Skip to main content

Quality & Information Security Policy

Last updated: April 2026

Introduction

TGC Capital Partners, a business of Gateway Group of Companies, is committed to maintaining the highest standards of quality in our services and the security of all information entrusted to us. This policy outlines our approach to quality management and information security across all operations, reflecting our responsibility to founders, investors, portfolio companies, and partners worldwide.

Part A: Quality Policy

Our Commitment to Quality

TGC Capital Partners is dedicated to consistently delivering exceptional operator-led growth equity services. We combine financial discipline with embedded execution capability to help B2B SaaS founders scale with minimum dilution. Our commitment to quality is integral to every aspect of our operations — from initial engagement through long-term portfolio support.

Vision

To deliver exceptional, measurable value to founders and portfolio companies through disciplined execution, technology acceleration, strategic mentorship, and operational excellence across 16 countries.

Core Quality Principles

  • Client-Centric Approach: Founders and portfolio companies are at the centre of every decision. We listen, understand, and tailor our support to each company's unique needs and growth stage.
  • Operational Excellence: We embed enterprise-grade engineering, go-to-market, and governance teams directly into portfolio companies, maintaining rigorous standards at every level of execution.
  • Continuous Improvement: We regularly review and refine our processes, methodologies, and service delivery models to ensure they meet evolving market demands and best practices.
  • Transparency and Integrity: We operate with full transparency in our dealings with founders, investors, and partners. Integrity is the foundation of every relationship we build.
  • Regulatory Compliance: We comply with all applicable laws, regulations, and industry standards across the jurisdictions in which we operate, including GDPR, financial regulations, and corporate governance requirements.
  • Environmental Responsibility: We maintain digital-first operations, minimising physical resource consumption and promoting sustainable business practices across our portfolio.
  • Data-Driven Decision Making: We leverage data, analytics, and evidence-based methodologies to inform investment decisions, operational strategies, and performance measurement.
  • Knowledge Sharing: We foster a culture of learning and knowledge exchange across our global team, ensuring that best practices and operational insights benefit all portfolio companies.

Part B: Information Security Policy

Information Security Commitment

TGC Capital Partners is committed to protecting the confidentiality, integrity, and availability of all information assets under our control. This includes personal data of founders, investors, employees, and partners, as well as proprietary business information of our portfolio companies. We recognise that robust information security is essential to maintaining trust and delivering our services effectively.

Scope

This policy applies to all employees, contractors, consultants, partners, and third-party service providers who access, process, store, or transmit information on behalf of TGC Capital Partners and its portfolio companies. It covers all information assets regardless of format — electronic, physical, or verbal.

Key Objectives

  • Risk Identification and Assessment: Systematically identify, evaluate, and manage information security risks across all critical information systems and business processes.
  • Information Security Management System (ISMS): Implement and maintain a comprehensive ISMS aligned with ISO/IEC 27001 principles, ensuring structured and consistent security management.
  • Business Continuity and Disaster Recovery: Establish and maintain plans to safeguard business continuity, ensure rapid recovery from disruptions, and minimise the impact of security incidents on operations.
  • Confidentiality Protection: Protect the confidentiality of all founder, investor, portfolio company, and employee data through appropriate access controls, encryption, and data handling procedures.
  • GDPR and Regulatory Compliance: Ensure full compliance with the General Data Protection Regulation (EU 2016/679), the Dutch Implementation Act (UAVG), and all applicable data protection laws across the jurisdictions in which we operate.
  • Security Awareness and Training: Provide regular security awareness training to all personnel, ensuring they understand their responsibilities in protecting information assets and recognising security threats.
  • Security Audits and Assessments: Conduct periodic internal and external security audits, vulnerability assessments, and penetration tests to identify and remediate security weaknesses.
  • Third-Party Security: Evaluate and monitor the security practices of all third-party service providers to ensure they meet our information security standards and contractual obligations.

Data Protection Measures

All personal and business data processed by TGC Capital Partners is handled in strict accordance with GDPR and applicable data protection regulations. Our data protection measures include:

  • Encryption of data in transit (TLS 1.2+) and at rest
  • Access controls based on the principle of least privilege
  • Multi-factor authentication for all critical systems
  • Regular access reviews and privilege audits
  • Data classification and handling procedures
  • Secure data disposal and retention management
  • Privacy by design and by default in all new systems and processes

Incident Response

TGC Capital Partners maintains established procedures for identifying, reporting, containing, and responding to information security incidents. Our incident response framework includes:

  • Clear escalation paths and communication protocols
  • Designated incident response team with defined roles and responsibilities
  • Data breach notification to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours as required by GDPR Article 33
  • Notification to affected individuals without undue delay where required by GDPR Article 34
  • Post-incident review and lessons learned to prevent recurrence
  • Documentation and record-keeping of all security incidents

Continuous Improvement

We are committed to the continuous improvement of our information security posture through:

  • Regular review and updating of security policies and procedures
  • Management commitment to allocating appropriate resources for information security
  • Monitoring of emerging threats, vulnerabilities, and industry best practices
  • Integration of security considerations into all business decisions and projects
  • Annual policy review by senior management

Contact

For questions or concerns regarding our Quality or Information Security policies, or to report a security concern, please contact us:

TGC Capital Partners
Maria Montessorilaan 3, 2719 DB Zoetermeer, Netherlands
Email: hello@tgccapitalpartners.com