Privacy Policy

Last updated: February 2026

Vyzor VoF (“Vyzor”, “we”, “us”) is an independent tokenization advisory firm registered in the Netherlands. We take your privacy seriously. This policy explains what personal data we collect through our website (vyzor.capital), why we collect it, how we use it, and what rights you have.

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Dutch GDPR Implementation Act (Uitvoeringswet AVG, “UAVG”).

1. Controller

The data controller for this website is:

Vyzor VoF
The Netherlands
Email: info@vyzor.capital

If you have questions about how we handle your data, contact us at the email address above.

2. What data we collect and why

2.1 Contact form and email

When you contact us through our website or by email, we collect your name, organisation, email address, and whatever information you include in your message. We process this data to respond to your enquiry and, where applicable, to explore a potential advisory engagement.

Legal basis: Legitimate interest (Article 6(1)(f) GDPR) — it is in our mutual interest to respond to your enquiry. Where your message leads to a contractual relationship, the legal basis becomes performance of a contract (Article 6(1)(b) GDPR).

2.2 Website analytics

We use privacy-friendly analytics to understand how visitors use our website — for example, which pages are visited most and which countries our visitors come from. We do not use Google Analytics. Our analytics solution does not place tracking cookies, does not collect personal data, and does not track individual visitors across sessions or websites.

Legal basis: Legitimate interest (Article 6(1)(f) GDPR) — understanding aggregate visitor behaviour helps us improve our website.

2.3 Hosting and server logs

Our website is hosted on Vercel. When you visit our site, Vercel may temporarily process your IP address and basic request data (browser type, page requested, timestamp) as part of normal server operations. This data is not used to identify individual visitors and is not retained beyond what is technically necessary.

Legal basis: Legitimate interest (Article 6(1)(f) GDPR) — ensuring the website operates securely and reliably.

2.4 Cookies

We use only strictly necessary cookies required for the website to function (for example, remembering cookie consent preferences). We do not use advertising cookies, tracking cookies, or social media cookies. Strictly necessary cookies do not require consent under the Dutch Telecommunications Act (Telecommunicatiewet).

If we introduce any non-essential cookies in the future, we will update this policy and ask for your consent before placing them.

3. Who we share data with

We do not sell, rent, or trade your personal data.

We may share your data with the following categories of recipients, only to the extent necessary:

• Hosting provider (Vercel Inc., USA) — for website delivery and server operations.
• Email provider — for processing email communications.
• Professional advisors — legal counsel or accountants, where required by law or in connection with an engagement.

Where data is transferred outside the European Economic Area (EEA) — for example, to Vercel in the United States — we ensure that appropriate safeguards are in place, such as EU Standard Contractual Clauses (SCCs) or an adequacy decision by the European Commission.

4. How long we keep data

• Contact form submissions and correspondence: Retained for the duration of our professional relationship plus 7 years, in line with Dutch statutory retention obligations.
• Server logs: Retained by our hosting provider for the minimum period necessary for operational purposes (typically 30 days or less).
• Analytics data: Aggregated and anonymised — no personal data is retained.

5. Your rights

Under the GDPR, you have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you.
• Rectification — ask us to correct inaccurate data.
• Erasure — ask us to delete your data (subject to legal retention obligations).
• Restriction — ask us to limit how we use your data.
• Data portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interest.

To exercise any of these rights, contact us at info@vyzor.capital. We will respond within 30 days.

6. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted connections (HTTPS), access controls, and secure hosting infrastructure.

7. Supervisory authority

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

Autoriteit Persoonsgegevens
PO Box 93374, 2509 AJ The Hague
www.autoriteitpersoonsgegevens.nl

8. Changes to this policy

We may update this privacy policy from time to time. The latest version will always be available at vyzor.capital/privacy. We will not materially reduce your rights under this policy without notifying you.

Vyzor VoF · Amsterdam, The Netherlands · info@vyzor.capital