Version 1: Updated 06-Aug-2024
Privacy Policy
Effective Date: August 1, 2024
This Privacy Policy (“Privacy Policy”) pertains to CIMA FUND MASTER LLC and its affiliates, including subsidiaries, collectively referred to as “Company” or “CIMA.” It covers the use of CIMA’s online tools and platforms, including the CIMA (Capital Investment Management and Analysis) platform, the website www.CIMA.VC, and other CIMA-operated websites and our technology development partners (collectively, the “Services”). Additionally, it addresses other interactions you may have with CIMA, such as customer service inquiries, user interfaces, and marketing tools. Unless otherwise specified, this Privacy Policy outlines how CIMA collects, uses, and shares your personal information, as well as your choices regarding that information.
What we collect
We get information about you in a range of ways:
We may use, process and/or disclose personal information for the following purposes:
- To operate, maintain, and improve the Services. This includes use of other information to support delivery of our services, assist with service requests, monitor for errors, remedy security or technical issues, analyze website and application performances.
- To respond to comments and questions, verify permission access, and provide customer service.
- To send information including confirmations, invoices and billing, technical notices, updates, security alerts, and administrative messages.
- To communicate upcoming events and other news about products and services offered by us.
- To communicate and inform you about system updates and important services-related notices, such as privacy and policy update notices or changes in our terms of service. These communications are administrative and you may not opt out of them.
- To send marketing emails related to the Services, which you may opt out of using provided unsubscribe links or the opt-out mechanism in those communications.
- To link or combine user information with other personal information. An example is when we combine the information a company has provided about their shareholders with the information entered by shareholders in their personal portfolios to improve the user experience.
- To protect, investigate, and deter against fraudulent, unauthorized, or illegal activity, including, but not limited to, validating your identity and preventing fraud on your account, and complying with KYC rules and regulations.
- To provide and deliver products and services to our business customers with respect to their employees or investors. An example is when an employee exercises their employee stock options and we provide a tax form to their employer to facilitate compliance with tax laws.
- To facilitate online advertising. Third-party advertising companies and social media companies may use cookies and similar technologies to collect information about your interaction over time across the Services, our communications and other online services, and use that information to serve online ads that they think will interest you.
Information You Give Us
We may also use and disclose personal information as follows:
We may collect your name, postal address, email address, phone number, username, password, demographic information (such as your occupation), social security number, tax ID number, bank account information, trust information as well as other information you directly give us on our Services, which may include marketing, promotions and when communicating to you about new features.
For customers who have paid software services, we collect your billing details such as credit card information, banking information, and/or billing address.
- Our business customers’ equity administrators, authorized users and other designated representatives can access information that we hold about the equity information of their employees and investors.
- To comply with laws, lawful requests and legal or regulatory processes.
- To protect the rights, safety and property of CIMA, our agents, users, customers, and others. This includes enforcing our agreements, policies, and terms of use, reporting on security breaches, or assisting with investigating and preventing fraud or security issues.
- For instant verification of your bank account information with features you’re utilizing on CIMA, we use Stripe, Inc. and Plaid Technologies, Inc. (Plaid) to gather customer data from financial institutions. By using these features, you grant us and Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial information from the relevant financial institution. You agree to your personal and financial information being transferred, stored, and processed by Plaid in accordance with the Plaid Privacy Policy.
Information We Get From Others
We may get information about you from other sources, such as your accountant or employer when they issue you options or shares. We may add this to information you provide us through our Services.
We may create, use and share aggregated or anonymized data for any lawful purpose, such as marketing, analytics or research purposes permitted by law.
We may share personal information with acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, CIMA (including, in connection with a bankruptcy or similar proceedings).
We may share other information with third parties in other ways not described in this Privacy Policy when we have consent (either from users or business customers) to do so.
We may share personal information with third party companies or individuals that we engage as service providers to process information and support our business and services. Examples include providers of cloud hosting and storage services, analytics, services, email delivery services and customer support services.
We may share personal information with our lawyers, accountants and other professional advisors in the course of the services they render to us.
Information Automatically Collected
Device Information
We may collect information about the devices accessing our Services. Some examples are: type of device, operating system used, application information, unique device identifiers and crash data. The type of information we collect depends on the type of device used and its settings.
Transactional and Usage Information
We may automatically log information about you and your computer, subject to your consent where required by law. For example, like most services when using our Services, we log your computer operating system type, browser type, browser language, pages or screens you viewed, how long you spent on a page or screen, location (your IP address), access times and information about your use of and actions on our Services. This is information we collect from every user of the Services, whether they have an account or not. This information may include personal information.
Cookies and Similar Technologies Information
As further described below, and subject to your consent where required by law, we automatically collect information from cookies and similar technologies as described in our Cookie Policy.
Use and disclosure of personal information
E-Signature
CIMA provides an electronic signature service which allows parties to sign documents electronically. Each time that User uses an e-signature, User is expressly (i) affirming that User is able to access and view the document (the “Document”) User is electronically signing via with an e-signature; (ii) consenting to conduct business electronically with respect to the transaction contemplated by the Document; and (iii) agreeing to the use of electronic signatures for the Document. While many Users prefer the convenience of electronic signatures, using e-signature to electronically sign Documents is optional, and User can choose to manually sign Documents if User prefers. If User would like to manually sign a Document, User should (i) inform the party that sent User the Document of User’s decision to manually sign such Document; (ii) make sure that User does not electronically sign the Document via the e-signature; and (iii) obtain a physical copy of the Document for User to sign. Obtaining a physical, non-electronic copy of the Document is User’s sole responsibility, and CIMA has no responsibility or liability with respect to such matter. CIMA has no responsibility or liability with respect to the content, validity, or enforceability of any Document, nor is it responsible or liable for any matters or disputes arising from the Documents. CIMA makes no representations or warranties regarding the validity or enforceability of electronic documents or electronic signatures. UNDER APPLICABLE U.S. STATE AND FEDERAL LAWS, ELECTRONIC SIGNATURES ARE NOT ENFORCEABLE ON SOME DOCUMENTS. IT IS USER’S RESPONSIBILITY TO CONSULT WITH AN ATTORNEY TO DETERMINE WHETHER A DOCUMENT WILL BE ENFORCEABLE IF IT IS ELECTRONICALLY SIGNED VIA THE E-SIGN SERVICE.
Retention
We generally retain personal information to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we may consider factors such as the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
When we no longer require the personal information we have collected about you, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.
Age Limitations
CIMA does not allow the use of our Services by anyone younger than 18 years old. If you learn that anyone younger than 18 has unlawfully provided us with personal data through the Services, please contact us and we will take steps to delete such information.
Information choices and changes
Our marketing emails tell you how to “opt out.” If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you. If at any time you would like to change your communication preferences, we provide unsubscribe links and an opt-out mechanism in those communications for your convenience.
You may send requests about personal information to our Contact Information below. You can request to change contact choices, opt out of our sharing with others, and update your personal information.
You can typically remove and reject cookies from our website with your browser settings. Many browsers are set to accept cookies until you change your settings. If you remove or reject our cookies, it may affect how our website works for you. See our Cookie Policy for more information about your choices regarding cookies.
You can update or correct certain personal information in your CIMA account. If you are unable to do so on your own, the information is likely controlled by the security issuer and you should contact the security issuer directly to update your information.
Do Not Track
Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit https://www.allaboutdnt.com.
Notice for California Residents
Scope
This section applies only to California residents. It describes how we collect, use, and share Personal Information of California residents in our capacity as a “business” under the California Consumer Privacy Act (“CCPA”) and their rights with respect to that Personal Information. For purposes of this section, “Personal Information” has the meaning given in the CCPA. However, this section does not apply to:
- Information exempted from the scope of the CCPA, including nonpublic personal information;
- Personal Information we collect from individuals acting in their capacities as representatives of organizations solely in the context of conducting due diligence regarding, or providing or receiving a product or service to or from, such organizations; and
- Personal Information we collect, use, and share on behalf of our customers as a “service provider” under the CCPA for purposes of providing our services to them.
CIMA does not sell (as such term is defined in the CCPA) the Personal Information we collect (and will not sell it without providing a right to opt out).
Your California privacy rights. You have the following rights under the CCPA:
- Information. To request the following information about how we have collected and used your Personal Information during the past 12 months:
a. The categories of Personal Information that we have collected.
b. The categories of sources from which we collected Personal Information.
c. The business or commercial purpose for collecting Personal Information.
d. The categories of third parties with whom we share Personal Information.
e. Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information disclosed to each category of third party recipient.
- Access. To request a copy of the Personal Information that we have collected about you during the past 12 months.
- Deletion. To request that we delete the Personal Information that we have collected from you.
- Nondiscrimination. To exercise the rights described above free from discrimination as provided in the CCPA.
How to exercise your rights
You may submit requests to exercise your right to information, access or deletion by submitting your request here or via email to privacy@CIMA.VC. We will need to verify your identity to process your information, access and deletion requests and we reserve the right to confirm your California residency. You may be required to provide government identification, give a declaration as to your identity under penalty of perjury and/or provide additional information. If you wish to designate an authorized agent to make a request on your behalf, we will need to verify both your and your agent’s identities and your agent must provide a valid power of attorney pursuant to California Probate Code Sections 4000-4465. If you have not provided your agent with such a power of attorney, you must provide your agent signed permission to exercise your CCPA rights on your behalf, provide the information we request to verify your identity, and provide us with written confirmation that you have given the authorized agent permission to submit the request. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. In certain cases, we may be required or permitted by law to deny your request.
Personal information that we collect, use and disclose. For each category of data described above in the “What we collect” section of the Privacy Policy, the list below summarizes the Personal Information we collect by reference to the categories of Personal Information specified in the CCPA, and describes our practices currently and during the 12 months preceding the effective date of this Privacy Policy. Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of personal information not described below.
Examples of Personal Information Collected | CCPA Categories | Source | |
---|---|---|---|
You give us | Name, postal address, email address, phone number, username, password, demographic information, social security number, tax ID number, billing information
| California Customer Records (as defined in California Civil Code section 1798.80); financial information; identifiers; inferences; online identifiers
| You |
We get from others | Information from your employer when they issue you options or shares
| California Customer Records (as defined in California Civil Code section 1798.80); commercial information; identifiers
| Third parties |
Automatically collected: device information | Type of device, operating system used, application information, unique device identifiers and crash data
| Commercial information; internet or network information; online identifiers
| Automatic Collection |
Automatically collected: transactional and usage information | Your computer operating system type, browser type, browser language, pages you viewed, how long you spent on a page, location, access times and information about your use of and actions on our website
| Commercial information; geolocation data; internet or network information
| Automatic Collection |
Automatically collected: cookies and similar technologies information | Cookie ID and Setting | Commercial information; internet or network information; online identifiers
| Automatic Collection |
The business/commercial purposes for which we use these categories of Personal Information, and the types of third parties to which we disclose these categories of Personal Information for business purposes are described in the section above entitled “Use and disclosure of personal information.”
Notice for European Users
The information provided in this section applies only to individuals in the European Economic Area, United Kingdom and Switzerland (collectively, “Europe”) and explains our practices regarding personal information that we collect from you or which we have obtained about you from a third party and the legal basis for processing for your personal information. It also sets out your rights in respect of our processing of your personal information.
Personal information
References to “personal information” in this Notice to European Users are equivalent to “personal data” governed by the General Data Protection Regulation (GDPR).
Controller or Processor
CIMA FUNDMASTER LLC. 1300 El Camino Real Suite 100, Menlo Park, CA 94025, United States may be either the controller or processor of your personal information covered by this Privacy Policy, as stated under the heading “Information We Get From Others”.
EU representative. Our EU representative, DataRep’s details can be obtained at https://www.datarep.com/data-request.
Data protection team. Our data protection team can be contacted at: Data Protection Officer, privacy@CIMA.vc CIMA FUNDMASTER LLC. 1300 El Camino Real Suite 100, Menlo Park, CA 94025, United States
Legal basis for processing
The legal bases of our processing of your personal information as described in this Privacy Policy will depend on the type of personal information and the specific context in which we process it. However, the legal bases we typically rely on are set out in the table below. We use your Personal Information only as permitted by law. Our legal basis for processing the personal information described in this Privacy Policy are described in the table below:
Processing Purpose Details regarding each processing purpose listed below are provided in the section above titled “Use and disclosure of personal information”. | Legal Basis |
---|---|
| Processing is necessary to perform the contract governing our provision of our Services or to take steps that you request prior to signing up for the Services. If we have not entered into a contract with you, we process your personal information based on our legitimate interest in providing the Services you access and request.
|
| These activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
|
| Processing is necessary to comply with our legal obligations.
|
| Processing is based on your consent. Where we rely on your consent, you have the right to withdraw it any time in the manner indicated when you consent or in the Services.
|
Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and provide the applicable legal basis.
Sensitive personal information. We ask that you not provide us with any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services, or otherwise to us.
If you provide us with any sensitive personal information to us when you use the Services, you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive personal information, you must not submit such sensitive personal information through our Services.
Your rights. You have the following rights in relation to the personal information we hold about you:
- Right of access: You can ask us if we are processing your personal information and to provide you with a copy of it (along with certain details). If you require additional copies, we may need to charge a reasonable fee.
- Right to rectification: If the personal information we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified.
- Right to erasure: You can ask us to delete or remove your personal information in some circumstances such as where we no longer need it or if you withdraw your consent to our processing of your personal information (where applicable). Right to restrict processing: You can ask us to “block” or suppress the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information.
- Right to restrict processing: You can ask us to “block” or suppress the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information.
- Right to data portability: You have the right, in certain circumstances, to obtain personal information you have provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
- Right to object: You can ask us to stop processing your personal information, and we will do so, if we are:
a. relying on our own or someone else’s legitimate interests to process your personal information, unless we can demonstrate compelling legal grounds for the processing; or
b. processing your personal information for direct marketing purposes. - Right to withdraw consent: If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time.
- Right to lodge a complaint with the supervisory authority: If you have a concern about any aspect of our privacy practices, including the way we have handled your personal information, you can report it to the relevant Supervisory Authority. You can find your data protection regulator here.
You may submit these requests here or email privacy@CIMA.VC or to our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
Cross-border data transfer. If we transfer your personal information out of Europe to a country not deemed to provide an adequate level of personal information protection for purposes of applicable data protection laws such that additional safeguards are required, the transfer will be performed:
- pursuant to the recipient’s compliance with Standard Contractual Clauses;
- pursuant to the consent of the individual to whom the personal information pertains; or
- as otherwise permitted by applicable laws.
You may contact us if you want further information on the specific mechanism used by us when transferring your personal information out of Europe.
Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Services. If required by law we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via email or another manner through the Services. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Services after the effective date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.
EU-U.S. Data Privacy Framework Principles
CIMA complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. CIMA has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. CIMA has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
The following CIMA subsidiaries also adhere to the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) and to the rights of EU and UK individuals and Swiss individuals, as your organization’s DPF submission covers all of the following: the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF): CIMA FUND MASTER LLC.
CIMA is responsible for the processing of personal data we receive, and subsequently transfers to a third party acting as an agent on our behalf.
CIMA commits to cooperate with EU data protection authorities and the Swiss Federal Data Protection and Information Commissioner and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
CIMA is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, CIMA may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, CIMA commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact CIMA at: privacy@CIMA.vc. Please allow a reasonable amount of time to respond to your request. If you do not receive timely acknowledgement of your complaint, if your complaint is not satisfactorily addressed by CIMA, or if you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at CIMA Contact Form.
If these processes do not result in a resolution, you may then contact your local data protection authority, the U.S. Department of Commerce, and/or the Federal Trade Commission for assistance.
Under certain circumstances an binding arbitration option is available to you to determine, for residual claims, whether CIMA has violated its obligations to you under the Privacy Shield Principles, and whether any such violation remains fully or partially unremedied. This option is available only for these purposes. Please be advised that the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident.
CIMA may transfer your Personal Data to countries other than the one in which you live.
We welcome your comments or questions about this Privacy Policy. You may contact us at:
Data Protection Team
CIMA FUNDMASTER LLC. 1300 El Camino Real Suite 100, Menlo Park, CA 94025, United States