Privacy Policy

 

C5A GDPR Privacy Policy May 2018

C5 Accelerate Limited (“C5”, “we”, “us” or “our”) is incorporated in the UK and its registered office is at 4th Floor, Savile Row House, 7 Vigo Street, W1S 3HF.

Under the General Data Protection Regulation (GDPR) – Regulation (EU) 2016/679, we have a legal obligation to protect any personal data we hold on you.

At C5 we are committed to protecting and safeguarding your personal data. In accordance with GDPR and our commitment to protect your personal data in a lawful, fair and transparent manner this Privacy Policy (the “Main GDPR Policy”) describes how we collect, use and share your personal data, and how, in doing so, we comply with our legal obligations to you.

For the purpose of the GDPR, the data controller of your personal data is C5. We are responsible for, and control the processing of, your personal data.

We reserve the right to amend the Main GDPR Policy at any time. If the policy has been amended, we will provide you with an updated version.

Please take the time to read and understand the Main GDPR Policy (dated 24 May 2018).

If you have any questions or comments about the Policy, please contact Robert Quirke at Robert.quirke@c5capital.com.

Who is captured by the Main GDPR Policy

– Existing and potential investors and co-investors;
– Founders and employees of portfolio companies and potential investee companies;
– Mentors and subject matter experts;
– Prospective employees and contractors;
– Our strategic partners;
– Our directors; and
– Existing suppliers and service providers.

Key Definitions

– Personal Data: means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

– Processing: means any operation or set of operations which is performed on personal data or on sets of
personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

GDPR Principles

When processing your personal data, we will comply with GDPR’s seven principles:

– lawfulness, fairness and transparency;
– the purpose limitation;
– data minimisation;
– accuracy of the data;
– storage limitation;
– integrity and confidentiality; and
– accountability.

Type of personal data
We may process a range of your personal data in order to effectively manage our relationship with you. For most members of our community, the personal data we process may include but is not limited to:

– Your name (including title);
– Contact details such as telephone number, email and home address;
– Social media handles and preferences;
– Your date of birth;
– Your gender;
– Details of our interactions with you;
– The information about your investment strategies and objectives;
– Your knowledge of and experience in investment matters;
– Your professional information such as your job title and company you work for;
– Your academic and employment information;
– Details of the services you provide.

In the case of strategic partners, founders, and suppliers we may hold additional data such as:

– Financial information and bank account details;
– Your tax domicile information and other tax related documents;
– Your nationality;
– Copy of your identification document;
– Photograph;
– KYC documents;
– Subscription document;
– Family details such as your spouse, partner or children;
– Any personal data required as part of an application you make.

In some instances (where permitted by law), we may process special categories of personal data, such as political opinions, religious or philosophical beliefs, trade union membership, racial or ethnic origin, health information, and, to the extent legally possible, information relating to criminal convictions or offences.

Where your personal data comes from
We will require you to provide most of your personal data, but we may also obtain personal data from third parties in relation to you.

Where appropriate and permitted by law, we may seek more information about you from other sources generally in relation to due diligence. We work closely with third parties such as credit reference agencies, criminal and civil records check agencies and marketing services providers. Occasionally, we receive data from these third parties and others such as referees. We may combine the information you provide and the information we collect about you.

If any information you provide to us relates to someone else, by providing us with such information you confirm that you have obtained the necessary permissions from the relevant person.

If you do not provide certain information when requested, we may not be able to manage our relationship with you effectively, enter a contract with you or fulfil our legal obligations.

How we use your personal data
We will always process your personal data for a specific purpose and only process the personal data which is relevant to achieve that purpose. Your personal data will only be processed to the extent that it is necessary for the specific purpose or purposes.

Our purpose for processing your personal data may include but is not limited to:

– engaging in marketing and business development activity in relation to our existing and future investment opportunities. This may include sending you newsletters, presentations, performance reports and other marketing material;
– carrying out any contractual obligations arising from any contract entered into between you and C5;
– assessing your suitability to acquire our products or services;
– processing investor onboarding;
– reviewing any complaints and grievances you may have;
– processing recruitment;
– performing any pre-employment checks (so far as permitted by law);
– providing investment updates;
– arranging payments owed;
– ensuring network and information security, including prevention of unauthorised access to our computer and electronic communications systems and preventing malicious software distribution and to ensure compliance with our IT policies;
– ensuring your safety in the event of your visit to our premises;
– monitoring our communications with you to ensure we comply with any relevant regulatory and legal requirements such as financial promotions;
– establishing, exercising or defending our legal rights or for the process of legal proceedings;
– complying with our legal and regulatory obligations such as to carry out identity and anti-money laundering checks;
– complying with any tax reporting requirements;
– preventing fraud; and
– notifying you of any changes to our services.

Automated decision – making
Automated decision-making takes place when an electronic system uses personal data to make a decision without human intervention.

We do not envisage using automated decision-making in relation to you.

Our legal basis for processing your data
Depending on the purpose of the processing activity, the legal basis for processing your personal data will be one of the following:

– necessary for compliance with our legal obligations;
– necessary to ensure the performance of a contract between you and C5 (or in order to take steps at your request prior to entering into a contract);
– necessary for our or a third party’s legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms. Our legitimate interest includes but is not limited to operating the administrative, and technical aspects of our business efficiently and effectively;
– you have provided explicit consent for processing. This legal basis will apply in limited circumstances and we will obtain your consent prior to processing;
– necessary for the performance of a task in the public interest such as preventing a crime;
– necessary to protect your vital interests such as if you needed urgent life-saving medical treatment.

Sharing your personal data
We may share your personal data between and within C5 group companies. Where we share your personal data, we require all entities receiving the data to respect the security of your data and to treat your data in accordance with data protection law.

We may share your personal data with the following recipients or categories of recipients:

– Third party service providers such as credit reference and background check agencies, IT and communications services providers, banks, fund administrators, auditors and legal counsel. We take steps to ensure that the third-party service providers we work with meet data security standards, so that your personal data remains secure;
– Official entities such as financial regulators and governmental institutions;
– Law enforcement agencies in connection with any investigation to help prevent an unlawful activity;
– Any relevant tax authority;
– Reference contacts; and
– Depending on your instructions, your beneficiaries, account nominees, intermediaries, payment recipients and any corresponding agent bank.

Please note the above list is a summary of third parties we may share your personal data with, it is not an exhaustive list.

Transfer of your data outside the European Economic Area
Your personal data may be transferred to and stored by persons outside the European Economic Area (the “EEA”), and in particular may be transferred to and stored by our affiliates or service providers outside the EEA.

Where personal data is transferred outside the EEA, we will ensure that the transfer is subject to appropriate safeguards or is otherwise permitted under applicable law. For example, the country to which the personal data is transferred may be approved by the European Commission, the recipient may have agreed to model contractual clauses approved by the European Commission that oblige them to protect the personal data, or the recipient may be located in the United States and be a certified member of the EU-US Privacy Shield scheme.

You can obtain more details of the protection given to your personal data when it is transferred outside the EEA, including a copy of any standard data protection clauses entered into with recipients of your personal data, by contacting Robert Quirke at Robert.quirke@c5capital.com.

Data retention
We will only store your data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal or regulatory requirements.

We may consider the following when determining the appropriate data retention period:

– The period required to fulfil our purpose for processing; and
– Any legal obligations we have in relation to your personal data such as law or regulation requiring us to hold the data for a set period.

Data Security
We have in place appropriate technical and organisational measures to prevent unlawful or unauthorised access to your personal data and against the accidental loss of or damage to your personal data.

Data Accuracy
We are committed to keeping your data accurate and up to date. Please notify us if your personal details change or if you become aware of any inaccuracies in the personal data we hold for you.

Your Rights
You have a number of legal rights in relation to the personal data that C5 holds about you. These rights include the following:

– The right to obtain information regarding the processing of your personal data and access to the personal data that C5 holds about you.
– In some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and the right to request that C5 transmits that data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us.
– The right to request that C5 rectifies your personal data if it is inaccurate or incomplete.
– The right to request that C5 erases your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but C5 is legally entitled to retain it.
– The right to object to, and the right to request that C5 restricts its processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask C5 to restrict, its processing of your personal data but C5 is legally entitled to continue processing your personal data or to refuse that request.
– The right to withdraw consent at any time where we rely on your consent as the legal basis for processing. Your request to withdraw consent will not impact the lawfulness of processing based on consent before its withdrawal.
– The right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by C5.

You can exercise your rights by contacting Robert Quirke at Robert.quirke@c5capital.com. You can find out more information about your rights by contacting an EU data regulator such as the UK Information Commissioners’ Office (www.ico.org.uk).