This policy contains the rules applicable to the collection and processing of personal data by BlueCrow. On its website, in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR).
These rules do not substitute any clauses that are the object of a specific agreement with any client, partner or supplier. In this case, this policy may complete these documents, but does not substitute them. Data subjects and users are terms used interchangeably in this policy to describe the owners of the personal data.
Who is the Data Controller?
Contact details for the Data Controller:
Entity: BlueCrow – Sociedade de Capital de Risco, S.A.
Corporate Tax No. 514046031
Address: Campo Grande, n.º 28, 4º E, 1700-093 Lisboa
Telephone: (+351) 215 999 029
Contact details for the Data Protection Officer:
BlueCrow has a Data Protection Officer. For any questions related to data protection, please contact:
G.P.D.: Maria Manuela Rocha Garcia
Why do we process your personal data?
BlueCrow proceeds with the management of venture capital and the management of specialised alternative investment funds, as well as engaging in the activities necessary for the pursuit of its main business purpose, under the terms provided for by law. To this end, BlueCrow needs to collect personal data for the following purposes:
- Compliance with legal obligations;
- Management of contractual relations with clients and suppliers;
- Business prospecting;
- Processing information requests;
- Processing complaints;
- Commercial communications, provided that users have given their consent and have not refused the use of their contact information for that purpose.
What personal data do we collect?
Personal data are any kind of information that allow an individual, data subject, to be identified directly (e.g. name) or indirectly (e.g. tax no.).
BlueCrow collects the following categories of personal data:
Name, nationality, date of birth, no. of identification document, type of identification document, address, tax no., telephone no., profession, employer, e-mail, PEP (Politically Exposed Person), experience and knowledge of financial markets and instruments, investment goals, description of financial position.
BlueCrow has access to personal data as follows:
- Through the data subject, when the forms provided on the website are filled in;
Who do we transfer your data to?
Personal data are processed by BlueCrow’s administrative services and may be transferred to other companies BlueCrow is involved with and that provide complementary services that are essential to the pursuit of the purposes stated.
BlueCrow may also use external entities and the contractual relationship is regulated by a contract defining the security measures in place and how the processing is organised, as well as specifying that such entity may only act following instructions from BlueCrow.
The data are also transferred to public authorities for compliance with legal obligations.
Transferring data outside the European Union
Data are not transferred outside the European Union.
How long do we store your data?
Personal data regarding contract execution are stored for 5 years after contract termination and the personal data in the reserved area of the website available to its users are kept for 3 years after closure or cancellation of the account, barring other legal obligations that require a longer storage period, notwithstanding having to retain certain data for longer periods for compliance with legal obligations.
Apart from these periods, some data may be stored for archive or statistical purposes, but these will first be anonymised.
How do we protect your data?
BlueCrow will keep the data secure, protecting the confidentiality, integrity and availability of personal data.
To assure the security of the data, it has adopted technical and organisational measures to prevent their unauthorised use or access, modification, unlawful or accident destruction and accidental loss, backup copies and disaster recovery procedures.
Some of the features of the website can only be accessed after logging in. To do this, users must have a username and a password which will be allocated by BlueCrow. It is up to users to protect the confidentiality of these elements in order to prevent unauthorised access to their accounts and their personal data. Some measures to ensure this include limiting access to their computers by third parties, using secure sessions (https) and logging out when they have finished using the website.
What rights do data subjects have?
Data subjects have the right of access, rectification, updating or elimination of their personal data, as well as the right of portability and limitation of and objection to the processing of these, at any given time.
Data subjects may exercise any of these rights by writing to the contacts provided in this policy, attaching their tax identification number in order to confirm their identification.
If there is a disagreement as to the use of their data, data subjects are also entitled to lodge a complaint with the supervisory body, the National Data Protection Commission (CNPD – Comissão Nacional de Proteção de Dados).
Changes to the Policy