Privacy Policy

We may collect and process the following categories of personal data, depending on your relationship with EntryPoint Europe and the way you interact with us:

• Identification details – such as your full name, date of birth, gender, nationality, and identification numbers (e.g., passport or ID card details, if required for compliance).

• Contact details – including email address, phone number, postal address, and social media profiles.

• Professional and business information – such as your current role, employer, sector, skills, LinkedIn profile, and relevant experience.

• Application information – details you provide in your accelerator application, pitch decks, business plans, financial projections, and supporting documents.

• Program participation records – including attendance at workshops, events, and mentoring sessions; progress updates; deliverables; and outcomes.

• Financial information – such as bank account details for grants or reimbursements, investment data, and funding history.

• KYC/AML information – if required by law for investment purposes, such as proof of identity, proof of address, and beneficial ownership details.

• Marketing and communication preferences – including your subscription status and consent records.

• Technical data – IP address, browser type, operating system, device information, and usage data collected through cookies and analytics tools.

• Media and image data – photographs, video recordings, and other media from events or program activities.
  

We collect personal data through various channels, including:

• Direct interactions – when you apply to our programs, attend our events, fill in forms, communicate with us by email or phone, or provide feedback.

• Program activities – through mentoring sessions, workshops, surveys, progress reports, and monitoring of deliverables.

• Third-party sources – such as referrals from mentors, partners, investors, or alumni; public databases; LinkedIn and other publicly available information; and partner organisations in joint programs.

• Automated technologies – via our website, online application portals, and digital communication tools (including cookies, analytics, and usage tracking).

• Photography and media coverage – by our team or appointed photographers/videographers during events, with consent where required.

We process personal data only where we have a lawful basis under Article 6 of the GDPR, which may include:

We only share your personal data where it is necessary, proportionate, and lawful to do so. Categories of recipients include:

• Service providers and vendors – e.g., IT hosting, CRM, communication tools, analytics platforms, KYC/AML providers, cloud storage, and community platforms, who act as processors under GDPR-compliant contracts.

• Mentors, advisors, and selection/investment committee members – to allow them to review applications, provide feedback, and deliver mentoring sessions.

• Program partners and sponsors – where collaboration is needed to deliver services, report outcomes, or organise joint events.

• Affiliated entities – including any EntryPoint-branded initiatives in other jurisdictions, to coordinate accelerator activities and alumni engagement.

• Public authorities and regulators – where we are legally obliged to do so (e.g., AML reporting, court orders).

We do not sell, rent, or trade your personal data for marketing purposes.

Some of our service providers and partners are located outside the European Economic Area (EEA). Where we transfer your personal data to countries without an EU adequacy decision, we implement appropriate safeguards, such as:

• Standard Contractual Clauses approved by the European Commission;

• Binding Corporate Rules where applicable;
  

• Additional technical measures such as encryption or pseudonymisation; or
  

• GDPR Article 49 derogations for specific cases (e.g., explicit consent, performance of a contract).

You may request a copy of the relevant safeguards by contacting us.

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable laws. This typically means:

• Applications (unsuccessful): retained for up to 18 months in case of reapplication, unless deletion is requested earlier.

• Program participants and alumni: retained for the duration of the relationship and up to 6 years thereafter to manage alumni networks, investment follow-ups, and compliance.

• Investment/KYC data: retained for 5–10 years in line with anti-money laundering laws.

• Marketing lists: retained until you withdraw your consent or object to processing.

• Event media (photos, video): retained until you withdraw consent or object, unless required for archival purposes.

• Recruitment data: retained for up to 18 months after the process unless earlier deletion is requested.

You have the following rights, subject to certain conditions and exceptions under law:

• Right of access – to request a copy of your personal data and information on how it is processed.

• Right to rectification – to correct inaccurate or incomplete data.
  

• Right to erasure – to have your personal data deleted (“right to be forgotten”).

• Right to restriction of processing – to limit how we use your data.

• Right to object – to object to certain processing, including direct marketing.

• Right to data portability – to receive your personal data in a machine-readable format or request that we transmit it to another controller.

• Right to withdraw consent – at any time, without affecting the lawfulness of processing before withdrawal.

• Right to lodge a complaint – with your national data protection authority (see Supervisory Authority details).

How to exercise rights: Email info@entry-point.lu

Supervisory authority: National Commission for Data Protection, Grand Duchy of Luxembourg, https://cnpd.public.lu/en.html, +352 26 10 60 -1.

We apply appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These include:

• Encryption in transit and at rest for sensitive information;

• Access control and authentication measures;

• Regular security audits and monitoring;

• Vendor risk assessments;

• Staff training on data protection principles; and

• Incident response and breach notification procedures.

We use cookies, tracking pixels, and similar technologies for purposes including:

• Essential functionality – enabling you to navigate the website and use its features.

• Preference storage – remembering your settings (e.g., language).

• Analytics – understanding how visitors use our site to improve usability and performance.

• Marketing and personalisation – delivering relevant content and measuring campaign effectiveness.

Where required by law, we request your consent before setting non-essential cookies. You can manage or withdraw consent at any time via our Cookie Notice or browser settings.

We do not make decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you, unless we have your explicit consent or it is otherwise permitted by law. If in the future we use such processes (e.g., automated scoring in application evaluation), we will inform you in advance, explain the logic involved, and describe the potential consequences, as required by Articles 13–15 GDPR.

Our websites, program platforms, and communications may contain links to third-party websites, platforms, or social media accounts. Clicking those links may allow third parties to collect or share data about you. We have no control over these third-party services and are not responsible for their privacy statements or practices. We encourage you to read the privacy policy of every site you visit.

In certain contexts (e.g., when running an event or program on behalf of a government agency, corporate partner, or EU project), we may process personal data as a processor, not a controller. In those cases, our processing is governed by the instructions of that partner and their privacy policy, and you should direct any rights requests to them.

We may amend this Privacy Policy from time to time to reflect changes in law, our operations, or our services. If the changes are material, we will provide you with additional notice (such as by email or a prominent notice on our website) before they take effect. The “Last updated” date at the top of this policy indicates when it was last revised.