Controller of the processing of the personal data is:
Collective Action B.V., having its registered office at Amersfoortsestraatweg 117, 1251 AV Laren, The Netherlands. Registered at the Chamber of Commerce in the Netherlands with the number: KVK 81176783
2. What kind of personal data do we collect, for what purpose and on what legal basis?
We may process your personal data in several situations. For example, if you have an account on the MyCelium Platform, enter into an agreement with us, fill in a form on our website or if you send us an email with your request for information.
Below, we briefly describe the situations in which we process personal data, for what purposes and on what legal basis.
2.1 Collective Action users
If we have concluded an agreement for the use of our services, we will process personal data. For example all personal data that is inserted in the documentation, data and/or materials that is disclosed by you or all personal data that you insert in your account on the MyCelium Platform. These data may include your (company) name, address details, e-mail address and telephone number and/or details of the contact persons, bank account, etc.. If you are an entrepreneur/impact manager (“GP“), seeking to raise capital through the MyCelium Platform, we may also ask you to provide additional information e.g. in connection with your business and/or your proposition. This may also include personal data.
The principal purposes for which we process and store your personal data are:
- To confirm your identity in order to create your account and ensure that you are eligible to use the services provided on the MyCelium Platform.
- To provide you with information about the agreement and your account, including any funding campaign you have created and any investments or payments you have made.
- To contact you (by phone or by e-mail), for example in order to give answer to your questions or remarks and / or provide you with the requested information or advice.
- To monitor, improve and administer the MyCelium Platform and our services.
- To enable us to conduct surveys and analysis and aggregate user profiles.
- To provide you with the requested information about our business, and on other selected products and services that we think may be of interest to you, unless you have asked us not to do so.
- To measure, understand, or improve the effectiveness of advertising we provide to you and others.
- To enable us to comply with our legal and regulatory obligations, including reporting to regulators and governmental authorities.
- To contact you to ensure user satisfaction in respect of our role as service provider and assist you in getting the best value from our service.
If you are an Investors (“LP”) or an entrepreneur/impact manager (“GP”) we may also use your personal data:
- To conduct required anti-money laundering checks and customer due diligence investigations on you in connection with certain transactions you may conduct via the MyCelium Platform.
- To conduct background checks on you or your company, in connection with your use of our services. These checks may include checking references or (online) sources (including but not limited to social media).
- To process payments and investments in connection with the services provided on the MyCelium Platform.
- To conduct analysis and surveys for the business of Collective Action.
- In the case of GP’s seeking capital,
- to conduct (investment and operational) due diligence investigations and analyses and drafting reports on your organisation or your fund;
- to carry out of the business of Collective Action, specifically for the purpose of assessing the proposition of your organisation and discussing such proposition with LP’s and partners in the normal course of consideration of making investments;
- to considering a participation in your organisation and/or your fund.
- In the case of LP’s looking to invest, to confirm that you are eligible to make investments through our services/the MyCelium Platform in accordance with relevant legislation.
Please note that the personal data uploaded in your account can be accessed by, or disclosed to, other users of the MyCelium Platform (e.g. LP’s, lawyers or administrators may have access to personal data of the GP) for example to connect with you or to exchange content regarding funds and investments and to ask (additional) questions. We may also use your personal data to share investment opportunities, references, investment & impact research, due diligence questions & opinions.
The legal basis for the processing of personal data listed above is: necessary (i) for the performance of our agreement with you/ your organisation, (ii) for the protection of our legitimate interests, or those of a third party for example in the area of improving our services and/or conducting analyses and surveys, and/or (iii) to comply with legal obligation to which we are subject.
2.2 e-mail newsletter
It is possible to subscribe to our e-mail newsletter, for example through the form on our website. If you have subscribed to our e-mail newsletter, we may send you the e-mail newsletter on a regular basis. In the newsletter, we will keep you informed of the developments within our company and of our products and services. Of course, you always have the opportunity to unsubscribe. This can be done, for example, by using the unsubscribe link in the newsletter or by sending an e-mail to email@example.com
For sending the e-mail newsletter, we may process your name and e-mail address. The legal basis for this processing of personal data is: necessary to fulfil our legitimate interests in the area of marketing.
2.3 Other business relationships
If you fill in your contact details on our website or send us an email with your request for information, we will process the personal data and information provided in your email. We may use this personal data to contact you (by phone or by e-mail) to give answer to your questions or remarks and / or provide you with the requested information.
We also process personal data of other business partners, e.g. consultants, lawyers or Administrators. We process the data in order, for example, to make use of their services or to keep these business partners informed of the developments within our company and of our services.
The legal basis for this processing of personal data is necessary for the protection of our legitimate interests for example in the area of relationship management and marketing.
2.4 Automatically generated data
Our website and the MyCelium Platform, registers information for example regarding the visited pages, your clicks, browsing behaviour and search actions. This information can be generated by means of, for example, cookies or other (comparable) technologies however all information is anonymised and not directly traceable to any individual user.
We use the automatically generated information and your company data and personal data to conduct analyses for internal research and statistical, strategic purpose. We use the information to optimize the MyCelium Platform and the services provided on the MyCelium Platform and learn more about the use of the MyCelium Platform and the services so we can improve them.
The legal basis for this processing of personal data is necessary to fulfil our legitimate interests in the area of marketing and optimizing our website and services of the MyCelium Platform.
3. How long do we store and process the personal data
We do not process your personal data longer than necessary for the purpose for which it is processed. If we no longer need to process the personal data, we will delete or anonymise the personal data, unless we are required to keep certain personal data longer, (i) by law, to comply with statutory retention periods (for example laid down in tax legislation) or (ii) by a legal obligation to provide evidence. In which case, only those personal data that are specifically necessary for that purpose will be retained for such longer period.
4. With who do we share the personal data
We don’t share or transfer any personal data to any third party without your explicit permission, unless one of the following situations applies:
- the personal data inserted in the documentation, data and/or materials that is disclosed by you or all personal data that you insert in your account on the MyCelium Platform can be accessed by, or disclosed to, other users of the MyCelium Platform (e.g. LP’s may have access to personal data of the GP) for example to connect with you or to exchange content regarding funds and investments and to ask (additional) questions.
- we may disclose certain details of your personal data if we are required to do so by law, regulation or the order of court or other legitimate government body or arbitration panel. This includes, among other things, any personal data that may be requested by Tax Authorities.
5. Transmission outside the EEA
Some of our suppliers/processors are located outside the European Economic Area (“EEA”). If these suppliers process your personal data on our behalf, we will ensure that appropriate safeguards are in place, which, in accordance with the GDPR, provide an equivalent and adequate level of protection of your rights and freedoms. We do this, for example, by ensuring that the supplier is bound by the Standard Contractual Clauses approved by the European Commission. For more information on the safeguards for transfers outside the EEA, please contact us at firstname.lastname@example.org.
6. Security of your personal data
We shall take appropriate technical and organizational measures to safeguard and protect the personal data against any accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access or against any other unlawful or unauthorized processing of such personal data. These measures guarantee, taking into account the state of technology and the costs of execution, an appropriate level of security given the risk that come with processing and the nature of the data to be processed. However, we cannot guarantee the security of any personal data you disclose online. In using the MyCelium Platform and/or our website, you accept the inherent security implications of engaging in transactions online over the internet, and you agree that you will not hold us responsible for any breach of security unless we have been grossly negligent or in wilful default.
7. Your rights with respect to your personal data
You have the right to obtain our confirmation as to whether or not we process your personal data, on request. You can send our Support Function (email@example.com) a request to receive such information. Furthermore, you are entitled to send our Support Function (firstname.lastname@example.org) a request to access, receive, rectify or erase your personal data. We will process your request without undue delay and in accordance with the GDPR and we will send you a response without undue delay, at least within one month after the receipt of your written request.
If you wish to withdraw your consent or object to the (further) processing of your personal data, please contact us at email@example.com. In response to your request, we will remove your personal data, unless we are obliged to retain the personal data in question on compelling legitimate grounds or due to a statutory obligation. If the latter is the case, we will inform you of this and explain our consideration. We will send you a response without undue delay, at least within one month after the receipt of your written request.
If you have any complaints about our processing of your personal data or your request, you can contact our Support Function (firstname.lastname@example.org). If that doesn’t solve your complaints, you can, of course, always contact the Dutch supervisory authority (www.autoriteitpersoonsgegevens.nl) or the competent court in the Netherlands.
If you have any further questions or remarks, please contact our Support Function (email@example.com).
8. Changes of Business Ownership and control
10. No Waiver
12. Choice of Law and jurisdiction
Laren, The Netherlands, May 2022