Privacy policy
Techquity AB
Reg. no. 559262-0529
Pirgatan 13, 374 30 Karlshamn
Introduction
This privacy policy (this ”Policy”) describes how we, Techquity AB, Reg. No. 559262-0529 (”Techquity”, ”we”, ”us”, ”our”), with address Pirgatan 13, 374 35 Karlshamn, Process your Personal Data (both as defined below).
Techquity provides a platform for managing and automatising legal processes and workflows in connection with fundraising of private capital funds. Through our platform, investors can fill out subscription forms (application forms), upload KYC documentation and generate legal contracts with the purpose of applying for fund units in private capital funds.
Techquity cares about privacy and protecting the Personal Data handled by us. All Personal Data is Processed in accordance with Applicable Law (as defined below). In this Policy we describe how, and the purposes for which, we use and Process your Personal Data as well as what lawful bases we use and what measures we take to protect your Personal Data. We also provide information on how you exercise the rights you have connected to our Processing of Personal Data.
This Policy provides information on how we handle Personal Data when you communicate with us, use our platform (available on app.techquity.se) and/or visit our website www.techquity.se (together the ”Services”).
The intended recipient(s) of the information provided in this Policy is:
- Investors and others which are users of the Services (including individuals representing institutional or private investors, fund managers and/or fund administrators);
- Employees of potential customers (mainly individuals employed at law firms which are customers of Techquity);
- Employees of existing customers (mainly individuals employed at law firms which are customers of Techquity);
- Anyone subscribing to our newsletter(s) and/or to receive updates and information about Techquity by way of filling out a form on our website (www.techquity.se) or through other means; and
- Visitors to our website.
Depending on the context of Personal Data you provide, Techquity may be the Controller or the Processor of your Personal Data under this Policy.
Techquity is a Processor in relation to our Customers for Personal Data submitted to or collected through our Services on behalf of or at the direction of our Customers, except for Personal Data which is collected and required in order for users to register their accounts with us, for which Techquity is a Controller. We are also a Controller for Personal Data which is collected for our own business purposes, such as marketing (including but not limited to our newsletter(s)), statistics, analytics, and similar.
As to the Personal Data of individuals employed at law firms which are customers to Techquity, Techquity collects and Processes such Personal Data under a Data Processing Agreement between Techquity and the law firm, where Techquity is the Processor of Personal Data submitted or otherwise uploaded to the Platform. However, Techquity is a Controller for the Personal Data collected and required in order for employees to register accounts on our Platform.
Definitions
”Applicable Law” refers to the legislation applicable to the processing of Personal Data, including the GDPR, supplementary national legislation, as well as practices, guidelines and recommendations issued by a national or EU supervisory authority.
”Controller” is the company/organisation that decides for what purposes and in what way Personal Data is to be processed and is responsible for the Processing of Personal Data in accordance with Applicable Law.
“Customer” means a customer of Techquity, which is mainly law firms managing the legal work in connection with a fundraising.
”Data Subject” is the living, natural person whose Personal Data is being Processed.
”Processing” means any operations or set of operations which is performed on Personal Data, e.g. storage, modification, reading, handover or similar.
”Processor” is the company/organisation that processes Personal Data on behalf of the Controller and can therefore only process the Personal Data according to the instructions of the Controller and the Applicable Law. The definitions above shall apply in the Policy regardless of whether they are capitalised or not.
Our processing of personal data
We have a responsibility to describe and demonstrate how we fulfill the requirements that are imposed on us when we Process your Personal Data. This section aims to describe (i) the lawful bases for Processing your Personal Data, (ii) for how long we keep your Personal Data (storage), (iii) the type of Personal Data we collect, (iv) the methods used for collecting your Personal Data, and (v) the purposes for which we Process your Personal Data.
You are informed that Techquity may share or transfer your Personal Data to certain third parties (Processors or Sub-Processors), but never for other purposes than for which they were collected in the first place, and always in accordance with Techquity’s explicit instructions.
What are our lawful bases for processing data?
We collect, use and share the Personal Data we have using the following legal bases.
Legitimate interest: Techquity may Process Personal Data if we have assessed that a legitimate interest overrides the interest of fundamental rights and freedoms of the Data Subject, and if the Processing is necessary for the purpose in question.
Performance of a contract: The Processing is necessary for the performance of a contract entered between us and the Data Subject.
Consent: Techquity may Process your Personal Data after you have given your consent ot the Processing. Information regarding the Processing is always provided in connection to the request of consent. You may withdraw your consent at any time.
Legal obligation: Techquity will Process your Personal Data where we are required by laws and regulations to do so as a result of our business.
For how long do we store your personal data?
We will keep your Personal Data as long as it is necessary for the purpose(s) for which it was collected. Depending on the lawful basis on which the Processing is supported, this may (i) be regulated in a contract, (ii) be dependent on valid consent, (iii) be stated in legislation or (iv) follow by an internal assessment based on a legitimate interest assessment. In the list below we indicate, where possible, the period during which the Personal Data will be stored and the criteria used to determine the storage period.
The personal data we collect
The Personal Data we may collect include:
Browser information: What type and version of browser, websites from which you have been referred, pages you use on our website, your IP address and a rough location estimate based on your IP address, information about your web activity on our site or your interaction with e-mails we send to you, and information about your use of our Services.
Contact details: Name(s), e-mail address, residential address, personal identification number and telephone number and information about the organisation you represent.
User account information: Username, password, profile picture (optional).
Your usage: We collect information about how you use our Services, such as what pages you visit, how much time you spend on different pages, what you click on and how you engage with our content.
How do we collect your personal data?
We collect Personal Data directly from you, as well as automatically through your use of our Services and, in some cases, from third parties. Below is a list describing how we collect Personal Data.
Information that you give us: The information we collect directly from you is typically contact details and user account information shared by you in connection with registering an account (and profile), and information you share with us through the use of our forms (subscription forms) used for applying for fund units.
Information collected automatically: When you use or interact with our Site and Services, we receive and store information generated by your activity, like usage data and other information automatically collected from your browser or mobile device. This information may include information on what type and version of browser you are using, websites from which you have been referred, pages you use on our website, your IP address and a rough location estimate based on your IP address, information about your web activity on our site or your interaction with e-mails we send to you, and information about your use of our Services.
In most cases, this information is generated by various tracking technologies, which may include ”cookies” and/or ”web beacons”. You can read about how we use cookies and other tracking technologies in our Cookie Policy (www.techquity.se/cookies) and also about the choices you can make to limit their use.
Information from other sources: We may receive information about you such as name and e-mail adress, in order to invite you to the platform. This information is typically received from the private equity firm raising the fund, or the law firm managing the legal process in connection to the fundraising.
Processing purposes
#1 – Enable access to the Services
Purpose: Register a user account and profile to enable the user to access the Services.
Personal Data: Name, e-mail address, password, phone number (optional), profile picture (optional).
Source: Directly from the Data Subject, from a representative representing the Data Subject, from the law firm managing the fundraising (which is a customer to Techquity) or from the Data Subject’s employer.
Lawful basis: Performance of contract.
Storage period: As long as the Data Subject holds an account on our platform.
#2 – Increase security and prevent abuse
Purpose: Verify user login credentials to increase security and prevent abuse.
Personal Data: Name, e-mail address.
Source: Directly from the Data Subject or a representative representing the Data Subject.
Lawful basis: The legitimate interest of verifying the user identity to increase security and prevent abuse.
Storage period: As long as the Data Subject holds an account on our platform.
#3 – Support and communication
Purpose: Communicate in order to efficiently help our customers with any problems and provide relevant information regarding the Service.
Personal Data: Name, e-mail address, phone number, company.
Source: Directly from the Data Subject or a representative representing the Data Subject.
Lawful basis: The legitimate interest of providing the Service.
Storage period: Conversations are stored for 12 months or as long as the Data Subject has an account on our platform.
Your rights under the GDPR
You are the one in control of your Personal Data and we always strive to ensure that you can exercise your rights as efficiently and smoothly as possible.
Access: You always have the right to receive information about the Processing of Personal Data that concerns you. We only provide information if we have bene able to fully verify that it is you that are requesting the information.
Rectification: If you find that the Personal Data we process about you is incorrect, you have the right to have it rectified.
Erasure: You have the right to be forgotten and request deletion of your Personal Data when the Processing is no longer necessary for the purpose for which it was collected.
Objections: If you disagree with any of our assessments, such as that a legitimate interest for Processing your Personal Data overrides your interest in protecting your privacy, you have the right to object and demand we review our assessment. When making the new assessment, we add your objection to the balance when considering whether Processing your Personal Data can still be justified. If you object to direct marketing, we will immediately delete your Personal Data without making an assessment.
Restriction: You can also ask us to restrict our Processing of your Personal Data (i) while we are processing a request from you for any of your other rights, (ii) if, instead of requesting erasure, you want us to limit the Processing of Personal Data for a specific purpose, such as if you do not want us to send advertising to you in the future, for which we would still need to save your name in order to know that we should not contact you in the future, or (iii) in cases where we no longer need the information in relation to the purpose for which it was collected, provided that you do not have an interest in retaining it to make a legal claim.
Data portability: We may provide you with the data you have submitted to us or that we have received from you in any other way. You will receive your information in a commonly used and machine-readable format that you can transfer to another personal data manger.
Withdraw consent: If you have given consent to one or several specific Processing(s) of your Personal Data, you have the right to withdraw your consent at any time and ask us to terminate the Processing immediately. Please note that you can only withdraw your consent for future processing of Personal Data and not for Processing that has already taken place.
How to use your rights
Send us an e-mail at privacy@techquity.se and tell us what right(s) you wish to exercise, and we will make sure you can exercise them.
Transfers of personal data
In order to provide our platform and run our business, we may need help from others who will Process Personal Data on our behalf. In cases where our Processors transfer Personal Data outside the EU/EEA, we have ensured that the level of protection is adequate, and in compliance with Applicable Law, by controlling that either of the following requirements are fulfilled:
- The EU Commission has determined that the level of protection is adequate in the third country where the data is processed.
- The Processor has signed up to the EU Commission’s standard contractual clauses (SCCs) for data transfer to non-EU/EEA countries.
- The Processor has taken other appropriate safeguards prior to the transfer and that such safeguards comply with Applicable Law.
We have entered into Data Processing Agreements (DPAs) with all our Sub-Processors. The DPAs set out, among other things, how the Sub-Processor may process the Personal Data and what security measures are required for the Processing.
We may also need to disclose your personal information to certain desginated authorities in order to fulfill obligations under Applicable Law or legally binding judgments.
Our sub-processors
Processor: Amazon Web Services (AWS).
Personal data being processed: All data collected by us (contact details, user account details, financial information, passport details, browser information).
Details: Our servers are hosted with Amazon Web Services at their premises in Stockholm, Sweden. All Personal Data collected by us are stored on their services.
Processor: Google (G Suite, Google Drive, Gmail).
Personal data being processed: Full name(s), e-mail address.
Details: Google’s products help us in different areas. We use Gmail as our e-mail service and Google Drive for document storage.
Processor: DocuSign, Inc.
Personal data being processed: Full name(s), e-mail address.
Details: DocuSign is an e-signature solution which is integrated into the Platform. DocuSign is used by companies all over the world to sign documents and agreements in a secure way.
Security measures
Techquity has employed technical and organisational measures to ensure that your Personal Data is processed securely and protected from loss, abuse and unauthorised access.
Organisational security measures: Measures implemented in work methods and routines within the organisation such as (i) internal governance documents (policies and instructions), (ii) login and password management, and (iii) physical security (premises, etc.).
Technical security measures: Measures implemented through technical solutions, such as:
- Encryption
- Access control level
- Access log
- SSL for all outside connections
- 2-step authentication for all sensitive services
- Using password manager for all passwords
Cookies
Techquity uses cookies and similar tracking technologies to analyse the use of our Services so that we can improve them and give you a superior user experience. For more information on how we use cookies, please see our Cookie Policy at www.techquity.se/cookie-policy.
Complaints to a supervisory authority
If you think that we are not Processing your Personal Data correctly, even after you have notified us of this, you are always entitled to submit your complaint to the Swedish Data Protection Authority (Integritetsskyddsmyndigheten).
More information about our obligations and your rights can be found at www.imy.se.
You may contact the authority via e-mail at: imy@imy.se.
Changes to this policy
We reserve the right to make changes to this Policy. In the event that the change affects our obligations or your rights, we will inform you about the changes in a timely and appropriate manner so that you are able to review the changes beforehand.
Contact
Please contact us if you have any questions about your rights or if you have any other questions about how we process your personal information at privacy@techquity.se.