Last updated: December 2024
With the following information we want to give you an overview of the processing of your personal data on our website www.cocoa.vc (“website“). We also want to inform you about your rights under data protection laws. The processing of your personal data by us is always in accordance with the UK General Data Protection Regulation (“UK GDPR“) and all applicable country-specific data protection regulations.
1 Introduction
2 Controller
3 Updates to this Privacy Policy
4 Use of Third-Party Tools
5 How is Your Personal Data Collected
6 How is Your Personal Data Processed
7 Cookies
8 Contact
9 Application
10 Social Networks
11 Data security
12 Your Rights
References to the term “we”, “us” and “our” in this privacy policy are to Cocoa Advisor LLP (“Cocoa”), a limited liability partnership in England and Wales with registered number OC450336. Cocoa is an Appointed Representative of The Fund Incubator Limited wich is authorised and regulated by the Financial Conduct Authority – FRN 208716.
The controller according to Art.4 Nr. 1 UK GDPR is
Cocoa Advisor LLP,
Connect House 133-137 Alexandra Road, Wimbledon,
London, United Kingdom, SW19 7JY
Email address: legal@cocoa.vc
We use third-party services to provide certain functions and services on our website. The specific services can be found in the corresponding chapters.
In some cases, we use service providers that are based in a third country, i.e., outside the European Economic Area. We only transfer data to a third country with an adequate level of data protection or where appropriate safeguards pursuant to Art. 44-49 UK GDPR have been concluded. You have the right to request a copy of the appropriate safeguards we have put in place. For this purpose, please send us an email to the email address mentioned in this privacy policy.
We use different methods to collect data from and about you including through:
You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. This information does not reveal your specific identity. We collect this personal data by using server logs and other similar technologies such as IP address identification and logging.
We may receive personal data about you from various third parties including analytics providers, advertising networks and search information providers. We require third parties to have lawful rights to collect, use and share your data before providing any data to us.
“Personal data” is information that identifies you as an individual or relates to an identifiable individual.
We will only use your personal data when the law allows us to and we will not sell, trade or otherwise deal with your personal data in any way that contravenes this privacy policy.
We have set out below a description of the ways we plan to use your personal data, and on which legal basis we do so. Where we rely on our legitimate interests as a legal basis for processing, we have identified the nature of those legitimate interests.
We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Such data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy policy.
Unless we request it, we ask that you not send us, and you not disclose, any sensitive personal data (e.g., national insurance numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the services or otherwise.
When you visit our website, data that your browser transmits to our server, is automatically processed. This data is stored in the log files of the server (in so-called “server log files”). The following personal data is processed:
5.1.1 Purpose of Processing
We do not use the data stored in server log files to draw any conclusion about your person. The purposes pursued by us include:
5.1.2 Legal Basis
The legal basis for processing your personal data is our legitimate interest pursuant to Art. 6 (1) (f) UK GDPR. We have a prevailing interest in being able to guarantee the website’s stability and security.
5.1.3 Retention Period
The log files are stored for security reasons (e.g., to clarify acts of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further retention is required for evidentiary purposes will be retained until the matter has been finally clarified.
6.1.4 Recipients of Personal Data
We use the following service provider:
Terra Host AS
Klinestadmoen 10,
3241 Sandefjord
Norway
6.5.1 Purpose of Processing
6.5.2 Legal Basis
6.5.3 Retention Period
6.5.4 Recipients of Personal Data
Google Ireland Ltd.
Barrow Street, Dublin 4
Through Google Tag Manager, we process, among other things, the following personal data:
6.6.1 Purpose of Processing
6.6.2 Legal Basis
6.6.3 Retention Period
6.6.4 Recipients of Personal Data
Google Ireland Ltd.
We use Google Analytics to analyse your user behaviour in order to make decisions regarding product and marketing optimization based on the results.
The legal basis for the use of Google Analytics is, pursuant to Art. 6 (1) lit. a UK GDPR, your voluntary and revocable consent
6.7.3 Retention Period
6.7.4 Recipients of Personal Data
Google Ireland Ltd.
The purpose of the processing is to carry out the application procedure.
The legal basis for the processing of personal data is the fulfilment of the contract and the implementation of pre-contractual measures pursuant to Art. 6 (1) (b) UK GDPR.
If an employment relationship is established after completion of the application process, the personal data provided will be processed further for the employment relationship. Otherwise, we generally retain the data for six months after the end of the application process. We then delete all personal data.
We use the following service provider:
555 Mission Street #300
San Francisco,
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.