Cyndx Data and Privacy Policy

Last revised July 25, 2018

Cyndx Networks LLC (“Cyndx” or “we”) knows that you care how your personal information is used, processed, and shared. We are committed to complying with all laws and regulations governing the processing of personal data, including the General Data Protection Regulation (EU) 2016/679 (the “GDPR”). This Data and Privacy Policy explains what personal data we collect and process, how we use this data, why and to whom we may disclose this data, what your rights are with respect to this data, and how we secure information that we process.

Personal data that we collect is controlled by Cyndx Networks LLC, 757 3rd Ave., Ste. 1502, New York, NY 10017. We act as processor with respect to data that we control.

Some of our clients use our platform to process personal data that they control. With respect to such personal data, those clients act as controllers, and we act as processor.

We engage a sub-processor to provide web hosting and platform services on our behalf. We purchase our sub-processor’s standard offering; consequently, the sub-processor controls the country in which data is stored. Our sub-processor currently stores all data that we control and process in the United States of America.

By entering into a subscription agreement with us, accessing our platform (including the Finder, Raiser, and Owner tools), browsing our website, or signing up for email alerts from us, you agree to this Data and Privacy Policy.

What personal data do we collect and process from you and others in connection with the Cyndx platform?

In connection with the Cyndx platform, the categories of personal data that we collect and process from you and others include:

  • names,
  • email and physical addresses,
  • business telephone numbers,
  • information about business affiliations, and
  • information about holdings in certain securities.

We obtain such personal data in several ways:

  • we collect personal data when a business registers for our software-as-a-service (“SaaS”) platform and provides information regarding its authorized users;
  • we collect personal data when you enter information regarding your business’s team into our Raiser capital-raise tool;
  • we collect personal data when you enter information regarding natural persons’ holdings in securities into our Owner capitalization table tool;
  • we collect business-related personal data from publicly available sources and third-party vendors, some of which is made available in our Raiser capital-raise tool and our Finder research tool; and
  • you may choose to provide us with certain personal data when you contact us, visit our website, or register to hear about our products or services.

In using our Raiser and Owner platforms, you may choose to limit the amount of personal data that you enter into our platform or to avoid providing us with personal data at all.

What Usage Data Do We Collect?

We collect technical and usage information about visitors to our website and users of our SaaS platform, including internet protocol (“IP”) addresses, internet service providers, browser types, date and time stamps, device types, and operating systems. To collect this information, we use common internet technologies, such as cookies and web beacons.

We use the technical and usage information that we collect:

  • to administer our services more efficiently,
  • to analyze trends,
  • to administer our SaaS tools and website, and
  • to gather information about our user base.

We may use log-ins, cookies, and IP addresses to link this usage and technical information with your previous data if you are a Cyndx client (or an authorized user of such a client) or have previously provided your personal data to us as a prospective user of our services and have affirmatively consented to this Data and Privacy Policy.

If you are a current, prospective or former user of Cyndx products, we may obtain similar technical information in connection with our email marketing campaigns. To evaluate the effectiveness of our email marketing, we may, for instance, see whether you opened an email message from us, if your email device supports such capabilities.

In addition, for Cyndx’s paid and logged-in platforms only, we use several third-party analytics tools to collect information about the performance and usability of the Cyndx platform. For users of our logged-in platforms, we use a clickstream data collector called FullStory. We use clickstream data only to improve delivery of our services and have carefully excluded certain categories of personal information from the information that is collected by FullStory. You may opt out of clickstream data collection by FullStory at any time at https://www.fullstory.com/optout/.

We do not collect or process personal data falling into the special categories set forth in Articles 9 and 10 of the GDPR.

We do not offer services to children, and we do not knowingly collect children’s personal data. If you believe that we have collected or processed a child’s personal data, please contact us at privacy@cyndx.net.

How do we use personal data?

We offer SaaS tools to companies seeking to raise capital and manage their capitalization tables and to institutional investors seeking strategic opportunities. Certain features of those tools require that we store, process, and make available to our clients—who access our platform subject to confidentiality restrictions—business-related personal data. Our clients may access such personal data to find representatives of either prospective investors or companies in which they are interested in investing. They may also store and access personal data to manage their capitalization tables. Our clients may be able to export limited amounts of personal data from the Cyndx platform for their business purposes, subject to confidentiality restrictions.

In addition to using personal data to facilitate the core functions of the Cyndx platform, we use personal data to manage and authorize access to the Cyndx platform. We also use the personal data of our clients’ authorized users to provide support to our clients.

We collect only as much personal data as is needed to further these purposes. We do not engage in, or permit, processing of personal data unconnected with these purposes.

We consistently work to improve the Cyndx platform, adding new features, new data, and new ways for our clients to use it. If we begin collecting different categories of personal data or materially change the ways in which we use your data, we will amend this Data and Privacy Policy and will notify you if you have subscribed to any of our email marketing campaigns, contacted us as a prospective user of our services, or registered as an authorized user of our services.

For How Long Do We Retain Personal Data?

We retain personal data only for as long as necessary for the purposes for which it was collected, including where such data is collected for the purpose of maintaining up-to-date business-related contact information accessible by users of our SaaS tools. We may also retain personal data to comply with applicable legal or regulatory requirements, to maintain security, to prevent fraud and abuse on the Cyndx platform, or to enforce our contractual rights. To the extent that we need to retain a person’s personal data to fulfill those purposes, but identification of the person is no longer necessary, we will endeavor to pseudonymize such person’s personal data in our systems.

What Is the Legal Basis for Our Processing of Personal Data?

We process personal data only if there is a legal ground to do so. Without prejudice to other valid legal grounds for processing data under the GDPR and other laws and regulations, we may process your data if:

  • you have given affirmative consent to the processing of your personal data for specific purposes;
  • the processing is necessary either for the performance of a contract to which you are party or to take steps at your request before entering into a contract;
  • the processing is necessary for compliance with a legal or regulatory obligation;
  • the processing is necessary to protect our vital interests; or
  • the processing is necessary for the pursuit of our legitimate interests or those of our clients, except where such interests are overridden by the interests or the fundamental rights and freedoms of the persons whose data is so processed.

Why, and to whom, might we disclose personal data?

In the ordinary course of our business, we may disclose certain personal data to our clients where such data is material to their efforts to complete business transactions. Further, we may disclose personal data to our subsidiaries, affiliates, agents, contractors, service providers, and other third parties that we engage to support our business. Such disclosures are limited by confidentiality restrictions contained in separate agreements in place between us and our clients.

Outside of the ordinary course of our business, we may transfer personal data in the following situations:

  • If Cyndx, a Cyndx business unit, or all or substantially all the assets of Cyndx are acquired, the personal data that we control may be transferred to the acquirer. In the event of such an acquisition, personal data transferred to the acquirer likely will continue to be subject to this Data and Privacy Policy.
  • We may disclose personal data that we control when we believe that the disclosure of such information is necessary for compliance with applicable laws and regulations, enforcement of our agreements, or protection of the rights or property of Cyndx and our clients. This activity will not include selling personal data that we control for commercial purposes in a way that is contrary to the commitments set forth in this Data and Privacy Policy.

We do not disclose personal data for direct marketing purposes.

In the future, we may transfer personal data under our control to other countries. If we do so, we will ensure that we transfer such data subject to appropriate safeguards.

What are your rights with respect to your personal data?

You may have the following rights with respect to your personal data that we store:

  • Right of Access: You may have a right to access and obtain a copy of your personal data as processed by Cyndx.
  • Right to Rectification: If you believe that we possess your personal data and that your personal data are incorrect or incomplete, you may request the correction or completion of your personal data.
  • Right to Erasure: You may request the deletion of your personal data from our systems.
  • Right to Restrict Processing: You may request restriction of the processing of your personal data on our systems.
  • Right to Object: You may object to the processing of personal data where we have not obtained your consent but have undertaken such processing where we believe that pursuit of our legitimate interests is not overridden by your fundamental rights and freedoms with respect to the personal data that we are processing.
  • Right to Withdraw Consent: If we previously obtained your consent to process your personal data, you may withdraw your consent for us to process your data in the future.

We will honor your requests, objections, and withdrawals as required under applicable law and data protection rules, which qualify the rights listed above with certain exceptions. We may refuse to honor your requests, objections, and withdrawals if such exceptions apply.

If we cannot honor your request, objection, or withdrawal, we will explain to you the reasons for our decision.

To exercise your rights, or to inquire about your personal data, please contact us at privacy@cyndx.net. We will investigate your concern and respond to your inquiry promptly. If you contact us, we may request additional information necessary to confirm your identity.

If you are dissatisfied with our response, you may complain to the data protection authority in the jurisdiction where you reside.

How do we secure your data?

Within our business, we have implemented internal controls to protect personal data from misuse, unlawful disclosure or access, and any other unlawful form of processing, and we take reasonable steps to secure your personal data from external misuse or unauthorized disclosure while such data is under our control.

We endeavor to protect your information during its transmission by using Secure Sockets Layer (SSL) software. Nevertheless, the transmission of information via the internet is never entirely secure, even when information is encrypted during transmission. Consequently, we do not warrant the security of information that you send to us during its transmission.

Amendments to This Data and Privacy Policy

We may amend this Data and Privacy Policy. Please contact us at privacy@cyndx.net to be notified of changes.

How to Contact Us

If you have questions about this Data and Privacy Policy, please do not hesitate to contact us by email at privacy@cyndx.net or by mail at:

Cyndx Networks LLC
Attention: General Counsel
757 3rd Ave., Suite 1502
New York, NY 10017