Last updated: 23 November 2022
At Gen II, we are committed to your privacy and data protection, and we believe in the empowerment of your privacy rights. This Privacy Statement describes how we may collect and further process information relating to you as identified or identifiable natural person, i.e., your Personal Data, directly or indirectly, manually or via automated means or otherwise. Please note that as our processing of your Personal Data depends on how you interact with us, our services and/or our website, not all parts of this Privacy Statement may apply to you.
Gen II (or “we”, “our”, “us”) refers to one of the legal entities of the Gen II Group below with which you may have a business engagement or other relationship:
Gen II Fund Services, LLC, 805 Third Avenue, 24th Floor, New York, NY 10022
Gen II Compliance Services, LLC, 805 Third Avenue, 24th Floor, New York, NY 10022
Gen II Tech LLC, 805 Third Avenue, 24th Floor, New York, NY 10022
Gen II Luxembourg Services SARL, 22, Rue des Bruyères, L-1274 Howald
Each of the above entities shall act as a data controller, within the meaning of applicable privacy laws, either jointly or independently from each other, as required depending on the purposes described herein.
Gen II Luxembourg Services SARL, located at 22, Rue des Bruyères, L-1274 Howald, has been designated as Gen II’s representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation.
Gen II processes Personal Data in compliance with applicable laws and regulations, in particular, in accordance with the Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) as well as the California Consumer Privacy Act (“CCPA”) as amended and/or replaced by the California Privacy Rights Act (“CPRA”) and currently in force (all collectively referred to in this Privacy Statement as “Data Protection Legislation”).
If you require support or an alternative format to review this Privacy Statement, please contact us through any of the contact methods listed below.
1. PERSONAL DATA WE MAY COLLECT
The Personal Data we may collect or generate about you depends on your interactions and engagement with us, be it through our website and social media pages, our service offering or collaboration with our service providers and stakeholders.
We may at times collect the following categories of Personal Data:
our badge readers and video-surveillance systems in our premises).
Our customers and vendors may provide us with additional data such as their billing details, business needs and preferences. Such information will not be treated as personal data to the extent it concerns a legal entity and therefore not an identifiable human being (e.g., corporate bank account, billing address or generic email address).
Where we are provided with your Personal Data indirectly (mainly via our clients or other third parties), we take steps to ensure that you are informed and that our interlocutors comply with their own obligations under the Data Protection Legislation. This may include your receiving this Privacy Statement from a third party, in which case you can always contact us via the methods detailed below in order to request more information in this regard.
We do not knowingly collect or process Information from children under the age of sixteen (16). We strongly advise all parents and guardians to teach their children safe and responsible handling of personal data on the internet. If you are a parent or a guardian and you become aware that your child has provided us with their Personal Data, please contact us. If we become aware that we have collected Personal Data from an individual under the age of sixteen, we will attempt to prohibit and block such use and will make our best efforts to promptly delete any Personal Data stored with us with regard to such child. If we need to rely on consent as a legal basis for processing Personal Data related to an underaged individual, we will seek a parent’s or guardian’s consent before we collect or use that Personal Data.
2. HOW WE USE YOUR PERSONAL DATA
We use your Personal Data adhering to the basic principles of the Data Protection Legislation for specific and limited purposes and only where we have a valid legal basis:
A. In the context of our services and business relationships
- For the performance of an agreement, or for entering into an agreement with you;
- To provide you with access to our portals and any of our software applications (either owned by us or licensed to us);
- To provide, improve and secure our services or as otherwise required in connection with our services to you or our clients;
- To internally facilitate and streamline our operations via procedures, workflows and related tools;
- To fulfil our legitimate interest in the effective and lawful operation of our business so long as such interest is not outweighed by your rights and interests
- To manage our relationships with our clients, prospective clients, suppliers, service providers, subcontractors and external consultants, including maintaining contacts of prospective clients, initial client account opening, risk assessment and client acceptance processes, financial accounting, invoicing and risk analysis purposes, ongoing relationship management which may involve ongoing risk assessments, communication of service offerings and updates related to our business, contacting you to receive feedback on our services;
- To respond to your inquiries and communications, send you information as part of the services;
- To make sure we have a business continuity plan in place;
- To facilitate services we receive from our professional advisors, such as lawyers, accountants, auditors and consultants or other service providers (such as archiving, security services, IT, printing or other);
- To maintain a digital mail office for incoming and outgoing correspondence, including in the context of domiciliation services;
- To identify our client opportunities such as maintenance of relationships with stakeholders and our centers of influence as well as to ensure external representation of Gen II, cross-border collaboration, reporting on sales activities and education of new salespeople;
- To share references with potential clients to the extent you have not objected to it;
- To ensure security threat protection and prevention of data breaches as well as cyber-attacks;
- To configure and manage access rights for our visitors in order to prevent unauthorized presence in our offices ;
- To facilitate spaces arrangement (office and parking) of our visitors;
- For the security of access to the internal Wifi Network. Such use of your Personal Data may at times require your explicit consent, in which case we will prompt you to actively provide it via electronic means and you will always be able to opt-out if you no longer wish for such use of your data to take place;
- To transfer your call messages or other communications to the concerned staff members.
B. For our legal and regulatory obligations
- To verify your identity, where we are legally allowed or obliged to do so;
- To comply with our legal or regulatory obligations (such as anti-money laundering/know your customer obligations customer and vendor due diligence, commercial, tax, regulatory or reporting duties, professional duties and compliance with requests or requirements of any public authority);
- To confirm the good standing of service providers (vendor due diligence), prevent fraud, anti-money laundering and terrorist financing;
- To prevent potentially illegal activities, to screen for and prevent undesirable or abusive activity (phishing, spam, etc.), fraud and credit risk;
- To protect the rights, property, or safety of Gen II and its assets, including but not limited to our offices, IT infrastructure, our employees, clients, visitors, or contractors while present at our premises and to detect unlawful or dangerous behaviors (including by monitoring access to our premises, infrastructure and assets and use thereof, implementing cybersecurity programs and using video surveillance tools in specific public areas of our premises as disclosed therein);
- To manage litigation and other claims or complaints and to alert and assist enforcement authorities in case of incident or unlawful act.
C. In the context of our website and online presence
- To administer, operate, maintain, and support our website, social media and other online applications;
- To understand and analyze the usage trends and preferences of our visitors and users, to present our website and its contents in a suitable and effective manner for you, to create statistics and reporting for internal purposes only;
- To understand how our services are used and how our campaigns are performing, and to gain insights which help us dedicate our resources and efforts more efficiently;
- To enhance Gen II’s online visibility in marketing, advertising, and selling our services to you and others;
- To facilitate and optimize our marketing campaigns, to measure the effectiveness of the external marketing campaigns, ad management and sales operations, and to manage and deliver advertisements for our products and services more effectively, including on other websites and applications. Such activities allow us to highlight the benefits of using our services, and thereby to increase your engagement and overall satisfaction with our services. This includes contextual, behavioral, and interests-based advertising based on the visitor’s activity, preferences, or other data available to us or to our service providers and business partners. Such use of your Personal Data may at times require your explicit consent, in which case we will prompt you to actively provide it via electronic means and you will always be able to opt-out if you no longer wish for such use of your data to take place;
- To address Gen II commercial communications to you (as long as you have agreed to this at the point of providing your Personal Information and for as long as you do not opt- out) or to notify you about any changes to our services;
- To ensure our business development and related promotional activities such as client or employee testimonials or reviews.
- To enable your contact with the Company via the website;
- To communicate with our clients and prospects, management of newsletter subscriptions, as well as statistics and reporting;
- To facilitate the recruitment on publicly available platforms.
D. In the context of events and our Corporate Social Responsibility
- To organize events and other online or offline initiatives in the context of our Corporate Social Responsibility and to extend invitations to you thereto as well as prepare related communications and promotional material, press releases, articles, interviews or other.
3. HOW WE MAY SHARE/DISCLOSE YOUR PERSONAL DATA
In order to achieve the purposes listed above, we may disclose your Personal Data in the following situations:
A. To our affiliates and members of the Gen II Group: We may share your Personal Data with our affiliates when necessary for us to provide you with our services or when we have been asked by our clients to do so. All our affiliates are required to abide by this Privacy Statement.
B. With our service providers, consultants, or business partners: Where necessary for us to support or administer our services and business, including promotion thereof. Third parties, processing your Personal Data on our behalf, will receive only limited Personal Data for the specific purpose for which they have been appointed. We enter into confidentiality and data processing agreements with all our partners to ensure that they comply with high levels of confidentiality and privacy and security standards, which we regularly review and are allowed to audit.
C. Public authorities and related bodies: to the extent required under applicable laws and where necessary to comply with our own legal and regulatory obligations. We may disclose your Personal Data to enforce applicable policies, including investigation of potential violations, to detect, prevent, or otherwise address fraud, security, or technical issues, and to protect against harm to the rights, property, or safety of our users, the public and/or as required or permitted by law.
D. For business transfers: We may disclose and transfer your Personal Data if we are involved in a merger, sale, acquisition, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control including due diligence of such transaction.
E. With other online users or the public: When you share your Personal Data or otherwise interact in public areas or online (for example on our social media platforms) with other individuals, such information may be viewed by other users and may be publicly distributed outside.
F. With your consent: We may disclose your Personal Data for any other purpose with your consent.
Should you decide to participate in events, workshops, trainings, or other initiatives organized or sponsored by Gen II, please note that your image or likeness may appear on photos or videos taken by Gen II or on its behalf and may be shared publicly for purposes related to the event or initiative. If you wish to object to such publication you may contact us via the means described below.
4. WHERE WE MAY TRANSFER YOUR PERSONAL DATA
We maintain, store, and process your Personal Data mainly in two locations:
a) Within the European Economic Area, if you are mainly interacting with our Gen II entity in Luxembourg;
b) Within the United States of America, if you are mainly interacting with our Gen II entities in the US or our website.
Your Personal Data may also be transferred to other locations as reasonably necessary in the context of our collaboration with certain recipients mentioned above.
In case one of the locations where your Personal Data is transferred does not provide what is considered by the European Commission as an adequate level of Personal Data protection, Gen II will ensure that those Personal Data transfers are covered by appropriate safeguards such as the Standard Contractual Clauses approved by the European Commission or any other additional mechanism proposed by the European Commission or the European Data Protection Board or otherwise authorized under applicable Data Protection Legislation, as the case may be.
Gen II will always take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this Privacy Statement and the Data Protection Legislation and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your Personal Data.
5. HOW LONG WE STORE YOUR PERSONAL DATA
We will store your Personal Data only for as long as necessary for the relevant processing activity to be completed and/or for the retention period necessary for us to comply with our legal and regulatory obligations, resolve related disputes and enforce our legal agreements and policies.
Anonymized data may be maintained by Gen II for longer periods of time, as necessary for reporting, statistics, training purposes as well as for us to be able to strengthen our security or improve our services and the functionalities of the applications we offer.
6. HOW WE PROTECT AND SECURE YOUR PERSONAL DATA
We use a range of administrative, technical, and physical safeguards in order to ensure that we keep your Personal Data secure, accurate and up to date and that we protect it from loss, misuse, unauthorized access, disclosure, unauthorized alteration, or unlawful destruction. We will manage and maintain Personal Data Breach records in a privacy software. In addition, we require IT and security service providers to put in place appropriate technical and organizational security measures in respect of any of your Personal Data.
The above measures include:
A. Education and training to all our staff to ensure they are aware of our privacy obligations when handling personal data;
B. Administrative and technical controls to restrict access to your Personal Data on a “need to know” basis;
C. Technological security measures, including firewalls, encryption and anti-virus software and other security controls performed as part of our cybersecurity program; and
D. Physical security measures to access our premises.
Unfortunately, the transmission of your Personal Data via the Internet is not guaranteed to be secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data when transmitted to us.
7. YOUR RIGHTS
You have the following rights regarding the processing of your Personal Data by us, subject to applicable exemptions:
- Right to access the Personal Data held about you and receive additional information about how it is processed. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the Personal Data. Provided that the rights and freedoms of others are not affected, we will supply you a copy of your Personal Data.
- Two requests per year will be free of charge, more frequent requests may be subject to a reasonable fee. We will fulfill your request by sending you a copy electronically, unless the request expressly specifies a different method;
- Right to correct, or complete any inaccurate or incomplete Personal Data;
- Right to request erasure of your Personal Data from our systems (e.g., where the Personal Data is no longer necessary in relation to the specified purposes);
- Right to restrict the processing of your Personal Data in certain circumstances (e.g., where you contest its accuracy, object to this processing, or you consider the processing as unlawful);
- Right to receive your Personal Data in an interoperable format, or have it directly transmitted to another organization;
- Right to withdraw your consent at any time where you have provided us with your consent to the processing of your Personal Data;
- Right to object the processing of your Personal Data (in particular where we rely on legitimate interests, including for profiling); and
- Right to lodge a complaint with the competent European Union Data Protection Authority. You may do so in the EU Member state of your habitual residence, your place of work or the place of the alleged infringement;
To exercise any of these rights or if you have any questions regarding our use of your Personal Data, please contact our Global Data Protection Officer at Privacy@gen2fund.com.
We will respond to individual complaints and questions relating to privacy and will investigate and attempt to resolve all complaints. We will manage and maintain the data subject requests and privacy complaints register in a privacy software. We will only be able to answer favorably to any of the above requests related to the right to oppose, right of erasure and right of restriction provided that it does not interfere with, or contradict our legal obligations (e.g. a legal obligation to keep the related Personal Data, or a legal obligation to protect the Personal Data of another individual) or due to any other impediment that would justify that we would not be able to grant such requests.
In order to comply with your request, we may ask you to verify your identity. We undertake to handle each request within a reasonable timeframe of one (1) month.
8. SPECIAL NOTICE TO CALIFORNIA RESIDENTS
This Section 8 of the Privacy Statement supplements the information provided herein and applies solely to visitors, users and other individuals who reside in the U.S. State of California. The purpose of this section is to demonstrate our compliance with the CCPA, CPRA and other California privacy laws.
Information we collect: We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“Personal Information”). In particular, we have collected the categories of Personal Information detailed under Section 1 herein within the last twelve (12) months.
Sensitive Personal Information: We may collect the following types of Sensitive Personal Information as such term is defined in the CCPA/CPRA: Type1.A. Personal Information that reveals a consumer’s social security number, driver’s license number, state ID card number and passport number, Type 1.B. Personal Information that reveals a consumer’s financial account number, debit card number, credit card number. This shall not include information that is publicly available.
Personal Information does not include:
- Publicly available information from government records;
- De-identified or aggregated consumer information;
- Information excluded from the CCPA’s scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
We obtain the categories of Personal Information listed above from the following categories of sources:
- Directly from our clients or their agents. For example, from documents that our clients provide to us related to the services for which they engage us;
- Indirectly from our clients or their agents. For example, through information we collect from our clients in the course of providing services to them;
- Directly and indirectly from activity on our website or other software applications. For example, from submissions through our website portal or website usage details collected automatically;
- From third parties that interact with us in connection with the services we perform.
Use of Personal Information: We may use the Personal Information we collect for one or more of the purposes identified herein under Section 2. We do not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information: We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to keep that Personal Information confidential and not use it for any purpose except those related to performing the contract. In the past 12 months, we have disclosed the following categories of Personal Information for the purposes and to the parties identified in Section 3 above. In the past 12 months, we have not sold any Personal Information.
The CCPA grants additional privacy rights with respect to your Personal Information. Please note that the CCPA provides certain exceptions with respect to the Personal Information of California employees, job applicants, owners, directors, vendors, suppliers, and contractors. If you are a Gen II California employee, job applicant, partner or independent contractor or a vendor or supplier of Gen II, you may not have any or all of the privacy rights listed below in connection with Personal Information we have about you in the context of that relationship with you.
The CCPA privacy rights include:
Access to specific information and data portability rights:
You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
(i) the categories of Personal Information that we collected about you;
(ii) the categories of sources from which that Personal Information was collected;
(iii) our business or commercial purpose for collecting or selling/sharing that Personal Information;
(iv) the categories of third parties with whom we share that Personal Information;
(v) the specific pieces of Personal Information we collected about you;
(vi) if we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
- Sales, identifying the Personal Information categories that each category of recipient purchased and
- Disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
Right to limit the use and disclosure of Sensitive Personal Information: You have the right to request that we limit our use and disclosure of your Sensitive Personal Information. Once we receive and confirm your verifiable consumer request, we will stop using or sharing your Sensitive Personal Information, except as necessary to perform our services reasonably expected by an average consumer who requests those services and as permitted by applicable laws and regulations.
Right to correct: You have the right to correct your Personal Information. Once we receive and confirm your verifiable consumer request, we will make commercially reasonable efforts to correct any inaccurate Personal Information we hold about you.
Right to opt-out of Personal Information sharing: You have the right to request that we stop sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing or by electronic or other means, your Personal Information and Sensitive Personal Information, including for the purposes of cross-context behavioral advertising. Please note that this right shall not include sharing of Personal Information when:
(a) you use or direct us to intentionally disclose Personal Information or intentionally interact with one or more third parties;
(b) we use or share an identifier for a consumer who has opted out of the sharing of their Personal Information or limited the use of their Sensitive Personal Information for the purposes of alerting persons that the consumer has opted out of the sharing of their Personal Information or limited the use of the consumer’s Sensitive Personal Information; and
(c) we transfer to a third party your Personal Information as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of our business, provided that information is used or shared consistently. If the third party materially alters how it uses or shares the Personal Information in a manner that is materially inconsistent with the promises made at the time of collection, it shall provide prior notice of the new or changed practice to you. Such notice shall be sufficiently prominent and robust to ensure that you can easily exercise your rights.
Deletion Request Rights:
You have the right to request that we delete any Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the Personal Information, provide a service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercise Access, Data Portability and Deletion Rights:
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by email at firstname.lastname@example.org.
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format:
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to the registered email associated with the account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you use of our services.
- Provide you a different level or quality of services.
If you have any questions or comments about this Privacy Statement, the ways in which we collect and use your Personal Data, your choices, and rights regarding such use, or wish to exercise your rights under applicable Data Protection Legislation, please do not hesitate to contact us at:
Email address: Privacy@gen2fund.com
Postal address (depending on your preferred location):
Gen II Fund Services, LLC 805 Third Avenue, New York, NY 10022
Gen II Luxembourg Services SARL, 22, Rue des Bruyères, L-1274 Howald
Attn: Global Data Protection Officer
Phone number (depending on your preferred location):
US: +1 212-408-0550
Luxembourg: +352 20281
10. CHANGES TO THIS PRIVACY STATEMENT
We may from time to time update this Privacy Statement by posting an amended version on our website. The amended version will be effective as of the date it is published. When we make material changes to this Privacy Statement, we will provide you with notice as appropriate under the circumstances (e.g., by displaying a message the next time you visit our website, or by sending you an email). Please refrain from using our services in case you do not agree with the way Gen II processes your Personal Data.