Legal

Privacy Statement

How Eucade handles personal data under the GDPR. Last updated May 2026.

This Privacy Statement explains how Eucade processes personal data of website visitors and prospective and current clients. Eucade is based in the Netherlands and complies with the General Data Protection Regulation (Regulation (EU) 2016/679, the “GDPR”) and the Dutch implementing act.

Data controller

Eucade, the trading name of Gerben Bijmholt, sole proprietorship registered in the Netherlands (KvK 98799037), is the data controller for personal data processed in connection with its services. Contact: hello@eucade.eu.

What data we collect

Website visitors

The eucade.eu website does not use third-party analytics, advertising trackers, or behavioural cookies. Standard server logs (IP address, timestamp, user agent, requested URL) may be retained by our hosting provider (Cloudflare) for the purpose of security and abuse prevention.

Intake form submissions

When you submit an intake form, we collect the information you provide, which may include:

• Your name, email address, and organisation
• A description of your sector, technology, and funding interest
• Any additional context you choose to share

Client engagement data

If you engage Eucade for paid services, we additionally process:

• Billing information (company address, IBAN, VAT number where applicable)
• Communication records (emails, signed agreements)
• Application-related materials you share with us for grant preparation

Purposes and legal bases

We process personal data for the following purposes:

• Responding to intake inquiries, legal basis: pre-contractual measures at your request (GDPR Art. 6(1)(b))
• Delivering services under a Service Agreement, legal basis: performance of contract (Art. 6(1)(b))
• Tax and accounting records, legal basis: legal obligation (Art. 6(1)(c))
• Security and abuse prevention, legal basis: legitimate interest (Art. 6(1)(f))

Sub-processors

Eucade uses the following service providers, each of which acts as a sub-processor:

• Cloudflare, website hosting and security
• Migadu (Switzerland), email hosting
• Formspree, intake form processing
• SignWell, electronic signing of agreements

Each sub-processor has its own privacy practices and may be located outside the EU. All cross-border transfers rely on standard contractual clauses or equivalent safeguards.

How long we keep your data

• Intake submissions that do not lead to engagement: deleted within 12 months
• Client records: retained for the duration of engagement, plus the statutory retention period (7 years for Dutch tax records)
• Server logs: as retained by Cloudflare, typically 30 days

Your rights

Under the GDPR you have the right to access, rectify, erase, or restrict processing of your personal data, to object to certain processing, and to data portability. You may exercise these rights by emailing hello@eucade.eu. You may also lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe your rights have been violated.

Changes to this statement

We may update this Privacy Statement from time to time. The current version is always available at eucade.eu/privacy. Material changes will be communicated by email to current clients.