In the context of our activities as an independent venture capital company, we collect, hold, use and/or otherwise process personal data. Based on applicable data protection and privacy law (such as the General Data Protection Regulation, “GDPR”), SET Management B.V. (the manager of the fund) qualifies as controller with respect to the personal data that we process in that context. SET Management B.V. will hereinafter also be referred to as: ‘we’ or ‘us’.
We understand that your privacy is important and that you care about how your personal data is used. We respect and value your privacy and will only collect and use personal data in the manner and for the purposes as described in this document and that is consistent with our obligations and your rights under the applicable legislation and regulations.
2 Information about us
SET Management B.V.
Registered in the Netherlands under company number 53866142
Address: Keizersgracht 756, 1017 EZ, Amsterdam, The Netherlands
Data Protection Officer (DPO): Leonie Mekel (firstname.lastname@example.org / +31 20 320 01 04)
3 What does this Privacy Notice cover and whose personal data do we process?
This Privacy Notice is intended to ensure compliance with European and Dutch privacy legislation and regulations, including but not limited to the GDPR and the Dutch GDPR Implementation Act (“UAVG”).
This Privacy Notice is relevant for investors and prospective investors in our funds or investment vehicles and individuals acting for, or on behalf of, or otherwise providing us with personal data with regard to (prospective) investors in our funds or investment vehicles (hereinafter also referred to as: ‘you’).
This Privacy Notice explains on what legal basis we may process your personal data and:
• what personal data we collect;
• for what purposes and how we may use/process such personal data;
• how we collect the personal data;
• how we store the personal data;
• for what period we store the personal data; and
• what your rights are under the applicable data protection and privacy legislation.
We encourage you to carefully read this Privacy Notice. From time to time, we may need to update this Privacy Notice. This may be necessary, for example, if the law changes or if we change our business in a way that affects the way we process personal data. The most recent version of this Privacy Notice will always be available on our website (http://www.setventures.com/privacy-notice/).
You may also ask us to send you a copy of the most recent version of this Privacy Notice. In the event that the Privacy Notice will materially and/or substantially change, we will actively inform you of this change and provide you with the new version of the Privacy Notice.
Note: Where you provide personal data to us, which personal data relate to another individual than yourself (for example of the legal representative of the company you are representing), please provide the concerned individual with (a copy of) this Privacy Notice before providing us with his/her personal data.
4 What personal data do we collect and how do we collect this personal data?
We collect personal data in various ways, which could include:
• Directly from you, for example when you provide us with your personal information by telephone, email or other correspondence; • Directly from you, for example when you engage in business with us, for example by subscribing to our fund or investment vehicle;
• From third parties, for example tax authorities, credit agencies, governmental and competent regulatory authorities;
• From the company you work for (in case the investor is a legal entity);
• Otherwise, for example, from public sources such as the trade register, public directories or your website.
We collect or process some or all of the following personal data:
• Name, date and place of birth;
• Contact details, including but not limited to addresses, telephone numbers and email addresses;
• Payment information/bank account details;
• Anti-money laundering identification (including passport or drivers’ license) and verification documentation and, if applicable, additional information for any individual regarded as a politically exposed person;
• Information regarding your interest and holding in our funds or other investment vehicles, including ownership percentage, capital investment, income and losses;
• Excerpts of registers (public or not, for example excerpts from the Chamber of Commerce).
It is a necessary condition to enter into an agreement with us to provide us with personal data which may include the items set forth above.
5 Legal bases for processing
The following legal bases shall apply with respect to the processing of these personal data
• The processing is necessary for the performance of a contract with you or to take steps prior to entering into a contract with us (for an investor who is the data subject), such as further detailed in paragraph 6 section (a);
• The processing is necessary for compliance with legal obligations to which we are subject, such as further detailed in paragraph 6 sections (b) and (c); and
• The processing is necessary for the purposes of the legitimate interests pursued by us, such as further detailed in paragraph 6 sections (d), (e), (f) and (g).
If we process your personal data based on your consent, we hereby inform you that you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
6 Purposes for processing
We process your personal data for the following purposes:
(a) to provide the investment services to you and/or to comply with contractual obligations;
(b) to process your personal data for the purposes of conducting credit checks;
(c) to comply with regulatory, fiscal, tax information reporting, anti-trust, anti-money laundering and terrorist financing and other legal and regulatory obligations;
(d) for the purposes of our internal administration;
(e) if necessary, for establishing, exercising and defending our legal rights;
(f) to monitor and record telephone and electronic communications for:
(i) investigation and fraud prevention purposes, crime detection, prevention, investigation and prosecution; and
(ii) exercising and defending our legal rights.
7 How long will we keep your personal data?
Personal data will be kept throughout the life cycle of a fund, however no longer than is necessary in light of the purposes for which we process them (we refer to the purposes as listed above in paragraph 6). Only where we are legally obliged to, or where this is necessary for defending our interests in the context of judicial proceedings, we will store the personal data for longer periods.
8 How do we protect your personal data?
We will implement the necessary administrative, technical and organizational measures for ensuring a level of security appropriate to the specific risks that we have identified. We protect your personal data against destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed. More specifically, we have taken the following measures: we have secured our devices with security passwords and we have protected our computers with security software.
Further, we seek to ensure that we keep your personal data accurate and up to date. In that respect we kindly request that you actively inform us of any changes to your personal data (such as a change in your contact details).
9 Do we transfer and/or share your personal data?
In the context of the purposes as listed above, we could share your personal data with third parties in the following situations:
• any bank, financial institution or other third party lender providing any form of facility, loan, finance or other form of credit or guarantee;
• to our affiliates or any authorized third party service provider engaged us under the terms of any appropriate delegation or contractual arrangement, in order to provide the investment services to you, or to comply with regulatory requirements, or to provide (without limitation) the following functions:
– using our IT systems, software and business applications;
– supporting our IT and business applications support teams, accounting, legal, reporting, internal audit and risk management, administrative, transfer, document storage, record keeping and other related functions, and
– laundering and terrorist financing laws and regulations,
• to liaise with any regulatory authority with whom we are required to cooperate with in relation to an investment.
Where relevant, we will implement safeguards to ensure the protection of your personal data when disclosing your personal data to a third party. For example, we will enter into data processing agreements when engaging a data processor (providing for restrictions on the use of your personal data and obligations with respect to the protection and security of your personal data).
Some of the above-mentioned recipients may be situated or operating in countries outside the European Economic Area. Where we transfer your data outside the European Economic Area we will do so on the basis of: (i) an adequacy decision; (ii) contractual model clauses as drafted and approved by the European Commission; or (iii) another valid transfer mechanisms pursuant to the GDPR. For more information about the safeguards applied by us to international transfers, please contact us via our contact details mentioned in paragraph 13.
10 Can I access my personal data?
If you want to know what personal data we have of you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a ‘data subject access request’.
All such requests should be made in writing and sent to the email or postal addresses shown in paragraph 13 below. In principle, there is no charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make unnecessary repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within 10 working days after receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months after the date on which we received your request. In this case you will, of course, be kept fully informed of our progress.
11 What are your other rights?
Under certain circumstances you have the right to:
• receive additional information regarding the processing of your personal data;
• rectify your personal data; • the erasure of your personal data;
• object to (part of) the processing of your personal data;
• the restriction of (part of) the processing of your personal data; and
• data portability (receive your personal data in a structured, commonly used and machine readable format and to (have) transmit(ted) your personal data to another organization).
Finally you also have the right to lodge a complaint to the local data protection authority. The contact details of the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) are as follows: Bezuidenhoutseweg 30 (2594 AV) The Hague; telephone no. +31 (0)88 – 1805 250.
12 Automated decision making and profiling
We do not undertake any automated decision making or profiling.
13 Contact details
To contact us about anything related to your personal data and/or data protection, including exercising your data subject rights as discussed above in paragraphs 10 and 11, in particular your right to object, please use the contact details below:
For the attention of: Leonie Mekel
Email address: email@example.com
Telephone number: +31 (0)20 320 01 04 Postal
Address: Keizersgracht 756 (1017 EZ), Amsterdam, The Netherlands