Privacy Policy

Last updated: March 2026

1. Who we are

PCD CareHub (hereinafter: "PCD", "we", "us" or "our") is the data controller responsible for the processing of personal data as described in this privacy policy. We are located at the following address:

PCD CareHub
Lijndonk 4
Breda, The Netherlands
Phone: +31 6 53 85 27 53

2. What data we collect

We may collect and process the following personal data:

  • Contact form data: name, email address, phone number, company name, and the message you submit through our contact form.
  • Website analytics data: through Google Analytics we collect anonymised data about the use of our website, including IP address (anonymised), browser type, operating system, pages visited, referring website, date and time of visit, and duration of the visit.
  • Cookie data: information collected through cookies and similar technologies. Please refer to our cookie policy for more information.
  • Communication data: data you provide when you communicate with us by email, phone, or other means.
  • Investor portal data: if you use our investor portal, we process additional data such as your account details (name, email address), KYC verification data (identity documents, verification status), and correspondence via the complaints form.

3. Why we collect this data

We process your personal data for the following purposes:

  • Communication: to respond to your questions, requests, or enquiries and to communicate with you about our services.
  • Website improvement: to analyse the use of our website and improve the user experience, including through aggregated and anonymised statistics.
  • Legal obligations: to comply with legal obligations that apply to us, such as fiscal retention requirements and record-keeping.
  • Legitimate interest: to optimise our services, prevent fraud, and safeguard the security of our website.
  • Investor portal: to manage your account, carry out KYC verification, inform you about the status of your account, and handle complaints via transactional emails.

4. How long we retain data

We do not retain your personal data for longer than is strictly necessary for the purposes for which it is collected. We apply the following retention periods:

  • Contact form data: up to 12 months after the last contact, unless longer retention is necessary for an ongoing collaboration.
  • Website analytics data: up to 26 months (anonymised).
  • Investor portal data: for the duration of your account and up to 12 months after termination, unless a longer retention period is required by law.
  • Legally required data: in accordance with statutory retention periods, such as 7 years for fiscal data.

5. Sharing with third parties

PCD CareHub does not sell your personal data to third parties. We only share your data with third parties where this is necessary for the performance of our services or to comply with a legal obligation. We enter into data processing agreements with organisations that process your data on our behalf to ensure an equivalent level of security and confidentiality of your data.

Examples of third parties we work with:

  • GitHub Pages (GitHub, Inc. / Microsoft Corporation, United States) as hosting provider for our website. When you visit our website, your IP address is processed by GitHub's servers. The transfer of data is safeguarded on the basis of the EU-US Data Privacy Framework.
  • Supabase (Supabase, Inc., United States) as hosting and database provider for our investor portal. Supabase processes and stores account data, KYC data, and documents. The servers are located in the EU (AWS eu-west-1). The transfer to Supabase, Inc. is safeguarded on the basis of Standard Contractual Clauses (SCCs) pursuant to Article 46(2) GDPR.
  • Google Analytics (Google LLC, United States) via Google Tag Manager for collecting anonymised website statistics, such as visitor numbers, page views, and traffic sources. Google Analytics processes your (anonymised) IP address for this purpose. The transfer is safeguarded on the basis of the EU-US Data Privacy Framework. You can prevent data collection by Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
  • Google Fonts (Google LLC, United States) for loading fonts on our website. When loading these fonts, your IP address is sent to Google's servers. The transfer is safeguarded on the basis of the EU-US Data Privacy Framework.
  • FormSubmit.co as service provider for processing our contact form. When you submit the contact form, your name, email address, phone number, company name, and message are processed by FormSubmit.co and delivered to us by email.
  • Calendly (Calendly LLC, United States) as scheduling service for booking appointments. When you schedule an appointment via our website, you are redirected to the Calendly platform, which operates under its own privacy policy. The transfer is safeguarded on the basis of the EU-US Data Privacy Framework.
  • Resend (Resend, Inc., United States) as email service provider for sending transactional emails from our investor portal, such as invitations, welcome messages, KYC status notifications, account notifications, and complaint confirmations. Resend processes your email address and name for this purpose. The transfer is safeguarded on the basis of Standard Contractual Clauses (SCCs) pursuant to Article 46(2) GDPR.

6. Your rights

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

  • Right of access: you may request an overview of the personal data we process about you.
  • Right to rectification: you may request that we correct inaccurate or incomplete data.
  • Right to erasure: you may request that we delete your personal data.
  • Right to restriction of processing: you may request that we (temporarily) restrict the processing of your data.
  • Right to object: you may object to the processing of your personal data based on our legitimate interest.
  • Right to data portability: you may request that we transfer your data in a structured, commonly used, and machine-readable format to you or another organisation.

Would you like to exercise any of these rights? Please contact us using the contact details at the bottom of this page. We will respond as soon as possible, but no later than within four weeks. In addition, you always have the right to lodge a complaint with the Dutch Data Protection Authority (www.autoriteitpersoonsgegevens.nl).

7. Security

PCD CareHub takes the protection of your personal data seriously and implements appropriate technical and organisational measures to prevent misuse, loss, unauthorised access, unwanted disclosure, and unauthorised modification. Our security measures are based on the principles of NEN 7510 and ISO 27001, including:

  • SSL/TLS encryption for all data transfers via our website.
  • Regular security updates and patches.
  • Access control and limited authorisation for employees.
  • Periodic security audits and risk assessments.
  • Data processing agreements with all processors.

If you nonetheless have the impression that your data is not adequately secured or if there are indications of misuse, please contact us.

8. Cookies

Our website uses cookies. A cookie is a small text file that is stored in the browser of your computer, tablet, or smartphone when you first visit our website. For more information about which cookies we use, their purpose, and how you can manage them, please refer to our comprehensive cookie policy.

9. Changes to this privacy policy

PCD CareHub reserves the right to amend this privacy policy. Changes will be published on this page. We recommend that you review this privacy policy regularly so that you are aware of any changes. Substantial changes will be clearly communicated on our website.

10. Contact

Do you have questions about this privacy policy or about how we handle your personal data? Please feel free to contact us:

PCD CareHub

Lijndonk 4, Breda, The Netherlands

Phone: +31 6 53 85 27 53

You can also use our contact form. We aim to respond to your request within two business days.