices annually to ensure compliance with applicable legislation and to ensure a sufficient level of protection.
Protection against unfair practices: As a company operating in the EU, we are protected by the Data act against unfair practices of data access and use. Our data-sharing framework is conducted on fair, reasonable, and non-discriminatory (FRAND) basis.
Business opportunity: the Data act is a legal framework that clarifies the general conditions when a (bigger) company has a legal obligation to share data with us.