Privacy Policy

Last updated: December 17, 2023

Effective: January 17, 2024

DiligenceVault is the industry’s leading digital diligence platform. For firms sourcing, conducting due diligence, or monitoring portfolio of investments, we centralize and streamline all data collection, questionnaires and document collection, while offering analytics, benchmarking and downstream reporting.

DiligenceVault (“DiligenceVault”, “we”, “our”, or “us”) understands that privacy is important to our Users, our personnel or any party interacting directly with us. We work hard to protect your information and put you in control. This privacy policy (“Privacy Policy”) describes our practices regarding the collection, use, sharing, and protection of your personal information for the website located at https://diligencevault.com (the “Website”) and the DiligenceVault platform (the “Services”) (collectively, the “Properties”). This Privacy Policy also tells you about the rights and choices you have with respect to your personal information, how you can assert those rights, and how you can contact us to get answers to your questions.

Users (defined below) and their vendors may collect personal information from you outside of our Properties and provide it to DiligenceVault or exchange it with other Users of DiligenceVault’s platform via use of the Services (“Service Data”). We process Service Data exchanged among Users via our Services only as a “service provider” or “data processor” (as those terms are defined under applicable data protection laws) on behalf of our Users, who act as the “businesses” or “data controllers” (as those terms are defined under applicable data protection laws). Our customers, their employees, and any third-party users working on behalf of our customers can invite non-customer Users to use the Services, including investors, asset managers, portfolio companies, and other individuals or entities who use our Services to centralize, streamline, and digitize their due diligence processes and data (collectively, our “Users”), together they are the parties that control the use of the Service Data and determine the purposes for which we process such information. While this Privacy Policy describes how we process Service Data on behalf of our Users, our Users are responsible for their own practices in collecting, using, and disclosing information they collect from you via our Services. To learn more about our Users’ use of your information and the rights that you may have over such information, please consult the privacy policy of the applicable User that you exchange information with.

Please note that our privacy practices are subject to the applicable laws of the regions in which we operate. Accordingly, some additional region-specific terms will only apply to individuals in those locations, or as required by applicable laws.

BY USING OR ACCESSING THE PROPERTIES, YOU AGREE TO THIS PRIVACY POLICY. IF YOU DO NOT AGREE WITH OUR POLICIES OR PRACTICES, YOU SHOULD NOT USE OR ACCESS THE PROPERTIES OR PROVIDE US WITH ANY PERSONAL INFORMATION.

WHAT OUR PRIVACY POLICY COVERS

This Privacy Policy applies to the personal information that we obtain when you:

  • Access or use our Properties; or
  • Communicate with us over email, telephone, recruiting platforms, social media or via the Properties.

We may provide different or additional privacy notices in connection with certain activities, programs, and offerings. Additionally, we may provide additional “just-in-time” notices or notices at collection that may supplement or clarify our privacy practices or provide you with additional choices regarding your personal information.

PERSONAL INFORMATION WE COLLECT FROM YOU

We use the term “personal information” – also called “personal data” or “personally identifiable information” in the laws of some jurisdictions – to refer to information that reasonably identifies, relates to, describes, or can be associated with you.

The following are categories and types of personal information that we may collect from or about you, depending on how you interact with the Properties:

  • Identifiers, such as your name and email address;
  • Contact information, such as your phone number and company name;
  • Device and online identifiers and related information, including internet protocol (IP) address, mobile ad identifiers, data collected from cookies, beacons, and pixel tags, and similar unique identifiers;
  • Internet or other electronic network activity information, including, but not limited to browsing history, search history, and information regarding your interaction with an internet website, application, mobile app, or advertisement;
  • Any other personal information that you voluntarily provide us.

HOW WE COLLECT YOUR PERSONAL INFORMATION

Personal Information You Provide

We collect personal information that you provide to us directly. This may include, but is not limited to:

  • Information you provide when you contact us via email, social media, recruiting platforms, the Properties, or other Internet-enabled communications;
  • Information you provide when you create an account, register for the Services, or sign up for any subscriptions;
  • Information you provide when using the Services;
  • Your responses to surveys that you choose to complete for us;
  • Any other information that you provide us on or through the Properties.

Our third-party payment processors may collect and store your billing address and payment information if you use a paid version of the Services. However, we ourselves do not collect, store, or process any credit card information.

Personal Information We Collect Automatically

When you visit and use our Properties, we or third parties we work with may automatically collect certain information using technologies such as cookies and other tracking technologies described below.

  • Cookies and Similar Technology

“Cookies” are pieces of information that may be placed on your computer by a website for the purpose of collecting data to facilitate and enhance your communication and interaction with that website. Such data may include, for example, the address of the websites you visited before and after you visited our Properties, the type of browser you are using, your Internet Protocol (IP) address, what pages on the Properties you visited and what links you clicked on, the region where your device is located, and geographic information based on your IP data. We may store some information on your device or device hard drive as a cookie or similar type of file (such as clear gifs, web beacons, tags, and similar technologies that work on mobile devices) to collect data related to usage of the Properties. We may also use cookies to customize your visit to the Properties and for other purposes to make your visit more convenient or to enable us to enhance the Properties. For more information about how we use cookies on our Properties, please visit our Cookie Policy.

  • Analytics

We may work with third-party vendors who use the technologies described in this section to conduct website analytics to help us track and understand how visitors use our Properties. One such provider is Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help analyze how users use the Website. The information generated by these cookies about your use (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the Website, compiling reports on activity for its staff, and providing other services relating to web page activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. You may refuse the use of cookies by selecting the appropriate settings in your browser. By using the Website and accepting cookies, you consent to the processing of data about you by Google in the manner and for the purposes set out above. Please refer to the currently available opt-outs for Google Analytics by visiting https://tools.google.com/dlpage/gaoptout/.

  • Social Media Platforms and Networks

If you interact with us on social media or use features, such as plugins, widgets, or other tools made available by social media platforms or networks in connection with our Properties, we may collect information that you share with us on social media or that such platforms share with us. Please review the privacy policies and settings of the social media platforms and networks that you use for more information about their privacy practices.

  • Service Data

We may obtain Service Data from our Users, which we process on behalf of our customer Users in accordance with our contracts with them.

  • From Other Sources

We may obtain information about you from other sources, such as data analytics providers, recruiting platforms, marketing or sales vendors, fraud prevention vendors, vendors that provide other services on our behalf, or publicly available sources.

HOW WE USE YOUR PERSONAL INFORMATION

We collect and use personal information for the following purposes:

  • To communicate with you, which may include: contacting you about and providing you and our customers with our Services; responding to your direct inquiries, requests, issues or feedback, and providing customer service; and adding you to our mailing lists and sending you emails from time to time.
  • To provide our products and services, which may include: operating the Properties, and providing you with any specific services that you have requested; creating, maintaining, and otherwise managing your account or subscription; and delivering content and product and service offerings relevant to your interests.
  • For marketing and promotional purposes, which may include: marketing DiligenceVault goods and services or products, and services of those of our affiliates and business partners.
  • For analytics and personalization, which may include: conducting research and analytics to improve our services and product offerings or those of our affiliates and business partners; understanding how you interact with our Properties and communications with you to determine how to improve the Properties and our marketing campaigns; personalizing your experience to save you time when you use our Properties and to customize the marketing that we show you; better understanding our customers’ needs; and providing personalized recommendations about our products and services
  • For security and fraud prevention, which may include: helping maintain the safety, security, and integrity of our Properties, databases and other technology assets, and business; internal research; technological development and demonstration; and improving, upgrading, or enhancing our Properties; detecting security incidents; protecting against malicious, deceptive, fraudulent, or illegal activity; and prosecuting those responsible for that activity; and investigating suspected fraud, harassment, or other violations of any law, rule, or regulation, or the policies for our Properties.
  • To comply with legal obligations, which may include: responding to law enforcement requests and as required by applicable law, court order, legal process, or governmental regulation; and acting in connection with a bankruptcy proceeding or the sale, merger, or change of control of DiligenceVault or the division responsible for the services with which your information is associated.
  • To support core business functions, which may include: maintaining records related to business process management, loss and fraud prevention, and collecting amounts owing to us; and providing and maintaining the functionality of our Properties, including identifying and repairing errors or problems; and
  • For any additional purposes that you specifically consent to.

We reserve the right to supplement your personal information with information we gather from other sources which may include online and offline sources. Furthermore, we may permit our vendors and subprocessors to access your personal information, but they are only permitted to do so in connection with performing services for us and our Users. They are not authorized by us to use the information for their own benefit.

We may collect information that is not personal information (“non-personal information”), including information lawfully made available from federal, state, or local government records, or aggregate or de-identified information. Because non-personal information does not personally identify you, we may collect, use,host, reproduce, display, perform or modify such information for the purpose of hosting and operating the Services. Furthermore, we reserve the right to develop and derive aggregate data (meaning information that relates to a group or category of individuals, from which individual identities have been removed) from personal information in order to create statistics, product enhancement, identify industry developments and monitor the performance and use of the Services.

HOW WE DISCLOSE OR SHARE YOUR INFORMATION

In addition to using your personal information ourselves, we may send your personal information to other companies, affiliates, and third parties in the following instances:

  • Service Providers

We may share your personal information with service providers who may use your information to provide us services such as website hosting, data analysis, infrastructure provision, information technology services, customer service, email delivery services, payment processing, auditing, anti-fraud monitoring, etc. These service providers may have access to personal information that is necessary to perform their functions.

  • Corporate Affiliates

We may share personal information with our corporate affiliates and subsidiaries, who process personal information on our behalf, where necessary to provide a product or service that you have requested or in other circumstances with your consent or as permitted or required by law.

  • Parties to a Diligence Project

There may be times when you contact us to help resolve an issue specific to a diligence project of which you are a respondent or recipient. In order to help resolve the issue and in the context of our business relationship with the applicable customer User on that project, we may share your concern with our customer User.

  • Legal Compliance and to Defend Our Rights

We may disclose personal information and other information only if we believe necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our Terms of Use; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you, or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

  • Business Transfers

If the ownership of all or substantially all of our business changes, or all or some of our assets are sold as part of a bankruptcy or other proceeding, to allow the new owner to continue to operate the Properties, we may share your personal information and other information with third parties in connection with a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the assets of the DiligenceVault, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which information held by DiligenceVault about our Properties users is among the assets transferred.

Please note that if you specifically consent to additional uses of your personal information, we may use your personal information in a manner consistent with that consent.

With regard to Service Data our Users provide us with instructions on what to do with such information. For example, a User may provision or de-provision access to the Services, enable or disable third-party integrations, and manage permissions, retention, and export settings. These choices and instructions may result in the access, use, disclosure, modification, or deletion of Service Data. Users and their affiliates with whom you exchange information using our Services determine their own policies for the sharing and disclosure of Service Data. DiligenceVault does not control how Users or their third parties choose to share or disclose Service Data they received from you. We may transfer Service Data to third parties on our Users’ behalf, and under such circumstances, we do so strictly according to our Users’ instructions.

INTEGRATION WITH OTHER SITES AND SOCIAL MEDIA SERVICES

We may create links to other websites that we think may be of interest to you, such as providers of various products and services, or offer integration with third parties websites or platforms in connection with our Properties. We do not endorse any of those websites, platforms, providers, or services by providing such links and integrations, and our Privacy Policy applies only to your use of our Properties. We are not responsible for the privacy policies of any third party providers we link to on our Properties, and you should read the privacy policies of such third party provider.

The Properties may also integrate with social networking services. We do not control such services and are not liable for the manner in which they operate. While we may provide you with the ability to use such services in connection with our Properties, we are doing so merely as an accommodation and, like you, are relying upon those third-party services to operate properly and fairly.

HOW WE PROTECT YOUR PERSONAL INFORMATION

Personal information is maintained on our servers or those of our vendors, and is accessible by authorized employees, independent contractors, representatives, and agents as necessary for the purposes described in this Privacy Policy. We use reasonable and appropriate technical, and organizational safeguards designed to promote the security of our systems and protect the confidentiality, integrity, availability, and resilience of personal information. However, no method of safeguarding information is completely secure, and we cannot guarantee that our safeguards will be effective or sufficient. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us of the problem by contacting us at privacy@diligencevault.com.

DATA RETENTION

We will retain your information for as long as your inquiry is active or as needed to provide you with the Properties, Services to our customers and for a reasonable time thereafter in accordance with our standard procedures or as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Even if we delete some or all of your information, we may continue to retain and use anonymous or aggregate data, or any other data that constitutes non-personal information. Please note that we will not be liable for disclosures of your data due to errors or unauthorized acts of third parties.

YOUR CHOICES

We strive to offer you choices about how information is used and shared. There are several ways in which you may opt out of the various programs and services we provide. Some of the ways in which you may opt out are described below.

Opting Out of Our Services. We may send you marketing messages via email, SMS message, or telephone. If you receive a marketing message from us, you may unsubscribe from future messages in accordance with our standard unsubscribe process (such as by using the unsubscribe link included in an email), or by sending an unsubscribe request to us at privacy@diligencevault.com. We will process your request within a reasonable time after receipt. Please note that if you opt out in this manner, certain aspects of our services may no longer be available to you.

Cookies. If you would like to stop or restrict the placement of cookies or flush any cookies that may already be on your computer or device, please refer to and adjust your web browser preferences. Further information on cookies is available at www.allaboutcookies.org. By deleting our cookies or disabling future cookies, you may not be able to access certain areas or features of our Properties or some of its functionality may be affected. Please visit our Cookie Policy for additional information.

Do Not Track. Some browsers have a “do not track” (also known as DNT) feature that allows you to signal to websites that you do not want your online activities tracked. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

CROSS-BORDER DATA TRANSFERS

If you submit personal information to us, your personal information may be processed in a foreign country where privacy laws may be less stringent than the laws in your country. By submitting your personal information to us, you agree to the transfer, storage, and processing of your personal information in a country other than your country of residence including, but not necessarily limited to, the United States. Please note that personal information transferred to the United States is subject to access by law enforcement. Where applicable, we may use model clauses approved by the laws of your jurisdiction (such as Standard Contractual Clauses approved by the European Commission) for cross-border data transfers.

CHILDREN’S PRIVACY

Our Properties are intended for users ages 18 and over, and we do not knowingly collect personal information from children under the age of 16. When we become aware that personal information (or other information that is protected under applicable law) from a child under 16 has been collected, we will use all reasonable efforts to delete such information from our databases. If you believe we might have any personal information from or about a child under 16, please contact us by using the information in the section below titled Contacting Us.

EUROPEAN PRIVACY RIGHTS

IF YOU ARE SITUATED IN THE EUROPEAN ECONOMIC AREA (“EEA”), SWITZERLAND, OR THE UNITED KINGDOM, THIS SECTION APPLIES TO OUR COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL DATA AND ADDITIONAL RIGHTS YOU HAVE UNDER APPLICABLE LAW.

Legal Basis

We will only use your personal data, as that term is defined under the General Data Protection Regulation (“GDPR”), when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you or our customers.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where you have consented to a certain use of your personal data.
  • Where we need to comply with a legal or regulatory obligation.

To the extent permitted under applicable laws, we will also process, transfer, disclose, and preserve personal data when we have a good faith belief that doing so is necessary.

Data Controller

DiligenceVault is the data controller only for personal data collected through our Website or directly exchanged with us by communicating with us over email, telephone, recruiting platforms, social media, etc, We are not a controller for Service Data.

To contact us, please see the section below titled Contacting Us. You may consult the privacy policy and contact information of the applicable User that acts as the data controller of your Service Data for additional information about their data processing practices. Where DiligenceVault is acting as a data processor, we will pass each request that we receive from an individual to access, correct, amend or delete personal data relating to them to the relevant data controller and will not respond to the request itself. DiligenceVault, to the extent instructed by a data controller and in accordance with its customer agreements and applicable law, will use commercially reasonable efforts to assist a customer in complying with such requests if such information is part of the customer’s use of the Services.

Provision of personal data and failure to provide personal data

Where we need to collect personal data by law or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may not be able to provide certain services to you.

Collection of personal data from third-party sources

We may obtain personal data and other information about you through public sources and through our third-party partners who help us provide our products and services to you.

Withdrawing your consent

If we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time by contacting us at privacy@diligencevault.com.

Data Transfer

We may transfer personal data from the EEA, Switzerland, and the UK to the USA and other countries, some of which have not been determined by the European Commission or the UK Secretary of State to have an adequate level of data protection. Where we use certain vendors, we may use specific contracts approved by the European Commission or the UK Secretary of State which give personal data the same protection it has in Europe. For more information about how we transfer your data, please contact us at privacy@diligencevault.com.

Use of your personal data for marketing purposes

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising:

  • Promotional offers from us: We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or used our services and, in each case, you have consented to our use of your personal data for marketing purposes.

Data Subject Rights

If you are situated in the European Union, Switzerland, or the UK, under the GDPR, as a data subject, you have the right to:

  • Request access to your personal data (commonly known as a “data subject access request”). Among other things, this enables you to receive a copy of the personal data we hold about you.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request the erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it or where we are required to erase your personal data to comply with local law. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

To exercise your rights under the GDPR, please contact us at privacy@diligencevault.com. We will respond to your complaint within 45 calendar days of receipt of your email. If your complaint relates to personal data that we process on behalf of our customers, we may pass your complaint to the relevant customer and will inform you we have done so.

Please note that in order for you to assert these rights, we may need to verify your identity to confirm your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. In order to verify your identity, we may need to gather more personal data from you than we currently have.

Data Privacy Framework Notice

DiligenceVault complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (“Principles”), the Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/

DiligenceVault commitments under the EU-U.S. DPF, and compliance with the Principles, are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

In case a third party providing services on DiligenceVault’ behalf processes personal data from the European Union to the United States in a manner inconsistent with the Principles, DiligenceVault may be liable, unless we can prove that we are not responsible for the event giving rise to the damage.

Complaints

If you are situated in the EEA, Switzerland, or the UK and have any complaints regarding our privacy practices, please contact our privacy manager here: privacy@diligencevault.com. We will respond to your complaint within 45 calendar days of receipt of your email. If your complaint relates to personal data that we process on behalf of our customers, we may pass your complaint to the relevant customer and will inform you we have done so.

If you feel that DiligenceVault has not satisfactorily resolved your complaint or has failed to respond to your complaint within 45 days, you may bring your complaint to the attention of your local data protection authority within the EU data protection authorities (“EU DPAs”). DiligenceVault commits to cooperate and comply respectively with the advice of the panel established by the EU DPAs and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) regarding unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, including handling of human resources data in the context of the employment relationship.

If you are located in the EEA and have not been able to resolve your complaint by any other mechanism, you may, in certain circumstances, be able to seek resolution via binding arbitration. For additional information about the arbitration process, please visit Annex I of the DPF Principles website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf

SINGAPORE, HONG KONG, JAPAN, AUSTRALIA, AND NEW ZEALAND PRIVACY RIGHTS

If you are a resident of Singapore, Hong Kong, Japan, Australia, or New Zealand, you are entitled, subject to any legal restrictions, to access any personal information relating to you that we process or control, and to have us correct or delete any information that you believe is inaccurate or out-of-date. You may be required to supply a valid means of identification as a security precaution to assist us in preventing the unauthorized disclosure of your personal information. We will process your request within the time provided by applicable law.

If you wish to exercise the rights set forth in this section, or if you require further information regarding our privacy policies and practices in the above-referenced regions, please contact us at privacy@diligencevault.com.

CHANGES TO THIS POLICY

We reserve the right, at our discretion, to change, modify, add, or remove portions from this Privacy Policy at any time, provided that any such modifications will only be applied prospectively. We encourage you to periodically review the Website for the latest information on our privacy practices. Your continued use of the Properties following the posting of any changes to this Privacy Policy means you accept such changes.

CONTACTING US

If you have any questions about our privacy or security practices, you can contact us at privacy@diligencevault.com, or at the following mailing address:

DiligenceVault

1230 Avenue of the Americas 16th Floor

New York, NY 10020