Last updated: June 2023
With the following information we want to give you an overview of the processing of your personal data on our website www.cocoa.vc (“website“). We also want to inform you about your rights under data protection laws. The processing of your personal data by us is always in accordance with the UK General Data Protection Regulation (“UK GDPR“) and all applicable country-specific data protection regulations.
1 Introduction
2 Controller
3 Data Protection Officer
4 Updates to this Privacy Policy
5 Use of Third-Party Tools
6 How is Your Personal Data Collected
7 How is Your Personal Data Processed
8 Cookies
9 Contact
10 Application
11 Social Networks
12 Data security
13 Your Rights
References to the terms “we”, “us” and “our” in this privacy policy are to Cocoa I Advisor Limited (“Cocoa”), a private limited company incorporated in England and Wales with registered number 13635080. Cocoa is an Appointed Representative of The Fund Incubator Limited which is authorised and regulated by the Financial Conduct Authority – FRN 208716.
The controller according to Art.4 Nr. 1 UK GDPR is
Cocoa I Advisor Limited,
Connect House 133-137 Alexandra Road, Wimbledon,
London, United Kingdom, SW19 7JY
Email address: hello@cocoa.vc
You can reach our data protection officer as follows:
SECJUR GmbH
Steinhöft 9
20459 Hamburg
Telephone number: +49 40 228 599 520
Email address: dsb@secjur.com
You can contact our data protection officer any time to ask questions and make suggestions regarding data protection and the exercise of your rights.
We use third-party services to provide certain functions and services on our website. The specific services can be found in the corresponding chapters.
In some cases, we use service providers that are based in a third country, i.e., outside the European Economic Area. We only transfer data to a third country with an adequate level of data protection or where appropriate safeguards pursuant to Art. 44-49 UK GDPR have been concluded. You have the right to request a copy of the appropriate safeguards we have put in place. For this purpose, please send us an email to the email address mentioned in this privacy policy.
We use different methods to collect data from and about you including through:
You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. This information does not reveal your specific identity. We collect this personal data by using server logs and other similar technologies such as IP address identification and logging.
We may receive personal data about you from various third parties including analytics providers, advertising networks and search information providers. We require third parties to have lawful rights to collect, use and share your data before providing any data to us.
“Personal data” is information that identifies you as an individual or relates to an identifiable individual.
We will only use your personal data when the law allows us to and we will not sell, trade or otherwise deal with your personal data in any way that contravenes this privacy policy.
We have set out below a description of the ways we plan to use your personal data, and on which legal basis we do so. Where we rely on our legitimate interests as a legal basis for processing, we have identified the nature of those legitimate interests.
We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Such data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy policy.
Unless we request it, we ask that you not send us, and you not disclose, any sensitive personal data (e.g., national insurance numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the services or otherwise.
When you visit our website, data that your browser transmits to our server, is automatically processed. This data is stored in the log files of the server (in so-called “server log files”). The following personal data is processed:
6.1.1 Purpose of Processing
We do not use the data stored in server log files to draw any conclusion about your person. The purposes pursued by us include:
6.1.2 Legal Basis
The legal basis for processing your personal data is our legitimate interest pursuant to Art. 6 (1) (f) UK GDPR. We have a prevailing interest in being able to guarantee the website’s stability and security.
6.1.3 Retention Period
The log files are stored for security reasons (e.g., to clarify acts of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further retention is required for evidentiary purposes will be retained until the matter has been finally clarified.
6.1.4 Recipients of Personal Data
We use the following service provider:
Terra Host AS
Klinestadmoen 10,
3241 Sandefjord
Norway
We use cookies on our website. These are files that your browser automatically creates and that are stored on your IT system when you visit our site. Information is stored in the cookie that is related to the specific device used.
Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the data subject from other browsers that contain other cookies. A specific browser can be recognised and identified via the unique cookie ID.
When you visit our website or a sub-website for the first time and it contains cookies, you will be shown “data protection settings”. There you will be informed about the individual cookies that we use. You can find out about each individual cookie in terms of the name, the provider, the purpose of the processing and the storage period. In addition, you can allow us to use non-essential cookies and reverse this decision there.
In legal terms, a distinction must be made between essential and non-essential cookies:
We use essential cookies. These are cookies that are technically necessary to provide all functions of our website. The legal basis for processing your personal data is our legitimate interest pursuant to Art. 6 (1) (f) UK GDPR. We have a prevailing interest in being able to offer our technically functioning service.
We also use non-essential cookies (e.g. analysis and marketing cookies). These are cookies that are not technically necessary. We use them to understand your behaviour on our website and to improve our services. The legal basis for processing your personal data is your consent pursuant to Art. 6 (1) (a) UK GDPR. The cookies are set only after you have given your consent via our cookie banner.
7.4.1 Scope of processing
In order to be able to present you with information regarding cookies in the form of the “privacy settings”, we use a cookie banner on our website. With our cookie banner, we inform you about the cookies we specifically use. In addition, we give you the opportunity to decide whether you want to consent to the setting of non-essential cookies. The following can be processed:
7.4.2 Purpose of processing
We process your personal data for the following purposes:
7.4.3 Legal basis for processing
The legal basis for the use of the cookie banner is Art. 6 para. 1 p. 1 lit. f) DSGVO. We have an overriding legitimate interest in using the cookie banner, which enables us to obtain the legally required consents for the use of non-essential cookies and to comply with our duty to provide information regarding cookies.
7.4.4 Storage period
The cookie banner stores preferences until you reset or adjust them.
7.4.5 Recipients of personal data
We don’t use an external provider and do not forward any data to third party recipients..
7.5 Google FontsWe use Google Fonts to obtain fonts (and symbols) for the purpose of a technically secure, maintenance-free and efficient use of fonts and symbols with regard to up-to-dateness and loading times, their uniform presentation and consideration of possible restrictions under licensing law. The provider of the fonts is informed of the user’s IP address so that the fonts can be made available in the user’s browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) are transmitted which are necessary for the provision of the fonts depending on the devices used and the technical environment. This data may be processed on a server of the provider of the fonts in the USA – When visiting our online offer, the users’ browsers send their browser HTTP requests to the Google Fonts Web API (i.e. a software interface for retrieving the fonts). The Google Fonts Web API provides users with the Google Fonts Cascading Style Sheets (CSS) and then the fonts specified in the CCS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server and (3) the HTTP headers, including the user agent describing the browser and operating system versions of the website visitors, as well as the reference URL (i.e. the web page on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers and they are not analysed. The Google Fonts Web API logs details of HTTP requests (requested URL, user agent and referring URL). The requested URL identifies the font families for which the user wishes to load fonts. This data is logged so that Google can determine how often a particular font family is requested. With the Google Fonts Web API, the user agent must match the font that is generated for the particular browser type. The user agent is logged primarily for debugging purposes and is used to generate aggregate usage statistics that measure the popularity of font families. These aggregate usage statistics are published on Google Fonts’ Analytics page. Finally, the referral URL is logged so that the data can be used for production maintenance and to generate an aggregate report on top integrations based on the number of font requests. Google says it does not use any of the information collected by Google Fonts to profile end users or serve targeted ads;
Through Google Fonts we process the following personal data:
7.5.1 Purpose of Processing
We use Google Fonts for the purpose of a technically secure, maintenance-free and efficient use of fonts and symbols with regard to up-to-dateness and loading times, their uniform presentation and consideration of possible restrictions under licensing law., the Google Fonts enables us to quickly and easily exchange code on our website via a web interface without having to intervene in the source code.
7.5.2 Legal Basis
The legal basis for processing your personal data is your consent pursuant to Art. 6 (1) lit a UK GDPR . The cookies are set only after you have given your consent via our cookie banner.
7.5.3 Retention Period
We delete your personal data as soon as they are no longer required to achieve the purpose for which they were collected. The storage period of personal data depends on the providers used.
7.5.4 Recipients of Personal Data
We use the following service provider:
Google Ireland Ltd.
Gordon House,
Barrow Street, Dublin 4
Ireland
We use Google Tag Manager to control the use of code snippets (“tags“), such as tracking code on our website.
Through Google Tag Manager, we process, among other things, the following personal data:
· IP address
· Device data, such as operating system, browser version, screen resolution
7.6.1 Purpose of Processing
In doing so, the Google Tag Manager enables us to quickly and easily exchange code on our website via a web interface without having to intervene in the source code.
7.6.2 Legal Basis
The legal basis for processing your personal data is your consent pursuant to Art. 6 (1) lit a UK GDPR. The cookies are set only after you have given your consent via our cookie banner.
7.6.3 Retention Period
We delete your personal data as soon as they are no longer required to achieve the purpose for which they were collected. The storage period of personal data depends on the providers used.
7.6.4 Recipients of Personal Data
We use the following service provider:
Google Ireland Ltd.
Gordon House,
Barrow Street, Dublin 4
Ireland
This website uses functions of the web analytics service Google Analytics. Through Google Analytics, we process the following personal data, among others:
· Time of request
· IP addresses
· Online identifiers (including cookie identifiers)
· Device identifiers
· Technical characteristics of users (e.g., browser type and version, device type, operating system)
· Measurement of user behaviour (e.g., views of individual pages / content, views of content from different areas, session duration / dwell time, bounce rate
· Use of individual website functionalities (e.g. timetable information, search queries, downloads)
· eCommerce activity (e.g., products purchased, sales)
· Referral URL (the previously visited page).
7.7.1 Purpose of Processing
We use Google Analytics to analyse your user behaviour in order to make decisions regarding product and marketing optimization based on the results.
7.7.2 Legal Basis
The legal basis for the use of Google Analytics is, pursuant to Art. 6 (1) lit. a UK GDPR, your voluntary and revocable consent
You can consent to the processing of your data by Google Analytics using our Consent Manager, prevent the collection of your data or revoke consent once given. To revoke, call up the cookie settings on our website again.
7.7.3 Retention Period
Personal data is anonymized by Google 14 months after your last activity, unless there is a legal obligation to retain it.
7.7.4 Recipients of Personal Data
We use the following service provider:
Google Ireland Ltd.
Gordon House,
Barrow Street, Dublin 4
Ireland
Through our website you can contact us by email. To contact you and to answer your request, we process the following personal data from you:
We process your data to respond to your inquiry and other matters arising from it.
If your request is connected to pre-contractual measures or in relation to an existing contract with us, the legal basis is the performance of the contract and implementation of pre-contractual measures pursuant to Art. 6 (1) (b) UK GDPR.
If your request is made independently of contractual or pre-contractual measures, our prevailing legitimate interests pursuant to Art. 6 (1) (f) UK GDPR constitutes the legal basis. The prevailing legitimate interest corresponds to the above-mentioned purposes.
We delete your personal data as soon as they are no longer required to achieve the purpose for which they were collected. In the context of contact inquiries, this is usually the case when it is clear from the circumstances that the specific matter has been conclusively processed.
We use the following service provider:
Superhuman Labs, Inc.
555 Mission Street #300
San Francisco,
CA 94105
You can apply for job vacancies through our application form or via email. As part of the application process, we process the following personal data:
The purpose of the processing is to carry out the application procedure.
The legal basis for the processing of personal data is the fulfilment of the contract and the implementation of pre-contractual measures pursuant to Art. 6 (1) (b) UK GDPR.
If an employment relationship is established after completion of the application process, the personal data provided will be processed further for the employment relationship. Otherwise, we generally retain the data for six months after the end of the application process. We then delete all personal data.
We use the following service provider:
Superhuman Labs, Inc.
555 Mission Street #300
San Francisco,
CA 94105
We maintain presences in social networks to communicate with you and inform you about our services. We use the following social media networks: Twitter and LinkedIn.
We use the following social media plug-in: Twitter. This allows you to communicate with such services and like or comment from our website.
Please note that we neither have the control of the extent of personal data that is collected by the respective plug-in provider, nor do we know the processing’s purpose or the period your personal data will be retained.
Further information about the processing of your personal data in the provider’s course of operation is provided via their respective privacy policy. Moreover, you will be provided with further information regarding your rights and setting concerning privacy.
The purpose of the processing is the maintenance of presences in social media. Social media plug-ins enable a direct communication between your device and the servers of the social media provider, allowing the social media provider to communicate with you and collect information about you browsing our website.
The legal basis for the processing of personal data is based on Article 6 (1) lit. a UK GDPR, your voluntary and revocable consent.
We have company presences in the following social networks:
LinkedIn Ireland Unlimited
Company Wilton Place
Dublin 2
Ireland
Twitter International Company
One Cumberland Place
Fenian Street
Dublin 2
Ireland
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. We cannot guarantee the security of any personal data that you disclose online, for example when it is sent by email. You accept the inherent security risks of providing information online over the internet and will not hold Cocoa responsible for any breach of security unless this is due to Cocoa ’s negligence or wilful default.
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
Right to Object
You have the right to object to the processing of your personal data at any time on grounds relating to your particular situation, which is carried out on the basis of data processing in the public interest pursuant to Art. 6 (1) (e) UK GDPR or on the basis of our legitimate interest pursuant to Art. 6 (1) (f) UK GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Where we need to collect personal data by law, or under the terms of a contract we have (or are negotiating) with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel all or part of the services you have with us, but we will notify you if this is the case at the time.
You are not required to pay any charge for exercising your rights. We have one month to respond to you. Please contact us at dsb@secjur.com, if you wish to make a request
If you have any concerns about our use of your personal information, you can make a complaint to us at
secjur GmbH,
Steinhöft 9
20459 Hamburg;
Telephone: +49 40 228 599 520
Email: dsb@secjur.com
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113 ICO
website: https://www.ico.org.uk