BY ACCESSING, USING OR REGISTERING IN THE SITE WWW. VOLPECAPITAL.COM (“Platform”), OPERATED AND MADE AVAILABLE BY VOLPE CONSULTORIA ECONÔMICA LTDA., WITH HEADQUARTERS IN AVENIDA HORACIO LAFER 160, CONJUNTO 51, ITAIM BIBI, SÃO PAULO/SP, BRAZIL, ZIP: 04538-080, REGISTERED IN BRAZIL UNDER THE GENERAL TAXPAYER’S REGISTRY (CNPJ/MF) NO. 39.879.038/0001-11 (“Company”), YOU DECLARE TO BE AWARE OF AND FULLY UNDERSTAND THE TERMS OF THIS PRIVACY NOTICE (“Privacy Notice”).
For the purposes of this Privacy Notice, “Data Subject” is any natural person who accesses the Platform and/or relates directly or indirectly to the Company. The Company is the “Controller”, being responsible for decisions regarding the processing of personal data executed directly and/or indirectly by the Company.
Among other individuals who may relate to the Company, the following persons are considered Data Subjects: users, prospects and consumers.
1. PLATFORM AND SERVICES
The Company provides consulting services to Volpe Capital Investment Management Limited, the management company of Volpe Capital Fund, L.P and other Volpe affiliates, which invest in high-growth technology and technology-enabled companies in Latin America.
2. DATA PROTECTION OFFICER
The Company appoints the person qualified below for the position of “Data Protection Officer” or “DPO”, who shall then be responsible for assisting and guiding Data Subjects in all matters relating to this Privacy Notice or the processing of personal data carried out by the Company, as well as act as a communication channel between the Data Subjects, the Company and the local Data Protection Authority.
Name: Milena Oliveira
3. DATA PROCESSING
In order to access and use the Platform and/or relate to the Company the Data Subject will need to provide certain information to the Company, which are essential for the operation of the Platform and/or for the activities of the Company ((including due to legal or regulatory obligations)). Among other data or information, the following personal data of the Data Subjects shall be collected and processed:
If the Data Subject accesses the “Get in Touch” section of the Platform:
(iv) Investment round;
(v) Country and City;
If the Data Subject is a representative or proxy of a client, supplier, provider and/or partner of the Company (including funds, distributors, etc.)
(iii) CPF/RG/Passport (ID);
(v) Phone Number.
Obs. The Company may, due to legal or regulatory obligation or internal procedure (including security and compliance), collect other personal data, as well as documents containing personal data, of these representatives and attorneys.
If the Data Subject is the Company’s supplier or service provider:
(iv) Phone Number;
(v) RG/CPF/Passport (ID);
(vii) Bank Data;
If the Data Subject is a candidate for professional vacancies in the Company
(iii) Date of birth;
(iv) Curriculum (with information selected exclusively by the Data Subject).
By accessing or using the Platform, you, the Data Subject, are aware – as a natural person and, when applicable, also as a representative of a child – of the processing of the aforementioned data, as well as declare that by providing data of third parties, personal or not, on the Platform (directly or through the insertion of documents containing such data) and/or to the Company, such provision is in accordance with the applicable law and does not violate the rights of third parties, being responsible for any and all claims or losses arising from the processing of personal data entered by you in the Platform (directly or by inserting documents containing such data) and/or provided by you, by any means, to the Company.
4. PURPOSES AND USE OF YOUR DATA
This Privacy Notice lists below the main situations in which – and the purposes for which – the data of the Data Subjects, as well as the data of third parties in any way collected by the Company, are used:
Services: The Company will use personal data for: (a) the drafting of agreements; (b) investment advice, analysis and recommendations; (c) making payments; (d) events and conferences; (e) perform due diligences; (f) registration in third-party systems, such as fund managers, banks, brokers, settlement cameras, etc.; and (g) analysis of résumés and candidate profiles to carry out selection processes.
Use of the Platform: The Company will use personal data to: (a) facilitate the identification of the Data Subject on the Platform; (b) provide the necessary interactivity on the Platform, and; (c) operate and improve the Platform.
Communication: The Company will use the personal data of the Data Subjects to contact the Data Subjects, as well as to send notices and/or reminders. The Company may send Data Subjects communications about the availability of the Platform, Company’s services, the security of the Platform or other issues in any way related to the Platform and/or the Company, such as messages on how to use the Platform or information about any updates available.
Advertising: The Company may use personal data to: (a) send marketing e-mails relating to the Platform and/or Volpe entities’ investments and activities, including interviews and papers published by our employees and/or partners; (b) display and/or send advertisements that are compatible with the Data Subject’s profile, and such advertisements may refer to the Platform, the Company and/or third parties. If the Data Subject is no longer interested in receiving advertisements, the Data Subject must contact the DPO stating that they no longer wish to receive advertising communications.
Activities of the Data Subject’s on the Platform: The Company records the data of access and use of the Platform when the Data Subjects in any way access or use the Platform. The Platform uses the access information, cookies, device information and IP (Internet Protocol) addresses to identify the Data Subject or record the use they make of – or their activity on the – Platform.
Controller’s Database: The Company securely stores the personal data indicated in chapter 3 of this Privacy Notice, so that it can carry out its activities.
Storage and backup: The Company backs up information relating to the Platform and the Company, which may include personal data.
5. COOKIES AND SIMILAR TECHNOLOGIES
Cookies bring several benefits, since they allow the identification of previous Data Subjects when they return to the Platform, enabling the targeting of personalized content and/or similar services and products. Cookies also save time by making it unnecessary to enter the same information multiple times.
6. DURATION OF DATA PROCESSING
Personal data will be processed by the Company for as long as the purposes provided in this Privacy Notice remain applicable and/or there is a need to maintain them, for instance to comply with the legal time limits of storage, or to comply with other applicable legal or regulatory obligations.
Once the purpose or legal need is exhausted, the data will be deleted through safe disposal methods, or anonymization for purely statistical purposes.
7. RESPONSIBILITIES AND STATEMENTS OF THE DATA SUBJECT
The Data Subject declares and acknowledges that the data, including personal data, made available on the Platform and/or to the Company (directly or by inserting or making available documents containing such data), is complete, true and up to date, as well as it does not violate any third party rights or applicable law.
If the aforementioned statement is not fully correct and/or the obligations assumed herein are not adequately fulfilled, the Data Subject is exclusively and fully liable for any damages caused to the Company or any third parties.
The Data Subject is responsible for the activities they execute on the Platform or for the information, including personal data, that they insert into the Platform (directly or by inserting documents containing such data) and/or make available to the Company.
In the event that the Company is demanded, at any time, for facts or acts of which the responsibility is attributed to the Data Subject, in accordance with the terms of this Privacy Notice, the Data Subject and, if applicable, the child they represent, shall be jointly responsible and shall: (a) voluntarily intervene in the demand, requesting the immediate exclusion of the Company from the claim, (b) assume full and exclusive responsibility for the payment and/or the measures claimed, and (c) reimburse, in full, the Company for the costs and expenses incurred as a result of the demand. If such exclusion is not executed, the Data Subject, the child that the Data Subject represents, shall be responsible for the payment and full compliance with the decision or, if applicable, shall immediately reimburse the Company.
8. DATA SHARING
The present Privacy Notice indicates below the situations in which the personal data of the Data Subject, as well as the personal data of third parties that in any way are inserted in the Platform by the Data Subject, will be shared by the Company:
Group companies: The Company may share information, including personal data of the Data Subject and third parties, with affiliates and companies of the same group whenever such sharing is important for the operation of the Platform or the activities of any of the group companies, for the performance of legal or regulatory obligations and/or are in the interest to the Data Subject.
Corporate operations: As a result of any corporate restructuring transactions, mergers, acquisitions, incorporations and the like, the Company may share or even transfer information, including personal data of the Data Subject and third parties, to individuals or legal entities that in any way are involved in the transaction.
Partners and service providers: The Company may share information, including personal data of the Data Subject and third parties, with companies, organizations or individuals providing services on behalf of the Company to, for example, accounting, legal and finance services or any other service that is needed for the performance of the activities of the Company or any of its affiliates, implement security measures, provide software availability and/or repositories necessary for the activities of the Company etc. These companies shall receive permission to obtain only the necessary information to adequately render their services and may be obligated to maintain confidentiality of the information.
Prevention of fraud and security: The Company may disclose or share information, including personal data of the Data Subjects and third parties, if they believe, in good faith, that the access, use, retention or disclosure of the information is reasonably necessary to (a) detect or prevent fraud, as well as resolve technical or security issues, and (b) ensure the security of the Platform, the Company, the Data Subjects and third parties. In these cases, data and information may be shared with third parties responsible for the investigation, including judicial organizations, authorities and information technology or information security companies.
Legal demands and investigations: The Company may disclose or share information, including personal data of the Data Subjects and third parties, with authorities and/or public agencies, regulatory agencies, legal authorities (e.g. regional police stations), regional authorities, consumer protection agencies, government and judicial organizations and/or lawyers in the following cases: (a) to comply with a judicial decision or governmental request; (b) to safeguard rights and prevent the Company’s responsibilities; (c) to investigate, prevent or take action related to suspicious or actual illegal activities, or to cooperate with public agencies, and (d) investigate possible violations of the Company and/or third parties’ rights.
Compliance with legal or regulatory obligations: The Company may disclose or share information, including personal data of Data Subjects and third parties, to comply with legal or regulatory obligations or any other determination, before government and judicial agencies, including, but not limited to, federal authorities, regulatory agencies and/or legal authorities, consumer protection agencies, judicial agencies and others.
9. PROCESSING AGENTS
Any and all companies, public or private entities, authorities, organizations, agencies and/or persons who have access to the personal data of the Data Subjects and/or third parties, according to the situations provided for in the chapter “Data Sharing”, shall assume the position of processing agent and might be obligated, due to the applicable law and/or the contracts executed with the Company, to adopt the best practices of security and governance with regard to the protection and processing of personal data that they had access to.
10. INFORMATION SECURITY
Information security is very important to the Company. The Company follows industry safety standards to help protect the information entered in the Platform or in any way obtained by the Company. However, there is no fully secure electronic storage method. IN THIS SENSE, ALTHOUGH WE STRIVE TO PROTECT THE INFORMATION PROCESSED BY THE COMPANY, WHICH INCLUDES PERSONAL DATA, WE ARE UNABLE GUARANTEE ABSOLUTE SECURITY.
The Company shall store the personal data of the Data Subjects and third parties in a secure environment, undertaking to adopt reasonable administrative and technical precautionary measures to prevent losses, abuses, alterations or unauthorized access related to this data.
The Data Subject agrees not to hold the Company liable for losses, damages or other problems of any kind that may arise from the use of websites that contain links to the Platform or links that are available on the Platform, and is aware that such websites may not adopt appropriate practices with respect to the processing of personal data and privacy of the Data Subjects.
12. CONTROL OF YOUR DATA
The Company will provide means for the Data Subjects to access, correct, exclude or modify the data that were entered by them in the Platform and/or made available to the Company, to request the correction, exclusion or modification of the respective personal data. The Data Subjects’ options are listed below:
Confirmation of the existence of data processing: The Data Subjects may request confirmation regarding the existence of processing of their personal data.
Right to access your data: The Data Subjects may request a copy of the processed data, which will be made available in a readable and electronic format.
Data alteration or correction: The Data Subjects may request updates, alterations or corrections of their data in certain cases, especially if such data is incorrect or outdated.
Exclusion, blockage and/or anonymization of data: The Data Subjects may request the exclusion of their data from the Platform and the Company’s repositories without the need to provide any justification, as well as request the exclusion, blockage and/or anonymization of said personal data.
Portability: The Data Subjects may request the portability of their data to another service or product provider.
Information on data sharing: The Data Subjects may request information about public and/or private entities with which the Company has shared their personal data.
Information on consent: The Data Subjects may request information on the possibility of not providing consent in specific situations. In this case, the Company shall explain to the Data Subject the consequences of refusing to provide consent in such situations.
Revocation of consent: In cases where the Data Subjects have given consent to the Company for the processing of their personal data, the Data Subjects may, at any time, revoke such consent.
Channels to require your rights: To require the rights listed above, the Data Subject must direct their requests to the Data Protection Officer. In the referred request, they shall include: (a) the qualification of the Data Subject (full name and e-mail); (b) the specification of the measure object of the Data Subject’s request in relation to their personal data, and; (c) if applicable, specify the data that is the object of the request. Unless otherwise established by the applicable law, within 15 days the Data Protection Officer will respond to the request of the Data Subject: (a) communicating the fulfillment of the request; (b) presenting justification, when it is not possible to comply with the request, or (c) estimating a new deadline for fulfilling the request and the justification for such extension.
There are situations in which the Company will need to maintain or will not be able to alter the personal data and, for this reason, will not be able to fully fulfill your requests, even if the aforementioned provisions are observed (e.g. when the maintenance of personal data is necessary to comply with legal obligations or court orders).
The Data Subject shall immediately inform the Company, through the Data Protection Officer, when the Company’s cooperation is necessary to alter, update, supplement, correct or exclude personal data that has been made available by the Data Subject on the Platform and/or to the Company (e.g. personal data of third parties). The Data Subject shall provide all the relevant information so that the Company may take the necessary provisions within a reasonable time.
If Data Subjects believe that the Platform and/or the Company violates their rights and/or privacy, including with respect to the processing of personal data, they may communicate with the Company through the Data Protection Officer.
Nothing in this Privacy Notice is intended to exclude or limit any condition, warranty, right or liability that cannot be legally excluded or limited. Some jurisdictions do not allow the exclusion of certain warranties or conditions or the limitation or exclusion of civil liability. Consequently, only limitations that are permitted by law in your jurisdiction shall apply to you.
14. DATA TRANSFER ACROSS BORDERS
THE COMPANY PROCESSES DATA, INCLUDING PERSONAL DATA, IN THE CAYMAN ISLANDS, BRITSH VIRGIN ISLANDS AND IN OTHER COUNTRIES. IT IS POSSIBLE THAT SOME OF THE OTHER COUNTRIES IN QUESTION HAVE LESS PROTECTIVE LAWS REGARDING PRIVACY AND/OR PERSONAL DATA, OR DO NOT EVEN HAVE SPECIFIC REGULATION ON THE MATTER.
YOU ARE AWARE AND AGREE THAT YOUR PERSONAL DATA AND THE PERSONAL DATA OF THIRD PARTIES ENTERED IN THE PLATFORM OR MADE AVAILABLE TO THE COMPANY MAY TRANSIT BY – OR BE PROCESSED IN – OTHER COUNTRIES, AND, IN PARTICULAR, IN BRAZIL.
15. ALTERATION, VALIDITY AND FORCE OF THIS NOTICE
Any waiver or alteration of the provisions of this Privacy Notice will only take effect if submitted in writing and signed by the legal representatives of the Company. If any provision of this Privacy Notice is voided or deemed unenforceable, the other provisions, whenever possible, shall remain valid and in force.
The Company reserves the right to alter the Privacy Notice, as well as any policy or document, at any moment and in its sole discretion.
The alteration will come into force at the moment of their publication on the Platform. The use of the Platform or the maintenance of a relationship with the Company after such publication shall constitute acknowledgement of the most recent version of the Privacy Notice. In this sense, we advise that the Data Subject reread the Privacy Notice frequently.
If there is any divergence between the content of this Privacy Notice and the content of any other document(s) signed between the Data Subject and the Company, the content of the other document(s) signed by the Data Subject shall always prevail.
16. LEGISLATION, DISPUTES AND CONTROVERSIES
Any dispute related to this Privacy Notice shall be submitted to the Courts of São Paulo/SP, which shall prevail over any other, however privileged they may be or shall become, and will be judged exclusively in accordance with the laws of Brazil.
17. QUESTIONS AND CLARIFICATIONS
Questions, requests, complaints and comments about the Platform or the Privacy Notice shall be addressed to the Data Protection Officer.