Effective Date: July 26th, 2023

Individuals Located in the EEA and UK

If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), this notice provides you with information regarding our processing activities, including with respect to your rights and the lawful bases we rely on, in accordance with the EU General Data Protection Regulation (the “GDPR”) or the United Kingdom Data Protection Regulation (the “UK-GDPR” and, together with the GDPR, the “European Privacy Laws”) with respect to your Personal Data, as outlined below.   

For this GDPR Privacy Notice, we use the terms “Personal Data” and “processing” as they are defined in the European Privacy Laws, but “Personal Data” generally means information that can be used to individually identify a person (such as name, contact details), and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure.  Crunchbase is the controller of Personal Data processed subject to this GDPR Privacy Notice. Our contact details and those of our EEA and UK representatives are included in the section titled ‘Do You Have Questions Regarding Your Personal Data?’ at the end of this GDPR Privacy Notice. 

Where applicable, this GDPR Privacy Notice is intended to supplement, and not replace, Crunchbase’s Privacy Policy at https://about.crunchbase.com/terms-of-service/privacy-policy/ (the “Privacy Policy”).  If there are any conflicts between this GDPR Privacy Notice and Crunchbase’s Privacy Policy, the GDPR Privacy Notice will take priority for individuals located in the EEA or UK.  If you have any questions about this notice or whether any of the following applies to you, please contact us at privacy@crunchbase.com.   

Any terms we use in this Privacy Policy without defining them have the definitions given to them in our Terms.

What Personal Data Do We Collect?

Information you give to us. You may provide some or all of the following Personal Data to us through your use of our Service:

• Customer Account Data and Customer Support Data such as first name, last name, email, phone number, job title, image, gender, social media profile IDs/links, personal website: we collect this when you sign up to and use our Service, and/or contact us by telephone, email, Drift/Chatbot, or the ‘contact us’ page on our Service.
• Billing Data such as first name, last name, credit card type, credit card number, credit card expiration month/year, CVC code: we collect this when you make a payment in connection with our Service.

Information we collect about your usage of our Service such as IP address, location data, device information including device type and name, type of operating system, mobile network information, standard web information such as your platform/browser type and pages you access and interact with on our Service, security information including the time you logged in to our Service, a list of certain installed software, device and internet connection information, search history: we collect this Usage Data automatically when you use our Service from your computer, mobile phone or other device. In addition, for information on how we use Cookies (i.e. cookies and other similar technologies such as server logs, pixel tags, web beacons, and JavaScript), please also see the section of the Privacy Policy titled ‘Information Collected Automatically’.

Information we collect from third parties such as first name, last name, employment-related information (including current & past employers, current & past job title, biography/resume description, information from news articles and investments that may concern you, use cases about you, education, events, board and advisor roles): we collect this Person Profile Data from publicly-available web sources (for example, news sites) and third parties. If you set up a Profile through your account with us, you can also provide some of this information directly.

How We Process Your Personal Data

The table below sets out the categories of Personal Data we process and the sources from which we obtain them, the purposes for which we process the Personal Data and the legal bases we rely on.

Category of Data	Purpose of Processing	Legal Basis for Processing
Customer Account Data and Customer Support Data which you provide to us	To provide you with personalized communications and services related to your use of our Service, including Service announcements and updates and to respond to your inquiries and requests	Legitimate interests (to provide effective services and to be responsive to requests)
	To conduct market research to help us make decisions regarding our commercial policies	Legitimate interests (to run a successful and innovative business and to provide effective services)
	For marketing campaigns and sales communications (e.g. email list creation, direct marketing)	Consent You may withdraw your consent from receiving e-mail alerts for saved lists/searches in your Account Settings and may unsubscribe from marketing e-mails by clicking the “unsubscribe” link at the bottom of the e-mail in question. Alternatively, you are welcome to contact us at policy@crunchbase.com and we will be happy to assist you
	To provide our Service to our customers (e.g. to allow you to log into and manage your account, or to contact us for support regarding our Service)	Contractual necessity if you are an individual contracting with us directly; legitimate interests if you are a representative of a business customer who is contracting with us / an individual whose data we process in this context and who does not have a direct contractual relationship with us
Usage Data which we collect automatically	For analytics purposes (e.g. monitoring and conducting analytics regarding the use of our Service, pages/links clicked, traffic demographics, patterns of navigation, potential security/spam breaches and performance issues)	Legitimate interests (to provide effective services and to ensure the security of our Service)
	To carry out product development (e.g. for improving the performance of our Service, troubleshooting bugs and other internal development needs)	Legitimate interests (to run a successful and innovative business and to ensure the security of our Service)
	Advertising (e.g. targeted offers and ads served through the Service)	Consent You are able to withdraw your consent for the use of cookies that are not strictly necessary at any time here. For more information on how we use Cookies, please see the section of the Privacy Policy titled ‘Information Collected Automatically’.
	To provide and administer our Service (e.g. to maintain your logged-in status during a single browsing session or across browsing sessions, to enable you to log back in when a new session is started, to prevent cross-site request forgery attacks, to enable product feature rollout, to conduct analysis)	Legitimate interests (to provide effective services, to run a successful business and to ensure the security of our Service)
Billing Data which you provide to us	To provide and administer our Service (e.g. to charge for our Service, to process orders or other transactions)	Contractual necessity if you are contracting with us directly; legitimate interests if you are a representative of a business customer who is contracting with us / an individual whose data we process in this context and who does not have a direct contractual relationship with us
Person Profile Data which we source from publicly-available web sources, third parties and, in some instances, directly from you	To provide our Service to our customers (e.g. to provide access to Profiles on our Service or to allow you to create/edit a Profile on our Service)	Legitimate interests (to provide effective services and to run a successful business)

How and With Whom Do We Share Your Data? 

In connection with the provision of our Service, we share Personal Data with third parties as described below:

• With the vendors, service providers and agents listed below, which assist us with different functions and tasks, such as (i) providing payment processing and hosting services; (ii) helping us understand how you use our Service; (iii) helping us provide you with a product or service you have requested; (iv) protecting us, our business or our users (for example to enforce our Terms, prevent spam or other unwanted communications and investigate or protect against fraud); and (v) maintaining the security of our Service:
  • Payment processors
  • Fraud prevention service providers
  • Analytics service providers
  • Staff augmentation and contract personnel 
  • Hosting service providers
  • Co-location service providers
  • Product development service providers
• With the parties listed below, when necessary to complete a transaction initiated or authorized by you or provide you with a product or service you have requested, on the basis of our legitimate interests to provide effective services and run a successful business or as necessary to perform our contract with you:
  • Other users (where you post information publicly, direct us to share the information (such as with other members of your team), or as otherwise necessary to effect a transaction initiated or authorized by you through our Service) 
• Social media services (if you interact with them through your use of our Service)
• Third party business partners who you access through our Service
• Your vendors and service providers, such as customer relationship management system providers
• In relation to Person Profile Data, with other users, our customers, partners, resellers, and our resellers’ customers, on the basis of our legitimate interests to run a successful business
• With our affiliates or other members of our corporate family on the basis of our legitimate interests to run a successful business and to facilitate coordination between members of our corporate family
• With a prospective buyer, seller, new owner, or other relevant third party as necessary while negotiating or in relation to an asset sale or purchase, a share sale, purchase or merger, bankruptcy, or other business transaction or re-organisation on the basis of our legitimate interests to run a successful business and to facilitate coordination between members of our corporate family
• With regulators, law enforcement agencies, public authorities, or any other relevant organisations, in order to comply with applicable law or respond to valid legal process, including requests from law enforcement or other government agencies
• With ad networks, marketing service providers and other third parties to provide you with targeted advertisements and direct marketing communications, when you give us consent to do so

Information About Third Parties. If you provide us with data about other individuals (e.g. if you choose to upload information that relates to other individuals), make sure you inform them of how their data is processed, in accordance with this GDPR Privacy Notice and the Privacy Policy and, if required under applicable laws, obtain their consent for this sharing.

Social Features. Our Service contains links to other online platforms, plug-ins or other applications operated by third parties, such as social networks (“Social Features”). Social Features include features that allow you to click and access our pages on certain third-party platforms, such as Twitter, Facebook, LinkedIn and Instagram, and from there to “like” or “share” our content on those platforms. Use of Social Features may entail a third party’s collection and/or use of your data. If you use Social Features or similar third-party services, information you post or otherwise make accessible may be publicly displayed by the third-party service you are using. Any information submitted by you directly to these third parties is subject to these third parties’ privacy policies.

What Security Measures Do We Use?  

We seek to protect Personal Data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of Personal Data and applicable processing activity. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanism; limiting access to your computer or device and browser; and signing off after you have finished accessing your account. Although we work to protect the privacy of your account and other Personal Data that we hold in our records, no security system is impenetrable, and unanticipated system failures or the efforts of malicious actors are an unfortunate reality on the Internet. Therefore, Crunchbase cannot guarantee that Personal Data during transmission through the Internet or while stored on our systems or otherwise in our care will be absolutely safe from intrusion by others.

How Long Do We Retain Your Personal Data? 

• We retain Personal Data about you for as long as you have an open account with us or as otherwise necessary to provide you with the Service.
• When strictly necessary to comply with our legal obligations, resolve disputes or collect fees owed, or as otherwise permitted or required by applicable law, rule or regulation we will retain your Personal Data longer than the retention periods noted above, in accordance with applicable laws.

Personal Data of Children

As noted in the Terms, we do not knowingly collect or solicit Personal Data from anyone under the age of 16. If you are under 16, please do not attempt to register for the Service or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under age 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us Personal Data, please contact us at privacy@crunchbase.com.  

What Rights Do You Have Regarding Your Personal Data? 

You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email privacy@crunchbase.com. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is manifestly unfounded or excessive, if it jeopardizes the rights of others, or if it is not permitted by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.   

• Access: You have the right to know whether we process Personal Data about you and you can request a copy of such Personal Data.  
• Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data by emailing us with an explanation of why you believe the Personal Data we hold about you is inaccurate or incomplete. 
• Erasure: You can request that we erase some or all of your Personal Data from our systems.   
• Withdrawal of Consent: If we process your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time, by emailing us or by using other methods we make available to you depending on the specific processing. If you exercise this right, you may have to then provide consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some features of our Service.  
• Portability: You can ask for a copy of certain of your Personal Data in a commonly used and machine-readable format. You can also request that we transmit the data to another controller where technically feasible. 
• Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.  
• Restriction of Processing: You can ask us to stop processing the Personal Data we hold about you other than for storage purposes in certain circumstances. 
• Right to File Complaint: You have the right to lodge a complaint about Crunchbase’s practices with respect to your Personal Data with the data protection supervisory authority in the EEA country in which you live or work or where you consider an infringement occurred, or with the UK Information Commission’s Office (“ICO”), as applicable to you.  

Transfers of Personal Data: We are based in the United States (“U.S.”), therefore we operate our Service, collect and process your Personal Data from the U.S. Please contact us at privacy@crunchbase.com should you wish to receive more information in this respect.

Do You Have Questions Regarding Your Personal Data? 

If you have any questions about this GDPR Privacy Notice or our data practices generally, please contact us using the following information:    

Email address for contact: privacy@crunchbase.com  Physical address: 564 Market Street, Suite 500, San Francisco, CA 94104

Individuals and data protection supervisory authorities in the EEA and the UK may contact our data protection representatives according to Article 27 EU and UK GDPR:    EEA: DP-Dock GmbH, Attn: Crunchbase, Inc., Ballindamm 39, 20095 Hamburg, Germany    UK: DP Data Protection Services UK Ltd., Attn: Crunchbase, Inc., 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom    www.dp-dock.com  crunchbase@gdpr-rep.com