Privacy Statement

This Privacy Statement sets out how Aqua-Spark handles your personal data. You can be confident that we handle your personal data with due care. This privacy statement is intended for you, if:

• you are a portfolio company, investor, or other community member of Aqua-Spark;
• you or your company contacted Aqua-Spark through our website;
• you applied to a job or internship with Aqua-Spark; or
• you have been connected to the Aqua-Spark network in the past.

We will process your personal data to contract or carry out business with you. Further information concerning why we process personal data is set out below.

Personal data

Personal data is information that can be used to identify you, such as your name, address, email address, telephone number, and date of birth. Personal data also includes your bank account number, IP address and passport photograph.

Other data, including your religion, ethnicity, or membership in a trade union, is considered special data. We may only use categories of special data if permitted by law or if consent for this specific processing is obtained. In all other situations, we are prohibited from using this special personal data.

Legal basis for processing

Processing of personal data is only allowed when it is based on one of the “grounds” permitted by law. We only use your personal data when it is necessary for one or more of the following reasons:

• To perform a contract with you
• To comply with a legal obligation
• For a legitimate interest of Aqua-Spark
• Because you give your consent for a specific purpose

Purposes for which we use your personal data

We use your personal data to help make our operations, business development and services as effective, reliable and efficient as possible as well as to comply with our legal and regulatory requirements. This is done for one or more of the following purposes, depending on the nature of your relationship with us:

• Staying in contact with current and potential members of our community;
• Evaluating potential investment opportunities or potential employees or interns;
• Sending invoices;
• Providing requested services or information;
• Providing investors with information about their investment;
• Verifying Investors’ identities in order to accept and maintain their investments;
• Verifying information about potential investments;
• Investigating complaints;
• Complying with tax and regulatory requirements; and
• Complying with anti-money laundering, anti-corruption, and other financial laws.

Security

To ensure the highest possible level of protection for your information, we invest in our systems, procedures and people. Our servers are well protected to keep your personal data safe from loss, destruction, corruption or theft. Access to any document that contains your personal data is restricted, and we only allow necessary access to such information. We take multiple steps to ensure that your personal data is handled with diligence and care.

Retention period of your data

As set out under the General Data Protection Regulation (“GDPR”), we keep personal data for as long as necessary to achieve the specific purpose(s) stated above. The law does not stipulate specific storage periods for personal data. Other legislation may specify minimum storage periods, however. If it does, we are under an obligation to observe these periods. Such legislation includes tax laws or laws governing financial undertakings specifically. Another reason for which we may keep your data longer is if it is necessary for a lawsuit or other legal proceedings.

Service providers using your personal data

Sometimes it is necessary to provide your personal data to third-party companies that perform services on behalf of Aqua-Spark. We only work with service providers that comply with the GDPR.

Financial service providers

If you are an investor in Aqua-Spark, we share the necessary part of your personal data with our fund administrator, accountants, and auditor in order for them to carry out their work. Our fund administrator may also conduct profiling activities (i.e. automated processing of personal data to evaluate certain things about an individual) in order to prevent fraud, manage risks and investigate unusual transactions.

Email and website service providers

If you have given us your name and email for purposes of communication, your email address may be shared with our email or website service providers. We will not make use of personal data unique to you, such as your IP address, your device and browser information, or the time and number of times you open an email or click on a link.

Legal, tax or regulatory service providers

If you are involved in any official complaint or legal action that requires the participation of Aqua-Spark, we may need to provide your personal data to our lawyers. We may also need to provide personal data to legal, tax or regulatory service providers to meet our legal and tax obligations. In this case, we will provide only information that is strictly necessary to meet our legal or tax obligations or respond to a specific legal claim or official complaint.

Service providers outside Europe

We may occasionally share personal data with other companies or organisations outside Europe. In that case, we ensure that either the country has adequate equivalent protections, or that we have concluded separate agreements with those parties, and that these agreements comply with the GDPR.

What rights do you have?

Right to object to processing for informative emails

If you no longer want to receive newsletters or other discretionary emails containing information on events, you can unsubscribe from such emails at any time by informing us of your wish. If you also wish us to delete your email address from any other storage place within Aqua-Spark, please read the subsequent section.

Right of access, right to rectification, right to restriction of processing, right to be forgotten

Upon request, we will provide you with information as to what, if any, personal data we store about you. Should your personal data be incorrect, you may have it rectified. You may also ask us to restrict our use of your personal data in the future, in whole or in part, or request deletion of your personal data. Note however, that we can’t comply with a request to restrict processing or to be forgotten, if we must process your personal data for compliance with a legal obligation (for instance, if you remain a current investor in Aqua-Spark). Please see ‘retention periods of your data’ for further explanation.

Right to data portability

If we process your personal data because we entered into a contract with you, we can arrange for you to receive the data you have provided to us, so that you can provide this data to another party if you choose. This is referred to as data portability. Information which is processed for the purpose of a legal obligation or a legitimate interest is not covered by this obligation.

Right to object to profiling

It may be the case that you do not want us to use your personal data for profiling. Sometimes, however, we are allowed to do this, for instance to prevent fraud, manage risks or investigate unusual transactions, even if you object to the processing of data. In such situations, we will of course comply with the law.

Please feel free to direct a request to us if you wish to exercise any of above rights, by sending an email to info@aqua-spark.nl. We will respond without undue delay, in any event within one month, and will handle your request free of charge.

Questions or complaints?

Should you have any questions about this Privacy Statement, please send an email to info@aqua-spark.nl. We are happy to help you. Furthermore, you have the right to take your complaint to the Data Protection Authority (Autoriteit Persoonsgegevens).

Changes to the Privacy Statement

Changes to the law or our services and products may affect the way in which we use your personal data. If this happens, we will make changes to our Privacy Statement.

This Privacy Statement was most recently amended on 25 May 2018.