Skip to main content

GDPR Compliance Policy

GDPR Statement
The General Data Protection Regulation (GDPR), which applies from 25 May 2018, creates consistent data protection rules across Europe. Zacua Ventures welcomes the implementation of GDPR and is complying with it. 

GDPR Privacy Policy
Our GDPR Privacy Policy is regularly updated and disclosed below.

Individual Data Rights
Our GDPR compliance policy has been developed taking into account your right to access to, revision of, limitation of and deletion of user data. As described in Chapter III of GDPR regulations your rights are the following:

Right to be informed (Articles 12-14)
Right of access (Article 15)
Right of rectification (Article 16)
Right of erasure (Article 17)
Right to restrict (Article 18)
Right to data portability (Article 20)
Right to object (Article 21)
Rights related to automated decision making and profiling (Article 22)
Individuals can exercise their rights by contacting us and we must respond to your requests without undue delay and at latest within 1 month, with a limited right for us to extend this period for up to 3 months (Article 12(3)). If we do not intend to comply with your request, we must state the reason why. Individuals may be asked to provide information to confirm your identity in order to exercise your rights. These rights apply across the EU, regardless of where the data is processed and where the company is established.
You may learn more about GDPR through the European Commission’s page under Data Protection: https://ec.europa.eu/info/law/law-topic/data-protection_en

Fund Business
Zacua does not seek consent for use of data in the normal course of its venture capital fund (“Fund”) business as required by the UK law and Financial Conduct Authority (FCA) for compliance. Fund business data is stored to dedicated folders in our GDPR compliant servers. All data is collected and stored by the administration and Fund-related third parties is restricted to authorised personnel. Data is utilized as required by the UK law and the Financial Conduct Authority (FCA).

Personal Information
Personal information is utilized only as a primary Fund business function. For this reason, the information processed may include name, contact details, family details, financial details, employment details, and goods and services. This information may be about investors, employees, contractors, and portfolio companies. The information may be shared with business associates and professional advisers, agents, service providers and partners in the course of our Fund business with GDPR-qualified third parties and access is restricted to authorised personnel. Data is utilized as required by the UK law and the Financial Conduct Authority (FCA).

Sensitive Data
We do not keep or process any data considered as “sensitive” under the GDPR referring to personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Responsibility of the Controller
We have taken all the appropriate measures that ensure and demonstrate that we comply with GDPR. Electronic data are stored through services provided by GDPR compliant servers, which ensure the protection of your personal data and complies with the GDPR. Physical data is stored securely and with restricted access to unauthorised personnel. We work with all vendors who have access to confidential or sensitive information to comply with applicable provisions of the GDPR and other relevant privacy laws. All data is collected and stored by the administration and Fund-related third parties is restricted to authorised personnel. Data is utilized as required by the UK law and the Financial Conduct Authority (FCA).

Social Media Data
Our website points to social media ecosystems that include LinkedIn and Twitter profiles and pages. Any individual data shared with these sites, such as customer IDs shared using “like” or “follow”, are bound by the terms of agreement of each respective social media platform.

HR Data
HR data are stored to dedicated folders in our GDPR compliant servers. Data collected and stored for this purpose typically derives upon Human Resources, including full time, part-time, volunteer, or individual advisors, affiliated with the company. All data is collected and stored by the administration and Fund-related third parties is restricted to authorized personnel. Data is utilized as required by the UK law and the Financial Conduct Authority (FCA).

Company Data
Company data are stored in our GDPR compliant servers. Data collected and stored for this purpose typically derives upon origination, investment, or portfolio management activities as required by the law and FCA regulation/compliance. All data is collected and stored by the administration and Fund-related third parties is restricted to authorized personnel. Data is utilized as required by the UK law and the Financial Conduct Authority (FCA).

Individual’s Data Storage
Individual’s data may be stored in our CRM. Data collected and stored for this purpose typically derives from investments and other projects, business card exchange and related activities. All data is collected and stored within our company and in GDPR compliant servers with restricted access to authorized personnel only. Data is erased upon request. All data is collected and stored by the administration and Fund-related third parties is restricted to authorized personnel. Data is utilized as required by the UK law and the Financial Conduct Authority (FCA).

Uses of Individual’s Data
Individual’s data are used for the course of Fund business and are processed lawfully. Your data may be transferred for processing to another entity, if and only the entity is compliant with GDPR. All data is collected and stored by the administration and Fund-related third parties is restricted to authorised personnel. Data is utilized as required by the UK law and the Financial Conduct Authority (FCA).

Unethical Uses of Individual’s Data
Please note that we will never:

  • Harvest or scrape individual’s data from online resources
  • Purchase and use individual’s data from unverified sources
  • Sell individual’s data to third parties
  • Data Breach Notification
  • We commit to notify any data breaches to supervisory authorities and affected individuals without undue delay, and where feasible, not later than 72 hours after having become aware of it. We will report to you and the authorities: a) nature of the breach, b) approximate number of people affected, c) describe the likely consequences of the breach, d) the measures taken to reduce further to those affected.

Data Protection Officer

Our data protection officer is Vivin Hegde.

Vivin Hegde, General Partner

Email: GDPR@zacuaventures.com

Finding out about Your Data
Data is utilized as required by the law and regulator. If you would like to learn what personal data, we store relating to you, please contact our Vivin Hegde. We will contact you to confirm your identity prior any information release.

Revising Your Data
If you would like to revise or update your personal data, unless required by the law or regulator, please send your updated information to our Data Protection Officer. We will contact you to confirm your identity prior to updating or revising any information.

San Francisco. New York. Singapore. Madrid. Mexico city.