Privacy Policy
Effective Date: Sep. 20, 2024
CIV Investment Management, LLC and any of its affiliates (collectively, “CIV”, “Company”, “we”, “us” or “our”), are committed to privacy and transparency. This Privacy Policy describes how CIV collects, uses, discloses and otherwise manages personal information. “Personal information” means any information about an identified or identifiable individual.
1. SCOPE
This Privacy Policy applies to the personal information we collect related to our:
- websites, including civ.co, and other websites operated by CIV that display or link to this Privacy Policy, and the services available through such websites (together, our “Websites”)
- mobile apps, social media properties and other online services
- events and business development activities
- communications and other online and offline business interactions
Additional Notices. Different privacy policies or notices (“Additional Notices”) may be provided by us and apply to certain Websites and services operated by CIV; in such cases, these Additional Notices will control in the event of a conflict with this Privacy Policy.
2. COLLECTION OF PERSONAL INFORMATION
A. Sources of Personal Information
We may collect personal information directly, indirectly (or automatically), and from third parties. For example, CIV collects and uses personal information when individuals register for our services, visit our Website or other channels, communicate with us, submit inquiries to us, and or otherwise interact with us. We also may automatically collect information about individuals, including visitors to our Websites (via cookies, pixels, and similar technologies).
In general, the personal information we collect includes: (i) name, email address and other contact information; (ii) account and profile data; your preferences and feedback on our Websites; and (iii) other information you choose to or consent to provide us.
B. Personal Information We Collect Directly From You
CIV may collect personal information directly from you as follows:
- When you visit our Websites: You can visit the Websites without revealing who you are, or disclosing any personal data about you. However, there may be times when we require personal data about you or when you wish to disclose such personal data to us. Such personal data is obtained only when voluntarily submitted by you.
- Marketing Communications: You may sign-up to receive email marketing communications such as by providing us with your name and email address. You can unsubscribe at any time by clicking the “unsubscribe” link included at the bottom of each email. Alternatively, you can opt-out of receiving email marketing communications by contacting us at the contact information provided in the “Contact Us” section below. Please note that you may continue to receive transactional or account-related communications from us.
- Interactive Services: We may collect information when you post a comment or share information with other users on our Websites or through social media. We may also collect a username under which your comment will be posted. Your comments may also be made publicly available on the website. Please exercise caution before sharing any personal information
- Careers: If you apply for a job with CIV, you may provide us with certain personal information about yourself, such as information contained in a resume, cover letter, or similar employment-related materials. We use this information for the purpose of processing and responding to your application for current and future career opportunities.
- Contact Us: When you contact us with a comment, question or complaint through email, telephone, or the contact us form on our Websites, you may be asked for information that identifies you, such as your name, email address and a telephone number, along with additional information we need to help us promptly answer your question or respond to your comment.
C. Personal Information We May Receive From Third Parties
As noted, we may receive information about you from third parties:
- We may collect or receive certain information about individuals from service providers, and other third parties, such as social media sites (for example when you interact with us or our content on these sites, as well as other public sources and records.
D. Information We Collect Automatically or Otherwise
When you interact with us and use our Websites, we may automatically collect certain information about you and your devices and interactions, including:
- Cookies, Log Files, Pixels and Other Tools: our Websites use cookies, log files, pixel tags, and other technologies (some of which are provided by third parties) to collect information about users of our Websites, such as IP address, location information, domain name, page views, a date/time stamp, browser type, device type, device ID, Internet service provider (“ISP”), referring/exit URLs, operating system, language, clickstream data, and other information about the links clicked, features used, size of files uploaded, streamed or deleted, and similar device and usage information. For more information, see the Cookies and similar devices section below.
- Analytics and Targeting: We may work with third party providers to collect analytics about how individuals use our Websites and our marketing campaigns.
3. USE OF PERSONAL INFORMATION
A. Purposes of Processing
Generally, we collect, use, disclose and process the personal information that we collect for the following purposes:
- Providing Support and Services: To operate our Websites, communicate with you about your use of the Websites or Services, , respond to your inquiries, and requests.
- Personalization: To tailor content we may send or display to you, including to offer location customization and personalized help and instructions on our Websites and Apps, and to otherwise personalize your experiences.
- Newsletters and Direct Marketing: For direct marketing purposes, including to send you newsletters and information we think may interest you. If you are located in a jurisdiction that requires opt-in consent to receive electronic marketing messages, we will only send you such messages if you opt-in to receive them.
- Protecting Legal Rights and Prevent Fraud and Misuse: To protect the Websites, Services and our business operations; to prevent and detect unauthorized activities and access, and other misuse; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of us or any person or third party, or violations of our Terms of Use or other agreements; and to respond to actual or potential legal claims against us.
- Complying with Legal and Regulatory Obligations: In order to comply with our legal, regulatory and compliance obligation. For example, to respond to legal process (e.g., court orders, subpoenas or warrants) or regulator investigations and inquiries, or where otherwise required by law or our legal or regulatory obligations.
- Analytics and Improvement: To better understand how users access and use our Website and for other research and analytical purposes.
- General Business Operations: Where necessary, for the administration of our general business, accounting, record keeping, audit, compliance and legal functions.
Anonymous and De-identified information. We create and use anonymous and de-identified information to assess, improve and develop our Website and business, and for similar research and analytics purposes.
B. Legal Bases for Processing Under Certain Laws
The EU General Data Protection Regulation (“GDPR”) and similar laws, including the UK Data Protection Act and Brazil’s General Law for the Protection of Personal Data, require that we inform you of the legal bases for our processing of your personal information. Pursuant to the GDPR and these other similar laws, we rely, generally, on the following legal bases for processing your personal data:
- Compliance with Laws: for compliance with legal obligations under local laws, including regulatory obligations, data protection, and tax, accounting and corporate compliance requirements.
- Our Legitimate Interests: in furtherance of our legitimate business interests, which are not overridden by your interests and fundamental rights, including:some text
- Implementation and operation of global support (e.g., IT) services for our business operations
- Complying with our legal and ethical obligations under other international laws
- Improving our Website and our services, and conducting research and analytics
- Customer relationship management and marketing
- Fraud detection and prevention, including misuse of Services or money laundering
- Physical, IT, and network perimeter security
- Internal investigations, audits and assessments
- Mergers, acquisitions, and reorganization, and other business transactions
- Legal Claims and Rights: the processing is necessary to establish, exercise or defend against legal claims or protect our legal rights.
- With your Consent: where we have your consent (the GDPR (where it applies) and other applicable laws give you the right to withdraw your consent, which you can do this at any time by contacting us using the details at the end of this privacy notice. In some jurisdictions, your use of the Website may be taken as implied consent to the collection and processing of personal information as outlined in this privacy notice.
In addition, we may process your personal information where necessary to protect the vital interests of any individual.
4. SHARING OF PERSONAL INFORMATION
CIV does not, sell or rent your personal information, or share it with third parties for their own marketing purposes, without your consent. We may disclose personal information described below or as required or permitted by applicable law:
- Service Providers: Your personal information may be transferred (or otherwise made available) to third parties that provide services on our behalf. We use service providers to provide services such as hosting the Website, providing advertising and marketing services, and providing professional advice. Our service providers are only provided with the information they need to perform their designated functions and are not authorized to use or disclose personal information for their own marketing or other purposes.
- Legal and Compliance: We and our other foreign service providers may disclose your personal information in response to a search warrant or other legally valid inquiry or order, or to another organization for the purposes of investigating a breach of an agreement or contravention of law or detecting, suppressing or preventing fraud, or as otherwise may be required or permitted by applicable Canadian, or other law or legal process, which may include lawful access by r foreign courts, law enforcement or other government authorities. Your personal information may also be disclosed where necessary for the establishment, exercise or defense of legal claims and to investigate or prevent actual or suspected loss or harm to persons or property.
- Sale of Business: We may transfer any information we have about you as an asset in connection with a proposed or completed merger, acquisition or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of CIV or as part of a corporate reorganization or other change in corporate control.
- Protect and Defend Rights: Where we believe it necessary to respond to claims asserted against us, enforce or administer our agreements and terms, or for fraud prevention, risk assessment and investigation, and to protect and defend the rights, property or safety of CIV, our clients and customers, or others.
5. COOKIES AND SIMILAR TECHNOLOGIES
- Third-party Analytics: We also use automated devices and applications, such as Google Analytics (more info here) to evaluate the use of our Websites and Services. We use these tools to gather non-personal data about users to help us improve our services and user experiences. These analytics providers may use cookies and other technologies to perform their services and may combine the information they collect about you on our Websites with other information they have collected for their own purposes. For more information or to opt-out using the Google Analytics opt-out browser add-on, see “How Google uses data when you use our partners’ sites or apps“ and “Google Analytics and Privacy“.
6. THIRD PARTY LINKS
Our Websites may contain links to other websites that CIV does not own or operate. We provide links to third party websites as a convenience to the user. These links are not intended as an endorsement of or referral to the linked websites. The linked websites have separate and independent privacy policies, notices and terms of use. We do not have any control over such websites, and therefore we have no responsibility or liability for the manner in which the organizations that operate such linked websites may collect, use or disclose, secure and otherwise treat personal information. We encourage you to read the privacy policy of every website you visit.
7. DATA TRANSFERS
CIV makes use of third-party service providers to store and process data, including personal information, on its behalf. Any of CIV, its service providers, and/or either’s agents may use servers or other facilities located outside of the jurisdiction in which you provided the information, including the United States of America and other foreign jurisdictions for this purpose. The government, courts, law enforcement, security, or regulatory agencies of the United States of America or other foreign jurisdictions may be able to obtain access to or disclosure of personal information as permitted by the laws of that country. We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements with our service providers.
Users in the European Economic Area (EEA) and United Kingdom. Your personal information may be transferred to and processed in the United States and other jurisdictions that do not provide equivalent levels of data protection according to the European Commission. In such cases, CIV will take steps to ensure that appropriate safeguards are in place to protect your personal information, including by putting in place standard contractual clauses as approved by the European Commission (the form for the standard contractual clauses can be found at https://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm).
8. SECURITY
CIV has implemented reasonable administrative, technical and physical measures in an effort to safeguard the personal information in our custody and control against theft, loss and unauthorized access, use, modification and disclosure. We restrict access to personal information on a need-to-know basis to employees and authorized service providers who require access to fulfill their job requirements.
9. YOUR RIGHTS AND CHOICES
You have certain rights regarding your personal information which we hold, as well as choices regarding marketing communications.
A. Access and Correction
You are entitled, with certain legal restrictions, to access, update, correct and review your personal information in our custody and control. Such legal restrictions include, without limitation, where the information contains personal information of third parties or is subject to solicitor-client privilege. We will respond within a reasonable timeframe to all such requests for access and revision and either provide access to the personal information or, if permissible, explain why access is denied.
You may contact us using the contact information provided below to modify or correct any personal information. Corrections will be made within a reasonable timeframe.
Requests for access to personal information should be made to our Privacy Officer by email at privacy@civ.co.
B. Marketing Choices
As indicated above, if you have signed-up to receive our marketing communications, you can unsubscribe any time by clicking the “unsubscribe” link included at the bottom of the newsletter. Alternatively, you can opt-out of receiving our marketing communications by contacting us at the contact information under “Contact Us” below.
C. Residents of the EEA and UK
Individuals in the EEA and the UK have the below rights with respect to their personal information:
- Right of access: You can ask us to confirm whether we are processing your personal information and, if necessary, provide you with a copy of that personal information (along with certain other details).
- Right to rectify and complete personal information: You can ask us to rectify inaccurate information. We may seek to verify the accuracy of the data before rectifying it.
- Right of erasure: You can ask us to erase your personal information, but only where: it is no longer needed for the purposes for which it was collected; you have withdrawn your consent (where the data processing was based on consent); following a successful right to object (see ‘Objection’ below); it has been processed unlawfully; or to comply with a legal obligation to which we are subject. We are not required to comply with your request to erase your personal information if the processing of your personal information is necessary: for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.
- Right of restriction: You can ask us to restrict the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information or you object to our use or stated legal basis.
- Right to object to our use of your personal information for direct marketing purposes: You can request that we change the manner in which we contact you for marketing purposes. You can request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.
- Right to object for other purposes: You have the right to object at any time to any processing of your personal information which has our legitimate interests as its legal basis. You may exercise this right without incurring any costs. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. The right to object does not exist, in particular, if the processing of your personal information is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
- Right to (data) portability: You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another Data Controller, but only where our processing is based on your consent and the processing is carried out by automated means.
- Right to withdraw consent: You can withdraw your consent in respect of any processing of personal information which is based upon a consent which you have previously provided.
- Right not to be subject to automated decision-making: You have the right not to be subject to a decision when it is based on automatic processing if it produces a legal effect or similarly significantly affects you, unless it is necessary for entering into or performing a contract between us.
- Right to obtain a copy of safeguards: you can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside the EU/EEA. We may redact data transfer agreements to protect commercial terms.
- Right to lodge a complaint with your local supervisory authority: You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information. We ask that you please attempt to resolve any issue with us first, although you have a right to contact your supervisory authority at any time.
Submitting a GDPR Request. Please contact us as set out in the Contact Us section below to exercise one of these rights.
10. CONTACT US
If you have any questions or comments regarding this Privacy Policy or the manner in which CIV or its service providers treat your personal information, or to request access to your personal information in CIV records, please contact CIV using the contact information provided below.
Email: inquiries@civ.co
Any complaints received regarding CIV or its service providers’ use or handling of personal information will be investigated within a reasonable timeframe. Upon concluding the investigation, we will respond to the complaint and, if necessary, CIV will take appropriate measures to rectify the situation and maintain compliance with applicable law. The controller and responsible entity for your personal information is CIV, and where you interact directly with another CIV entity, they will also be a controller of your personal information, together with CIV. As noted above, this Policy applies to CIV and its subsidiaries; data subjects may exercise their rights regarding their personal information that we process pursuant to this Policy by contacting CIV online, by email, as set forth above.