Privacy policy

Last updated: 15 November, 2024

Parties

This privacy policy (the "Privacy Policy") is provided by:

Roundtable SAS, a French “société par actions simplifiée” registered in France under the number 908 281 363 at the Commercial and Companies Registry of Nanterre, whose registered office is located at 25 Allée Robert Doisneau, 92100Boulogne-Billancourt, France;

 

For the purpose of the present Privacy Policy “Roundtable” is understood as Roundtable SAS as defined above and all its Affiliates (including the legal entities forming partof the same group) (referred to as “Roundtable” or as “we”).

For the purpose of the present Privacy Policy “Customer” has the meaning ascribed to it in the Roundtable Platform Terms. The Privacy Policy forms a whole with all Roundtable Terms of Service, including the Service Terms (“ToS”). Capitalized terms will have the meaning they are ascribed in the ToS.

 

The Privacy Policy applies where we and/or a legal entity created as part of our Services (the “SPVs”) are acting as a data controller with respect to the personal data of the Customers, in other words, where we (as a service provider or as a legal representative of the SPV) determine the purposes and means of the processing of the Personal Data.

Introduction

The Privacy Policy may be amended or updated from time to time without prior notice. All amendments or updates will be posted online on the Website. If amendments to our Privacy Policy involve matters for which the Customers’ consent was previously required, we will notify the Customers in order to obtain its renewed consent.

 

The Privacy Policy describes what personal data, as defined in Applicable Regulations (“PersonalData”), we collect when the Customers use the Services, Roundtable’s Website, as well as other interactions the Customers may have with Roundtable (for example, Customer support conversation, user surveys, etc.). It also provides information about how we store, transfer, use, and delete that Personal Data, and what rights and choices the Customer has with respect to such Personal Data.

To exercise their rights or if Customers otherwise have any questions regarding our processing of personal data, we encourage the Customers to contact us at the email address contact@roundtable.eu.

 

Roundtable also notifies Customers that they may raise complaint to a data protection authority, e.g the supervisory authority where they live or the French Data Protection Authority, the Commission Nationale de l’Informatique et des Libertés (“CNIL”).

Why we collect, process, store and from time to time transfer Customers’ Personal Data (Legal basis for data processing)

We process Customers’ Personal Data for the following purposes:

  1. create an account for Customers (including the creation of an investor profile page) and deliver the Services to Customers, and continue to maintain and develop the services (legal basis: contract with the Customer)
  2. Roundtable also creates public profiles of people and companies (both Customers and non-customers), based on information gathered from different public sources. Profiles are then made available to Customer. (Legal basis: Consent on an opt-out basis)
  3. operate transaction (legal basis: contract for the duration of the use of the Services and then legal obligation)
  4. facilitate the administration and animation of Deal Accounts by the Deal Leads, Communities by the Admins and Funds by the Fund Leads (legal basis: contract with the Customer) 
  5. sending newsletters and promotional offers when the Customers have consented to this by accepting the present privacy policy as it may be amended from time to time (legal basis: consent)
  6. sending emails pertaining to the Customer’s account, Services changes or new policies (legal basis: contract)
  7. responding to Customer’s request for maintenance (legal basis: contract with the Customer) 
  8. responding to Customer request through the website (legal basis: consent)

Where Customers have given consent to Roundtable, they may also withdraw their consent at any time, by sending an email to contact@roundtable.eu.

What Customers’ Personal Data we collect

Customers are required to provide Roundtable with accurate, truthful, and sincere Personal Data. When using the Services, we may collect the following data:

  1. Customer account information: Customer name and first name, email address, phone number, profile picture, nationality, date of birth, address, unique identification number attributed by us
  2. Customer KYC information: We process the following data, customer ID document, proof of address, proof of fund and photography and attribute a KYC status to all Customers. In addition to the data collected directly from the Customers we use a KYC partner (Dotfile) to offer services that comply with high KYC standards. Dotfile obtains personal information for its databases from a commercial supplier of AML/CTF watchlists and through PEP and bad press checks. This information may typically include an individual’s names, date of birth, residential address and gender and may also include information about criminal records, personal relationships, and other publicly available information. Dotfile seeks assurances from all its data sources that the information has been collected and is held in accordance with applicable privacy laws. Because of the nature of the Dotfile service, it is not possible to collect this information directly from the individual. Dotfile and Roundtable will not use this personal information for any purpose other than to ensure that its Services meet high KYC standards inspired by the AML/CTF legislation. Dotfile and Roundtable maintain strict security over this personal information. If we hold your personal information through Dotfile, this is not controlled by us and you should refer to their respective privacy policies. Dotfile databases are held and stored by Dotfile or a cloud services provider.
  3. Customer investment holding KYB information (whether it qualifies as Personal Data or not): For Customers investing through an investment holding company, company’s denomination, legal entity type, company number, company bylaws, annual accounts, company incorporation document, company ultimate beneficial owners.
  4. Payment and Transaction information: Customer’s billing details such as credit card information, billing email, banking information, location at the time of transaction and/or a billing address
  5. Investor Banking Information: Bank account number, Bank address
  6. Utilisation of the Platform: Including but not limited to metadata to provide additional context about the way the Service is being used. We collect usage data and investment data. The usage data may include Customer’s IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of the use of the Services. The investment data may include the amount invested in various Deals or Funds, the number of commitments of the Customer, the number of deals created by the Customer, the total amount the Customer has raised and the data surrounding the votes in which the Customer has participated as an Associate of the SPV. The investment data may also be collected through the means of electronic questionnaires relating to investment DNA. 
  7. Terms of the investment: Including but not limited to information about any carried interest, potential entry fees and the type of shares acquired in the SPV and the rights affiliated thereto. 

Personal Data is collected and processed when Customer use the Services and interact with the Services.

Data Retention period

Except if otherwise specified by the law or any applicable regulations, we store Customers’ Personal Data for the following duration :

  1. for Customers who still have an account on the Roundtable platform the data is conserved for five (5) years following the date of the end of the investment or for five (5) years after using the Services the last time. The latest of the two dates will be applied. 
  2. for Customers who no longer have an account on the Roundtable platform the account information is conserved for up to three (3) years after the deletion of the User account
  3. for Customers who no longer contact us for support information the account information is conserved for up to one (1) year from the last contact for support information 

How we collect, process and store Customers' Personal Data

We in Roundtable are committed to safeguarding the privacy of our Customers and use their Personal Data in accordance with Law no. 78-17 of 6 January 1978 on computer technology, computer files and civil liberties, known as the “Informatique et Libertés” Act, as well as with Regulation (EU) No 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data applicable since 25 May 2018 (together the “Applicable Regulations”).

We undertake to:

  1. collect and process Personal Data of Customers fairly and lawfully
  2. limit the processing of personal data to specific, explicit and legitimate purposes
  3. minimize the collection and storage of Personal Data in relation to the purpose of the processing
  4. ensure the accuracy of Personal Data and allow their deletion or rectification
  5. limit the retention of Personal Data
  6. ensure the security, integrity and confidentiality of Personal Data
  7. respect Customers’ rights

Security of Personal Data, storage and deletion of personal data

We make every effort to avoid any interference with the Personal Data of Customers, such as loss, misappropriation, intrusion, unauthorised disclosure, alteration or destruction thereof. Security measures include but are not limited to the following measures: 

  • Traceability measures 
  • Data backup 
  • Data encryption 
  • Customer access control

 ‍

We undertake to ensure that this protection is provided by any person who may carry out processing on Customers’ Personal Data for the purposes described above.

Transfer of Personal Data

We may disclose Personal Data of Customers to our services providers and relevant commercial partners, in particular:

  1. ForestAdmin, the company hosting Personal Data
  2. Bank partners for KYC/KYB
  3. Domiciliation providers as well as accountants and/or tax advisors
  4. Incorporation services providers entities required for formalities (in particular, notary, trade registry) for Investment vehicle incorporation
  5. Customer support tools providers, such as Calendly, the company providing online calendar. 
  6. Deal Leads, Community Admins and Fund Leads, it being guaranteed that this transfer will mainly be used to streamline communication. Data collected relating to the investor DNA may be used for commercial purposes. To better understand the role of the Deal Lead, the Community Admin and the Fund Lead please refer to the ToS affiliated to the relevant Service.
  7. Relevant commercial partners offering services and products that are complementary and analog to the Roundtable Services to promote relevant services and products

Except for our Services providers and relevant commercial partners, contractually bound to appropriate data protection obligations, we undertake not to disclose, assign or transfer Personal Data to any third parties without the Customers’ express consent. 

We could however be induced to disclose such if :

  1. the law should so require or by judicial or administrative request. In particular,  data colected in the KYC and or the KYB processes may be copied to or otherwise shared with any authority, financial institution, or any other person with which the Company cooperates or on which the Company relies in the provision of the Services, to the extent that such other persons reasonably require such information and documents in order to comply with rules of mandatory application or with reasonable internal control procedures.
  2. In the case where we are involved in a merger, acquisition, bankruptcy, reorganization or sale of assets such that your information would be transferred or become subject to a different privacy policy, we will notify the Customer.

Your personal information may be collected in, transferred to, accessed from, or stored in a country other than the one you are in, including the United States, which may have data protection rules that are different from those of your country. If your personal data are transferred to a recipient in a country that does not provide an adequate level of protection for personal data, Roundtable will take measures to ensure that your personal data are adequately protected, such as entering into EU Standard Contractual Clauses with these recipients.To obtain the complete list of our service providers located outside of the European Union please contact: contact@roundtable.eu.

Customers’ rights over their Personal Data

Customers have the following rights over their Personal Data: 

  1. A right of access, a right to rectification and to request the deletion of their personal data ; 
  2. A right to obtain communication thereof in a structured and readable form (save legitimate impediment) ; 
  3. A right to define guidance relating to their digital will; and
  4. Customers may also ask Roundtable to restrict the processing of their Personal Data, or object to processing, including profiling.

If a Customer has an account, he or she may access, modify or export its Personal Data, or delete its account by sending an email to contact@roundtable.eu. In case of deletion of the Customer’s account, its information and content will be unrecoverable after that time. To comply with our legal obligations, we may however keep storing Personal Data after the deletion of the Roundtable account.

Cookies and Other Tracking Mechanisms

A cookie is a text file that may be installed on the hard drive of a Customer when he uses the Services. These small files may contain, for instance, the language used by Customer’s browser, and its preference settings. When we use cookies, we may use “session” cookies (that last until you close your browser) or “persistent” cookies (that last until you or your browser delete them). Some of the cookies we use are associated with Customers’ account, and other cookies are not.

Traffic data is generated when your device is connected to the internet and to the Services.

Roundtable may use traffic data (generated when the Customer’s device is connected to the internet and the Services) for statistical purposes in order to analyse the number of visits to the Services and to improve such by adapting it to its needs. Traffic data is never used nominatively by Roundtable.

We install cookies on the Customer’s devices in order to allow the Customer to use the Services in optimal conditions, to save its profile and restore its preferences when he is connected via its usual device, or to establish statistics.

We use the certain types of cookies to allow the proper functioning of the Roundtable platform including browsing cookies, which are necessary for the proper technical functioning of the Services, as they allow the display of content from each device to be optimized .

In addition, the Customer may consent to the use of the following type of cookies:

  1. Functional cookies : which are not indispensable to the proper functioning of the Services but optimize browsing experience;
  2. Other Web Site Analytics Services: We use third party service providers such as Google Analytics to provide certain analytics and Customer interactions with our Services, including the collection and tracking of certain data and information regarding the characteristics and activities of the User. Google’s privacy policy is available by clicking on this link.

‍Customers may accept or refuse cookies being installed on its device using the banner contemplated to that effect when using the Services.

We do not store any cookies enabling the Customer to be tracked or to obtain IP addresses beyond a period of twelve (12) months from the initial installation on its device. Customers may delete cookies at any time from its browser software and configure it to prevent them from being stored on its terminal.

 ‍

Customers are invited to refer to their browser's help file to determine the appropriate settings. Refusing to accept cookies may seriously impair its browsing experience.