Amsterdam, November 13, 2023

Customer Privacy Statement

Intrinsiq B.V. is a company helping businesses by providing various data and analytics services (Services) through a SaaS platform (Intrinsiq’s platform). On Intrinsiq’s platform, investors can store, analyse, and benchmark company data from their deal flow and portfolio companies while also benefiting from automated workflows.

In the process of providing our Services, we primary collect information from our Customers, which are companies. However, it is also necessary for us to collect personal data from you, as the contact person of a (potential) Customer of Intrinsiq. Your confidence in our handling of your personal data is of great importance to us. When your company uses our Services, we are committed to processing your personal data in a careful, secure, and transparent manner. This Customer Privacy Statement by Intrinsiq clarifies when and what personal data we collect from you, how we utilise it, and the duration for which we store your personal data. If you have any queries, please do not hesitate to contact us.

We may update this Customer Privacy Statement as required by new developments. You will be informed of any material changes to this Customer Privacy Statement through our regular communication channels, such as via email and/or the Intrinsiq Platform.

1.

To whom does this Customer Privacy Statement apply?

This Customer Privacy Statement is relevant to the processing of your personal data, in your role as the contact person for a current or prospective Customer, when you access our Services via our Intrinsiq Platform, website, and/or social media channels. Access to our Intrinsiq Platform is available through account creation. The specific personal data we collect and process about you is influenced by the choices you make and your interactions with us. Intrinsiq B.V. is a company helping businesses by providing various data and analytics services (Services) through a SaaS platform (Intrinsiq’s platform). On Intrinsiq’s platform, investors can store, analyse, and benchmark company data from their deal flow and portfolio companies while also benefiting from automated workflows.

2.

Who manages the processing of your personal data?

Intrinsiq, with its headquarters in Amsterdam, the Netherlands, acts as the data controller in managing your personal data.

In certain scenarios related to providing our Services, Intrinsiq might act as a joint data controller alongside the company you are employed by or represent (our Customer), depending on the nature of the Services provided. Our status as a joint controller is defined in the Controller-Controller Data Protection Agreement we have in place with your employer or represented company. This agreement specifies responsibilities regarding notifying you of data breaches, obligations to inform you about the processing of your personal data, and handling your requests as a data subject. For further details about our shared responsibilities, please feel free to reach out to us.

3.

What types of personal data do we collect?

The personal data we may process about you includes, but is not limited to:

  • Your first and last name, job title;
  • Email address and telephone number;
  • Your company's name and address, including the country;
  • Your user account's username and a hashed password;
  • Your IP address, the type of device you use, your language preferences, and details about your operating system and browser;
  • Your preferences for information, newsletters, and other content types;
  • Statistics and data related to your user behaviour;
  • Any content that you have shared, including posts on our social media platforms;
  • Any additional information that you voluntarily provide to us.

4.

How do we acquire your information?

The main source of your information comes directly from you. This occurs when your company enters into an agreement with Intrinsiq, when you establish an account on our Intrinsiq Platform, when you utilise our website and/or social media platforms or subscribe to our newsletter on our website. Additionally, we might receive personal data about you from third parties, provided you have given them permission to share your information with us, or through conducting internet searches.

5.

Why do we process your personal data and what are the legal grounds for this processing?

We utilise your personal data for various purposes, grounded on the following legal bases:

A. In relation to the general performance of our Services:

  • To deliver our Services to your company;
  • To enable the creation and use of your user account's functionalities on the Intrinsiq Platform;
  • To respond to your requests as a user of the Intrinsiq Platform (such as information inquiries, 
demonstrations of our Services);
  • To register your preferences regarding our Services;
  • To enhance and optimise our Services (for example, improving tool functionalities);
  • To pursue or defend against legal claims;
  • To fulfil legal requirements.

Legal grounds

  • Performance of a contract with you: we process your personal data to facilitate the functionalities of your account and the Intrinsiq Platform, fulfilling our contractual commitments to you;
  • Legitimate interests: the processing is essential for legitimate interests pursued by us or a third party. We have considered your privacy interests in this processing; hence, our legitimate business interests take precedence in cases where they might conflict;
  • Legal obligations: processing is necessary to adhere to our legal and regulatory obligations for administrative, accounting, and tax purposes, or when mandated to disclose information to government authorities or law enforcement agencies.

B. Regarding our sales and/or marketing efforts:

  • To establish and maintain communication with you (such as through our newsletter);
  • To inform and promote our (new) Services to you;
  • To gather your opinions on various topics, for instance, through (customer satisfaction) surveys.

Legal grounds

  • Legitimate interests: we may process your personal data as needed to achieve our legitimate interests or those of third parties. For our business purposes, we might collect, analyse, and interpret information about our Customers to identify new opportunities for selling and developing Services that meet the preferences and needs of our Customers. We have taken your privacy interests into consideration in this processing; hence, our legitimate business interests take precedence in cases where they might conflict;
  • Consent: if necessary, we will seek your consent to process your personal data for our sales and/or marketing activities. You have the option to withdraw your consent at any time by sending an email. It’s important to note that withdrawing your consent will not impact the lawfulness of our use of your personal data prior to your withdrawal.

C. In relation to our website and/or social media platforms:

  • To ensure you have the best possible experience on our website;
  • To send you newsletters or blogs;
  • To enhance our Services.

Legal grounds

  • Consent: for the use of specific cookies on our website, we seek your consent. Please refer to our Cookie Statement for detailed information on this. You are free to withdraw your consent at any time by sending an email. Withdrawing your consent will not affect the legality of our use of your personal data prior to the withdrawal;
  • Legitimate Interests: We may process your information as necessary to fulfil our legitimate interests. In some instances, we do not need your consent to use your personal data for contacting you. For example, if you have requested us to reach out to you via our contact page. Additionally, we may not always require your consent to use your personal data for marketing purposes. This could occur, for instance, if Intrinsiq acquired your email address through the website in connection with the sale of its Services and uses this email for direct marketing of its own similar Services. In these cases, we have a legitimate business interest in contacting you. This also applies to our marketing activities discussed earlier.

For the use of certain cookies, your consent is not required. This applies, for example, to functional cookies that manage your language preferences, where Intrinsiq has a legitimate interest in providing a functional website. For more information on this, see our Cookie Statement.

Your data will only be used for the purposes outlined in this Customer Privacy Statement. We will not employ it for any other reasons.

Additionally, we do not engage in decision-making processes that are solely automated, including any form of profiling.

6.

How long do we keep your information?

Intrinsiq generally retains personal data collected during its operations only as long as necessary for the purposes mentioned earlier. This typically means that we:

  • Your first and lastRetain your personal data as the contact person of our Customers, which is collected in relation to the provision of Intrinsiq's Services. This data will be deleted once the Services are concluded; name, job title;
  • Keep your personal data as the contact person of our Customers, gathered in the context of Intrinsiq's service provision, for the length of the Agreement with the Customer, and will ultimately delete your personal data no later than five years following the Agreement's termination;
  • Hold onto your personal data as contact persons of our potential Customers for no more than five years following the last interaction.

However, there are exceptions to the above guidelines. Intrinsiq may retain personal data for longer periods if a longer statutory minimum retention period is applicable or if it is necessary for legal proceedings.

7.

Who has access to your personal data?

Your personal data will be accessed by personnel working for or on behalf of Intrinsiq, strictly on a need-to-know basis and only for the purposes outlined earlier. Depending on the specific processing activities, personnel working for our Customers who are considered joint controllers alongside Intrinsiq may also have access to your personal data.

In cases where we employ the services of third parties to process your personal data on our behalf, serving as data processors, we ensure the establishment of suitable data processor agreements in compliance with relevant data protection laws.

We engage with the following types of third-party service providers who may receive and process your personal data:

  • Storage providers (for server services);
  • CRM (Customer Relationship Management) system providers;
  • Accounting and bookkeeping service providers;
  • Communication service providers (for email and chat systems);
  • Marketing automation service providers;
  • Software development service providers.

It's important to note that we may be obliged to share personal data with third parties as dictated by applicable laws or pursuant to a directive from a competent court or regulatory authority.

8.

How do we safeguard your personal data?

Our commitment to the security of your personal data is paramount. We have implemented a variety of physical, technical, and organisational safeguards to prevent unauthorised access and disclosure, ensuring the protection of your personal data. Below are some of the measures we have adopted:

Technical Security Measures

  • Utilisation of logical and physical security devices (such as safes, firewalls, network segmentation);
  • Management of access authorisations and maintaining log files;
  • Handling technical vulnerabilities through patch management;
  • Creating backups to ensure the availability and accessibility of personal data;
  • Encrypting connections and certain devices;
  • Implementing multi-factor authentication for specific system.

Organisational Security Measures

  • Allocation of responsibilities for information security;
  • Fostering security awareness among both new and existing staff;
  • Developing protocols to periodically test, assess, and evaluate security measures;
  • Regular inspection of log files;
  • Establishing procedures for responding to data breaches and security incidents;
  • Limiting access to personal data within the organisation based on a need-to-know basis.

Intrinsiq continuously reviews and updates its physical, technical, and organisational security measures as needed to maintain the highest level of data protection.

9.

What privacy rights do you have?

As a data subject, you hold certain rights regarding the processing of your personal data by us. Your rights include the ability to:

  • Request access to your personal data: You can inquire if we process your personal data and, if so, request a copy of that data;
  • Ask for correction or completion of your personal data: If you find the personal data we process about you to be inaccurate or incomplete, you can request its rectification;
  • Request deletion of your personal data: Under certain conditions, you can ask us to erase or remove your personal data;
  • Seek restriction of processing your personal data: In specific circumstances, like when you dispute the accuracy of your personal data, you can request a limitation on its processing. Object to our processing of your personal data: You have the right to challenge our processing of your personal data, especially if it's based on our or someone else's legitimate interests, or for direct marketing purposes. If processing is based on legitimate interests, we might continue processing upon demonstrating compelling legitimate grounds. However, for direct marketing objections, we will cease processing your data;
  • Refuse automated decision-making, including profiling: You have the right not to be subjected to decisions based solely on automated processing, including profiling, if it significantly affects you legally or in a similar manner;
  • Request data portability: In certain situations, you can obtain the personal data you've provided us (in a structured, commonly used, and machine-readable format) and reuse it elsewhere or request us to transfer it to a third party of your choice;
  • Withdraw your consent: If our processing relies on your consent, you have the right to withdraw this consent at any time without affecting the legality of the processing conducted before your withdrawal;
  • File a complaint with a supervisory authority: If you have concerns about our handling of your personal data, you can lodge a complaint with your local supervisory authority (for the Netherlands, refer to the Dutch Data Protection Authority's website).

10.

How to contact us

We are open to any questions, comments, or concerns you may have about how we handle your personal data and our privacy practices. If you have queries or wish to exercise your privacy rights, please feel free to reach out to us using the contact details provided:

Intrinsiq B.V.

H.J.E. Wenckebachweg 133

Intrinsiq 2106 AD Amsterdam

The Netherlands

E-mail address: info@intrinsiq.co