Privacy Policy

The protection of your personal data and privacy is of great importance to us. This Privacy Policy applies if we process your personal data. For example if you visit our website www.collectiveaction.org, if you use or have an account on the MyCelium Platform or if you otherwise share your personal data with us. In this Privacy Policy we explain how we use the personal data and other information shared with us and/or collected by us.

We process your personal data with due care and in accordance with the European General Data Protection Regulation (“GDPR”). We recommend that you read the Privacy Policy carefully and keep a copy for your own records. Throughout the Privacy Policy we will refer to you and the organisation you are representing as “you” or “your”, and we will refer to Collective Action B.V. as “we”, “us” or “Collective Action”.

1. Controller

Controller of the processing of the personal data is:

Collective Action B.V., having its registered office at Amersfoortsestraatweg 117, 1251 AV Laren, The Netherlands. Registered at the Chamber of Commerce in the Netherlands with the number: KVK 81176783

If you wish to communicate with us about anything related to this Privacy Policy, you may do so by contacting our Support Function (support@mycelium.collectiveaction.org).

2. What kind of personal data do we collect, for what purpose and on what legal basis?

We may process your personal data in several situations. For example, if you have an account on the MyCelium Platform, enter into an agreement with us, fill in a form on our website or if you send us an email with your request for information.

Below, we briefly describe the situations in which we process personal data, for what purposes and on what legal basis.

2.1 Collective Action users

If we have concluded an agreement for the use of our services, we will process personal data. For example all personal data that is inserted in the documentation, data and/or materials that is disclosed by you or all personal data that you insert in your account on the MyCelium Platform. These data may include your (company) name, address details, e-mail address and telephone number and/or details of the contact persons, bank account, etc.. If you are an entrepreneur/impact manager (“GP“), seeking to raise capital through the MyCelium Platform, we may also ask you to provide additional information e.g. in connection with your business and/or your proposition. This may also include personal data.

The principal purposes for which we process and store your personal data are:

• To confirm your identity in order to create your account and ensure that you are eligible to use the services provided on the MyCelium Platform.
• To provide you with information about the agreement and your account, including any funding campaign you have created and any investments or payments you have made.
• To contact you (by phone or by e-mail), for example in order to give answer to your questions or remarks and / or provide you with the requested information or advice.
• To monitor, improve and administer the MyCelium Platform and our services.
• To enable us to conduct surveys and analysis and aggregate user profiles.
• To provide you with the requested information about our business, and on other selected products and services that we think may be of interest to you, unless you have asked us not to do so.
• To measure, understand, or improve the effectiveness of advertising we provide to you and others.
• To enable us to comply with our legal and regulatory obligations, including reporting to regulators and governmental authorities.
• To contact you to ensure user satisfaction in respect of our role as service provider and assist you in getting the best value from our service.

If you are an Investors (“LP”) or an entrepreneur/impact manager (“GP”) we may also use your personal data:

• To conduct required anti-money laundering checks and customer due diligence investigations on you in connection with certain transactions you may conduct via the MyCelium Platform.
• To conduct background checks on you or your company, in connection with your use of our services. These checks may include checking references or (online) sources (including but not limited to social media).
• To process payments and investments in connection with the services provided on the MyCelium Platform.
• To conduct analysis and surveys for the business of Collective Action.
• In the case of GP’s seeking capital,
  • to conduct (investment and operational) due diligence investigations and analyses and drafting reports on your organisation or your fund;
  • to carry out of the business of Collective Action, specifically for the purpose of assessing the proposition of your organisation and discussing such proposition with LP’s and partners in the normal course of consideration of making investments;
  • to considering a participation in your organisation and/or your fund.

• In the case of LP’s looking to invest, to confirm that you are eligible to make investments through our services/the MyCelium Platform in accordance with relevant legislation.

Please note that the personal data uploaded in your account can be accessed by, or disclosed to, other users of the MyCelium Platform (e.g. LP’s, lawyers or administrators may have access to personal data of the GP) for example to connect with you or to exchange content regarding funds and investments and to ask (additional) questions. We may also use your personal data to share investment opportunities, references, investment & impact research, due diligence questions & opinions.

The legal basis for the processing of personal data listed above is: necessary (i) for the performance of our agreement with you/ your organisation, (ii) for the protection of our legitimate interests, or those of a third party for example in the area of improving our services and/or conducting analyses and surveys, and/or (iii) to comply with legal obligation to which we are subject.

2.2 e-mail newsletter

It is possible to subscribe to our e-mail newsletter, for example through the form on our website. If you have subscribed to our e-mail newsletter, we may send you the e-mail newsletter on a regular basis. In the newsletter, we will keep you informed of the developments within our company and of our products and services. Of course, you always have the opportunity to unsubscribe. This can be done, for example, by using the unsubscribe link in the newsletter or by sending an e-mail to support@mycelium.collectiveaction.org

For sending the e-mail newsletter, we may process your name and e-mail address. The legal basis for this processing of personal data is: necessary to fulfil our legitimate interests in the area of marketing.

2.3 Other business relationships

If you fill in your contact details on our website or send us an email with your request for information, we will process the personal data and information provided in your email. We may use this personal data to contact you (by phone or by e-mail) to give answer to your questions or remarks and / or provide you with the requested information.

We also process personal data of other business partners, e.g. consultants, lawyers or Administrators. We process the data in order, for example, to make use of their services or to keep these business partners informed of the developments within our company and of our services.

The legal basis for this processing of personal data is necessary for the protection of our legitimate interests for example in the area of relationship management and marketing.

2.4 Automatically generated data

Our website and the MyCelium Platform, registers information for example regarding the visited pages, your clicks, browsing behaviour and search actions. This information can be generated by means of, for example, cookies or other (comparable) technologies however all information is anonymised and not directly traceable to any individual user.

We use the automatically generated information and your company data and personal data to conduct analyses for internal research and statistical, strategic purpose. We use the information to optimize the MyCelium Platform and the services provided on the MyCelium Platform and learn more about the use of the MyCelium Platform and the services so we can improve them.

The legal basis for this processing of personal data is necessary to fulfil our legitimate interests in the area of marketing and optimizing our website and services of the MyCelium Platform.

3. How long do we store and process the personal data

We do not process your personal data longer than necessary for the purpose for which it is processed. If we no longer need to process the personal data, we will delete or anonymise the personal data, unless we are required to keep certain personal data longer, (i) by law, to comply with statutory retention periods (for example laid down in tax legislation) or (ii) by a legal obligation to provide evidence. In which case, only those personal data that are specifically necessary for that purpose will be retained for such longer period.

4. With who do we share the personal data

We don’t share or transfer any personal data to any third party without your explicit permission, unless one of the following situations applies:

• we may disclose certain of your personal data to third-party service-providers, so called ‘data processors’,  solely in the course of their provision of services to us. Such data processor is only entitled to process the personal data needed to perform its services and activities and in accordance with our written instructions. The processor guarantees that it has implemented appropriate technical and organisational measures in such a manner that its processing meets the requirements of this privacy policy and the GDPR, and ensures the protection of the rights of all data subjects. The processing of personal data by a processor shall always be governed by a written data processing agreement between us and the processor.
• the personal data inserted in the documentation, data and/or materials that is disclosed by you or all personal data that you insert in your account on the MyCelium Platform can be accessed by, or disclosed to, other users of the MyCelium Platform (e.g. LP’s may have access to personal data of the GP) for example to connect with you or to exchange content regarding funds and investments and to ask (additional) questions.
• we may disclose certain details of your personal data if we are required to do so by law, regulation or the order of court or other legitimate government body or arbitration panel. This includes, among other things, any personal data that may be requested by Tax Authorities.

5. Transmission outside the EEA

Some of our suppliers/processors are located outside the European Economic Area (“EEA”). If these suppliers process your personal data on our behalf, we will ensure that appropriate safeguards are in place, which, in accordance with the GDPR, provide an equivalent and adequate level of protection of your rights and freedoms. We do this, for example, by ensuring that the supplier is bound by the Standard Contractual Clauses approved by the European Commission. For more information on the safeguards for transfers outside the EEA, please contact us at support@mycelium.collectiveaction.org.

6. Security of your personal data

We shall take appropriate technical and organizational measures to safeguard and protect the personal data against any accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access or against any other unlawful or unauthorized processing of such personal data. These measures guarantee, taking into account the state of technology and the costs of execution, an appropriate level of security given the risk that come with processing and the nature of the data to be processed. However, we cannot guarantee the security of any personal data you disclose online. In using the MyCelium Platform and/or our website, you accept the inherent security implications of engaging in transactions online over the internet, and you agree that you will not hold us responsible for any breach of security unless we have been grossly negligent or in wilful default.

7. Your rights with respect to your personal data

You have the right to obtain our confirmation as to whether or not we process your personal data, on request. You can send our Support Function (support@mycelium.collectiveaction.org) a request to receive such information. Furthermore, you are entitled to send our Support Function (support@mycelium.collectiveaction.org) a request to access, receive, rectify or erase your personal data. We will process your request without undue delay and in accordance with the GDPR and we will send you a response without undue delay, at least within one month after the receipt of your written request.

If you wish to withdraw your consent or object to the (further) processing of your personal data, please contact us at support@mycelium.collectiveaction.org. In response to your request, we will remove your personal data, unless we are obliged to retain the personal data in question on compelling legitimate grounds or due to a statutory obligation. If the latter is the case, we will inform you of this and explain our consideration. We will send you a response without undue delay, at least within one month after the receipt of your written request.

If you have any complaints about our processing of your personal data or your request, you can contact our Support Function (support@mycelium.collectiveaction.org). If that doesn’t solve your complaints, you can, of course, always contact the Dutch supervisory authority (www.autoriteitpersoonsgegevens.nl) or the competent court in the Netherlands.

If you have any further questions or remarks, please contact our Support Function (support@mycelium.collectiveaction.org).

8. Changes of Business Ownership and control

We may, from time to time, expand, reduce or sell our business, and this may involve the transfer of certain divisions or the whole business to other parties. Your personal data will, where it is relevant to any division so transferred, be transferred along with that division and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use your personal data for the purposes for which it was supplied by you.

9. Severability

We have made every effort to ensure that this privacy policy adheres strictly with the relevant provisions of the GDPR. However, in the event that any of these provisions are found to be unlawful, invalid or otherwise unenforceable, this provision is to be deemed severed from this Privacy Policy and shall not affect the validity and enforceability of the rest of the Privacy Policy. This clause on “Severability” shall apply only within jurisdictions where a particular term is illegal.

10. No Waiver

In the event that either you or we fail to exercise any right or remedy contained in this Privacy Policy, that does not mean you or we (as applicable) have waived that right or remedy and so shall not be construed as a waiver.

11. Revisions

From time to time we may update this Privacy Policy to take account of changes in the law or for any other reason. If we update this Privacy Policy, we will post a new version on our website and the MyCelium Platform, and as soon as you use the website or MyCelium Platform after they are posted, you will be deemed to have agreed to the updated version, but you will still be bound by the terms of any previous versions to which you have agreed or been deemed to agree. If there is a conflict between two versions of the Privacy Policy to which you have agreed or been deemed to agree, the more recent version shall take precedence unless it is expressly stated otherwise.

12. Choice of Law and jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of the Netherlands. You agree to submit to the exclusive jurisdiction of the court of Amsterdam, The Netherlands. This means that if you want to bring a legal action against us, or we want to bring a legal action against you, it must be done in one of this court.

Laren, The Netherlands, May 2022

Download Privacy Policy