PRIVACY POLICY

Last updated: December 2024

Introduction

With the following information we want to give you an overview of the processing of your personal data on our website www.cocoa.vc (“website“). We also want to inform you about your rights under data protection laws. The processing of your personal data by us is always in accordance with the UK General Data Protection Regulation (“UK GDPR“) and all applicable country-specific data protection regulations.

1 Introduction

2 Controller

3 Updates to this Privacy Policy

4 Use of Third-Party Tools

5 How is Your Personal Data Collected

6 How is Your Personal Data Processed

7 Cookies

8 Contact

9   Application

10   Social Networks

11   Data security

12   Your Rights


2   Controller

References to the term “we”, “us” and “our” in this privacy policy are to Cocoa Advisor LLP (“Cocoa”), a limited liability partnership in England and Wales with registered number OC450336. Cocoa is an Appointed Representative of The Fund Incubator Limited wich is authorised and regulated by the Financial Conduct Authority – FRN 208716.

The controller according to Art.4 Nr. 1 UK GDPR is

Cocoa Advisor LLP,

Connect House 133-137 Alexandra Road, Wimbledon,

London, United Kingdom, SW19 7JY

Email address: legal@cocoa.vc

3   Use of Third-Party Tools

We use third-party services to provide certain functions and services on our website. The specific services can be found in the corresponding chapters.

In some cases, we use service providers that are based in a third country, i.e., outside the European Economic Area. We only transfer data to a third country with an adequate level of data protection or where appropriate safeguards pursuant to Art. 44-49 UK GDPR have been concluded. You have the right to request a copy of the appropriate safeguards we have put in place. For this purpose, please send us an email to the email address mentioned in this privacy policy.

4   How is Your Personal Data Collected

We use different methods to collect data from and about you including through:

  •   Direct interactions.

You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  •   request for our products or services;
  •   complete an online submission form;
  •   request marketing to be sent to you;
  •   employment applications;
  •   submitting funding applications and any related materials including slide decks, presentations and web submissions;
  •   give us some feedback;
  •   use of our website (cocoa.vc); or use of our social media pages including Twitter (twitter.com/@cocoadotvc) and LinkedIn (https://www.linkedin.com/company/cocoadotvc)
  •   Automated technologies or interactions.

As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. This information does not reveal your specific identity. We collect this personal data by using server logs and other similar technologies such as IP address identification and logging.

  •   Cocoa may also use cookies to collect information on you such as your browser type, time spent on the services, pages visited, language preferences, and other traffic data.
  •   Third parties or publicly available sources.

We may receive personal data about you from various third parties including analytics providers, advertising networks and search information providers. We require third parties to have lawful rights to collect, use and share your data before providing any data to us.

  •   Identity data from data brokers or aggregators.
  •   Public sources. Identity data from publicly available sources such as Companies House and the Electoral Register.
 

5   How is Your Personal Data Processed

“Personal data” is information that identifies you as an individual or relates to an identifiable individual.

We will only use your personal data when the law allows us to and we will not sell, trade or otherwise deal with your personal data in any way that contravenes this privacy policy.

We have set out below a description of the ways we plan to use your personal data, and on which legal basis we do so. Where we rely on our legitimate interests as a legal basis for processing, we have identified the nature of those legitimate interests.

We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Such data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy policy.

Unless we request it, we ask that you not send us, and you not disclose, any sensitive personal data (e.g., national insurance numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the services or otherwise.

5.1  Provision of the Website

When you visit our website, data that your browser transmits to our server, is automatically processed. This data is stored in the log files of the server (in so-called “server log files”). The following personal data is processed:

  •   Browser type and browser version
  •   Operating system used
  •   Referrer URL (previously visited website)
  •   Host name of the accessing computer
  •   Date and time of server request
  •   IP address

5.1.1  Purpose of Processing

We do not use the data stored in server log files to draw any conclusion about your person. The purposes pursued by us include:

  •   the guarantee of a smooth connection set-up of the website,
  •   the clarification of acts of abuse or fraud,
  •   problem analysis in the network, and
  •   the evaluation of system security and stability.

5.1.2  Legal Basis

The legal basis for processing your personal data is our legitimate interest pursuant to Art. 6 (1) (f) UK GDPR. We have a prevailing interest in being able to guarantee the website’s stability and security.

5.1.3  Retention Period

The log files are stored for security reasons (e.g., to clarify acts of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further retention is required for evidentiary purposes will be retained until the matter has been finally clarified.

6.1.4  Recipients of Personal Data

We use the following service provider:

Terra Host AS

Klinestadmoen 10,

3241 Sandefjord

Norway

 

6.5.1  Purpose of Processing

6.5.2  Legal Basis

6.5.3  Retention Period

6.5.4  Recipients of Personal Data

Google Ireland Ltd.

Barrow Street, Dublin 4

6.6  Google Tag Manager

Through Google Tag Manager, we process, among other things, the following personal data:

6.6.1  Purpose of Processing

6.6.2  Legal Basis

6.6.3  Retention Period

6.6.4  Recipients of Personal Data

Google Ireland Ltd.

6.7  Google Analytics

  •   Time of request
  •   IP addresses
  •   Online identifiers (including cookie identifiers)
  •   Device identifiers
  •   Technical characteristics of users (e.g., browser type and version, device type, operating system)
  •   Measurement of user behaviour (e.g., views of individual pages / content, views of content from different areas, session duration / dwell time, bounce rate
  •   Use of individual website functionalities (e.g. timetable information, search queries, downloads)
  •   eCommerce activity (e.g., products purchased, sales)
  •   Referral URL (the previously visited page).

We use Google Analytics to analyse your user behaviour in order to make decisions regarding product and marketing optimization based on the results.

The legal basis for the use of Google Analytics is, pursuant to Art. 6 (1) lit. a UK GDPR, your voluntary and revocable consent

6.7.3  Retention Period

6.7.4  Recipients of Personal Data

Google Ireland Ltd.

8.1  General Information

  •   First and last name
  •   Address
  •   Contact data (e.g., email address, telephone number), and
  •   Application data (e.g., cover letter, resume, certificates, and other supporting documents).

The purpose of the processing is to carry out the application procedure.

The legal basis for the processing of personal data is the fulfilment of the contract and the implementation of pre-contractual measures pursuant to Art. 6 (1) (b) UK GDPR.

If an employment relationship is established after completion of the application process, the personal data provided will be processed further for the employment relationship. Otherwise, we generally retain the data for six months after the end of the application process. We then delete all personal data.

We use the following service provider:

555 Mission Street #300
San Francisco,

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.