If you are an SV Health investor or a representative of an investor, please see the investor privacy notice, which is available in our investor portal, for Personal Data about our collection, use, and sharing practices with respect to investor Personal Data. In addition, our investor portal provider’s policies also apply to the Personal Data collected in our investor portal.
Use of the term “Personal Data” herein means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information,” “personal information” or “personal data” as such terms are defined under certain data privacy laws, rules or regulations that are applicable to SV Health, including without limitation, the General Data Protection Regulation (EU) 2016/679, UK Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003, in each case including any legally binding regulations, direction and orders issued from time to time under or in connection with any such law) and the California Consumer Privacy Act (together, the “Data Protection Legislation”).
1. Personal Data We Collect
a. Personal Data You Provide Directly to Us
At this time, we do not allow users to directly provide us with their Personal Data through the Site. However, you may provide us directly with Personal Data in order to access certain services, to provide services to us or to request Personal Data of us. This Personal Data may include your name, contact information, resume information, or other Personal Data about yourself.
Except where we are required to screen individuals pursuant to Office of Foreign Assets Control (OFAC) laws, and similar laws and regulations, you do not have a statutory or contractual requirement to provide us with your personal data. If you do not provide us with your Personal Data, however, we may not be able to provide certain information or services to you. For example, we will not be able to review an application for employment without certain information; similarly, we will not be able to enter into a contract with a potential investor without certain information.
b. Personal Data We Collect from Third Parties
We may also collect Personal Data from third parties, such as a CV received from a recruiting firm, fit-for-work information received from a physician, background information received from a background check provider, Personal Data we view on social media, or details obtained from publicly available lists of individuals subject to trade restrictions. We also collect Personal data from business partners and vendors to support our provision of investment services. The data we collect from such third parties is often in aggregate form and not individually identifiable, though at times may include personal data.
c. Personal Data that Is Passively or Automatically Collected
We may automatically collect certain Personal Data about the computer or devices (including mobile devices or tablets) you use to access the Site. As described further below, we may collect and analyze Personal Data such as (a) IP addresses, location information, unique device identifiers, IMEI and TCP/IP address, and other information about your computer or device(s), browser types, browser language, operating system, mobile device carrier information, and the state or country from which you accessed the Site; and (b) information related to the ways in which you interact with the Site, such as referring and exit web pages and URLs, platform type, the number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, statistical information about the use of the Site, the amount of time spent on particular pages, the date and time you used the Site, the frequency of your use of the Site, error logs, and other similar information. As described further below, we may use third-party analytics providers and technologies, including cookies and similar tools, to assist in collecting this information.
ii.Cookies and Other Electronic Technologies
We may also collect data about your use of the Site through the use of Internet server logs, cookies and/or tracking pixels. A web server log is a file where website activity is stored. A cookie is a small text file that is placed on your computer when you visit a website, that enables us to: (a) recognize your computer; (b) store your preferences and settings; (c) understand the web pages of the Site you have visited; (d) enhance your user experience by delivering content and advertisements specific to your inferred interests; (e) perform searches and analytics; and (f) assist with security administrative functions. We also may include tracking pixels and web beacons in email messages, newsletters, and other electronic communications to determine whether the message has been opened and for other analytics, personalization, and promotion. As we adopt additional technologies, we may also gather additional Personal Data through other methods.
Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari). You can also manage the use of Flash technologies, including cookies and local storage objects with the Flash management tools available at Adobe's website. Please note that by blocking any or all cookies, you may not have access to certain features or offerings of the Site.
d. Online Analytics
We may use third-party web analytics services (such as those of Google Analytics) on our Site to collect and analyze the Personal Data discussed above, and to engage in auditing, research, or reporting. The Personal Data (including your IP address) collected by various analytics technologies described in the “Cookies and Other Tracking Technologies” section will be disclosed to or collected directly by these service providers, who use the Personal Data to evaluate your use of the Site, including by noting the third-party website from which you arrive, analyzing usage trends, assisting with fraud prevention, and providing certain features to you. To prevent Google Analytics from using your Personal Data for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here.
e. Do-Not-Track Signals
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We do not currently recognize or respond to browser-initiated DNT signals. Third parties, such as our analytics providers, may collect data that relates to you on our Site. We cannot control third parties’ responses to DNT signals. Third parties’ responsiveness to DNT signals is governed by their respective privacy policies. You can learn more about Do Not Track here.
2. How We Use Your Personal Data
We may use the Personal Data we collect from and about you for the following purposes:
- Carry out our obligations arising from any contracts
- Provide you with information, products or services that you request from us and correspond with you;
- Protect against or deter fraudulent, illegal or harmful actions and maintain the safety, security, and integrity of our Site
- Comply with our legal and regulatory obligations;
- Establish and defend legal rights;
- Respond to law enforcement requests and as required by applicable law, court order, or governmental regulations; and
- Any other business purpose stated when collecting your Personal Data or as otherwise set forth in applicable data privacy laws, such as the California Consumer Privacy Act (the “CCPA”) and the UK Data Protection Act 2018.
Please note that we may combine Personal Data that we collect from you and about you (including automatically-collected Personal Data) with Personal Data we obtain about you from our affiliates, , and/or other non-affiliated third parties, and use such combined Personal Data in accordance with this Policy.
We may aggregate and/or de-identify Personal Data we collect. We may use de-identified and/or aggregated data for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties.
3. When We Disclose Your Personal Data
Subject to applicable Data Protection Legislation and where it is necessary for the performance of our contract with you or for our internal business processes, SV Health may share your personal information with third parties such as our service providers, suppliers, contractors, affiliates, professional advisers, regulatory bodies, auditors, technology providers, third party partners, any duly authorised agents or affiliates of the foregoing, and the employees, directors, consultants, officers, advisers, suppliers, investors, distributors, customers and agents of any SV Health portfolio companies. When we share your Personal Data with such third parties, they may only use your Personal Data for specific purposes relating to assisting us with running our business. Your Personal Data may also be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part).
4. Legal Basis for Processing Personal Data
The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your personal data. To the extent those laws apply, our legal grounds for processing your personal data are as follows:
- Legitimate Interests. In many cases, we handle personal data on the ground that it furthers our legitimate interests in commercial activities, such as the following, in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals.
- Providing our investment services.
- Providing and maintaining our Site.
- Analyzing and improving our business and Site.
- Communications, including responding to your inquiries about our services.
- Addressing information security needs and protecting our investors, SV Health, SV Health funds, and others.
- Managing legal issues.
- Legal Compliance. We need to use and disclose personal data in certain ways to comply with our legal obligations.
- Honor Our Contractual Commitments to You. Much of our processing of personal data is to meet our contractual obligations to our investors, or to take steps at investors’ request in anticipation of entering into a contract with them.
- Consent. Where we collect personal data from a third party that has obtained your consent, we may process your personal data on the basis of consent.
5. Your Choices, EU Data Subject Rights and California Privacy Rights
You can request access to and/or revision of certain personal data by contacting us as described below. If you wish to limit the emails you receive from us, you can let us know by contacting us as described in the “Contact Information and Questions About this Policy” section.
Subject to local law, you may have certain rights with regard to your personal data. To learn more about the personal data we collect about you or the rights you may have, please contact us at the contact information below. These rights may include the following rights to (1) access or rectify your personal data or request its deletion, (2) request a restriction on the processing of your personal data, (3) object to the processing of your personal data, or (4) exercise other rights with respect to your personal data. Please contact us as described below. While we strongly encourage you to first raise any questions or concerns about your personal data directly with us, you may have a right to lodge a complaint with the relevant supervisory authority.
Many of the rights described here are subject to significant limitations and exceptions under applicable law (e.g., objections to the processing of personal data, and withdrawals of consent, typically will not have retroactive effect). Please also note that if we collected your personal data from a third party, you may also need to contact that third party in order to exercise your rights with them.
California residents can make certain requests about their personal information under the California Consumer Privacy Act (“CCPA”). Specifically, if you are a California resident, you may request that we:
- provide you with information about: the categories of personal information we collect, disclose or sell about you; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we share personal information. Such information is also set forth in this Policy;
- provide access to and/or a copy of certain information we hold about you;
- delete certain information we have about you; and/or
- provide you with information about the financial incentives that we offer to you, if any.
California residents can also designate an authorized agent to make access and/or deletion requests on their behalf. We will take reasonable steps to verify your identity before responding to a request for access and/or deletion from you or your designated agent. The CCPA further provides you with the right to not be discriminated against (as provided for in applicable law) for exercising your rights. Please note that certain information may be exempt from such requests under California law.
If you are a California resident and would like to exercise any of legal rights under the CCPA, please contact us at email@example.com.
Sale of personal information. The CCPA sets forth certain obligations for businesses that “sell” personal information. Pursuant to the definition of “sell” under the CCPA and current guidance, we do not engage in such activity and have not engaged in such activity in the past twelve months, including for minors under 16. Please note, we do share certain personal information with our service providers and certain other entities as set forth in When We Disclose Your Personal Data.
6. Notice to California Residents
If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your “personal information” (as defined in the CCPA). We describe the categories of information we collect, our business purposes for collecting such information, the sources and uses of such information and the entities to which we share such information in other sections of this Policy. We provide additional information required by the CCPA below.
Categories of personal information we collect, use and disclose. Throughout this Policy, we discuss in detail the types of information we collect from and about users and discuss how we use and share such information. The following are the “categories” of personal information under the CCPA that we collect and that we may, as discussed throughout this Policy, use and disclose for our business purposes:
Identifiers (such as name, address, email address); commercial information (such as transaction data); financial data (such as credit card information); device identifiers (such as IP address and unique device identifiers); Internet or other network or device activity (such as browsing history or app usage (such as your notes and highlights in the Services); general geolocation data from IP addresses; and other information that identifies or can be reasonably associated with you.
How we use these categories of personal information. We use the categories of personal information we collect from and about you consistent with the various business purposes we discuss throughout this Policy.
7. Data Transfer
Our computer systems are currently based in the United States, and your personal data will be processed in the United States, which may not offer the same level of protection as the privacy laws of your jurisdiction.
SV Health Managers LLP and SV Health Investors UK Ltd are based in the UK and your personal data will be processed in the UK. The UK is currently a member of the EU.
Transferring Personal data outside the EU/EEA: DPA 2018/GDPR permits Personal data transfers to a third country subject to compliance with set conditions, including the use of standard contractual clauses. The arrangements in place, for significant IT vendor contracts, for example BOX, Outlook etc. across SV Health mean material amounts of Personal data are routinely transferred from the UK to the US. An agreement has been put in place using EU standard contractual clauses between SV Health Managers LLP and SV Health UK Limited with SV Health Investors LLC. These agreements include a detailed Annex describing the transfer of data and the recipients of the data transferred from the UK to the US.
8. Children’s Privacy
The Site is intended for general audiences and not for children under the age of 16. If we become aware that we have collected personal information (as defined by the Children’s Online Privacy Protection Act) or personal data (under the GDPR) from children under the age of 16 without valid parental consent, we will take reasonable steps to delete it as soon as practicable.
We have implemented administrative, technical, and physical security measures to protect against the loss, misuse, and/or alteration of your Personal Data. These safeguards vary based on the sensitivity of the Personal Data that we collect and store. However, we cannot and do not guarantee that these measures will prevent every unauthorized attempt to access, use, or disclose your Personal Data since despite our efforts, no Internet and/or other electronic transmissions can be completely secure.
10. Data Retention
We will hold your Personal Data for as long as necessary to fulfill the purposes set forth in this Policy or as long as we are legally required or permitted to do so. Personal Data may persist in copies made for backup and business continuity purposes for additional time.
11. Your Right to Complain
If you have any questions or concerns about how your Personal data is used or held, in the first instance you should contact us using the contact details set out below. Should you wish to take any complaints further you have the right to complain to the Information Commissioner’s Office (“ICO”) and with the supervisory authority of your country or EU Member State. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.. The ICO has enforcement powers and can investigate compliance with data protection law.
12. Third-Party Links and Services
The Site may contain links to or “frame” third-party websites, applications, and other services, including our investor website, as described above. Please be aware that we are not responsible for the privacy practices of such other sites and services. We encourage our users to be aware when they leave our Site and to read the privacy statements of each and every site they visit that collects their Personal Data.
13. Changes to this Policy
We will continue to evaluate this Policy, and we may make changes to the Policy accordingly. Any changes will be posted here and you should check this page periodically for updates. If we make material changes to this Policy, we will provide you with notice as required by law.
14. Contact Personal Data and Questions About this Policy
If you have any questions about our Policy, please contact us at firstname.lastname@example.org.
For SV Health Managers LLP and SV Health Investors UK Ltd our Data Protection representative can be contacted at email@example.com.
Date: 17 April 2020