Privacy Policy
Last updated: December 1, 2023
Sapphire Ventures, LLC (“Sapphire Ventures”, “we”, “us”, or “our”) invests in growth-stage and early-stage technology companies and early-stage venture funds and offers a platform for business development. This privacy policy (“Policy”) describes how we handle the personal information that we collect through our digital or online properties or services that link to the Policy, including as applicable our website, www.sapphireventures.com (the “Site”), as well as any other website that we own or control and which posts or links to this Policy, our social media pages, marketing activities, live events and other activities described in this Policy (collectively, the “Services”). This Policy also covers our processing of the personal information that we collect from our employees, other Sapphire Ventures personnel, and job applicants for human resources purposes.
California residents: See our Notice to California residents for information about your personal information and privacy rights.
Individuals in the EEA/UK: See our EEA/UK notice for information about your personal information and data protection rights.
References to “personal information” in this Policy are equivalent to “personal data” governed by European data protection legislation, including the “GDPR” (i.e., the General Data Protection Regulation 2016/679 (“EU GDPR”) and EU GDPR as it forms part of UK law (“UK GDPR”)). Under the GDPR, personal data is information about an individual, from which that individual is either directly identified or can be identified.
Your use of our Services, and any dispute over privacy, is subject to this Policy.
International Transfer of Personal Information
Additional Information for Certain Jurisdictions
Information We Collect
The personal information we collect varies depending upon the nature of the Services provided or used and our interactions with individuals. We may collect personal information about you directly from you (for example, when an individual contacts us), automatically related to the use of the Services, and in some cases, from third parties (such as clients and business partners and operators of certain third-party services that we use or partner with).
Information We Collect Directly. We collect information directly from our personnel and job applicants and from individuals and businesses that use our Services, register for or attend our events and programs, participate in our surveys, or otherwise communicate or interact with us. For example:
- If you sign up for certain Services, we collect information in order to provide the Services, including information such as your name, email, and phone number (“Contact Data”)), your education history and degrees (“Education Data”), information such as current employment, title, and employment history (“Company Data”), and information such as your investments in different companies and funds (“Investment Data”).
- If you sign up to receive news, updates, offers and other marketing communications from us, we may collect your Contact Data and information about your preferences and engagement with our marketing communications (“Marketing Data”).
- We may also collect your Contact Data and other information when you participate in events, programs, talent exchanges, or activities offered by us (collectively, “Events”) or submit surveys or feedback to us. If you participate in any of our Events, we may collect information related to your participation (collectively, “Event Registration Data”).
- When you email us, call us, or otherwise communicate or correspond with us, we may collect and maintain a record of your contact details, communications, our responses (collectively, “Communications Data”), and a recording of virtual meetings and/or transcriptions of such meetings (collectively, “Virtual Meeting Recordings and Related Data”). Such recordings may capture your voice, image, and group chats during the meetings, as well as other personal information. Such recordings may be used and shared as described herein or as otherwise disclosed to you prior to such recording.
- If you post content, share content during a virtual meeting, or submit comments to us (“User Content”), we may maintain a record of your User Content, including the location, date and time of submission.
Information We Collect from Third Parties. We may collect personal information about you from third parties we work with such as third-party providers of services to us (e.g., security), social networks, advertising networks, analytics providers and joint marketing partners, as well as from public records and our affiliated companies. For example:
- If you post or if you engage with a separate social media service (e.g., Twitter, Facebook, Instagram, etc.) or interact with us on our page with any social media service, we may collect personal information about you related to those interactions.
- We receive information from advertising networks or analytics providers when you view or interact with our ads and marketing or use our Site.
- We may obtain personal information, such as demographic information or updated contact details, from data brokers, public records and affiliated companies.
- If you participate in our talent exchange program (or similar programs), we may receive information about you from participating portfolio companies and our business partners related to employment opportunities.
Automatically Collected Information. We may collect information via automated means or derive information about you when you use our Site and Services or otherwise interact with us. For example:
- We and our third party providers may use cookies, pixels, tags, log-files, and other technologies to collect information about a user from their browser or device (such as your browser type, device type, operating system, software version, device type, operating system, platform-dependent information, requested document, IP address, unique identifiers, language settings, and general location information (collectively, “Device Data”).
- We and our third party providers may also obtain information about the referring URL, date and time of your visit, clickstream data (e.g. about the pages you view, links you click and date and time stamps for your activities on our Site) and whether you have opened our emails or clicked links within them (collectively, Online Activity Data”).
- Geolocation data when you authorize the Service to access your device’s location (“Precise Geolocation Data”).
- We may also receive information about your interactions with our ads (on our Site and apps and on those of third parties). See our Cookie Notice for more information.
Employees, Personnel, and Job Applicants. As part of our Human Resources function at Sapphire Ventures, we may collect your name; contact information; demographic data; government identification numbers; employment details; spouse’s/partner’s and dependents’ information; background information; video, voice, and image information (including recordings and related personal information, as described above); financial information; and workplace device, usage, and communications data. If you are a Sapphire Ventures employee, we collect personal information about you (and your dependents, beneficiaries, and other individuals associated with your employment) primarily for managing our employment relationship with you and managing your interactions with workplace facilities and information systems. For other Sapphire Ventures personnel, we collect personal information needed to manage your engagement and access to our facilities and information systems. If you are a job applicant, the type of personal information we collect is generally limited to what we need to engage with you about career opportunities, consideration of your application for employment to specific roles at Sapphire Ventures, and to onboard you at Sapphire Ventures if you receive and accept an offer of employment with us.
How We Use Information
We may collect, use, disclose, and otherwise process your personal information for the business and commercial purposes described in this section.
We may use your personal information for the purposes set forth below.
Processing Activity |
Purposes for Processing |
| Manage your employment or engagement, or your job application |
|
| Providing services and support |
|
| Analyzing and improving our business |
|
| Personalizing content and interest-based advertising |
|
| Direct marketing and promotional purposes |
|
| Protecting rights and interests |
|
| Legal compliance |
|
| Auditing, reporting, corporate governance, and internal operations |
|
| Aggregate and De-identified Data |
|
How We Disclose Information
We may disclose the personal information we collect to third parties and for the purposes set forth below:
- Our affiliates: within the Sapphire Ventures group of companies.
- Service Providers: to our vendors, sponsors, service providers, agents, or others who perform functions on our behalf. For example, we may disclose your information to third-party service providers – for example, those that provide data storage services or host our client relationship management and other business systems, or those that transcribe content from recorded virtual meetings.
- Business transferees: to another entity in connection with an actual or potential acquisition or merger, sale or transfer of a business unit or assets, or as part of any other similar business transfer.
- Protecting rights and interests: to protect the safety, rights, property, or security of Sapphire Ventures, our services, any third party, or the general public; to detect, prevent, or otherwise address fraud, security, or technical issues; to prevent or stop activity which Sapphire Ventures, in its sole discretion, may consider to be, or to pose a risk of being, an illegal, unethical, or legally actionable activity; to use as evidence in litigation; and to enforce this Policy.
- Legal compliance: to comply with applicable legal or regulatory obligations, including as part of a judicial proceeding; in response to a subpoena, warrant, court order, or other legal processes; or as part of an investigation or request, whether formal or informal, from law enforcement or a government official.
- Event organizers: to third parties involved with events that you register for, to facilitate your participation in those events.
- Business partners: to our business partners in order to perform services you request or authorize (e.g., our portfolio companies and investors).
- Advertising and analytics partners: to third parties that provide advertising, campaign measurement, online and mobile analytics, and related services to us (with your consent, where required by applicable laws). They may use this information to help us better reach individuals with relevant ads and to measure and improve our ad campaigns, or to better understand how individuals interact with our Services. In addition, these third parties may combine the information collected from us and our Services with information collected about you from third-party sites, apps and services, in order to make inferences about you and your interests, to better tailor advertising and content to you across multiple sites, apps, and services, and to collect associated metrics.
- Other virtual meeting participants or interested parties: Your Virtual Meeting Recordings and Related Data may be shared with other virtual meeting participants or interested parties, such as those who registered to attend the meeting but did not actually attend.
- With consent: to third parties for other purposes, with your consent.
Third-Party Sites and Widgets
Our Services may contain links to other third-party websites with privacy practices that may differ from ours. Sapphire Ventures is not responsible for the privacy practices or the content of other websites or any information you submit to a third-party website outside the Sapphire Ventures group of companies. We encourage you to carefully read the privacy policy of any website you visit.
Our Site also may include social media features and widgets (collectively “Widgets”), such as a “share this” or “like” button or other interactive mini-programs that run on our Services. Widgets can be used to provide you specific services from other companies (e.g., displaying the news, opinions, etc.). These third-party sites may collect your IP address and certain information through the Widgets. Cookies may also be set by the Widgets to enable them to function properly. Widgets displayed on our Site are hosted by the relevant third party and are subject to the privacy policies of the third-party company providing the Widget, and not this Policy.
International Transfers
Sapphire Ventures is headquartered in the United States. The personal information that we collect from you may be transferred to, accessed or stored in and subject to requests from law enforcement in the United States, and other jurisdictions in which we (or our service providers) operate. Some of these jurisdictions, including the United States, may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements where required.
For more information on how we transfer personal information from the European Economic Area and/or United Kingdom, please see GDPR International Data Transfers below.
Security
Sapphire Ventures is committed to protecting your personal information. Sapphire Ventures has implemented security measures to help protect your personal information from unauthorized access, use, or disclosure. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.
Retention
Sapphire Ventures will generally not retain your personal information longer than is necessary to fulfill the purposes for which it was collected or as necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records and to enforce our agreements. We may retain personal information for longer where required by our compliance or regulatory obligations, professional indemnity obligations or where we believe it is necessary to establish, defend or protect our legal rights and interests or those of others. To determine the appropriate retention period for personal information, we may consider factors such as the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
When we no longer require the personal information we have collected about you, we may either delete it, anonymize it, or isolate it from further processing.
Children
Our Services are not targeted to children under eighteen (18) years of age and we do not knowingly collect personal information from children under 18. If we discover that a child under 18 has provided us with personal information, we will promptly delete such personal information from our systems.
Your Privacy Choices
In this section, we describe the rights and choices available to all users. Users who are located in California, the United Kingdom and the European Economic Area can find additional information about their rights below in the Notice to California Residents and the EEA/UK Notice, respectively.
Marketing Choices. You may choose not to receive any more emails at any time by following the opt-out instructions contained in our email. Please note that it may take up to ten (10) business days for us to process opt-out requests. If you opt out of receiving emails about recommendations or other information we think may interest you, we may still send you emails about your account or any requests you have made with us.
Cookies. For information about cookies employed by the Site and how to control them, see our Cookie Notice.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track.” To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.
Changes to this Policy
This Policy is current as of the Last Updated date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our website and will take steps to notify website users of material changes, such as via email or a prominent notice on the website.
Contact Us
If you have any concerns or questions about this Policy or how we handle your personal information, please contact us at [email protected].
Additional Information for Certain Jurisdictions
EEA/UK Notice
A. GDPR Rights
To the extent that the GDPR or the UK Data Protection Act applies to Sapphire Ventures’ processing of your personal information, you may have the following rights in relation to that personal information:
- to obtain from us confirmation as to whether or not personal information concerning you is being processed, and where that is the case, to request access to the personal information. The accessed information includes – among others – the purposes of the processing, the categories of personal information concerned, and the recipients or categories of recipient to whom the personal information have been or will be disclosed. You have the right to obtain a copy of the personal information undergoing processing;
- to correct any personal information that we hold about you;
- to have your personal information removed under certain circumstances unless continued processing is necessary by law;
- to have the processing of your personal information restricted where you dispute its accuracy, if you think its processing is unlawful, or if you otherwise object to its processing, or when Sapphire Ventures no longer needs your personal information and you need it in relation to a legal claim;
- to receive copies of your personal information under certain circumstances;
- to object at any time to any processing of your personal information which has our legitimate interests as its legal basis. You may exercise this right without incurring any costs. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. The right to object does not exist, in particular, if the processing of your personal information is necessary to take steps prior to entering into a contract or to perform a contract already concluded;
- to request that we change the manner in which we contact you for marketing purposes. You can request that we do not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes;
- to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside the EU/EEA/UK. We may redact data transfer agreements to protect commercial terms; and
- to complain to your national data protection regulator if you feel that any of your personal information is not being processed in accordance with the GDPR.
- to withdraw your consent, where the processing of your personal information is based on consent; if you withdraw your consent, Sapphire Ventures will stop processing your personal information, unless we have another legal basis for doing so.
To exercise any of these rights, make a complaint, or request any additional information, please contact us at [email protected]. Please note that we may rely on applicable exemptions under EU, Member State or UK law in order to deny part or all of your request. If we do so, we will inform you when responding to your request.
B. GDPR Legal Bases
In respect of each of the purposes for which we use your personal information, the GDPR requires us to ensure that we have a “legal basis” for that use. Our legal bases for processing your personal information described in this Policy are listed below.
- Contractual Necessity: where processing of your personal information which is required for us to perform obligations or exercise rights under contracts that you may have with us (for example, if you use our Services).
- Compliance with Laws:to comply with our legal obligations (for example, maintaining information in accordance with tax, audit, or company law requirements and responding to legal process).
- Legitimate Interests: in furtherance of our legitimate business interests including:
- to facilitate your participation in interactive features you may choose to use on our websites and Services and to personalize your experience with the Services by presenting content tailored to you.
- to correspond with you, notify you of events or changes to our Services, or otherwise respond to your queries and requests for information, which may include marketing to you.
- to send you advertising material via email, such as surveys and promotions (except where consent is required under applicable laws).
- to provide and personalize the Services.
- to analyze and otherwise use recordings of virtual meetings.
- for data analysis, audits, fraud monitoring and prevention, and developing new product offerings, enhancing, improving or modifying our websites, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.
- to protect and defend our legal rights and interests and those of third parties.
- Consent: where applicable laws require that we obtain your consent to collect and process your personal information, we will obtain your consent accordingly. When we obtain your consent, the GDPR (where it applies) and other applicable laws give you the right to withdraw your consent without penalty. You can do this at any time by contacting us using the details at the end of this Policy. In some jurisdictions (not including where the GDPR applies), your use of the websites may be taken as implied consent to the collection and processing of personal information as outlined in this Policy.
Processing Activity |
GDPR Legal Basis |
| Providing services and support | Contractual Necessity
Legitimate Interests We have a legitimate interest in offering you a good service, including by allowing you to customize your experience with your own content and by communicating with you where you have contacted us. |
| Analyzing and improving our business | Legitimate Interests
We have a legitimate interest in analyzing and improving our business to ensure that we are offering the best service possible and to optimize business processes Consent |
| Personalizing content | Legitimate Interests
We have a legitimate interest in providing you with a good service, which is personalized to you and that remembers your selections and preferences Consent |
| Advertising, marketing and promotional purposes | Legitimate Interests
We have a legitimate interest in promoting our services and sending marketing communications for that purpose Consent |
| Protecting rights and interests | Compliance with Laws
Legitimate Interests Where Compliance with Laws is not applicable, we have a legitimate interest in ensuring the protection, maintenance, and enforcement of our rights, property, and/or safety. |
| Legal compliance | Compliance with Laws
Legitimate Interests Where Compliance with Laws is not applicable, we have a legitimate interest in participating in, supporting, and following legal process and requests, including through co-operation with authorities |
| Auditing, reporting, corporate governance, and internal operations | Compliance with Laws
Legitimate Interests Where Compliance with Laws is not applicable, we have a legitimate interest in implementing, maintaining and utilizing good corporate governance processes |
| Aggregate and De-identified Data | Legitimate Interests
We have a legitimate interest in analyzing trends based on aggregated an/or de-identified data to improve our services |
C. GDPR International Data Transfers
We may share your personal information outside Europe. In such circumstances, the recipient parties’ processing of your personal information will involve a transfer your personal information outside of Europe.
We endeavour to ensure that people to whom we provide your personal information hold it subject to the standards required by European data protection legislation, including in relation to intra-group data transfers. So, whenever we transfer your personal information out of Europe, we try to ensure a similar degree of protection is afforded to it by making sure at least one of the following mechanisms is implemented:
- Transfers to territories with an adequacy decision. We may transfer your personal information to countries or territories whose laws have been deemed to provide an adequate level of protection for personal data by the European Commission or UK Government (as and where applicable) from time to time.
- Transfers to territories without an adequacy decision.
- We may transfer your personal information to countries or territories whose laws have not been deemed to provide an adequate level of protection for Personal Data by the European Commission or UK Government (as and where applicable).
- This means that the relevant authority(ies) have not adopted an ‘adequacy decision’ to confirm that the relevant laws and practices in that country or territory are sufficient to ensure an adequate level of protection for personal data to the standards required by the GDPR – for example, there is currently no such decision in respect of the United States.
- However, in these cases:
- we may use specific appropriate safeguards approved by the European Commission, the UK Information Commissioner’s Office or UK Government (as and where applicable), which are designed to give personal information the same protection it has in Europe – for example, requiring the recipient of personal information to enter into the relevant form of the so-called ‘Standard Contractual Clauses’ or ‘International Data Transfer Agreement’ issued or approved from time to time; or
- in limited circumstances, we may rely on an exception, or ‘derogation’, which permits us to transfer your information to such country despite the absence of an ‘adequacy decision’ or ‘appropriate safeguards’ – for example, reliance on your explicit consent to that transfer.
You may contact us using the details under Contact Us if you want further information on the specific mechanism used by us when transferring your personal information out of Europe.
Notice to California Residents
This notice describes how we collect, use, and disclose personal information of California residents in our capacity as a “business” under the California Consumer Privacy Act (“CCPA”), as amended, and their rights with respect to that personal information. For purposes of this notice, the term “personal information” has the meaning given in the CCPA but does not include information exempted from the scope of the CCPA.
Information practices. The following describes our practices currently and during the past 12 months:
- Sources and purposes. We collect all categories of personal information from the sources and use them for the business/commercial purposes described above in the Privacy Policy.
- Retention. The criteria for deciding how long to retain personal information is generally based on whether such period is sufficient to fulfill the purposes for which we collected it as described in this notice, including complying with our legal obligations.
- Collection and disclosure. The chart below describes the personal information we collect by reference to the categories of personal information specified in the CCPA (Cal. Civ. Code § 1798.140), and the categories of third parties to whom we disclose it. The terms in the chart refer to the categories of information and third parties described above in this Privacy Policy in more detail. Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of personal information not described below. We may also disclose personal information to professional advisors, law enforcement and government authorities, and business transferees as described above in the “How we share your personal information” section of this Privacy Policy.
|
Statutory category / personal information we may collect |
Categories of third parties to whom we may disclose the personal information for a business purpose |
Categories of third parties to whom we may “sell” or “share” the personal information |
|
Identifiers
|
|
|
|
California Customer Records (as defined in California Civil Code §1798.80)
|
|
|
|
Commercial Information
|
|
|
|
Internet or Network Information
|
|
|
|
Geolocation Data |
|
|
|
Audio, Video and Electronic Data
|
|
|
|
Professional or Employment Information
|
|
|
|
Education Information
|
|
|
|
Protected Classifications May be included or revealed in:
|
|
|
|
Inferences May be derived from:
|
|
|
[1] Government identifiers; racial or ethnic origin & sexual orientation; health information and contents of mail/email/text messages may be collected for employees and personnel only for company data purposes.
Your Privacy Rights.
CCPA Rights. As a California resident, you have the following rights under the CCPA:
- Right to know: You can request information about:
- The categories of personal information that we have collected during the past 12 months;
- The categories of sources from which we collected personal information;
- The business or commercial purpose for collecting, “selling” and/or “sharing” personal information;
- The categories of personal information that we have “sold” or “shared” or disclosed for a business purpose; and
- The categories of third parties to which personal information was “sold,” “shared” or disclosed for a business purpose
- Right to access: You can request a copy of certain personal information that we have collected about you.
- Right to deletion: You can request deletion of the personal information that we have collected from you.
- Right to correction: You can request that we correct inaccurate personal information that we have collected about you.
- Right to limit the use and disclose of your sensitive personal information: We do not use or disclose sensitive personal information in a manner that may be limited under the CCPA.
- Opt-out of “sales” and “sharing”: You can opt-out of any “sale” or “sharing” of your personal information.
- While we do not disclose personal information to third parties in exchange for monetary compensation, we may disclose or make available certain categories of personal information to third parties in order to receive certain benefits or services. As defined by the CCPA, we may “sell” or “share” certain categories of personal information as described in the chart above. We have no actual knowledge that we have sold or shared the personal information of California residents under 16 years of age.
- Right to non-discrimination: You are entitled to exercise the rights described above free from discrimination as prohibited by the CCPA.
Submitting CCPA Requests. You may submit requests to exercise your right to know, access, deletion, and correction via email to [email protected] or by writing to 801 W. 5th St., Austin, TX 78703, Ste 100. The rights described above are not absolute, and in certain cases, we may decline your request as permitted by law. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.
Authorized agents. We need to verify your identity to process your requests to exercise your rights to know, access, deletion, and correction, and we reserve the right to confirm your California residency. To verify your identity, we may require you to log into an online account if you have one, provide identifiers we can match against information we may have collected from you previously, confirm your request using the email or telephone account stated in the request, provide government identification, or provide a declaration under penalty of perjury, where permitted by law.
Your authorized agent may make a request on your behalf upon our verification of the agent’s identity and our receipt of a copy of a valid power of attorney given to your authorized agent pursuant to applicable state law. If you have not provided your agent with such a power of attorney, we may ask you and/or your agent to take additional steps permitted by law to verify that your request is authorized, such as information required to verify your identity and that you have given the authorized agent permission to submit the request.
You may submit a request to opt out of “sales” or “sharing” by us of your personal information by submitting a request to [email protected] or by enabling Global Privacy Control in your browser settings.
For more information about our privacy practices, you may contact us as set forth in the Contact Us section above.