PRIVACY POLICY

Last updated: April 2024

Introduction

With the following information we want to give you an overview of the processing of your personal data on our website www.cocoa.vc (“website“). We also want to inform you about your rights under data protection laws. The processing of your personal data by us is always in accordance with the UK General Data Protection Regulation (“UK GDPR“) and all applicable country-specific data protection regulations.

1 Introduction

2 Controller

3 Data Protection Officer

4 Updates to this Privacy Policy

5 Use of Third-Party Tools

6 How is Your Personal Data Collected

7 How is Your Personal Data Processed

8 Cookies

9 Contact

10   Application

11   Social Networks

12   Data security

13   Your Rights

  

2   Controller

References to the terms “we”, “us” and “our” in this privacy policy are to Cocoa Advisor LLP (“Cocoa”), a private limited company incorporated in England and Wales with registered number 13635080. Cocoa is an Appointed Representative of The Fund Incubator Limited which is authorised and regulated by the Financial Conduct Authority – FRN 208716.

The controller according to Art.4 Nr. 1 UK GDPR is

Cocoa Advisor LLP,

Connect House 133-137 Alexandra Road, Wimbledon,

London, United Kingdom, SW19 7JY

 

Email address: hello@cocoa.vc

3   Data Protection Officer

You can reach our data protection officer as follows:

SECJUR GmbH

Steinhöft 9

20459 Hamburg

 

Telephone number: +49 40 228 599 520

Email address: dsb@secjur.com

You can contact our data protection officer any time to ask questions and make suggestions regarding data protection and the exercise of your rights.

4   Use of Third-Party Tools

We use third-party services to provide certain functions and services on our website. The specific services can be found in the corresponding chapters.

In some cases, we use service providers that are based in a third country, i.e., outside the European Economic Area. We only transfer data to a third country with an adequate level of data protection or where appropriate safeguards pursuant to Art. 44-49 UK GDPR have been concluded. You have the right to request a copy of the appropriate safeguards we have put in place. For this purpose, please send us an email to the email address mentioned in this privacy policy.

5   How is Your Personal Data Collected

We use different methods to collect data from and about you including through:

  •   Direct interactions.

You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  •   request for our products or services;
  •   complete an online submission form;
  •   request marketing to be sent to you;
  •   employment applications;
  •   submitting funding applications and any related materials including slide decks, presentations and web submissions;
  •   give us some feedback;
  •   use of our website (cocoa.vc); or use of our social media pages including Twitter (twitter.com/@cocoadotvc) and LinkedIn (https://www.linkedin.com/company/cocoadotvc)
  •   Automated technologies or interactions.

As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. This information does not reveal your specific identity. We collect this personal data by using server logs and other similar technologies such as IP address identification and logging.

  •   Cocoa may also use cookies to collect information on you such as your browser type, time spent on the services, pages visited, language preferences, and other traffic data.
  •   Third parties or publicly available sources.

We may receive personal data about you from various third parties including analytics providers, advertising networks and search information providers. We require third parties to have lawful rights to collect, use and share your data before providing any data to us.

  •   Identity data from data brokers or aggregators.
  •   Public sources. Identity data from publicly available sources such as Companies House and the Electoral Register.

6   How is Your Personal Data Processed

“Personal data” is information that identifies you as an individual or relates to an identifiable individual.

We will only use your personal data when the law allows us to and we will not sell, trade or otherwise deal with your personal data in any way that contravenes this privacy policy.

We have set out below a description of the ways we plan to use your personal data, and on which legal basis we do so. Where we rely on our legitimate interests as a legal basis for processing, we have identified the nature of those legitimate interests.

We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Such data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy policy.

Unless we request it, we ask that you not send us, and you not disclose, any sensitive personal data (e.g., national insurance numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the services or otherwise.

6.1  Provision of the Website

When you visit our website, data that your browser transmits to our server, is automatically processed. This data is stored in the log files of the server (in so-called “server log files”). The following personal data is processed:

  •   Browser type and browser version
  •   Operating system used
  •   Referrer URL (previously visited website)
  •   Host name of the accessing computer
  •   Date and time of server request
  •   IP address

6.1.1  Purpose of Processing

We do not use the data stored in server log files to draw any conclusion about your person. The purposes pursued by us include:

  •   the guarantee of a smooth connection set-up of the website,
  •   the clarification of acts of abuse or fraud,
  •   problem analysis in the network, and
  •   the evaluation of system security and stability.

6.1.2  Legal Basis

The legal basis for processing your personal data is our legitimate interest pursuant to Art. 6 (1) (f) UK GDPR. We have a prevailing interest in being able to guarantee the website’s stability and security.

6.1.3  Retention Period

The log files are stored for security reasons (e.g., to clarify acts of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further retention is required for evidentiary purposes will be retained until the matter has been finally clarified.

6.1.4  Recipients of Personal Data

We use the following service provider:

Terra Host AS

Klinestadmoen 10,

3241 Sandefjord

Norway

7   Cookies

7.1  General Information

We use cookies on our website. These are files that your browser automatically creates and that are stored on your IT system when you visit our site. Information is stored in the cookie that is related to the specific device used.

Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the data subject from other browsers that contain other cookies. A specific browser can be recognised and identified via the unique cookie ID.

When you visit our website or a sub-website for the first time and it contains cookies, you will be shown “data protection settings”. There you will be informed about the individual cookies that we use. You can find out about each individual cookie in terms of the name, the provider, the purpose of the processing and the storage period. In addition, you can allow us to use non-essential cookies and reverse this decision there.

In legal terms, a distinction must be made between essential and non-essential cookies:

7.2  Essential Cookies

We use essential cookies. These are cookies that are technically necessary to provide all functions of our website. The legal basis for processing your personal data is our legitimate interest pursuant to Art. 6 (1) (f) UK GDPR. We have a prevailing interest in being able to offer our technically functioning service.

7.3  Non-essential Cookies

We also use non-essential cookies (e.g. analysis and marketing cookies). These are cookies that are not technically necessary. We use them to understand your behaviour on our website and to improve our services. The legal basis for processing your personal data is your consent pursuant to Art. 6 (1) (a) UK GDPR. The cookies are set only after you have given your consent via our cookie banner.

7.4  Cookie Banner

7.4.1  Scope of processing

In order to be able to present you with information regarding cookies in the form of the “privacy settings”, we use a cookie banner on our website. With our cookie banner, we inform you about the cookies we specifically use. In addition, we give you the opportunity to decide whether you want to consent to the setting of non-essential cookies.  The following can be processed:

  •   Usage data (e.g. web pages visited, time of access)
  •   Meta and communication data (e.g. IP address).

7.4.2  Purpose of processing

We process your personal data for the following purposes:

  •   Informing the user about the cookies we use.
  •   Enabling the user to consent to cookies that are not technically necessary.

7.4.3  Legal basis for processing

The legal basis for the use of the cookie banner is Art. 6 para. 1 p. 1 lit. f) DSGVO. We have an overriding legitimate interest in using the cookie banner, which enables us to obtain the legally required consents for the use of non-essential cookies and to comply with our duty to provide information regarding cookies.

7.4.4  Storage period

The cookie banner stores preferences until you reset or adjust them.

7.4.5  Recipients of personal data

We don’t use an external provider and do not forward any data to third party recipients..

7.5 Google Fonts

We use Google Fonts to obtain fonts (and symbols) for the purpose of a technically secure, maintenance-free and efficient use of fonts and symbols with regard to up-to-dateness and loading times, their uniform presentation and consideration of possible restrictions under licensing law. The provider of the fonts is informed of the user’s IP address so that the fonts can be made available in the user’s browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) are transmitted which are necessary for the provision of the fonts depending on the devices used and the technical environment. This data may be processed on a server of the provider of the fonts in the USA – When visiting our online offer, the users’ browsers send their browser HTTP requests to the Google Fonts Web API (i.e. a software interface for retrieving the fonts). The Google Fonts Web API provides users with the Google Fonts Cascading Style Sheets (CSS) and then the fonts specified in the CCS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server and (3) the HTTP headers, including the user agent describing the browser and operating system versions of the website visitors, as well as the reference URL (i.e. the web page on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers and they are not analysed. The Google Fonts Web API logs details of HTTP requests (requested URL, user agent and referring URL). The requested URL identifies the font families for which the user wishes to load fonts. This data is logged so that Google can determine how often a particular font family is requested. With the Google Fonts Web API, the user agent must match the font that is generated for the particular browser type. The user agent is logged primarily for debugging purposes and is used to generate aggregate usage statistics that measure the popularity of font families. These aggregate usage statistics are published on Google Fonts’ Analytics page. Finally, the referral URL is logged so that the data can be used for production maintenance and to generate an aggregate report on top integrations based on the number of font requests. Google says it does not use any of the information collected by Google Fonts to profile end users or serve targeted ads;

Through Google Fonts we process the following personal data:

  •   IP address
  •   Device data, such as operating system, browser version, screen resolution

7.5.1  Purpose of Processing

We use Google Fonts for the purpose of a technically secure, maintenance-free and efficient use of fonts and symbols with regard to up-to-dateness and loading times, their uniform presentation and consideration of possible restrictions under licensing law., the Google Fonts enables us to quickly and easily exchange code on our website via a web interface without having to intervene in the source code.

7.5.2  Legal Basis

The legal basis for processing your personal data is your consent pursuant to Art. 6 (1) lit a UK GDPR . The cookies are set only after you have given your consent via our cookie banner.

7.5.3  Retention Period

We delete your personal data as soon as they are no longer required to achieve the purpose for which they were collected. The storage period of personal data depends on the providers used.

7.5.4  Recipients of Personal Data

We use the following service provider:

 

Google Ireland Ltd.

Gordon House,

Barrow Street, Dublin 4

Ireland



7.6  Google Tag Manager

We use Google Tag Manager to control the use of code snippets (“tags“), such as tracking code on our website.

Through Google Tag Manager, we process, among other things, the following personal data:

  •   IP address
  •   Device data, such as operating system, browser version, screen resolution

7.6.1  Purpose of Processing

In doing so, the Google Tag Manager enables us to quickly and easily exchange code on our website via a web interface without having to intervene in the source code.

7.6.2  Legal Basis

The legal basis for processing your personal data is your consent pursuant to Art. 6 (1) lit a UK GDPR. The cookies are set only after you have given your consent via our cookie banner.

7.6.3  Retention Period

We delete your personal data as soon as they are no longer required to achieve the purpose for which they were collected. The storage period of personal data depends on the providers used.

7.6.4  Recipients of Personal Data

We use the following service provider:

Google Ireland Ltd.

Gordon House,
Barrow Street, Dublin 4
Ireland

7.7  Google Analytics

This website uses functions of the web analytics service Google Analytics. Through Google Analytics, we process the following personal data, among others:

  •   Time of request
  •   IP addresses
  •   Online identifiers (including cookie identifiers)
  •   Device identifiers
  •   Technical characteristics of users (e.g., browser type and version, device type, operating system)
  •   Measurement of user behaviour (e.g., views of individual pages / content, views of content from different areas, session duration / dwell time, bounce rate
  •   Use of individual website functionalities (e.g. timetable information, search queries, downloads)
  •   eCommerce activity (e.g., products purchased, sales)
  •   Referral URL (the previously visited page).

7.7.1  Purpose of Processing

We use Google Analytics to analyse your user behaviour in order to make decisions regarding product and marketing optimization based on the results.

7.7.2  Legal Basis

The legal basis for the use of Google Analytics is, pursuant to Art. 6 (1) lit. a UK GDPR, your voluntary and revocable consent

You can consent to the processing of your data by Google Analytics using our Consent Manager, prevent the collection of your data or revoke consent once given. To revoke, call up the cookie settings on our website again.

7.7.3  Retention Period

Personal data is anonymized by Google 14 months after your last activity, unless there is a legal obligation to retain it.

7.7.4  Recipients of Personal Data

We use the following service provider:

Google Ireland Ltd.

Gordon House,
Barrow Street, Dublin 4
Ireland

8   Contact

8.1  General Information

Through our website you can contact us by email. To contact you and to answer your request, we process the following personal data from you:

  •   First and last name
  •   Email address
  •   Date and time of the inquiry
  •   IP address
  •   Other personal data that you provide to us while contacting us.

8.2  Purpose of Processing

We process your data to respond to your inquiry and other matters arising from it.

8.3  Legal Basis

If your request is connected to pre-contractual measures or in relation to an existing contract with us, the legal basis is the performance of the contract and implementation of pre-contractual measures pursuant to Art. 6 (1) (b) UK GDPR.

If your request is made independently of contractual or pre-contractual measures, our prevailing legitimate interests pursuant to Art. 6 (1) (f) UK GDPR constitutes the legal basis. The prevailing legitimate interest corresponds to the above-mentioned purposes.

8.4  Retention Period

We delete your personal data as soon as they are no longer required to achieve the purpose for which they were collected. In the context of contact inquiries, this is usually the case when it is clear from the circumstances that the specific matter has been conclusively processed.

8.5  Recipients of Personal Data

We use the following service provider:

Superhuman Labs, Inc.

555 Mission Street #300
San Francisco,

CA 94105

9   Application

9.1  General Information

You can apply for job vacancies through our application form or via email. As part of the application process, we process the following personal data:

  •   First and last name
  •   Address
  •   Contact data (e.g., email address, telephone number), and
  •   Application data (e.g., cover letter, resume, certificates, and other supporting documents).

9.2  Purpose of Processing

The purpose of the processing is to carry out the application procedure.

9.3  Legal Basis

The legal basis for the processing of personal data is the fulfilment of the contract and the implementation of pre-contractual measures pursuant to Art. 6 (1) (b) UK GDPR.

9.4  Retention Period

If an employment relationship is established after completion of the application process, the personal data provided will be processed further for the employment relationship. Otherwise, we generally retain the data for six months after the end of the application process. We then delete all personal data.

9.5  Recipients of Personal Data

We use the following service provider:

Superhuman Labs, Inc.

555 Mission Street #300
San Francisco,

CA 94105

10   Social Networks

10.1   General Information

We maintain presences in social networks to communicate with you and inform you about our services. We use the following social media networks: Twitter and LinkedIn.

We use the following social media plug-in: Twitter. This allows you to communicate with such services and like or comment from our website.

Please note that we neither have the control of the extent of personal data that is collected by the respective plug-in provider, nor do we know the processing’s purpose or the period your personal data will be retained.

Further information about the processing of your personal data in the provider’s course of operation is provided via their respective privacy policy. Moreover, you will be provided with further information regarding your rights and setting concerning privacy.

10.2   Purpose of Processing

The purpose of the processing is the maintenance of presences in social media. Social media plug-ins enable a direct communication between your device and the servers of the social media provider, allowing the social media provider to communicate with you and collect information about you browsing our website.

10.3   Legal Basis

The legal basis for the processing of personal data is based on Article 6 (1) lit. a UK GDPR, your voluntary and revocable consent.

10.4   Recipients of Personal Data

We have company presences in the following social networks:

LinkedIn Ireland Unlimited

Company Wilton Place

Dublin 2

Ireland

LinkedIn Privacy Policy

 

Twitter International Company

One Cumberland Place

Fenian Street

Dublin 2

Ireland

Twitter Privacy Policy

11   Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. We cannot guarantee the security of any personal data that you disclose online, for example when it is sent by email. You accept the inherent security risks of providing information online over the internet and will not hold Cocoa responsible for any breach of security unless this is due to Cocoa ’s negligence or wilful default.

12   Your Rights

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

Right to Object

You have the right to object to the processing of your personal data at any time on grounds relating to your particular situation, which is carried out on the basis of data processing in the public interest pursuant to Art. 6 (1) (e) UK GDPR or on the basis of our legitimate interest pursuant to Art. 6 (1) (f) UK GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Where we need to collect personal data by law, or under the terms of a contract we have (or are negotiating) with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel all or part of the services you have with us, but we will notify you if this is the case at the time.

You are not required to pay any charge for exercising your rights. We have one month to respond to you. Please contact us at dsb@secjur.com, if you wish to make a request

12.1   How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at

 

secjur GmbH,

Steinhöft 9

20459 Hamburg;

Telephone: +49 40 228 599 520

Email: dsb@secjur.com

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113 ICO

website: https://www.ico.org.uk