OCTOPUS HEALTHBack home

Privacy Policy

Last updated: April 2026

1. Who We Are

Octopus Health B.V. (“Octopus Health”, “we”, “us”) is a specialty pharmaceutical company registered in The Netherlands. This privacy policy explains how we collect, use, and protect your personal data when you visit our website (octopushealth.eu) or interact with us.

  • Data Controller: Octopus Health B.V.
  • Contact: info@octopushealth.eu
  • Location: Soesterberg, The Netherlands

2. What Data We Collect

When you use our website, we may collect:

  • Contact form data: Name, organisation, email address, and any information you voluntarily provide in the message field.
  • Technical data: IP address, browser type, device information, pages visited, and timestamps. Collected via privacy-friendly analytics (no advertising trackers).
  • Cookies: We use only essential cookies required for website functionality. We do not use advertising or tracking cookies.

3. How We Use Your Data

We use your data solely to:

  • Respond to enquiries submitted through the contact form
  • Improve website functionality and user experience
  • Comply with legal obligations

We do NOT:

  • Sell your data to third parties
  • Use your data for advertising
  • Share your data with marketing platforms

4. Legal Basis (GDPR Article 6)

  • Consent: When you submit the contact form, you consent to us processing your data for the purpose of responding to your enquiry.
  • Legitimate interest: Technical data is processed for website security and performance optimisation.

5. Data Retention

  • Contact form submissions: retained for 24 months, then deleted.
  • Technical/analytics data: retained for 12 months, then anonymised.

6. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data
  • Object to processing
  • Data portability
  • Withdraw consent at any time

To exercise any of these rights, contact us at info@octopushealth.eu.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.

8. Third-Party Services

  • Hosting: Vercel Inc. (data processing agreement in place)
  • Analytics: none currently — to be updated when implemented
  • Form processing: direct mailto, no third-party processor

9. International Transfers

Your data is processed within the EU/EEA. If any processing occurs outside the EEA (e.g., hosting infrastructure), appropriate safeguards under GDPR Chapter V are in place.

10. Changes to This Policy

We may update this policy periodically. The “last updated” date at the top reflects the most recent revision.

11. Contact

For any privacy-related questions: