This policy (and any documents referred to in it) sets out the basis on which we process data about individuals including visitors to our website (“Website Visitors”) and anyone who is a client (“Clients”).
We gather data about Website Visitors from our website in two main ways: (1) the data that you give to us via email; and (2) the data we collect about you using cookies and similar technologies (see below).
Please see the attached appendix for details of the categories of information that we may collect and process about you.
Nova Founders Capital does not collect any “Special Categories of data” that could reveal information such as racial or ethnic origin, sexual orientation, political opinions physical or mental health, religious or philosophical beliefs, trade union membership or genetic or biometric data).
We may disclose your personal data, in various ways and for various reasons, with the following categories of people:
• tax, audit or other authorities, when we believe that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);
• we may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and/or its subsidiaries and also to our investors/potential investors;
• a third party who acquires us or substantially all of our assets;
• third party service providers who perform functions on our behalf (including professional advisors such as lawyers, auditors, accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems); and
• our cloud based storage providers (for example, Dropbox.com, Google Drive, Gmail, Bamboo HR) for storage purposes.
Nova Founders Capital needs to transfer your information globally. We limit such transfers to a minimum, and when necessary, we want to make sure your information is stored and transferred in a way which is secure. We will therefore only transfer data outside for the European Economic Area (“EEA”) (i.e. the member states of the European Union, together with Norway, Ireland and Liechtenstein) where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
• By way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws;
• By signing up to the EU-US Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the USA or any equivalent agreement in respect of other jurisdictions; or
• Transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation; or
• Where it is necessary for the conclusion or performance of a contract between you and us or the implementation of pre-contractual measures taken at your request; or
• Where you have consented to the proposed transfer, after having been informed of the possible risks of such transfers.
We only retain personal data for as long as is necessary for the purposes set out in this policy. We will retain your personal data for as long as we provide services to you/engage with you and may keep that data for a further 1 year if necessary for legitimate business purposes.
Please note that in certain circumstances, we may hold your data for a longer period if we believe in good faith that the law or relevant regulators require us to preserve your data.
We will use technical and organisational measures to safeguard your information, for example we rely on the following security measures:
- Professional technology service suppliers, such as Google and Hire to keep data protected by state-of-the-art cyber security
- Anti-virus and firewall protection
- Frequent change of user passwords
Privacy screens whenever we work in public space
We have outlined below the individual cookies we use and why we use them:
Our app and website may contain links to and from the online properties of third parties. If you follow a link to any of these online properties, please note that these online properties have their own privacy policies and that we cannot and do not accept any responsibility or liability for these policies or for any personal data that may be collected through these online properties. Please check these policies carefully before you click on any links and/or submit any personal data to these online properties.
You have the following rights in relation to your information:
13.1. Right to request a copy of your information. You can request a copy of your information which we hold (this is known as a subject access request).
13.2. Right to correct any mistakes in your information. You can require us to correct any mistakes in your information which we hold.
13.3. Right to request we stop processing your information. In certain circumstances, you may request that we cease processing your information.
13.4. Right to request deletion of your information. You can ask us to erase your information (also known as the “right to be forgotten”) in certain circumstances.
13.5. Right of data portability. You have the right to transfer your personal data between data controllers in certain circumstances.
If you would like to request any of the above, please contact us at [email protected] to make any such requests. We will comply with the Data Protection Legislation in responding to any such requests.
If you have any complaints about the way in which we collect, store and use your information, you can contact the supervisory authority in the United Kingdom, the Information Commissioner’s Office: https://ico.org.uk/concerns