PRIVACY POLICY
Last updated: March 24th, 2021
INTRODUCTION
Institutional Venture Partners and its affiliates (“IVP,” “WE,” OR “US”) and its employees place a high priority on protecting sensitive personal and financial information. We do not disclose clients’ confidential information, or that of former clients, except as described in this Privacy Policy, permitted by you or required by law.
PARTICULARLY IMPORTANT INFORMATION
Who we are: For the purpose of applicable data protection legislation, the data controller of your personal data is Institutional Venture Partners of 3000 Sand Hill Road Building 2, Suite 250 Menlo Park, CA 94025.
Must Read Sections: We draw your attention in particular to the sections entitled “International Transfer of Data”, “Your choices in relation to personal data” and “Information for California residents”.
Changes to this Privacy Policy: We may change the terms of this Privacy Policy from time to time. You may find a current version of this policy posted on our website at www.ivp.com. If we make any material change(s) to the Privacy Policy, we will post a notice on our website prior to such changes(s) taking effect.
WHAT TYPE OF PERSONAL DATA DO WE COLLECT AND WHERE DO WE GET IT FROM?
We may collect information about you in a range of forms, including personal data. As used in this Privacy Policy, “personal data” refers to personal data, personal information or similar information governed by applicable privacy legislation, including, without limitation, the General Data Protection Regulation 2018 (and any successor legislation); this includes any information which, either alone or in combination with other information we hold about you, identifies you as an individual, including, for example, your name, postal address, email address and telephone number.
We may collect personal data about you from your discussions with us, from legal documents, from information you supply about your investments or portfolio, from your incoming wire transfers or invoice payments, and from applications and other forms completed by you or provided to us by your authorized representatives and other fiduciaries. We may also collect personal data from email correspondence, telephone calls, paper communications, social media, our own websites and online platforms, visiting our offices, inquiring about or buying products or services from us, providing products or services to us and trade events such as conferences or exhibitions. This information may include contact details, biographical data, income, transaction history, assets, risk tolerance, wire transfer instructions, banking details, and tax, identification, social security, and account numbers, as well as information on your investment assets. If you visit our office, we may collect personal information about your health (e.g., whether you pass a body temperature screen) as part of our health and safety screening protocols. If you send or disclose any sensitive personal data to us (e.g., social security numbers, health information, information related to racial or ethnic origin, political opinions, religion or other beliefs), you consent to our processing and use of such sensitive personal data in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive personal data, you should not submit such information to us. For those visiting our websites, online platforms or engaging us through social media, we may collect information relating to IP addresses, social media handles and usernames.
WHY DO WE NEED YOUR PERSONAL DATA?
We will only process your personal data in accordance with applicable data protection and privacy laws. We need certain personal data in order to provide our services. To process your personal data as outlined below, we rely on the following legal bases:
Contractual Performance: We may process your personal data in order perform a contract that you have with us or in order to take steps before entering into a contract with you.
Legitimate Interests: We may also use your personal data where we have legitimate interests to do so. For instance, we process personal data for administrative, fraud detection and other legal purposes.
Consent: We may also ask for your consent to use your personal data for specific reasons. You may withdraw your consent at any time by contacting us as set out at the end of this Privacy Policy.
HOW DO WE COLLECT PERSONAL DATA?
We may collect and process information that you provide during your correspondence with us. This could include, but is not limited to, any of the following ways:
- Giving information directly to us by methods including filling in forms either on our website, online platforms or via other electronic media, and in person when you visit our offices
- Subscribing to our newsletter
- Requesting any of our goods, services, downloads or other information
- Communicating with us through methods including but not limited to e-mail, telephone and written correspondence
We automatically log information about you and your computer or mobile device when you visit our websites. For example, we may log your computer or mobile device operating system name and version, unique device identifiers, manufacturer and model, browser type, browser language, and screen resolution (collectively, “device data”), as well as the website you visited before browsing to our websites, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our websites (collectively, “online activity data”). We use Google Analytics for this purpose. You can find out more information about Google Analytics “cookies” here: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies and how Google protects your data here: www.google.com/analytics/learn/privacy.html. You can prevent the use of Google Analytics relating to your use of our websites by downloading and installing the browser plugin available via this link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
We may also use pixel tags (which are also known as web beacons and clear GIFs) on our websites to track the actions of visitors to our websites or recipients of our emails. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages. Pixel tags compile statistics about usage of our websites and interactions with our emails (e.g., content viewed, links clicked), so that we can manage our content more effectively. The information we collect using pixel tags is not linked to our users’ personal data.
We may also get information about you from other sources, for example, if you have agreed to share information with one of our partners.
HOW DO WE DISCLOSE PERSONAL DATA?
Unless expressly agreed otherwise, we may disclose the information described above to custodians, fund administrators, investment managers, government authorities, and other nonaffiliated companies or individuals, such as legal, audit, and tax advisors, in the manner and to the extent permitted by you or as required by law. We may also disclose the information described above to other nonaffiliated service providers, such as providers of reporting data, data storage and fund monitoring services for our everyday business purposes in supporting our provision of services. We may also share your personal data with marketing agencies who help us promote ourselves or deliver our services, as well as printer/email service providers or other suppliers who help us to send our newsletters and communications. We require third parties to respect the security of your data and to treat it in accordance with the law. We will share your personal data with third parties where required by law.
Our affiliates may also use nonpublic personal data about you to determine eligibility for services and to make marketing solicitations. This information is only provided with the understanding that it will be maintained in confidence. To opt out of affiliate use of your personal data for eligibility or marketing solicitation, please send such request to the Chief Financial Officer (details below).
We do not use your personal data for the purposes of automated decision-making. However, we may do so in order to fulfil obligations imposed by law, in which case we will inform you of any such processing and provide you with an opportunity to object.
INTERNATIONAL TRANSFER OF DATA
IVP may send your data outside the jurisdiction from which it originated or was collected, including, but not limited to the United States, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. Where personal data is transferred or accessed outside of a specific jurisdiction, we require that appropriate safeguards are in place to comply with any applicable data protection regulations.
YOUR CHOICES IN RELATION TO PERSONAL DATA
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. You also have rights and choices which you can exercise with respect to the data we hold on you. You have the right to:
- Obtain access to your personal data
- Withdraw consent
- Object to direct marketing
- Ask us to correct any errors or delete the information we hold
- Object or restrict our processing of your information, including with respect to automated decision-making and/or profiling, our collection of sensitive personal data, and the transfer of your personal data outside the EEA
- Request a copy of your personal data and move your personal data
You may contact us at the contact information at the end of this Privacy Policy anytime for any other questions you may have about your personal data and our use of such personal data.
RETENTION AND DESTRUCTION OF PERSONAL DATA
We take reasonable steps to ensure the accuracy of the information we hold about you. We will not use your personal data unless it is (to our knowledge) accurate and up to date. We typically will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements.
In some circumstances we may anonymize your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you. When the purposes for which we have collected the data for have ended we will retain and securely destroy your personal data in accordance with our policy, applicable laws and regulations.
SECURITY
Unfortunately, the transmission of data over the internet is not completely secure. Although we will use our reasonable commercial efforts to protect your personal data, we cannot guarantee its security. Once we have received your data we will use strict security measures to try to protect it against loss, misuse, unauthorized alterations or interception when transferred electronically. All clients who access performance data and other investment information from our website receive unique login and password identifiers. The firm maintains physical, electronic and procedural safeguards including the use of encryption technologies to protect your confidential information.
CONTACT INFORMATION
For further details about our privacy policy, please contact:
Tracy Hogan
Chief Financial Officer
3000 Sand Hill Road
Building 2, Suite 250
Menlo Park, CA 94025
Tel. +1 (650) 854-0132
email: [email protected]
INFORMATION FOR CALIFORNIA RESIDENTS
Scope. This section applies only to California residents. It describes how we collect, use and share Personal Information of California residents when we act as a “business” as defined under the California Consumer Privacy Act of 2018 (“CCPA”), and their rights with respect to their Personal Information. For purposes of this section, “Personal Information” has the meaning given in the CCPA but does not include information exempted from the scope of the CCPA. For example, this section does not apply to information we collect from you in the course of communicating with you in your capacity as an employee, controlling owner, director, officer or contractor of an organization (i.e., company, partnership, sole proprietorship, non-profit or government agency) in the context of performing due diligence on, or providing or receiving products or services to or from, such organization. In addition, this section does not apply to information governed by the Gramm-Leach-Bliley Act. In some cases we may provide a different privacy notice to certain categories of California residents, such as job applicants, in which case that notice will apply instead of this section.
Your California privacy rights. As a California resident, you have the following rights as of January 1, 2020:
- You can request the following information about how we have collected and used your Personal Information during the past 12 months:
- The categories of Personal Information that we have collected.
- The categories of sources from which we collected Personal Information.
- The business or commercial purpose for collecting and/or selling Personal Information.
- The categories of third parties with whom we share Personal Information.
- The categories of Personal Information that we sold or disclosed for a business purpose.
- The categories of third parties to whom the Personal Information was sold or disclosed for a business purpose.
- Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
- You can ask us to delete the Personal Information that we have collected from you.
- Opt-out of sales. If we sell your Personal Information, you can opt-out of those sales.
- You are entitled to exercise the rights described above free from discrimination as prohibited by the CCPA.
How to exercise your rights. You may submit a request to exercise your right to information, access or deletion by emailing [email protected] or by calling 866-356-5256 (toll-free). We will need to verify your identity to process your information, access and deletion requests and reserve the right to confirm your California residency. To verify your identity, we may require you to log into your IVP account (if applicable), provide government identification, give a declaration as to your identity under penalty of perjury and/or provide additional information. Your authorized agent may make a request on your behalf upon our verification of the agent’s identity and our receipt of a copy of valid power of attorney given to your authorized agent pursuant to California Probate Code Sections 4000-4465. If you have not provided your agent with such a power of attorney, you must provide your agent signed permission to exercise your CCPA rights on your behalf, provide the information we request to verify your identity, and provide us with written confirmation that you have given the authorized agent permission to submit the request. Authorized agents are required by California law to implement and maintain reasonable security procedures and practices to protect their clients’ information. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. In certain cases we may decline your request as permitted by law.
Personal Information that we collect, use and disclose. We collect Personal Information in the following categories specified by the CCPA:
- Identifiers, such as your name and contact details.
- Professional or employment information, such as your job title, professional affiliations and employment history.
- Online identifiers, such as the device data described above in the section entitled HOW DO WE COLLECT PERSONAL DATA.
- Internet information, such as the online activity data described in the section entitled HOW DO WE COLLECT PERSONAL DATA.
- Medical information, such as whether you passed a body temperature or other health screening administered as part of our health and safety protocols when you visit our offices.
- Sensory information in the form of security camera footage taken in our offices and recordings from meetings and calls that you have with us.
- Inferences derived from any of the foregoing.
Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of personal information not described above. We collect this information from you or “other sources” described above in the section entitled HOW DO WE COLLECT PERSONAL DATA? We use this information for the business/commercial purposes described above in the section entitled WHY DO WE NEED YOUR PERSONAL DATA? We disclose this information to third parties as described above in the section entitled HOW DO WE DISCLOSE PERSONAL DATA? Based on our current understanding of the CCPA, we do not “sell” your Personal Information as defined in the CCPA.
The foregoing describes our practices at present and for the 12 month period preceding the date on which this Privacy Policy was last updated by reference to the categories of Personal Information specified in the CCPA (California Civil Code § 1798.140).