Notice to European Individuals
This Notice to European Individuals provided by Forge Europe GmbH and Forge Europe UK Ltd, as applicable (“we”, “us”, or “our”) pursuant to the GDPR or UK GDPR (both referred to throughout this Notice as the GDPR), supplements our Privacy Policy and applies to the collecting and processing of personal data by us of natural persons located in the European Economic Area and the United Kingdom (collectively, “European Individuals,” and individually, “you,” or “your”). It is important that you read this Notice together with our Privacy Policy and any other privacy policy or fair processing policy we may provide so that you are fully aware of how and why we use your personal data. If you are not a European Individual, this Notice to European Individuals does not apply to you.
With respect to any combination of conflict between the provisions of this Notice and any other provision of our Privacy Policy, this Notice takes precedence with respect to the personal data of European Individuals.
Controller Disclosure & Details: We are a data controller of personal data regarding the following categories of European Individuals: Prospective/current customers (collectively, “Customers”), business contacts at Customers, vendors, suppliers, or other third parties (“Business Contacts”), visitors to our website (“Website Visitors”) and job applicants (“Job Applicants”) for the purposes and under the legal bases described in the table below. Please note that, in some cases, the categories of data subjects above may overlap (e.g., Customers, Business Contacts and Job Applicants using our websites are also Website Visitors).
This Notice does not apply to Job Applicants, our employees, workers and contractors.
For a description of what we mean by Identity Data, Contact Data, Financial Data, Profile Data, Usage Data, Ownership Data, Marketing and Communications Data and Technical Data as referenced below, please refer to section 2 of our Privacy Policy.
| Data Subject Category | Type of Data | Purpose & Legal Basis of Processing |
|---|---|---|
| Website Visitors |
Identity Data Contact Data Technical Data Usage Data |
Information Security: We process this information pursuant to our legitimate interests in tracking site usage, combating DDOS or other attacks, and removing or defending against malicious individuals or programs on our websites. We also process this information to comply with a legal obligation relating to how we manage our organization or our relationship with your organization. |
| Website Visitors |
Technical Data Usage Data |
Websites’ Operation and Improvement: We process this information pursuant to our legitimate interest in operating and improving our websites. |
| Website Visitors |
Identity Data Technical Data |
Audience Measurement and Retargeting: Pursuant to a Website Visitor’s consent, we use analytics cookies, and collect identifiers through such cookies, for purposes of audience measurement, analytics, audience reaction to the websites’ content, and creating relevant Website Visitor experiences (such as based on their interaction with our websites). |
| Customer |
Identity Data Contact Data Profile Data Financial Data |
Registering Account: We will process your personal data to perform our contract with you. |
| Customers |
Identity Data Contact Data Usage Data |
General Business Development and Management: We will process this personal data pursuant to our legitimate interest in creating and managing our business relationships with European Individuals, including without limitation:
|
| Customers |
Identity Data Contact Data Marketing and Communications Data Usage Data |
Direct Marketing: Generally, we send email marketing to European Individuals pursuant to their consent to inform them about products, programs, services and offers we think may be of interest to them, but also to solicit further participation from them (including for research and development purposes and third party direct marketing purposes). In cases where a Customer buys, or enters into negotiation for the sale of, a product or service, email marketing may be sent to such Customer pursuant to our legitimate interest in sending marketing communications to such Customers in the context of such engagement unless the Customer has opted out from receiving such marketing communications. |
| Customers |
Identity Data Contact Data Financial Data Profile Data Usage Data Ownership Data |
Services: We will process this personal data to provide our Services to you (i.e. perform our contract with you). |
| Customers |
Identity Data Contact Data Financial Data Profile Data Usage Data Ownership Data |
Transaction Processing: We will process this personal data as necessary to provide our Services (including the execution of Transactions for our Customers through our Services) as detailed in section 4 of our Privacy Policy in accordance with the performance of our contracts with our Customers, in order to take steps at a Customer’s and its representatives’ request prior to entering into such contracts, pursuant to our legitimate interest in authenticating Customers’ and their representatives’ identities and fraud prevention, and to comply with our legal obligations in providing our Services. |
| Customer |
Identity Data Contact Data Financial Data Profile Data Usage Data Ownership Data |
Know your customer: We will process your personal data as required by applicable banking, financial information, securities transactions, money laundering, terrorism and know your customer laws, rules and regulations in order to comply with our legal obligations. |
| Customer |
Identity Data Contact Data Financial Data Profile Data Usage Data Ownership Data |
Identity verification: We will process your personal data to verify your identity, status as a professional investor, accredited investor or qualified purchaser (if applicable), process diligence checks to comply with our legal obligations and pursuant to our legitimate interest in establishing your eligibility and suitability to be a member of the Forge community. |
| Customer |
Identity Data Contact Data Financial Data Profile Data Usage Data |
Personalization: We will process your personal data to personalize your experience and customize content relevant to your interests, including advertising and marketing our Services, through email, social media channels, third-party sites, and on other devices you may use. This is pursuant to our legitimate interest in promoting our business. Your consent to our use of non-essential cookies, or other tracking technologies, on our websites. |
| Customers |
Identity Data Contact Data Usage Data Profile Data |
Developing our Business and improving our Services. We will process this personal data to improve our Services, update and built our repository of information about companies and shareholders and for research and study purposes. This is pursuant to our legitimate interest. |
| Business Contacts |
Identity Data Contact Data Account Data |
Vendor or Business Partner Business Development: We will receive the personal information of contacts employed or otherwise associated with by our vendors or business partners. We process such information in our legitimate interest in establishing and developing our vendor or business partner relationships (including obtaining information about their products and services). |
| All |
Identity Data Contact Data |
Manage our relationship with you: We will process your personal data to manage our relationship with you which will include notifying you about changes to any contractual documents between us such as terms, conditions, our privacy policy and cookie policy, as well as administrative information. We do so to perform our contract with you or to comply with our legal obligations. |
| All |
Identity Data Contact Data Profile Data |
Referral: We will process your personal data when you invite others to use Forge or when you have been invited by someone to use Forge, as applicable. |
EU Contact: Forge Europe GmbH, c/o Deutsche Börse AG, Unter den Linden 38, 10117 Berlin, [email protected].
UK Contact: Forge Europe UK Limited, 10 York Road, London SE1 7ND, [email protected].
We may share your personal data with the other party or parties to a prospective or actual transaction, as well as intermediate entities, brokers, funds and any third party managing and servicing the funds or the company you are investing in as set out in more detail in section 5 of our Privacy Policy, as well as their lawyers, auditors, brokers, insurers and other professional advisors and service providers.
We may also disclose personal data to third parties (including but not limited to affiliated broker-dealers, custodial organizations, financial institutions and payment providers) who provide us with services relating to administration, telecommunications, payment, clearing, audit, accounting, risk management, credit, legal, compliance, operations, sales and brokerage, marketing, relationship management, securities management, information technology, records and data storage, performance measurement and compilation and analysis in connection with our Services (including the execution of Transactions for our Customers through our Services).
We may also disclose your personal data to our parent companies, subsidiaries, affiliates, joint ventures, or other companies under common control (“Affiliates”), as well as their professional advisers. Our legal basis for all of the above data sharing is our legitimate interest in managing and promoting our business.
If we pass your personal data to one of our Affiliates so that it can respond to your inquiry if it relates to that Affiliate, that Affiliate will be using your personal data as a separate data controller for the purposes of the GDPR.
We may also disclose personal data to respond to claims of violation of third party rights or to enforce and protect our rights.
Retention: Except as set forth below, Forge will only retain your personal data for as long as it is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Details of retention periods for different aspects of your personal data are available in our Retention Policy which you can request from us.
Your GDPR Rights: As a natural person, you have a right to: (i) request access to, correction, and/or erasure of your personal data; (ii) object to processing of your personal data; (iii) restrict processing of your personal data; (iv) request a copy of your personal data, or have a copy thereof sent to another controller, in a structured, commonly used and machine readable format under the right of data portability, and (v) withdraw your consent where consent is used as the legal basis for processing your personal data.
You may exercise these rights and submit a GDPR complaint by contacting: [email protected] with the subject line “GDPR Privacy Notice”.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You also have the right to lodge a complaint about the processing of your personal data with a supervisory authority of the European state where you work or live or where any alleged infringement of data protection laws occurred. A list of most of the supervisory authorities can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. The supervisory authority in the UK is the Information Commissioner’s Office (https://ico.org.uk/). We would, however, appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance.
Objecting to Legitimate Interest/Direct Marketing: You may object to personal data processed pursuant to our legitimate interest (or that of a third party). In such case, we will no longer process your personal data unless we can demonstrate appropriate, overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defense of legal claims. You may also object at any time to processing of your personal data for direct marketing purposes by clicking “Unsubscribe” within an automated marketing email or by submitting your request to [email protected] with the subject line “GDPR Privacy Notice” (the latter for instance where, for example, you would not like to receive follow-ups from our sales team). In such case, your personal data will no longer be used for that purpose.
Duty to inform us of changes. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Transfer of Personal Data outside of Europe: We may transfer your personal data outside the EEA or the UK (for example, to the US). We transfer your personal data outside the EEA or the UK, but will not make such a transfer unless (i) we have signed a specific contract approved for use in the EEA or UK, as applicable, which gives personal data the same protection it has in the EEA or UK, as applicable, (ii) the recipient is located in a country that has received an adequacy decision from the European Commission or the UK government, as applicable, or (iii) where a derogation under GDPR Article 49 or similar provision applies.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA or UK.
Disclosure to Public Authorities: We may be required to disclose your personal data in response to lawful requests by public authorities or for other legal reasons, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal data to other third parties when compelled to do so by public authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.
Corporate Restructuring: In the event of a merger, sale, investment, reorganization, dissolution, or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal data, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal data as set forth in this Notice.
Updates to this Notice: If, in the future, we wish to update this Notice, for example, because we intend to process your personal data for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information at a reasonable time prior to such processing. After such time, the relevant information relating to such processing activity will be revised or added appropriately within this Notice, and the “Effective Date” at the top of this page will be updated accordingly.
How to Contact Us: Please reach out to [email protected] for any questions, complaints, or requests regarding this Notice; please include the subject line “Notice to European Individuals.”