DEALUM
PRIVACY POLICY

This document informs you of Dealum OÜ’s (Dealum) policies regarding the collection, use and disclosure of personal information when you use our Services. By using the Services provided on the Dealum website https://dealum.com/ (the Website) and its subpages, you agree to the collection and use of information in accordance with this policy. These Privacy Policy rules are subject to Estonian law.

The definitions of terms starting with capital letters as well as the description of various Services that have been indicated in this policy can be found in the Dealum Terms and Conditions, which together with this Privacy Policy must be read and accepted prior to using the Dealum Services. We highly recommend reading the Terms and Conditions first since the description of Services presented there will make it easier to understand this Privacy Policy.

ACTORS IN PROCESSING DATA ON THE WEBSITE

As the provider of the Services on the Website, Dealum is the controller of your personal data. Dealum’s contact details are:

Dealum OÜ
Registry code: 14238426
Address: Raekoja plats 16, Tartu 51004, Estonia
E-Mail: support@dealum.com

Please also note that each user of the Services on the Website qualifies as an independent controller of the data uploaded by the user on the Website. Therefore, a user is responsible for the lawfulness of such processing and it is the responsibility of the user to ensure that the data are processed in accordance with applicable legislation. First and foremost, the user must make sure that it has the legitimate basis to disclose and further process data on the Website. For example, the user must make sure it has the right to publish, share and export data on other users and third persons on the Website, including in the Deal Rooms. The user will apply the account settings made available by us to determine the accessibility of such data.

If the user is providing services to other users of the Website, the user might also qualify as a data processor. In such case the processor must follow the instructions of the controller.

This Privacy Policy describes the way Dealum processes personal data obtained from the users for the purposes of providing the Services.

INFORMATION COLLECTION AND USE

Generally Dealum only collects data that you enter via our Website. The following is a slightly more detailed explanation of the collection of personal data.

When registering a user account and using our Services we may collect or ask you to provide certain personal information such as contact details of you and/or your organisation.

If you register on our Website as a Company we collect your name and email address as well as other information you provide by filling in the registration form.

If you register on our Website as an Investor we collect your name and email address as well as other information you provide by filling in the registration form, e.g. location, investment history and investment strategy overview.

When subscribing to a paid plan we collect billing information (including credit card and payment information).

In course of using our Services you may provide additional information and/or content by filling out your user profile (e.g. your photo, biography, phone number, etc.), due diligence questionnaire (e.g. company business model, sales channels, milestones, etc). reporting or communicating with other users on the Website (e.g. comments, votes when participating in voting as a jury member, etc). Please read our Terms and Conditions to find out more about different Services and in order to better understand the purposes of the processing of your personal data.

We use the personal information you have provided for creating and managing your user account, managing your subscriptions and to provide and improve the chat, matchmaking, deal room, investment syndicate, reporting and other Services that are available on the Website. Such processing is necessary for the performance of the contract to which you are a party when you are using our Services or in order to take steps prior to entering into the contract.

We may send you e-mails for marketing purposes but only with your explicit consent. You have the right to withdraw your consent at any time. In case you wish to stop receiving e-mails for marketing purposes, please click the unsubscribe button, which can be found at the end of such e-mails.

We may process your personal information on the basis of consent also in other cases. For example, if you contact us via our Webpage to require information about a custom solution of pricing, we ask you to provide us your name, email, phone number and organization name.

Furthermore, the processing might be necessary for compliance with legal obligations to which Dealum is subject. For example, Dealum is required to organise the accounting and financial reporting.

Dealum will also process your personal data if the processing is necessary for the purposes of the legitimate interests pursued by Dealum (e.g. fraud detection, development of the Services). In every such case Dealum will consider whether such interests might be overridden by the interests or fundamental rights and freedoms of the data subject.

We may also use or share the information collected with others, in aggregated, anonymous form, which means that the information will not contain any personally-identifiable information about you or any other person.

DATA RETENTION

We will retain your personal data only for so long as it is required for the purposes it was collected. This period may extend beyond the end of your relationship with us, but it will be only for so long as it is reasonably necessary for us to have sufficient information to respond to any issues that may arise after the end of your relationship with us. When your personal information is no longer required, we will destroy, delete or convert it into an anonymous form.

As a general rule Dealum will keep your personal information for as long as your profile is active. If you delete your profile, we keep your data for the limitation period (3 years by default) of possible claims. If you have not logged into your profile for 1 year, your profile is considered to be inactive; however, your personal data will be retained for the maximal limitation period of 10 years beginning from your last login. If you use your account again during that period, it will be reactivated (considered active again).

Please note that by derogation from the previous your data may be retained longer if other users of the Dealum’s Services have the right to process your data. The data will be retained as long as the other user continues using Dealum’s Services. Your communication on the Website, including any information you have provided to other users in course of private or group conversations, investment negotiations, investment syndicate or via other means available on the Website, shall remain accessible to such users as long as their user account is not deleted. For example, if an Investor uses the Services to manage his/her portfolio, the Investor has the right to process your data and as long as the Investor uses Dealum for these purposes, Dealum will retain all the relevant data.

The information contained in the accounting records will be retained for seven years in accordance with the law.

Credit card information is stored on certified credit card service provider servers. We do not retain any credit card information on our servers.

If the data are transferred to a third country, we implement appropriate safeguards and means depending on the circumstances of each transfer (e.g. the standard data protection clauses adopted by the European Commission; the EU-U.S. Privacy Shield Framework: https://www.privacyshield.gov/welcome, etc.). We will use technical and organisational measures to safeguard your personal data.

YOUR RIGHTS AS A DATA SUBJECT

You may at any time request to see, update or remove the profile information you have posted on the Website. However, please note that certain Services cannot be provided after you wish to remove your profile information.

You always have the opportunity to opt out of receiving promotional communications any time by following the instructions in those communications. If you opt out, we may still send you non-promotional communications, such as technical notices, support or administrative notifications or information about your account.

You have the right to receive information about the personal data processed by Dealum, including the categories of data processed, the sources of the data, purposes of processing etc. You are also entitled to receive copies and extracts of personal data processed. You have the right to request the correction or updating of data if it turns out that the personal data being processed is inaccurate.

You have the right on to object to processing, on grounds relating to your particular situation, at any time to processing of personal data concerning you if such processing is only necessary for the purposes of the legitimate interests pursued by Dealum.

You have the right to obtain from Dealum restriction of processing or the erasure of your personal data. Dealum will erase your data or implement other measures that result in the data becoming permanently anonymous if:

Dealum will fulfil your request within a reasonable time, but no later than one month after receiving the request.

THIRD PARTY DISCLOSURE

We do not sell, trade, or otherwise transfer to third parties your personal information unless it is necessary for providing the Services or required by law.

Certain profile information provided by you, as indicated on the Website, shall be made available to all users of the Website. Any company information you provide via the Website (including profile information, due diligence answers and periodic reporting) that are not made available to all users will be accessible only to the users who are members of a deal room to which you have shared your company application or to whom you have given your explicit consent to access your data.

We may use data processors to process your data. For example, we may store your data in servers hosted by third party cloud service providers such as Google, Amazon, Microsoft Azure, etc. The data stored in such servers is encrypted, secured and cannot be accessed by any third parties. Any such processor shall be obliged to adhere to the terms set forth in this document.

We may additionally disclose your personal information to other third parties if it is necessary for the purposes of providing, maintaining, reviewing or improving the Services. We will oblige any third party processing your personal information, to carry out the processing in accordance with this Privacy Policy.

Dealum may be required to transfer personal data if Dealum is legally bound by such an obligation. For example, Dealum might be obligated to disclose personal data to public authorities upon their legitimate request

COOKIES

Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer's hard drive.

We use cookies to collect information such as to confirm that you are logged in; compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third party services that track this information on our behalf. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our services.

PROTECTION OF PERSONAL INFORMATION

We endeavour to maintain appropriate physical, procedural and technical safeguards with respect to our offices and information storage facilities in order to prevent any loss, misuse, or unauthorized access, disclosure, or modification of your personal information.

We further protect personal information by restricting its access to those employees, contractors, advisers, affiliates and service providers that we determine to reasonably require access to such information for any of the purposes stated in this Privacy Policy.

THIRD PARTY WEBSITES AND SERVICES

The Website or Services may provide you access to websites or services owned and operated by third parties. These third party websites and services may have their own privacy policies and are not governed by this Privacy Policy. We are not responsible for the privacy practices or the content of any third party websites or services. Third party websites and services may collect, use and disclose personal information differently than us, so we encourage you to carefully read and review the privacy policy for each third party website and service that you access or use. In such case, you will receive a notice about third party Website or Service use and a reference to the third party website and/or privacy policy.

FINAL PROVISIONS

If you have any questions related to this policy or in case of any suspected infringement of your privacy, please contact us at support@dealum.com. We’ll try to resolve the dispute by negotiation. However, you also have the right to lodge a complaint with a supervisory authority (Estonian Data Protection Inspectorate, 19 Väike-Ameerika St., 10129 Tallinn, info@aki.ee) or court.

Any revisions to this Privacy Policy will be posted on the Website. We recommend to periodically visit our Website to review any changes that may be made to this Privacy Policy. If you continue to use our Website and Services, it constitutes your agreement to be bound by this Privacy Policy and any possible changes.

This Privacy Policy was last updated on 28. august 2018