Privacy Statement

September 2023, version 2.0

This is the privacy statement of Curiosity Venture Capital B.V., hereinafter referred to as Curiosity. Privacy is an important theme within Curiosity, about which there should be no ambiguities. We take your right to privacy seriously and work continuously to keep your data safe. This privacy statement provides information about how we process personal data within our company and what rights you have when we process your personal data. Since we want to continuously improve our services, this privacy statement may also change. The most recent version will always be visible on our website. Using our website gives you the possibility to visit other websites, for instance the websites of the companies we’ve supported. Curiosity is not responsible for the processing of your personal data on these websites and our privacy statement therefore is not applicable. For more information about how these organisations process your personal data when you visit their website, please refer to the privacy statement on their website.

Who are we?

It’s our mission to help innovative founders grow their company into something great. We raise growth capital, share our experiences, and help founders navigate the challenges of a growing company. That’s how we make more impact, together. We are responsible for processing your personal data. We are registered at Vlamingstraat 4 in Zoetermeer, The Netherlands. If you have any questions concerning the processing of your personal data, please contact us at

What personal data do we collect?

When making use of our services, we collect personal data. Different types of personal data may be collected depending on how you make use of our services.

Curiosity collects and processes the following types of personal data:

Investor relations:

  • Contact information
  • Address details
  • Nationality
  • Identification documents
  • Bank account
  • Information concerning background checks

Portfolio management:

  • Contact information
  • Photos
  • Nationality
  • Gender
  • Information concerning background checks

Community management:

  • Contact information
  • Address details
  • Photos
  • Nationality
  • Gender
  • Information concerning background checks

Deal sourcing:

  • Contact information
  • Business profile information (e.g. Linkedin info)

Why do we process your personal data?

We use your personal data in order to provide our services and to comply with legal obligations. We only collect and process personal data that is necessary in relation to the purposes for which your personal data is processed. Below, you’ll find more information about the specific purposes of processing your personal data, on what lawful ground of processing the processing is based and what the retention period is.

Limited Partner management

If you are one of our Limited Partners, we process your personal data as a Controller. Prior to onboarding you as a Limited Partner we perform a Due Diligence check as part of our Client Validation process. When the outcome of the customer screening is positive, we start the identification and verification process based on the information you, as possible Limited Partner, provided us with. This includes data such as your contact information but also your identification documents. Next is the risk assessment and classification. After finishing the Client Validation process, we start with the onboarding and signing the contracts. When you’ve become one of our limited partners, we continuously monitor possible changes and keep screening the possible risks.

Using your personal data in relation to the Client Validation process is necessary for us to fulfil our legal obligations following from the Anti-Money Laundering and Anti-Terrorist Financing Act, the Financial Supervision Act, Alternative Investment Fund Managers Directive and the Sanction Act.

If you become one of our Limited Partners, we are obligated to store your personal data for a period of five years after ending our relationship or five years after the execution of the relevant transaction.

Pitch decks and portfolio management

If you’re interested in us investing in your company, it’s possible to send us a pitch deck. We will process everything you send us in your pitch as a Controller. The data we process varies from your contact information to your address if you include that in your pitch. We need your contact information to be able to keep in touch with you. We store your information in our CRM system. If we decide to reject your pitch, we’ll get in contact with you. We save the pitch decks we receive in our database; this includes any contact information that this pitch deck contains. We store this data for as long as the fund is running, plus 5 years. If you wish for this data not to be saved, you may object to it or send us an erasure request. If we do decide to invest in your company, you will be added to our portfolio. Processing your personal data for the purpose of portfolio management is based on your consent. By sending in the information, you provide us with your consent to process your personal data.


If you decide to invest your money in funds managed by our company, we collect the invested money by using Fundrbird, our Fund administration software. We process your contact information and financial data to be able to collect the money as a Controller. This processing is necessary for the performance of the contract to which you are a party. If we pay out your investment of profit, we provide your personal data, such as contact information and financial data, to our accountant. This processing is also necessary for the performance of the contract to which you are a party. We are obliged to store this accounting information for a period of 7 years after the end of the fiscal year.

What parties do we share your personal data with? 

Law enforcement agencies or regulators

We are obliged to share your personal data in case of a legal request. Prior to sharing your personal data we’ll thoroughly assess the request for legitimacy.

Software suppliers

In order to provide you with our services, we use a variety of software systems. Most of the software systems are cloud based and the suppliers of the systems are our data processors. Curiosity makes sure the usage of these suppliers is GDPR compliant. This entails a due diligence check prior to selecting a software supplier and making sure the processing of the personal data is governed by a Data Processing Agreement. Where the software supplier is located in a country outside of the EEA, we rely on adequacy decisions where such an adequacy decision has been taken by the European Commission. In the absence of an adequacy decision, we rely on Standard Contractual Clauses that form part of the Data Processing Agreement and ensure that our software suppliers take additional security measures, such as encryption.

Curiosity entities

Curiosity shares personal data with Curiosity Early Stage Fund Coöperatief U.A. in order to provide our services. Curiosity Early Stage Fund Coöperatief U.A. is part of the Curiosity group.

How do we protect your personal data?

Curiosity takes technical and organisational measures to protect your personal data against loss or other forms of unlawful processing. We treat your information confidential and ensure that our staff does too. When we use a software supplier, we also make sure they take the necessary technical and organisational measures.

What if a security incident occurs?

In case of a security incident or data breach, Curiosity has a process in place to discover the incident in a timely manner. The incident will be assessed and if there is a risk for the data subjects, Curiosity will report the data breach to the Data Protection Authority. Curiosity will also inform you if your personal data is involved and this constitutes a high risk for you.

If you detect a security incident of a data breach, please let us know by sending us an e-mail at or get in contact with us by phone.

What are your rights?

With this privacy statement Curiosity gives you information about the processing of your personal data. If you want more information about how we process your personal data, you could use one of the data subject rights following from the GDPR.

  • Right of access – if you want a more detailed overview of the personal data Curiosity processes
  • Right to rectification – if Curiosity processes incorrect personal data of you
  • Right to erasure – when the processing of your personal data is based on your consent and after withdrawing this consent, Curiosity has no other lawful ground for processing your personal data.
  • Right to restriction – if you for instance challenge the accuracy of the personal data
  • Right to objection - where you can object to the data processing by Curiosity

If you want to use one of the data subject rights as described above, please send us an e-mail at Please provide us with the necessary information to identify you. Curiosity needs your first and last name, e-mail address and date of birth to be able to verify your identity with a reasonable degree of certainty.

Complaint to the Data Protection Authority?

Your satisfaction with the way we process your personal data is important to us. We try our very best to keep you satisfied and your personal data secure. If you have any complaints concerning the way we process your personal data, please get in contact with us. If we cannot work this out together, it is possible to file a complaint with the Data Protection Authority by using this form: