SurgoCap Partners: privacy

Privacy Notice for SurgoCap

Effective Date: February 28, 2022

This Privacy Notice (“Notice”) describes the practices of SurgoCap Partners LP (“SurgoCap” or “we”) as they pertain to information collected through our websites that link to this Notice (collectively, “Sites”) or in connection with SurgoCap-sponsored events, conferences and related activities (collectively, “Events”). If you are located in the European Economic Area (“EEA”) or United Kingdom, SurgoCap is the data controller with respect to the processing of your personal data pursuant to GDPR. Please note that this notice does not apply to information collected from our investors in connection with our financial products and services. We address such practices in separate notices as required by applicable law and regulation.

Please read this Notice carefully to understand our information practices with respect to our Sites and Events. If you do not agree to this Notice, then you should not use the Sites or participate in Events.

SurgoCap may change this Notice from time to time, and any modifications will be effective immediately upon posting, unless indicated otherwise.

Information We Collect

We collect information in multiple ways, including when you provide information directly to us and when we passively collect information from or about you, such as from your browser or device. We may combine all of the information we collect from or about you from these various sources.

Information You Provide to Us

We collect any information that you provide to us, including, but not limited to, when you (1) register for Events; (2) inquire about Events or otherwise contact us through our Sites; (2) sign up to receive information about Events or related activities; (3) participate in Events; (4) provide feedback in online surveys; and (5) submit other content and suggestions. Such information may include:

•

Full name;

•

Contact information (e.g., email address, phone number);

•

Employment information (e.g., company name, your title, assistant name and contact information);

•

Professional bio and photo;

•

Physical characteristics (e.g., height, weight, or clothing size) needed to provide you with appropriate gear for Events you choose to participate in;

•

Wellness-related information, such as dietary restrictions when attending Events;

•

Information about guests accompanying you to Events, such as name and age;

•

Content you post (e.g., text, images, photographs, videos, or any other kind of content) on our Sites or elsewhere in connection with Events; and

•

Content you submit in connection with contest and competition Events;

•

Survey responses; and

•

Any other information you choose to include when you contact us.

On occasion, we may ask for additional information to enable us to provide you with access to and use of certain other information, materials and services.

Information Collected from Third Parties

We may collect or receive information about you from other sources, including publicly-available websites and resources. We may add this information to the information we have already collected from you through our Sites or Events in order to enhance and improve the services we provide to you, or use such information for our and/or our affiliates', subsidiaries' and portfolio companies' business and operational purposes, such as recruiting.

Information Collected from Social Media and Other Content Platforms

In some cases, you may be able to access Sites via social media or other third-party platforms (such as LinkedIn, Facebook, Google and Twitter). By using these services to connect with us, you may allow us to access information from your social media profile, such as name, gender, and profile picture, consistent with your privacy settings or as allowed by you on that service. If you do not wish to have this information shared, do not use such third-party platforms to access our Sites or Events. Please note that your use of such third-party platforms is governed by those services’ privacy policies. We have no control of, and assume no liability for, the privacy practices of third-party services.

Information We Collect Through Automated Means

We also collect information through automated and technical means as you browse our Sites.

•

Website Usage Information. As you browse the Sites, we and our service providers (which are third party companies that work on our behalf to provide and enhance the Sites) use a variety of technologies, including cookies and similar tools, to assist in collecting information about how you interact with the Sites. For example, our servers automatically record certain information in server logs. These server logs may include information such as your web request, IP address, browser type, domain name and settings, referring / exit pages and URLs, how you interact with links on the Sites, pages viewed, mobile carrier, mobile device identifiers and information about the device you are using to access the Sites and other such information.

•

Location Information. We collect and process general information about the location of the device from which you are accessing the Sites (e.g., approximate geographic location inferred from an IP address).

•

Cookies and Other Tracking Technologies. We and our service providers may also collect data about your use of the Sites through Internet server logs and online tracking technologies, like cookies and/or tracking pixels. A web server log is a file where website activity is stored. A cookie is a small text file that is placed on your computer when you visit a website that enables us to: (a) recognize your computer; (b) understand the web pages of the Site you have visited; (c) recognize repeat users; (d) facilitate the ongoing access to and use of a website; (e) allow the Sites to track usage behavior and compile aggregate data that will allow content improvements and targeted advertising; (f) enhance your user experience by delivering content and advertisements specific to your inferred interests; (g) perform searches and analytics; and (h) assist with security administrative functions.

•

Tracking pixels (sometimes referred to as web beacons or clear GIFs) are electronic tags with a unique identifier embedded in websites, online ads and/or email, and that are designed to provide usage information like ad impressions or clicks, measure popularity of the Sites and associated advertising, and to access user cookies. We and our service providers may also include Web beacons in email messages, newsletters and other electronic communications to determine whether the message has been opened and for other analytics, personalization and advertising. As we and our service providers adopt additional technologies, we may also gather additional information through other methods. You can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the "Help" section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari). However, note that by blocking any or all cookies, you may not have access to certain features or offerings on the Sites.

Use of Personal Information

We may use the Personal Information we collect from and about you through the Sites and in connection with Events for the following business and commercial purposes:

•

For the purposes for which you provided it;

•

To maintain, provide, operate, and improve the Sites and Events;

•

To identify you by your device(s) and to match your device(s) with other browsers or devices you use for the purpose of providing relevant and easier access to content and other operational purposes;

•

To send you information or other communications;

•

To enhance your experience on the Sites or in connection with Events;

•

To prevent or address technical or security issues, including bug detection and fraudulent activity;

•

To engage in internal analytics, research, auditing, and reporting;

•

To support our and our affiliates’, subsidiaries’, and portfolio companies' recruiting efforts;

•

To connect with vendors and service providers to business operations;

•

To comply with the law and protect the safety, rights, property, or security of the Sites, Events and the general public;

•

To enforce the legal terms that govern your use of the Sites or participation in Events; and

•

Other purposes for which we notify you.

Please note that we may combine information that we collect from or about you (including automatically collected information) with information we obtain about you from our affiliates, subsidiaries, and/or non-affiliated third parties, and use such combined information in accordance with this Privacy Notice.

We may aggregate and/or de-identify information collected through the Sites or in connection with Events. We may use aggregate or de-identified information for any purpose, including without limitation for research and analytics, and may also share such data with any third parties, including partners, affiliates, subsidiaries, services providers, and others.

Legal Bases for Use of Your Information

The legal bases for using your information as set out in this Notice are as follows:

•

Where use of your information is necessary to perform our obligations under a contract with you (for example, to process your registration for an Event pursuant to the terms of the Event contract);

•

Where use of your information is necessary for our legitimate interests or the legitimate interests of others (for example, to operate and secure our Sites and Events; ensure safe environments for Event staff; comply with legal requirements and defend our legal rights);

•

Where we have your consent, in accordance with applicable legal requirements, to use your information for a particular purpose; and

•

Where we use your information to comply with applicable legal obligations (for example, keeping track of purchases made in connection with Events for tax and auditing purposes).

Sharing of Personal Information

We may disclose and/or share your information as described below and elsewhere in this Notice, including with:

•

Third Parties Designated by You. If you direct us to share information with a third-party partner or other entity or as necessary to provide you with a service you request, then we may share your personal information.

•

Affiliates and Subsidiaries.

•

Business Partners.

•

Service Providers. We may provide access to or share your information with select entities that use the information only to perform services on our behalf.

•

Business Transactions. We may disclose your personal information in connection with the evaluation of or entering into a corporate transaction where all or a portion of our business or assets (including any associated lists containing your personal information) change ownership, are sold, or are transferred.

•

Third Parties for Legal Purposes. We may disclose your personal information in connection with any legal investigation; (ii) to comply with relevant laws or to respond to subpoenas or warrants served; (iii) to protect or defend the rights or property of SurgoCap, users of the Site, or participants in the Activities; and/or (iv) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Notice, or any associated Terms of Use.

•

Additionally, if you choose to share information in public portions of our Sites or at Events, such as in our Comments section, members of the public may be able to view and access that information.

Information Retention

We will retain your information for the period necessary to fulfill the purposes outlined in this Notice unless a longer retention period is required or permitted by law.

Website Analytics and Do-Not-Track

•

Website Analytics. We may use third-party web analytics services on our Sites to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; and provide certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here: https://tools.google.com/dlpage/gaoptout.

•

Notice Concerning Do Not Track. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our Site for third party purposes. However, we do not currently recognize or respond to browser-initiated DNT signals.

Additional Information for California Consumers

If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)).

Categories of personal information we collect and how we use them. We collect and disclose the following categories of personal information for the business purposes described in our main Notice, above: identifiers (such as name, address, email address); commercial information (such as purchase information); financial data (when you pay for an Event via our payment processor); internet or other network or device activity (such as browsing history or Site usage); audio or visual information (such as CCTV video or call recordings); gender; physical characteristics or description (such as your photo or height/weight/clothing size to provide you with appropriate-sized apparel for Events); professional or employment related data (such as information about your type of work, title, or profession); general geolocation information (e.g., your city and state based on IP address, contact information including your physical address, or precise location, with your consent); and other categories of information, with your consent.

Categories of parties to which information is disclosed. We disclose the above categories of personal information to our SurgoCap affiliates, subsidiaries, portfolio companies, our service providers, resellers, and entities for legal purposes.

California Consumer Privacy Act Rights. The CCPA provides certain rights to California residents in connection with personal information that is collected and sold, as defined under the statute. For instance, if you are a California resident, you may request that we:

•

Provide you the categories of personal information we have collected or disclosed about you in the last twelve months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we shared personal information.

•

Provide access to and/or a copy of specific pieces of personal information we hold about you.

•

Delete certain personal information we have about you.

You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. These rights are subject to certain exceptions or qualifications, including Personal Information provided in connection with our financial services that is subject to the Gramm-Leach-Bliley Act.

If you have questions about SurgoCap’s practices in connection with the Sites or Events, or want to exercise any of these rights, then please contact SurgoCap at [email protected]. Note that you will be required to verify your identity before we fulfill your request. To do so, we will request certain information that you have provided to us. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us.

California Shine the Light Disclosure. The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.

Do Not Sell Notice. CCPA sets forth certain obligations for businesses that “sell” personal information. We do not “sell” personal information and have not engaged in such activity in the past twelve months.

Additional Information for Residents Outside of the United States

Transfers. SurgoCap is a United States company, but operates Events globally. As such, we may store your information in the United States, and transfer your information to service providers and other parties (as described in “Sharing of Information” above) located outside of your country of residence, including in the United States. This is necessary to provide the Sites and Events, and for the purposes outlined in this Notice. Data privacy laws vary from country to country and may not be equivalent to, or as protective as, the laws in your home country. We take steps to ensure that reasonable safeguards are in place to provide an appropriate level of protection for your information, in accordance with applicable law. These measures include data transfer agreements. By providing us with your information, you acknowledge any such transfer, storage or use.

Your rights. Local legal requirements, such as those in the EEA, may afford you additional rights. Your local laws (such as those in the EU) may permit you to request that we:

•

provide access to and/or a copy of certain information we hold about you;

•

prevent the processing of your information for direct marketing purposes (including any direct marketing processing based on profiling);

•

update information that is out of date or incorrect;

•

delete certain information that we are holding about you;

•

restrict the way that we process and disclose certain of your information; and

•

revoke your consent for the processing of your information.

We will consider all requests and provide our response within the time period required under applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances such as if we need to continue processing your information for our legitimate interests or to comply with a legal obligation. We may request that you provide us with information necessary to confirm your identity before responding to your request.

If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us at [email protected].