PRIVACY POLICY
Last Modified: November 2023
Visitors who are residents of California should refer to our California Electronic Communications Privacy Policy supplement.
Visitors who are residents of the United Kingdom, the European Union or the European Economic Area should refer to our EU and UK Privacy Notice supplement.
1. Introduction
SR One Capital Management, LP and its affiliated entities (together, “SR One” and referred to in this Privacy Policy using the pronouns “we,” “us” and “our”) is committed to respecting your personal privacy and recognizes that you may be concerned about the information you provide to us and how we treat that information.
This Privacy Policy has been established to inform you of our practices for collecting, using, maintaining, protecting, and disclosing information that we obtain from you in connection with your use of this website and its sub-pages (the “Site”), whether through a personal computer, mobile device, or otherwise. By entering the Site or by transmitting any information to the Site you acknowledge and agree to all of the terms and conditions of this Privacy Policy. Please read them carefully. This Privacy Policy is incorporated into, and part of, the Terms and Conditions, which govern your use of the Site in general.
2. What is Personally Identifiable Information?
Personally identifiable information (“PII”) is information about an individual, which may include first and last name, physical street address, email address, telephone number, Social Security number, payment card information, birth date, employment history, veteran status, certain health related data, passport information and photographs, or any other information that permits a specific individual to be contacted physically or online or otherwise personally identified. PII does not include aggregated information that does not allow a person in possession of such information to identify you individually.
3. The Personal Information We Collect and How We Use It
We may collect various types of information from users of this website. For example, knowing how users use our website – tracking their movement through this website – helps us improve website design and usefulness. As a result, SR One’s server collects general data pertaining to users, including the length of time spent on this website, the pages accessed while visiting the website and Internet Protocol (IP) addresses. SR One generally does not, however, collect any personally identifiable information such as names, home addresses or e-mail addresses from users of this website, unless a user submits such information to us via our “Contact” page. In addition, when you use the Site a “cookie” may be used, as further described below.
4. Sharing of PII
To the extent that you provide us with any personally identifiable information through or in connection with this website, we may use such information for SR One’s business purposes, but will not disclose any personally identifiable information about you to anyone, except as permitted or required by law or regulation and to service providers. In providing personally identifiable information to SR One, you consent to SR One’s use of such PII for the purposes described in this Privacy Policy.
5. Use of Cookies
In common with many websites, we or our service providers may use “cookies” in connection with your access to, and use of, the Site. A “cookie” is a small data file that can be placed on the hard drive of your computer and helps us to enhance your use of the Site. The only cookie we use is stored only in temporary memory of your device and is deleted when you close the web browser used to access the site. You can delete cookies at any time, or you can set your browser to reject or disable cookies. The only cookie we use checks whether your web browser is set to allow or reject cookies and is used to ensure the Site functions correctly and operates efficiently when you use it, and does not otherwise collect PII or track your use of other websites or online activity.
6. Capacity
You represent to SR One that you have the authority to visit this website according to the Terms and Conditions. The Site is only intended for individuals who are at least 18 years of age. We do not knowingly encourage or solicit visitors to our Site who are under the age of 18 without parental consent. If we learn we have collected or received PII from an individual under the age of 18, we will delete that information.
7. Security
We implement security measures designed to protect any PII submitted by or collected from you from unauthorized access. We further protect your PII from potential security breaches by implementing certain technological security measures in accordance with generally accepted industry practices. However, these measures do not guarantee that your information will not be accessed, disclosed, altered, or destroyed by breach of such firewalls and secure server software. By using the Site, you acknowledge that you understand and agree to assume these risks.
8. Unsubscribe, Access, Questions and Further Information
You will have an opportunity to unsubscribe from our marketing email communications whenever such email communications are sent.
9. Data Retention
We may retain PII we collect from you and PII you provide to us in connection with our internal record-keeping policies and as reasonably necessary to comply with our legal obligations and regulatory requirements, resolve disputes, prevent fraud or abuse, and enforce our Privacy Policy and Terms and Conditions.
Notwithstanding the foregoing, information we collect from you and information you provide to us may be retained for a limited period of time if requested by a governmental authority.
10. Links
The Site may contain links or references to other websites outside of our control. Please be aware that we have no control over these sites and this Privacy Policy does not apply to these sites. We encourage you to read the privacy policies/statements and terms and conditions of linked or referenced sites that you enter.
11. Changes to Our Privacy Policy
We may amend and update this Privacy Policy from time to time. All changes are effective immediately when we post them, and apply to all access to and use of the Site thereafter. The date the Privacy Policy was last revised is identified at the top of the page. Your continued access of the Site following the posting of changes to this Privacy Policy constitutes your acceptance and agreement to the changes. If you object to any of the changes to this Privacy Policy, please cease accessing the Site. Please check this page frequently and review any changes to this Privacy Policy carefully so you are aware of any changes, as they are binding on you.
12. Contact Information
If you have questions or concerns regarding this Privacy Policy, please contact us by emailing us at privacy@srone.com, or write to us at: SR One Capital Management, 985 Old Eagle School Road, Suite 511, Wayne, PA 19087.
CALIFORNIA ELECTRONIC COMMUNICATIONS PRIVACY POLICY
DATE: November 2023
This California Electronic Communications Privacy Policy supplements the Privacy Policy with respect to specific rights granted under the California Consumer Privacy Act of 2018 (as amended, the “CCPA”) to natural person California residents and provides information regarding how such California residents can exercise their rights under the CCPA. This supplement is only relevant to you if you are a resident of California as determined in accordance with the CCPA. Information required to be disclosed to California residents under the CCPA regarding the collection of their personal information that is not set forth in this CCPA supplement is otherwise set forth in the Privacy Policy. To the extent there is any conflict with the privacy requirements under the Gramm-Leach-Bliley Act and/or Regulation S-P (“GLB Rights”), GLB Rights shall apply.
What does this Electronic Communications Privacy Policy apply to?
This Electronic Communications Privacy Policy applies solely to your interactions with us through our Website (as defined below). If you provide personal information to us through another means (e.g., as an employee or seeking employment, as a client, or as an investor) you will receive a separate privacy notice and that notice will govern that personal information.
What information do we collect about you?
We collect limited types of personal information through our website and investor reporting portals, as well as through other electronic communications (e.g., emails or social media messaging), as applicable (collectively, the “Website”). The types of personal information we collect about you depends on the nature of your interaction with us.
The categories of personal information we have collected from individuals over the last twelve (12) months include the following:
Category | Examples | Collected |
A. Identifiers | Name, contact details and address (including physical address, email address and Internet Protocol address), and other identification (including social security number, passport number and driver’s license or state identification card number). | YES |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | Telephone number, signature, bank account number, other financial information (including accounts and transactions with other institutions and anti-money laundering information), and verification documentation and information regarding investors’ status under various laws and regulations (including social security number, tax status, income and assets). | YES |
C. Protected classification characteristics under California or federal law | Date of birth, citizenship and birthplace. | YES |
D. Commercial information | Account data and other information contained in any document provided by investors to authorized service providers (whether directly or indirectly), risk tolerance, transaction history, investment experience and investment activity, information regarding a potential and/or actual investment in the applicable fund(s), including ownership percentage, capital investment, income and losses, source of funds used to make the investment in the applicable fund(s). | YES |
E. Biometric information | Imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns and voice recordings or keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contains identifying information. | NO |
F. Internet or other similar network activity | Use of our website, fund data room and investor reporting portal (e.g., cookies, browsing history and/or search history), as well as information you provide to us when you correspond with us in relation to inquiries. | YES |
G. Geolocation data | Physical location or movements. | NO |
H. Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information. | NO |
I. Professional or employment-related information | Current or past job history or performance evaluations. | NO |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO |
K. Inferences drawn from other personal information | Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | NO |
L. Sensitive Personal Information (see further information on use of sensitive personal information below) | Social security, driver's license, state identification card, or passport numbers; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin; religious or philosophical beliefs; union membership; genetic data; the contents of a consumer's mail, email, and text messages unless you are the intended recipient of the communication; biometric information for the purpose of uniquely identifying a consumer; and personal information collected and analyzed concerning a consumer's health, sex life, or sexual orientation. | YES, as to the following types of information: social security, driver’s license, state identification care, or passport numbers, account log-in, financial account in combination with any required security or access code password, or credentials allowing access to an account only. |
We do not collect or use sensitive personal information other than:
To perform services, or provide goods, as would reasonably be expected by an average consumer who requests those goods or services;
As reasonably necessary and proportionate to detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information;
As reasonably necessary and proportionate to resist malicious, deceptive, fraudulent, or illegal actions directed at us and to prosecute those responsible for such actions;
How do we obtain your personal information?
In connection with forming and operating our Website, we collect and maintain your nonpublic personal information from the following sources:
How do we use your personal information?
We may collect or disclose the personal information we collect about you for one or more of the following business or commercial purposes:
We collect personal information from the sources set forth in “How do we obtain your personal information?” above. We retain the categories of personal information set forth above in the section titled “What information do we collect about you?” only as long as is reasonably necessary for those purposes set forth above, except as may be required under applicable law, court order or government regulations.
Who do we share your personal information with?
We do not share for the purpose of cross-context behavioral advertising or sell (as such terms are defined in the CCPA) any of the personal information we collect about you to third parties.
Within the last twelve (12) months, we have disclosed personal information collected from you for a business purpose to the categories of third parties indicated in the chart below. We may also disclose your information to other parties as may be required by law or regulation, in response to regulatory inquiries
Personal Information Category | Category of Third-Party Recipients |
A. Identifiers | Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents. |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents. |
C. Protected classification characteristics under California or federal law | Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents. |
D. Commercial information | Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents. |
E. Biometric information | N/A |
F. Internet or other similar network activity | Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents. |
G. Geolocation data | N/A |
H. Sensory data | N/A |
I. Professional or employment-related information | N/A |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) | N/A |
K. Inferences drawn from other personal information | N/A |
L. Sensitive Personal Information | Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents. |
How do we keep your personal information secure?
We consider the protection of sensitive information to be a sound business practice, and to that end we employ appropriate organizational, physical, technical and procedural safeguards, which seek to protect your personal information in our possession or under our control to the extent possible from unauthorized access and improper use.
Your rights under the CCPA
Deletion Rights: You have the right to request that we delete any of your personal information that we retain, subject to certain statutory exceptions, including, but not limited to, our compliance with U.S., state, local and non-U.S. laws, rules and regulations. We will notify you in writing if we cannot comply with a specific request and provide an explanation of the reasons.
Disclosure and Access Rights: You have the right to request that we disclose to you certain information regarding our collection and use of personal information specific to you over the last twelve (12) months. Such information includes:
Correction Right: You have the right to request that we correct any inaccuracies in the personal information that we retain, subject to certain statutory exceptions, including, but not limited to, our compliance with U.S., state, local and non-U.S. laws, rules and regulations. We will notify you in writing if we cannot comply with a specific request and provide an explanation of the reasons.
No Discrimination: We will not discriminate against you for exercising your rights under the CCPA, including by denying service, suggesting that you will receive, or charging, different rates for services or suggesting that you will receive, or providing, a different level or quality of service to you.
How to Exercise Your Rights: To exercise any of your rights under the CCPA, or to access this notice in an alternative format, please submit a request on your behalf using any of the methods set forth in the Contact us section below.
Contact us
For any requests relating to the exercise of your rights under the CCPA, or questions regarding our processing of your personal information, please submit or have your authorized representative submit a request using any of the methods set forth below.
Call us using the following number: (888) 772-0229
Submit a request online using the following online form: www.srone.com/contact
We will contact you to confirm receipt of your request under the CCPA and request any additional information necessary to verify your request. We verify requests by matching information provided in connection with your request to information contained in our records. Depending on the sensitivity of the request and the varying levels of risk in responding to such requests (for example, the risk of responding to fraudulent or malicious requests), we may request further information or your investor portal access credentials, if applicable, in order to verify your request. You may designate an authorized agent to make a request under the CCPA on your behalf, provided that you provide a signed agreement verifying such authorized agent’s authority to make requests on your behalf, and we may verify such authorized person’s identity using the procedures above. If we request you verify your request and we do not receive your response, we will pause processing your request until such verification is received.
Please contact us at privacy@srone.com or toll free at (888) 772-0229 with any questions about this California Electronic Communications Privacy Policy.
EU PRIVACY NOTICE
Last Modified: November 2023
This Privacy Notice applies to the extent that European Data Protection Legislation (as defined below) applies to the processing of personal data by an Authorized Entity (as defined below) or to the extent that a data subject is a resident of the UK, the European Union (“EU”) or the European Economic Area (“EEA”). If this Privacy Notice applies, the data subject has certain rights with respect to such personal data, as outlined below.
For this Privacy Notice, “European Data Protection Legislation” means all applicable legislation and regulations relating to the protection of information relating to an identified or identifiable natural person in force from time to time in the EU, the EEA, or the UK and/or Luxembourg,, including, without limitation: Regulation (EU) 2016/679 (the General Data Protection Regulation, “GDPR”), the GDPR as it forms part of the laws of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union Withdrawal Act 2018, and any national implementing or successor legislation (including any data protection law applicable in Luxembourg such as the law of 1st August 2018 on the organization of the National Commission for Data Protection and the general regime on data protection, as may be amended or replaced), or any other legislation which implements or supplements any other current or future legal act of the European Union and/or the United Kingdom concerning the protection and processing of personal data and any national implementing or successor legislation, and including any amendment or re-enactment of the foregoing. The terms “controller”, “processor”, “data subject”, “personal data” and “processing” in this Privacy Notice shall be interpreted in accordance with the applicable European Data Protection Legislation. Unless the context otherwise requires, as used herein the words “include,” “includes” and “including” shall be deemed to be followed by the phrase “without limitation.” All references to “investor(s)” in this Privacy Notice shall be to such actual or potential investor(s) and, as applicable, any of such investor(s)’ partners, officers, directors, employees, shareholders, members, managers, ultimate beneficial owners and affiliates.
Please contact SR One at privacy@srone.com with any queries arising out of this Privacy Notice.
Categories of Personal Data Collected and Lawful Bases for Processing
In connection with offering, forming and operating private investment funds for potential investors, the applicable fund, its general partner, SR One , their affiliates and, in each case, their administrators, legal and other advisors and agents (the “Authorized Entities”) collect, record, store, adapt, and otherwise process and use personal data either relating to potential investors or to their partners, officers, directors, employees, shareholders, ultimate beneficial owners or affiliates or to any other data subjects from the following sources (and all references to “potential investor(s)” in this Privacy Notice shall be to such potential investor(s) and, as applicable, any of these other persons as relate to such potential investor(s)):
Any Authorized Entity may process the following categories of personal data:
Any Authorized Entity may, in certain circumstances, combine personal data it receives from a potential investor with information that it collects from, or about such potential investor. This will include information collected in an online or offline context.
One or more of the Authorized Entities are “controllers” of personal data collected in connection with the applicable fund(s). In simple terms, this means such Authorized Entities: (i) “control” the personal data that they or other Authorized Entities collect from potential investors or other sources; and (ii) make certain decisions on how to use and protect such personal data.
There is a need to process personal data for the purposes set out in this Privacy Notice as a matter of contractual necessity under or in connection with the applicable agreement of limited partnership or other governing agreement (the “Fund Agreement”) and associated documentation for the fund(s) in which the data subject has or may invest, and in the legitimate interests of the Authorized Entities (or those of a third party) to operate their respective businesses. From time to time, an Authorized Entity may need to process the personal data on other legal bases, including: with consent; to comply with a legal obligation; if it is necessary to protect the vital interests of a potential investor or other data subjects; or if it is necessary for a task carried out in the public interest.
The legitimate interests referred to above are the processing purposes described in point (c), (d), (f), (g), (i) and (k) of the below section, the provision of the proof, in the event of a dispute, of a transaction or any commercial communication as well as in connection with any proposed purchase, merger or acquisition of any part of the relevant fund’s business; risk management; processing personal data of employees or other representatives of investors which are legal persons; and exercising the business of the fund in accordance with reasonable market standards.
A failure to provide the personal data requested to fulfill the purposes described in this Privacy Notice may result in the applicable Authorized Entities being unable to provide the services in connection with the terms of the Fund Agreement and/or the subscription agreement for such fund (the “Subscription Agreement”).
Purpose of Processing
The applicable Authorized Entities process the personal data for the following purposes (and in respect of paragraphs (c), (d) and (f), in the legitimate interests of the Authorized Entities):
The Authorized Entities monitor communications where the law requires them to do so. The Authorized Entities also monitor communications, where required to do so, to comply with regulatory rules and practices and, where permitted to do so, to protect their respective businesses and the security of their respective systems.
Sharing and Transfers of Personal Data
In addition to disclosing personal data amongst themselves, any Authorized Entity may disclose personal data, where permitted by European Data Protection Legislation, to other service providers, investors, employees, agents, contractors, consultants, professional advisers, lenders, processors and persons employed and/or retained by them in order to fulfill the purposes described in this Privacy Notice. In addition, any Authorized Entity may share personal data with regulatory bodies having competent jurisdiction over them, as well as with the tax authorities, auditors and tax advisers (where necessary or required by law).
Any Authorized Entity may transfer personal data to a Non-Equivalent Country (as defined below), in order to fulfill the purposes described in this Privacy Notice and in accordance with applicable law, including where such transfer is a matter of contractual necessity to enter into, perform and administer the Subscription Agreement and Partnership Agreement, and to implement requested pre-contractual measures. For information on the safeguards applied to such transfers, please contact SR One at privacy@srone.com. For the purposes of this Privacy Notice, “Non-Equivalent Country” shall mean a country or territory other than (i) a member state of the EEA; or (ii) a country or territory which has at the relevant time been decided by the European Commission in accordance with European Data Protection Legislation to ensure an adequate level of protection for personal data.
Retention and Security of Personal Data
SR One and its affiliates consider the protection of personal data to be a sound business practice, and to that end, employ appropriate technical and organizational measures, including robust physical, electronic and procedural safeguards to protect personal data in their possession or under their control.
Personal data may be kept for as long as it is required for legitimate business purposes, to perform contractual obligations, or where longer, such longer period as is required by applicable legal or regulatory obligations. Personal data will be retained throughout the life cycle of any investment in a fund managed by SR One. However, some personal data will be retained after a data subject ceases to be an investor in such fund.
Data Subject Rights
It is acknowledged that, subject to applicable European Data Protection Legislation, the data subjects to which personal data relates, have certain rights under European Data Protection Legislation: to obtain information about, or (where applicable) withdraw any consent given in relation to, the processing of their personal data; to access and receive a copy of their personal data; to request rectification of their personal data; to request erasure of their personal data; to exercise their right to data portability; and the right not to be subject to automated decision-making. Please note that the right to erasure is not absolute and it may not always be possible to erase personal data on request, including where the personal data must be retained to comply with a legal obligation. In addition, erasure of the personal data requested to fulfill the purposes described in this Privacy Notice, may result in the inability to provide the services required pursuant to the Subscription Agreement and the Partnership Agreement.
In case the data subject to whom personal data relate disagrees with the way in which their personal data is being processed in relation to the Subscription Agreement or the Partnership Agreement, the data subject has the right to object to this processing of personal data and request restriction of the processing. The data subject may also lodge a complaint with the competent data protection supervisory authority in the relevant jurisdiction.
This Privacy Notice may be amended from time to time. If this Privacy Notice is materially changed, the new Privacy Notice will be made available to you so that you are always aware of what and how personal data is collected and used.
The data subject may raise any request relating to the processing of his or her personal data by contacting SR One at privacy@srone.com or (+1) (650) 257-2212.