Nijmegen, 01.01.2021

Privacy Policy

Name and contact details of the controller

This data protection information applies to data processing by:

Stichting Katholieke Universiteit (RUMC)
Geert Grooteplein Noord 9
6525 EZ Nijmegen
The Netherlands

To whom does this privacy policy apply

This data protection declaration applies to all persons whose personal data are processed by Serotonin and Beyond, except those who work for Serotonin and Beyond. Personal data is any data that contains information about persons with whom these persons are identifiable. This Privacy Policy applies to:

  • Customers of Serotonin and Beyond
  • Potential customers with whom Serotonin and Beyond has contacted or wanted to contact
  • Visitors to the website of Serotonin and Beyond
  • Recipients of newsletters and commercial emails from Serotonin and Beyond
  • Any person who contacts Serotonin and Beyond or whose personal data is processed by Serotonin and Beyond

This Privacy Policy does not apply to employees, temporary workers, trainees and applicants.

Collection and storage of personal data and
the nature and purpose of their use
Personal information

Personally provided information includes:

  • Contact information and other personal information needed to enable collaboration with a consultant
  • Contact details provided when you typed in contact forms or web forms
  • Contact details disclosed during introductory talks, events, seminars, etc.

Personal information obtained from another source includes:

  • Personal data available on public social media, such as LinkedIn
  • Personal information to be found in the Chamber of Commerce
  • Personal information found on the company’s websites

When visiting the website

When you visit our website, information is automatically sent to the server of our website by the browser used on your device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

  • IP address of the requesting computer,
  • Date and time of access,
  • the name and URL of the retrieved file,
  • Website from which access is made (referrer URL),
  • Browser and, if applicable, the operating system of your computer as well as the name of your access provider.

The above data will be processed by us for the following purposes:

  • Ensuring a smooth connection of the website,
  • Ensuring comfortable use of our website,
  • evaluation of system security and stability as well as
  • for other administrative purposes.

The legal basis for data processing is Art. 6 para. 1 sentence 1 letter f GDPR. Our legitimate interest follows from the above-mentioned purposes for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.

Furthermore, we use cookies and analysis services when you visit our website. You will find more detailed explanations in sections 6 and 7 of this data protection declaration.

When registering for our newsletter

Provided that you have expressly consented in accordance with Art. 6 para. 1 sentence 1 letter a GDPR, we will use your e-mail address to send you our newsletter on a regular basis. To receive the newsletter, it is sufficient to provide an e-mail address.

You can cancel your subscription at any time by sending an informal message (subject: cancellation) to:

(by post) Serotonin and Beyond
Stichting Katholieke Universiteit (RUMC)
Geert Grooteplein Noord 9
6525 EZ Nijmegen
The Netherlands

(by e-mail)


Use of your data

We use your personal data for various purposes. The following is a list:

For the implementation of an agreement in which you have commissioned us to provide innovation and financing advice from our consultants. If you place an order with a consultant, at least your contact details will be requested. Depending on the nature of the assignment, other personal data may also be required to process the assignment. In addition, the data is used to invoice the services provided.

  • Compliance with legal obligations
  • The collection of fees.
  • Recruitment and selection (application)
  • Maintaining contact with you

In order to carry out marketing campaigns more efficiently and to improve product and service information, your contact details are stored in EU CRM systems and can be used to send newsletters, updates, event and seminar invitations and to send you information you have requested from Serotonin and Beyond.

We think it is important to address you with relevant information. To do this, we combine and analyse the personal data we hold about you. On this basis, we determine which information and channels are relevant and which moments are most appropriate for providing information or contacting you. We do not process any specific personal data or confidential data in marketing campaigns. If we wish to create a personal, individual customer profile, we ask for your prior consent. If you wish to withdraw this consent later, this is always possible.

To analyse data, in the following we distinguish between interaction and behaviour data.

Interaction data: Personal data, which are obtained through the contact between you and Serotonin and Beyond. For example, about your use of our website or supported applications. This also applies to offline interactions, e.g. how often and when there is contact between Serotonin and Beyond and you.

Behavioural data: Personal data which Serotonin and Beyond processes about your behaviour, such as your preferences, opinions, wishes and needs. We can derive this data from your surfing behaviour on our website, from our newsletters or from your request for information. But also, through contact, incoming telephone calls and e-mail contact with our employees. We only collect and use information that we obtain by tracking cookies with your permission, which you can revoke at any time. See our cookie declaration.

To improve user statistics. The user statistics of the website allow us to get an image of the number of visitors, the duration of the visit, the parts viewed of the website and the click behavior. These are generic reports with no information about individuals. We use the information obtained to improve the website.

To ensure access control and enterprise security. If you visit our office, we will note your name on arrival. In addition, camera images may be taken outside the office, at reception and at the entrance to the meeting rooms. We do this to prevent unauthorised persons from entering the office in the event of an accident and to ensure that no unauthorised persons have access to the office. Camera recordings are generally destroyed after ten days.

Disclosure of data

Your personal data will not be transferred to third parties for purposes other than the ones listed below.

We will only share your personal information with third parties if:

  • you have given your express consent in accordance with Art. 6 Para. 1 p. 1 letter a GDPR
  • the disclosure pursuant to Art. 6 Para. 1 p. 1 letter f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
  • if there is a legal obligation to pass on the data pursuant to Art. 6 Para. 1 p. 1 letter c GDPR, and
  • this is legally permissible and is required under Art. 6 Para. 1 p. 1 letter b GDPR for the processing of contractual relationships with you.


We use cookies on our site. These are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage on your terminal device, do not contain viruses, Trojans or other malicious software.

The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted when you leave our site.

In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your end device for a certain fixed period. If you visit our site again to make use of our services, we will automatically recognise that you have already been to our site and what entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to record the use of our website statistically and to evaluate it for the purpose of optimising our offer for you. These cookies enable us to automatically recognise that you have already been on our website when you visit it again. These cookies are automatically deleted after a defined time.

The data processed by cookies is required for the above mentioned purposes to protect our legitimate interests and those of third parties in accordance with Art. 6 Para. 1 S. 1 letter f GDPR.

Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the functions of our website.

Analysis Tools

Tracking tools

The tracking measures listed below and used by us are carried out based on Art. 6 para. 1 sentence 1 letter f GDPR. With the tracking measures used, we want to ensure that our website is designed to meet the needs of our customers and is continuously optimised. On the other hand, we use the tracking measures to record the use of our website statistically and evaluate it for the purpose of optimising our offer for you. These interests are to be regarded as justified in the sense of the regulation.

The respective data processing purposes and data categories can be found in the corresponding tracking tools.

Google Analytics

For the purpose of designing and continuously optimising our pages to meet your needs, we use Google Analytics, a web analysis service of Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymised user profiles are created and cookies (see section 4) are used. The information generated by the cookie about your use of this website such as

  • Browser type/version,
  • Operating system used,
  • Referrer URL (the previously visited page),
  • Host name of the accessing computer (IP address),
  • Time of the server request,

are transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the use of the website and the Internet for the purposes of market research and the design of these Internet pages in line with requirements. This information may also be transferred to third parties if required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are made anonymous, so that an assignment is not possible (IP masking).

You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on.

As an alternative to the browser add-on, especially in the case of browsers on mobile devices, you can also prevent Google Analytics from recording the data by clicking on this link. An opt-out cookie is set to prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again.

Further information on data protection in connection with Google Analytics can be found in the Google Analytics help.

Google Adwords Conversion Tracking

In order to record the use of our website statistically and to evaluate it for you for the purpose of optimizing our website, we also use Google Conversion Tracking. Google Adwords sets a cookie (see paragraph 4) on your computer if you have reached our website via a Google ad.

These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer’s website and the cookie has not yet expired, Google and the customer can recognize that the user has clicked on the ad and has been redirected to this page.

Each Adwords customer receives a different cookie. Cookies cannot therefore be tracked through adwords customers’ websites. The information collected using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers will learn the total number of users who clicked on their ad and have been redirected to a page with a conversion tracking tag. However, you will not receive any information that can be used to personally identify users.

If you do not wish to participate in the tracking procedure, you can also refuse the necessary setting of a cookie – for example, by means of a browser setting, which generally disables the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the “” domain. Google’s privacy policy for conversion tracking can be found here.

Social Media Plug-ins

We use our website on the basis of Article 6(0). 1 p. 1 letter f GDPR social plug-ins of the social networks Facebook, Linkedin, Twitter, Vimeo, Xing and Youtube as well as Google Maps to make our company better known about this. The underlying commercial purpose is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for the data protection-compliant operation is to be guaranteed by their respective providers. The integration of these plug-ins by us takes place by means of the so-called two-click method in order to protect visitors to our website in the best possible way.


On our website, social media plugins from Facebook are used to make their use more personal. For this we use the “LIKE” or “SHARE” button. It is an offer from Facebook.

When you visit a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated by it into the website.

By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there.

If you are logged in to Facebook, Facebook can assign the visit to our website directly to your Facebook account. If you interact with the plugins, for example by pressing the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also posted to Facebook and displayed to your Facebook friends.

Facebook may use this information for the purpose of advertising, market research and the needs of the Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services related to the use of Facebook.

If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options for the protection of your privacy can be found in Facebook’s privacy policy.


We use components of the LinkedIn network on our website. LinkedIn is a service of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time you access our website that is equipped with such a component, this component causes the browser you are using to download a corresponding representation of the LinkedIn component.

This process informs LinkedIn which specific page of our website is currently being visited. If you click on the LinkedIn “Recommend” button while you are logged into your LinkedIn account, you can link the contents of our pages to your LinkedIn profile. As a result, LinkedIn is able to associate the visit to our pages with your LinkedIn user account.

We have no influence on the data that LinkedIn collects as a matter of this, nor on the extent of this data collected by LinkedIn. We are also unaware of the content of the data transmitted to LinkedIn. Details of LinkedIn’s data collection, rights and settings can be found in LinkedIn’s privacy policy.


Plugins of the short message network of Twitter Inc. are on our website. (Twitter). You can recognize the Twitter plugins (tweet button) by the Twitter logo on our site. An overview of tweet buttons can be found here.

When you visit a page of our website that contains such a plugin, a direct connection is established between your browser and the Twitter server. Twitter receives the information that you have visited our site with your IP address. If you click on the Twitter “tweet” button while you are logged into your Twitter account, you can link the contents of our pages to your Twitter profile. This allows Twitter to assign the visit to our pages to your user account. We would like to point out that we, as the provider of the pages, do not receive any knowledge of the content of the transmitted data as well as their use by Twitter.

If you do not want Twitter to be able to associate the visit to our pages, please log out of your Twitter account.

For more information, see Twitter’s Privacy Policy.


We use components from the supplier Vimeo on our website. Vimeo is a service of Vimeo LCC, 555 West 18th Street, New York, New York 10011, USA. Every time you access our website that is equipped with such a component, this component causes the browser you are using to download a corresponding representation of the Vimeo component. When you visit our site and are logged in to Vimeo, Vimeo recognizes which specific page you are visiting through the information collected by the component and assigns this information to your personal account at Vimeo. For example, if you click on the “Play” button or make comments, this information will be transmitted to your personal user account at Vimeo and stored there. In addition, the information that you have visited our site will be passed on to Vimeo. This happens regardless of whether you click/comment on the component, for example, or not.

If you wish to prevent vimeo from transmitting and storing your data about you and your behaviour on our website, you must log out of Vimeo before visiting our website. Vimeo’s privacy policy provides more detailed information on this, in particular on the collection and use of the data by Vimeo.


We use components of the network on our website. These components are a service of XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.

Every time you access our website that is equipped with such a component, this component causes the browser you are using to download a corresponding representation of the component of XING.

To our knowledge, XING does not store any personal data of the user via the access to our website. XING also does not store IP addresses. In addition, there is no evaluation of the usage behaviour via the use of cookies in connection with the “XING Share button”. Further information can be found in the privacy policy for the XING Share button.


On our website we use components (videos) of youTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA.

We use the option provided by YouTube – extended privacy mode. According to YouTube, in ” extended data protection mode” only data is transmitted to the YouTube server, in particular which of our websites you have visited when you watch the video. If you are logged in to YouTube at the same time, this information will be associated with your YouTube account. You can prevent this by logging out of your account before visiting our website.

When you visit a page that has an embedded video, you connect to the YouTube servers and display the content on the website by notifying your browser.

Further information on YouTube’s privacy is provided by Google at this link.

Google Maps

We use the component “Google Maps” of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter “Google”, on our website.

Every time the “Google Maps” component is accessed, Google sets a cookie to process user settings and data when viewing the page on which the Google Maps component is integrated. This cookie is usually not deleted by closing the browser, but expires after a certain time, unless it is deleted manually by you beforehand.

If you do not agree with this processing of your data, it is possible to deactivate the service of “Google Maps” and in this way prevent the transfer of data to Google. To do this, you need to disable the Java script function in your browser. However, we would like to point out that in this case you will not be able to use the “Google Maps” or only to a limited extent.

The use of “Google Maps” and the information obtained via “Google Maps” is carried out in accordance with the Google Terms of Use and the additional terms and conditions for “Google Maps“.

Publication of job advertisements / online job applications

Your application data will be collected and processed electronically by us for the purpose of processing the application process. If your application is followed by the conclusion of an employment contract, your transmitted data may be stored in your personnel file for the purpose of the usual organisational and administrative process in compliance with the relevant legal regulations.

The deletion of the data you have submitted will automatically take place two months after notification of the rejection if your job application is rejected. This does not apply if a longer storage is necessary due to legal requirements (e.g. the obligation to provide evidence under the General Equal Treatment Act) or if you have expressly consented to a longer storage in our database of interested parties.

Affected rights

You have the right to:

  • in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you may request information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right to rectification, deletion, restriction of processing or opposition, the existence of a right of appeal, the origin of their data, if not collected from us, and the existence of automated decision-making, including profiling and, where applicable, meaningful information on its details;
  • require the correction of inaccurate or complete your personal data stored by us without delay in accordance with Art. 16 GDPR;
  • require the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless processing is necessary for the exercise of the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
  • in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you require it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Article 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
  • in accordance with Art. 3 GDPR to revoke your consent to us at any time. As a result, we may no longer continue the processing of data based on this consent for the future and
  • to a regulatory authority in accordance with Article 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office.

Legal basis of processing

We process personal data on the basis of one of the following legal reasons:

  • Get permission
  • based on a contract agreement or agreement prior to the conclusion of the contract
  • legal obligation
  • In connection with a legitimate interest.

A controller may only process personal data if this can be based on one of the restrictive legal reasons set out in the General Data Protection Regulation (GDPR). The four legal bases on which Serotonin and Beyond rely are:

Get permission:

If we have asked for your permission to process your personal data and you have granted this permission, you also have the right to revoke this consent.

Contract agreement or agreement before conclusion of the contract:

If you order us to provide innovation or financial advice services, we will process personal data if and to the extent necessary to carry out the order.

Legal obligation:

We will only provide personal information to the superiors of investigative authorities if this is required by law. In such cases, we will take reasonable steps to ensure that your personal information is protected as much as possible.

Eligible interest:

We may also process personal data if we have a legitimate interest in it and therefore do not disproportionately violate your privacy. For example, we use your contact information to invite you to seminars and events.


We may use service providers (processors) to process your personal data, which only process personal data in our order. We enter into a processing agreement with these processors that meets the requirements of the General Data Protection Regulation (GDPR).

For example, we work with service providers who offer Software as a Service (SaaS) solutions or hosting services. There are also ICT service providers that help us keep our systems safe and stable. We also use third-party services to send newsletters and commercial emails. These are examples of parties that can be referred to as processors under the General Data Protection Regulation (GDPR).

Right to object

If your personal data is based on legitimate interests in accordance with Article 6 sec. 1 p. 1 letter f GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, insofar as there are reasons for doing so, which arise from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right of objection, which we implement without specifying a specific situation.

If you wish to exercise your right of withdrawal or objection, please send an e-mail to Serotonin and Beyond