1 INTRODUCTION

Rubio Impact Ventures (Rubio Fund Management BV) and its affiliated entities (together “Rubio”) are committed to your privacy and keeping your personal data safe. We are bound by the General Data Protection Regulation (GDPR) and will protect your personal information in accordance with the principles set out therein. This privacy statement (“Privacy Statement”) aims to give you a clear view of what personal data we collect and how we use it, our dedication to protecting it and your rights and options to control your perso­nal data and protect your privacy.

2 WHEN DOES THIS PRIVACY STATEMENT APPLY?

This Privacy Statement is applicable to the processing by Rubio of all personal data of management teams, investors, business partners, suppliers, experts and other individuals (“Relations” and each a “Rela­tion”).

3 WHAT IS PERSONAL DATA AND WHAT DOES PROCESSING MEAN?

Within Rubio, we consider all information that relates to you and identifies you personally, either alone or in combination with other personal information available to us as personal data. Processing of personal data is pretty much anything you can do with personal data. For example: gathering, storing, combining, trans­ferring or deleting data.

4 HOW DO WE COLLECT PERSONAL DATA?

We collect your personal data through a variety of sources: 

  • Directly from you, such as the information you provided to us when you opted-in for 
  • our mailings, when you contacted us or when you gave us your business card; 
  • From others, such as your co-founder, partner, colleague or through a mutual connection / our network; 
  • From sources that are publicly available such as LinkedIn or your company’s website; 
  • During our due diligence process. 
  • More specifically, we collect personal data in the following ways: 
  • News and publications – when you subscribe to our newsletter; 
  • Careers – when you (may) apply for a job or an internship; 
  • Events – when you (may) sign up for an event or show interest in being notified about events.

5 WHAT CATEGORIES OF PERSONAL DATA DO WE COLLECT?

  • Name, contact details, profession, all information required for payroll processing and other identifying information.
  • When you subscribe to our newsletter, apply for a job or internship, sign an employment agreement, or contact us we may record the following: your name, title, profession and contact details. Your contact details may include your address, telephone number, Skype account, social media accounts and/or email address.
  • Your job application details
  • When you submit an application for an employment or internship position, we may record your name, Curriculum Vitae, motivation, contact details, and other information you share with us.
  • Your contact details may include your address, telephone number, Skype account, social media accounts and/or email address. In addition, we may gather information through testing, in which case you will be informed in advance.
  • Legal identification
  • You may be required to identify yourself if we enter into a contract with you which needs to be notarized or for compliance with anti-money laundering procedures. If we do ask you to identify yourself, we will always first request your consent to share this information with us or other parties (such as a notary).
  • Your communication with us
  • When you send us an email, we register your communication with us. When you call us, we may register your questions or queries in our database.
  • Photo and/or video content
  • If you take part in one of our events, you will enter an area where photography, audio
  • and video recording may occur and inevitability your image and/or voice may be recorded. Also, if you are in the management team of one of our portfolio companies, or are an employee or intern, your photo/video may be used for publicity purposes.
  • Investors – when you (may) become involved as an investor;
  • Experts – when you (may) become involved as an expert in a certain field;
  • Partnerships – when we (may) enter into a collaboration with your organization;
  • Photo, audio and video content – when you participate in an event or when we us your picture for publicity purposes.

FOR WHAT PURPOSES DO WE COLLECT AND USE YOUR PERSONAL DATA?

We may use your personal data for various purposes, all of which have been set-out below. This may be data that you provided to us explicitly, but also data that we collected ourselves. Some information that we collect is mandated by law or otherwise necessary for the delivery of our services or products. Some infor­mation we collect is based on your consent. If you do not allow us to collect all the information we request, we may not be able to deliver all our services effectively.

When considering an investment in your company, we might ask for information like your personal data, passport copy, perform our CDD assessment and do a management scan. We will save this data until a pe­riod of 2 years after the end of the calendar year in which our relationship has been terminated.

6.2 To send you our newsletter

When you sign up for our newsletter or if you have registered for one of our events, shared your contact de­tails with us to stay in touch, or received other in the past, we will send you regular updates on the activities of Rubio. We can update you via e-mail, regular mail or our social media channels. You have the right to unsubscribe at any time from our newsletter by using the “unsubscribe” button at the bottom of the news­letter.

We process this personal information based on your consent if you have subscribed to our newsletter, or for our legitimate business purposes to communicate about our activities and to enhance, modify, personalize or otherwise improve our services and communications towards our Relations and to better understand how people interact directly with us (through our communications or our websites).

6.3 To comply with the law

In some cases, SIV processes your personal data to comply with laws and regulations. This could, for
example, be the case where tax or business conduct related obligations apply. To comply with relevant
laws and regulations, we may need to disclose your personal data to government institutions or supervisory authorities.

6.4 To perform a contract

If we are (about to enter) in a contractual relationship (including an employment agreement), we will pro­cess your personal information if it is necessary for the performance of the contract or in order to create the respective contract. See chapter 7 for further information.

6.5 To interact with you

If you contact our team (or vice versa), we will use personal information such as your name and contact history to process your request and provide you with the best service possible.

6.6 For publicity purposes

If you participate in one of our events, are in the management team of one of our portfolio companies, or have signed an employment or internship contract with Rubio, your image and/or voice may be recorded and used for promotional purposes. If you don’t want to be recorded, please contact the photographer or cameraman and/or let us know.

7 WHEN YOU ENTER INTO A BUSINESS RELATIONSHIP WITH US

You may provide personal information to Rubio based on a contract or a broader business relationship and the preparatory stages to enter into a contract. In this part of the policy, we set out how we may process such personal data.

7.1 To process your application for funding

This includes personal data that directly relates to your company and is required to administer your re­quest and verify your identity, credentials and any other information you may have provided us with as part of your application;

7.2 For the assessment and acceptance of a business partner

When you get in contact with Rubio, we process your personal data for assessment and acceptance pur­poses, for example to confirm and verify your identity. Rubio further processes personal data of business partners for other administrative purposes such as due diligence and screening against publicly available government and/or law enforcement agency sanctions lists.

7.3 For the conclusion and execution of agreements with business partners

We process your personal data for administrative purposes such as sending invoices and making payments. We also use your personal data to deliver or receive and administer our or your services or products. Rubio will process your personal data to further execute our agreement, including for the delivery of services and communications.

7.4 For business process execution

We process your personal data in the performance and organization of our business. This includes internal management, general management, and portfolio management. We provide central processing facilities to work more efficiently. We conduct audits and investigations, implement business controls, and manage and use various directories. Also, we process your personal data for finance and accounting, archiving and insurance purposes, legal and business consulting and in the context of dispute resolution.

8 WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?

Rubio is responsible for the processing of all personal data that falls within the scope of this Privacy Sta­tement. Rubio may share your personal data with third parties, but if it does so, it will remain responsible for your personal data, unless your personal data has been summoned as part of a court order or another legal obligation to share this data rests on Rubio.

9 WHO HAS ACCESS TO YOUR PERSONAL DATA?

9.1 Access to your personal data within Rubio.

Personal data we collect may be transferred within Rubio’s organization, but only if Rubio has a legitimate interest to do so. Based on such legitimate business interest, your personal data may be exchanged within Rubio. We exchange your data within Rubio for administrative purposes to create a complete overview of your contacts and contracts. Rubio employees are authorized to access personal data only to the extent necessary to serve the applica­ble purpose and to perform their jobs.

9.2 Access to your personal data by third parties

The following third parties may have access to your personal data, where relevant, for the provisioning of their products or services to Rubio or to you:

  • Third parties relevant to the services that we provide, such as due diligence providers, business partners, investors, experts and alike parties;
  • Bank payment system operators and credit card companies, for the fulfilment of payments, as identified while you undertake your payment;
  • Insurance companies;
  • IT suppliers hosting our websites and technology service providers;
  • Parties who support Rubio in their marketing activities, such as digital agencies and mailing houses;
  • Debt collectors;
  • Fraud bureaus or other organizations to identify, investigate or prevent fraud or other misconduct;
  • Regulatory bodies, government agencies and law enforcement bodies;
  • Our financial advisors, legal advisors and auditors; and
  • Other third parties with whom we are required by law to share the personal data.
  • We may also disclose your personal information to others outside Rubio where: we are required or authorized by law or where we have a public duty to do so; you may have expressly consented to the disclosure or the consent may be reasonably inferred from the circumstances; or we are otherwise permitted to disclose the information under applicable privacy laws.

When such third parties are given access to your personal data, we will take the required contractual, technical and organizational measures to ensure that your personal data is only processed to the extent that such processing is necessary or within the scope of the consent we have received from you. We will ensure that third parties will only process your personal data in accordance with applicable (local) law.

We will not sell, distribute or lease your personal information to third parties other than as set out above, unless we have your permission or are required by law to do so.

9.3 The use of your personal data by data processors

When a third party processes your personal data for or on behalf of Rubio we will enter into an agreement with such third party to agree on appropriate conditions subject to which the proces­sing of personal data is allowed. In this agreement we include obligations to ensure that your personal data is processed by the data processor solely to provide services to us.

10 HOW IS MY PERSONAL DATA SECURED?

Rubio has taken adequate safeguards to ensure the confidentiality and security of your personal data. We have implemented appropriate technical, physical and organisational measures to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access as well as all other forms of unlawful processing (including, but not limited to, unnecessary col­lection) or further processing. Examples are our internal Privacy and Information Security policies that all staff must comply with, staff training and secure servers.

10.1 TLS (formerly SSL)

We send/process your data via a secure internet connection. You can see this on the address bar “https” and the padlock in the address bar.

11 HOW LONG DO YOU RETAIN MY PERSONAL DATA?

Your personal data will be retained for as long as required for the purposes described in this Privacy State­ment or in so far as such is necessary for compliance with statutory obligations and for solving any dispu­tes.

12 HOW CAN I EXERCISE MY RIGHTS?

You can at all times request access, correction, restriction, portability or removal of the data that Rubio processes or if you have any questions regarding the processing of your personal data by sending a request to info@rubio.vc

if you prefer to contact us by regular mail, please send your request to the following address:

Rubio Fund Management BV
Compliance officer
Plantage Middenlaan 45
1018 DC Amsterdam

We are very committed to working with you to always obtain a fair resolution of any complaint or concern you might have in relation to our processing of your personal data. If, however, you feel that we have not been able to assist you adequately and do not comply with applicable privacy rules you have the right to lodge a complaint with the data protection authority using their website.

13 WHEN WAS THIS PRIVACY STATEMENT LAST AMENDED?

This Privacy Statement was lastly amended on 1st September 2023.