Last updated: December 17, 2023
Effective: January 17, 2024
DiligenceVault is the industry’s leading digital diligence platform. For firms sourcing, conducting due diligence, or monitoring portfolio of investments, we centralize and streamline all data collection, questionnaires and document collection, while offering analytics, benchmarking and downstream reporting.
Please note that our privacy practices are subject to the applicable laws of the regions in which we operate. Accordingly, some additional region-specific terms will only apply to individuals in those locations, or as required by applicable laws.
- Access or use our Properties; or
- Communicate with us over email, telephone, recruiting platforms, social media or via the Properties.
We may provide different or additional privacy notices in connection with certain activities, programs, and offerings. Additionally, we may provide additional “just-in-time” notices or notices at collection that may supplement or clarify our privacy practices or provide you with additional choices regarding your personal information.
PERSONAL INFORMATION WE COLLECT FROM YOU
We use the term “personal information” – also called “personal data” or “personally identifiable information” in the laws of some jurisdictions – to refer to information that reasonably identifies, relates to, describes, or can be associated with you.
The following are categories and types of personal information that we may collect from or about you, depending on how you interact with the Properties:
- Identifiers, such as your name and email address;
- Contact information, such as your phone number and company name;
- Device and online identifiers and related information, including internet protocol (IP) address, mobile ad identifiers, data collected from cookies, beacons, and pixel tags, and similar unique identifiers;
- Internet or other electronic network activity information, including, but not limited to browsing history, search history, and information regarding your interaction with an internet website, application, mobile app, or advertisement;
- Any other personal information that you voluntarily provide us.
HOW WE COLLECT YOUR PERSONAL INFORMATION
Personal Information You Provide
We collect personal information that you provide to us directly. This may include, but is not limited to:
- Information you provide when you contact us via email, social media, recruiting platforms, the Properties, or other Internet-enabled communications;
- Information you provide when you create an account, register for the Services, or sign up for any subscriptions;
- Information you provide when using the Services;
- Your responses to surveys that you choose to complete for us;
- Any other information that you provide us on or through the Properties.
Our third-party payment processors may collect and store your billing address and payment information if you use a paid version of the Services. However, we ourselves do not collect, store, or process any credit card information.
Personal Information We Collect Automatically
When you visit and use our Properties, we or third parties we work with may automatically collect certain information using technologies such as cookies and other tracking technologies described below.
- Cookies and Similar Technology
- Social Media Platforms and Networks
If you interact with us on social media or use features, such as plugins, widgets, or other tools made available by social media platforms or networks in connection with our Properties, we may collect information that you share with us on social media or that such platforms share with us. Please review the privacy policies and settings of the social media platforms and networks that you use for more information about their privacy practices.
- Service Data
We may obtain Service Data from our Users, which we process on behalf of our customer Users in accordance with our contracts with them.
- From Other Sources
We may obtain information about you from other sources, such as data analytics providers, recruiting platforms, marketing or sales vendors, fraud prevention vendors, vendors that provide other services on our behalf, or publicly available sources.
HOW WE USE YOUR PERSONAL INFORMATION
We collect and use personal information for the following purposes:
- To communicate with you, which may include: contacting you about and providing you and our customers with our Services; responding to your direct inquiries, requests, issues or feedback, and providing customer service; and adding you to our mailing lists and sending you emails from time to time.
- To provide our products and services, which may include: operating the Properties, and providing you with any specific services that you have requested; creating, maintaining, and otherwise managing your account or subscription; and delivering content and product and service offerings relevant to your interests.
- For marketing and promotional purposes, which may include: marketing DiligenceVault goods and services or products, and services of those of our affiliates and business partners.
- For analytics and personalization, which may include: conducting research and analytics to improve our services and product offerings or those of our affiliates and business partners; understanding how you interact with our Properties and communications with you to determine how to improve the Properties and our marketing campaigns; personalizing your experience to save you time when you use our Properties and to customize the marketing that we show you; better understanding our customers’ needs; and providing personalized recommendations about our products and services
- For security and fraud prevention, which may include: helping maintain the safety, security, and integrity of our Properties, databases and other technology assets, and business; internal research; technological development and demonstration; and improving, upgrading, or enhancing our Properties; detecting security incidents; protecting against malicious, deceptive, fraudulent, or illegal activity; and prosecuting those responsible for that activity; and investigating suspected fraud, harassment, or other violations of any law, rule, or regulation, or the policies for our Properties.
- To comply with legal obligations, which may include: responding to law enforcement requests and as required by applicable law, court order, legal process, or governmental regulation; and acting in connection with a bankruptcy proceeding or the sale, merger, or change of control of DiligenceVault or the division responsible for the services with which your information is associated.
- To support core business functions, which may include: maintaining records related to business process management, loss and fraud prevention, and collecting amounts owing to us; and providing and maintaining the functionality of our Properties, including identifying and repairing errors or problems; and
- For any additional purposes that you specifically consent to.
We reserve the right to supplement your personal information with information we gather from other sources which may include online and offline sources. Furthermore, we may permit our vendors and subprocessors to access your personal information, but they are only permitted to do so in connection with performing services for us and our Users. They are not authorized by us to use the information for their own benefit.
We may collect information that is not personal information (“non-personal information”), including information lawfully made available from federal, state, or local government records, or aggregate or de-identified information. Because non-personal information does not personally identify you, we may collect, use,host, reproduce, display, perform or modify such information for the purpose of hosting and operating the Services. Furthermore, we reserve the right to develop and derive aggregate data (meaning information that relates to a group or category of individuals, from which individual identities have been removed) from personal information in order to create statistics, product enhancement, identify industry developments and monitor the performance and use of the Services.
HOW WE DISCLOSE OR SHARE YOUR INFORMATION
In addition to using your personal information ourselves, we may send your personal information to other companies, affiliates, and third parties in the following instances:
- Service Providers
We may share your personal information with service providers who may use your information to provide us services such as website hosting, data analysis, infrastructure provision, information technology services, customer service, email delivery services, payment processing, auditing, anti-fraud monitoring, etc. These service providers may have access to personal information that is necessary to perform their functions.
- Corporate Affiliates
We may share personal information with our corporate affiliates and subsidiaries, who process personal information on our behalf, where necessary to provide a product or service that you have requested or in other circumstances with your consent or as permitted or required by law.
- Parties to a Diligence Project
There may be times when you contact us to help resolve an issue specific to a diligence project of which you are a respondent or recipient. In order to help resolve the issue and in the context of our business relationship with the applicable customer User on that project, we may share your concern with our customer User.
- Legal Compliance and to Defend Our Rights
- Business Transfers
If the ownership of all or substantially all of our business changes, or all or some of our assets are sold as part of a bankruptcy or other proceeding, to allow the new owner to continue to operate the Properties, we may share your personal information and other information with third parties in connection with a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the assets of the DiligenceVault, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which information held by DiligenceVault about our Properties users is among the assets transferred.
Please note that if you specifically consent to additional uses of your personal information, we may use your personal information in a manner consistent with that consent.
With regard to Service Data our Users provide us with instructions on what to do with such information. For example, a User may provision or de-provision access to the Services, enable or disable third-party integrations, and manage permissions, retention, and export settings. These choices and instructions may result in the access, use, disclosure, modification, or deletion of Service Data. Users and their affiliates with whom you exchange information using our Services determine their own policies for the sharing and disclosure of Service Data. DiligenceVault does not control how Users or their third parties choose to share or disclose Service Data they received from you. We may transfer Service Data to third parties on our Users’ behalf, and under such circumstances, we do so strictly according to our Users’ instructions.
INTEGRATION WITH OTHER SITES AND SOCIAL MEDIA SERVICES
The Properties may also integrate with social networking services. We do not control such services and are not liable for the manner in which they operate. While we may provide you with the ability to use such services in connection with our Properties, we are doing so merely as an accommodation and, like you, are relying upon those third-party services to operate properly and fairly.
HOW WE PROTECT YOUR PERSONAL INFORMATION
We will retain your information for as long as your inquiry is active or as needed to provide you with the Properties, Services to our customers and for a reasonable time thereafter in accordance with our standard procedures or as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Even if we delete some or all of your information, we may continue to retain and use anonymous or aggregate data, or any other data that constitutes non-personal information. Please note that we will not be liable for disclosures of your data due to errors or unauthorized acts of third parties.
We strive to offer you choices about how information is used and shared. There are several ways in which you may opt out of the various programs and services we provide. Some of the ways in which you may opt out are described below.
Opting Out of Our Services. We may send you marketing messages via email, SMS message, or telephone. If you receive a marketing message from us, you may unsubscribe from future messages in accordance with our standard unsubscribe process (such as by using the unsubscribe link included in an email), or by sending an unsubscribe request to us at firstname.lastname@example.org. We will process your request within a reasonable time after receipt. Please note that if you opt out in this manner, certain aspects of our services may no longer be available to you.
Do Not Track. Some browsers have a “do not track” (also known as DNT) feature that allows you to signal to websites that you do not want your online activities tracked. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
CROSS-BORDER DATA TRANSFERS
If you submit personal information to us, your personal information may be processed in a foreign country where privacy laws may be less stringent than the laws in your country. By submitting your personal information to us, you agree to the transfer, storage, and processing of your personal information in a country other than your country of residence including, but not necessarily limited to, the United States. Please note that personal information transferred to the United States is subject to access by law enforcement. Where applicable, we may use model clauses approved by the laws of your jurisdiction (such as Standard Contractual Clauses approved by the European Commission) for cross-border data transfers.
Our Properties are intended for users ages 18 and over, and we do not knowingly collect personal information from children under the age of 16. When we become aware that personal information (or other information that is protected under applicable law) from a child under 16 has been collected, we will use all reasonable efforts to delete such information from our databases. If you believe we might have any personal information from or about a child under 16, please contact us by using the information in the section below titled Contacting Us.
EUROPEAN PRIVACY RIGHTS
IF YOU ARE SITUATED IN THE EUROPEAN ECONOMIC AREA (“EEA”), SWITZERLAND, OR THE UNITED KINGDOM, THIS SECTION APPLIES TO OUR COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL DATA AND ADDITIONAL RIGHTS YOU HAVE UNDER APPLICABLE LAW.
We will only use your personal data, as that term is defined under the General Data Protection Regulation (“GDPR”), when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you or our customers.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where you have consented to a certain use of your personal data.
- Where we need to comply with a legal or regulatory obligation.
To the extent permitted under applicable laws, we will also process, transfer, disclose, and preserve personal data when we have a good faith belief that doing so is necessary.
DiligenceVault is the data controller only for personal data collected through our Website or directly exchanged with us by communicating with us over email, telephone, recruiting platforms, social media, etc, We are not a controller for Service Data.
Provision of personal data and failure to provide personal data
Where we need to collect personal data by law or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may not be able to provide certain services to you.
Collection of personal data from third-party sources
We may obtain personal data and other information about you through public sources and through our third-party partners who help us provide our products and services to you.
Withdrawing your consent
If we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time by contacting us at email@example.com.
We may transfer personal data from the EEA, Switzerland, and the UK to the USA and other countries, some of which have not been determined by the European Commission or the UK Secretary of State to have an adequate level of data protection. Where we use certain vendors, we may use specific contracts approved by the European Commission or the UK Secretary of State which give personal data the same protection it has in Europe. For more information about how we transfer your data, please contact us at firstname.lastname@example.org.
Use of your personal data for marketing purposes
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising:
- Promotional offers from us: We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or used our services and, in each case, you have consented to our use of your personal data for marketing purposes.
Data Subject Rights
If you are situated in the European Union, Switzerland, or the UK, under the GDPR, as a data subject, you have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). Among other things, this enables you to receive a copy of the personal data we hold about you.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request the erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it or where we are required to erase your personal data to comply with local law. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
To exercise your rights under the GDPR, please contact us at email@example.com. We will respond to your complaint within 45 calendar days of receipt of your email. If your complaint relates to personal data that we process on behalf of our customers, we may pass your complaint to the relevant customer and will inform you we have done so.
Please note that in order for you to assert these rights, we may need to verify your identity to confirm your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. In order to verify your identity, we may need to gather more personal data from you than we currently have.
Data Privacy Framework Notice
DiligenceVault commitments under the EU-U.S. DPF, and compliance with the Principles, are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
In case a third party providing services on DiligenceVault’ behalf processes personal data from the European Union to the United States in a manner inconsistent with the Principles, DiligenceVault may be liable, unless we can prove that we are not responsible for the event giving rise to the damage.
If you are situated in the EEA, Switzerland, or the UK and have any complaints regarding our privacy practices, please contact our privacy manager here: firstname.lastname@example.org. We will respond to your complaint within 45 calendar days of receipt of your email. If your complaint relates to personal data that we process on behalf of our customers, we may pass your complaint to the relevant customer and will inform you we have done so.
If you feel that DiligenceVault has not satisfactorily resolved your complaint or has failed to respond to your complaint within 45 days, you may bring your complaint to the attention of your local data protection authority within the EU data protection authorities (“EU DPAs”). DiligenceVault commits to cooperate and comply respectively with the advice of the panel established by the EU DPAs and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) regarding unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, including handling of human resources data in the context of the employment relationship.
If you are located in the EEA and have not been able to resolve your complaint by any other mechanism, you may, in certain circumstances, be able to seek resolution via binding arbitration. For additional information about the arbitration process, please visit Annex I of the DPF Principles website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf
SINGAPORE, HONG KONG, JAPAN, AUSTRALIA, AND NEW ZEALAND PRIVACY RIGHTS
If you are a resident of Singapore, Hong Kong, Japan, Australia, or New Zealand, you are entitled, subject to any legal restrictions, to access any personal information relating to you that we process or control, and to have us correct or delete any information that you believe is inaccurate or out-of-date. You may be required to supply a valid means of identification as a security precaution to assist us in preventing the unauthorized disclosure of your personal information. We will process your request within the time provided by applicable law.
If you wish to exercise the rights set forth in this section, or if you require further information regarding our privacy policies and practices in the above-referenced regions, please contact us at email@example.com.
CHANGES TO THIS POLICY
If you have any questions about our privacy or security practices, you can contact us at firstname.lastname@example.org, or at the following mailing address:
1230 Avenue of the Americas 16th Floor
New York, NY 10020