Privacy Policy
Last updated: January 2024
Your privacy is important to Elda River Capital, LLC and our affiliates (collectively, “we”, “us”, “our” or “Elda River”). In certain circumstances we must collect, maintain, and process certain personal information or personal data about you, otherwise we may be unable to provide you with our products and services as well as the full functionality of the website. Please note that “personal information” and “personal data” as used in this website privacy notice (the “Privacy Notice”) shall have the meaning given to such terms (or the equivalent term) under applicable data protection laws. We use these terms interchangeably in this Privacy Notice for simplicity.
To better protect your privacy, we are providing information explaining our data handling practices. This Privacy Notice describes how we gather and use personal information that we collect:
- on or through www.eldariver.com and as applicable, our other websites (including, as applicable, any of our portals and data rooms) (collectively the “website”);
- when you opt to receive communications from us;
- about representatives of our vendors, business partners or portfolio companies;
- to conduct business with you;
- when you apply for a job with us; and
- through other data collection points where we refer to this Privacy Notice.
Please read this Privacy Notice carefully and prior to using the website and providing any personal information. This Privacy Notice does not apply to any processing of personal information by or on behalf of Elda River that is covered by a more specific privacy notice, and this Privacy Notice does not apply to any other websites that may be linked to it. We do not control the privacy notices or practices of other persons or entities, and we encourage you to read the privacy notices applicable to other websites before you disclose any personal information to them.
Jurisdiction-specific Information
This Privacy Notice is supplemented by the California Privacy Notice Supplement and EU & UK Privacy Notice Supplement. In addition to reading this Privacy Notice, if you are:
- a resident of California, please also read our California Privacy Notice Supplement; or
- located in the European Economic Area (“EEA”), European Union (“EU”) or United Kingdom (“UK”), or the processing of your personal data would otherwise be subject to EU & UK Data Protection Laws (as defined below), please also read our EU & UK Privacy Notice Supplement.
Categories of Personal Information We Collect and Process and How We Collect It
The personal information we collect and process about you includes, but is not limited to, the following:
- Basic personal details and identifiers: such as name, email address, postal address, title, job title, and telephone number;
- Internet or other electronic network activity information: such as information regarding your use of our website and geolocation data. We obtain some information about your IP address and web browser that you use to access the website;
- Information received through communications with us: such as information provided through telephone calls and other verbal communications;
- Marketing and communications information collected about you or that you provide to us: your preferences in receiving marketing information from us and/or our third parties, and/or your communication preferences; and
- Other information: such as information obtained through publicly available external websites in certain circumstances.
Information you provide to us
We collect your personal information when you decide to interact with us (e.g., via any contact/communication feature we utilize on the website, when you visit our offices, when you communicate with us over email or the telephone, when you apply for a job with us, etc.).
We may also collect personal information about you, such as your IP address, through automated technology when you access and use our website, such as cookies and similar technology (please see the “Cookies” section below for information about how we use such technologies).
Information provided by third parties or publicly available sources
We collect personal information from third parties, such as a resumé sent to us by a recruiting firm, background information from a background check provider, personal information we viewed on social media (e.g., LinkedIn) or information obtained from publicly available lists of individuals subject to sanctions or trade restrictions.
If you represent one of our vendors, business partners or portfolio companies, we may also collect your personal information (i.e., basic identifying and contact information, including your name, title, work email address, work postal address, job title and/or work telephone number, as appropriate) from the entity that you work for where this is necessary to receive products or services from, or otherwise conduct business with, such third party.
We process information in relation to companies that we are evaluating in connection with a corporate transaction or potential investment. This information may include your personal information including name, title, email address, postal address, job title, telephone number, passport or other government-issued identification, financial information and/or job and benefits information, as appropriate.
We do not knowingly collect personal information from children under the age of 16. If we are made aware that we have collected personal information from a child under the age of 16, we will delete it as soon as practicable.
Purposes for Collecting Personal Information
We may collect or disclose the personal information we collect about you for one or more of the following purposes:
Purpose | Legal Basis to Process personal data |
To conduct business with you or to provide you with the services or products you have requested, including responding to your enquiries and requests and providing you with support | Contractual necessity; and/or our legitimate interest in operating our business and providing investment services |
To keep a record of and manage your relationship with us | Our legitimate interest in operating our business and providing investment services; and/or consent |
To communicate with you, to operate, schedule and facilitate meetings and in relation to your participation in any of our events | Our legitimate interest in operating our business and providing investment services; and/or consent |
To verify your identity (including to conduct anti-money laundering or KYC checks and to enable you to access our offices) and to conduct conflicts checks | Our legitimate interest in operating our business and providing investment services; contractual necessity; legal requirement; and/or consent |
To conduct due diligence and other business activities in connection with an actual or prospective corporate transaction or investment which we are party to | Our legitimate interest in operating our business and providing investment services; contractual necessity; and/or legal requirement |
To protect against, identify and prevent, fraud, money-laundering, cyber-attacks, theft of our property, other threats to the safety, security and integrity of our website, assets our business, and other malicious or unlawful activity | Our legitimate interest in operating our business and providing investment services; and/or legal requirement |
To monitor and manage our portfolio companies | Our legitimate interest in operating our business; and/or contractual necessity |
Litigation management and conducting internal audits and investigations | Our legitimate interest in operating our business; and/or legal requirement |
To comply with our legal obligations and corporate governance practices, which may require recording or monitoring telephone calls or other communications with you | Legal requirement; our legitimate interest in operating our business; and/or consent |
To obtain advice from our professional advisors, including lawyers and accountants | Our legitimate interest in operating our business |
To administer and protect our business and our website | Our legitimate interest in operating our business; and/or consent |
To make suggestions and recommendations to you about goods or services that may be of interest to you | Our legitimate interest in operating our business; and/or consent |
For statistical analysis and market research, including to understand how our service may be improved for you (including through our use of cookies), and to improve our services | Our legitimate interest in operating our business |
For performance of our IT systems | Our legitimate interest in operating our business |
For any other purpose that has been notified, or has been agreed, in writing | Consent |
We monitor communications where the law requires us to do so. We also monitor communications, where required to do so, to comply with regulatory rules and practices and, where permitted to do so, to protect our respective businesses and the security of our respective systems.
Where required by applicable law, we will obtain your consent to send you marketing communications about our products, services, offers and promotions, and to invite you to events and to participate in surveys. You may request that we stop sending you marketing communications by emailing InvestorRelations@eldariver.com at any time.
Disclosure of Personal Information
Unfortunately, the transmission of information and data via the internet is not completely secure. Although we try to protect your personal information, we cannot guarantee the security of any information or data transmitted to or through the website and any transmission of information or data by you or on your behalf to or through the website is at your sole risk.
We may disclose any of the categories of personal information we obtain about you as described in the “Categories of Personal Information We Collect and Process and How We Collect It” section above amongst Elda River and to service providers and persons employed and/or retained by Elda River to fulfil the purposes set out in this Privacy Notice. We use a number of service providers to perform certain services including legal and financial professional advisors, our auditors, recruitment firms, consultants, IT and data security providers, data hosting providers and in some instances, placements agents, administration agents, depositories, investment managers and other fund administrators.
We may also disclose personal information: (1) if we are required or permitted to do so by law or legal process (such as a court order or subpoena); (2) in response to requests by government or regulatory agencies, such as law enforcement, tax, and data protection supervisory authorities; (3) to establish, exercise or defend legal rights; (4) when we believe disclosure is necessary or appropriate to prevent physical or other harm or financial loss; (5) in connection with an investigation of suspected or actual illegal activity; or (6) otherwise with your consent.
We do not sell any of the personal information we collect about you to third parties. However, we reserve the right to transfer any personal information we have about you in the event of an actual or proposed sale or transfer of all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, divestiture, dissolution, or liquidation).
Retention of Personal Information
We retain your personal information for as long as reasonably necessary and proportionate to achieve the purposes and uses set out in this policy, as authorized by law, and to meet legal, taxation, accounting, risk management or business requirements. We may retain personal information for longer where required by our regulatory obligations, or where we believe it is necessary to establish, defend or protect our legal rights and interests or those of others.
How We Protect Your Information
We maintain physical, electronic, and procedural safeguards to prevent unauthorized access to data and to protect the integrity of our systems. We take reasonable steps to protect any personal information that you provide us online by employing appropriate technical and organizational measures. We permit access only by authorized persons who need access to that information to provide services to us and you and who are required to abide by applicable confidentiality and information security practices. Despite the security procedures we employ, you should be aware that it is impossible to guarantee the security of information that you transmit to us via the internet.
Marketing
We may use your personal information to keep you informed of our products and services, if you have provided your consent to us doing so, or where we have an existing relationship with you and we wish to contact you about products and services similar to those which we have provided to you, on the basis of our legitimate interest in operating our business. You may opt-in to certain kinds of marketing, or all forms of marketing, at any time, by contacting us and you may unsubscribe to receiving emails by clicking on the “opt-out” or “unsubscribe” link provided in all our marketing emails, at any time.
Cookies
Information regarding how you access the website (e.g., browser type, access times, and Internet Protocol (IP) address) and your hardware and software is automatically collected through the use of cookies (a small text file placed on your hard drive) or other technologies or tools. This information is used to improve website performance and for our business or commercial purposes. Where cookies are not necessary for us to provide the products or services you have requested or for the functioning of the website, we will ask you to consent to their use. You may opt-in to accept cookies automatically by changing the settings on your browser. If you opt-out of certain cookies, you may not be able to access certain parts of the website.
Subject to your consent, the website will place the cookies listed below:
Cookie | Type / Purpose | Duration | More Information |
_pk_id.<appID>.<domainHash> | First-party cookie. Used to recognize visitors and hold their various properties. | Cookie expires after 13 months or 30 minutes for anonymous visitors if the 30-minute cookie option is turned on. | Cookie stores the following information: cookieID; cookieCreationTimestamp; visitsCount; currentVisitTimestamp;lastVisitTimestamp;lastEcommerceOrderTimestamp |
_pk_ses.<appID>.<domainHash> | First party cookie that shows the visitor’s active session. | Cookie expires 30 minutes after the visitor’s last event. | |
ppms_privacy_<appID> | First party cookie that stores the visitor’s consent to data collection and usage. | Cookie expires after 12 months. | |
stg_traffic_source_priority | First party cookie that stores the type of traffic source from which the visitor came to the site. | Cookie expires after 30 minutes. | |
stg_last_interaction | First-party cookie that indicates whether the last visitor’s session is still running or a new session has started. | Cookie expires after 365 days. | |
stg_returning_visitor | First-party cookie that indicates whether a visitor has been to site before. | Cookie expires after 365 days. | |
stg_fired__<conditionID> | First-party cookie that indicates whether the tag and trigger combination was fired during the current visitor session. | Cookie expires after the session ends (fixed idle time or after a browser is closed). | |
stg_utm_campaign | First-party cookie that stores the name of the campaign that directed visitor to site. | Cookie expires after the session ends (fixed idle time or after a browser is closed). | |
stg_pk_campaign | First-party cookie that stores the name of the campaign that directed visitor to site. | Cookie expires after the session ends (fixed idle time or after a browser is closed). | |
stg_externalReferrer | First-party cookie that stores the URL of the site that referred the visitor to site. | Cookie expires after the session ends (fixed idle time or after a browser is closed). | |
_stg_optout | First-party cookie that helps to turn off all tracking tags on site. | Cookie expires after 365 days. | |
_pk_cvar.<appID>.<domainHash> (deprecated) | First-party cookie that stores a custom variable that is part of the visit scope. | Cookie expires 30 minutes after visitor’s last event. | |
_ga | Used to distinguish users. | Cookie expires after 2 years. | Google Analytics. |
_ga_<container-id> | Used to persist session state. | Cookie expires after 2 years. | Google Analytics. |
bcookie | Browser Identifier cookie to uniquely indentify devices accessing LinkedIn to detect abust on the platform and diagnostic purposes. | Cookie expires after 1 year. | Provided by LinkedIn and domain is: .linkedin.com |
bscookie | Used for remembering that a logged in user is verified by two factor authentication and has previously logged in. | Cookie expires after 1 year. | Provided by LinkedIn and domain is: .www.linkedin.com |
JSESSIONID | Used for Cross Site Request Forgery (CSRF) protection and URL signature validation. | Cookie expires after session. | Provided by LinkedIn and domain is: .www.linkedin.com |
lang | Used to remember a user’s language setting to ensure LinkedIn.com displays in the language selected by the user in their settings | Cookie expires after session. | Provided by LinkedIn and domain is: .linkedin.com |
lidc | Used to facilitate data center selection. | Cookie expires after 24 hours. | Provided by LinkedIn and domain is: .linkedin.com |
sdsc | Signed data service context cookie used for database routing to ensure consistency across all databases when a change is made. Used to ensure that user-inputted content is immediately available to the submitting user upon submission. | Cookie expires after session. | Provided by LinkedIn and domain is: .linkedin.com |
li_gc | Used to store consent of guests regarding the use of cookies for non-essential purposes. | Cookie expires after 6 months. | Provided by LinkedIn and domain is: .linkedin.com |
li_mc | Used as a temporary cache to avoid database lookups for a member’s consent for use of non-essential cookies and used for having consent information on the client side to enforce consent on the client side | Cookie expires after 6 months. | Provided by LinkedIn and domain is: .linkedin.com |
UID | Cookie used for market and user research | Cookie expires after 720 days. | Provided by Scorecard research and domain is: scorecardresearch.com |
UserMatchHistory | LinkedIn Ads ID syncing | Cookie expires after 30 days. | Provided by LinkedIn and domain is: .linkedin.com |
AnalyticsSyncHistory | Used to store information about the time a sync took place with the lms_analytics cookie | Cookie expires after 30 days. | Provided by LinkedIn and domain is: .linkedin.com |
lms_ads | Used to identify LinkedIn Members off LinkedIn for advertising | Cookie expires after 30 days. | Provided by LinkedIn and domain is: .linkedin.com |
lms_analytics | Used to identify LinkedIn Members off LinkedIn for analytics | Cookie expires after 30 days. | Provided by LinkedIn and domain is: .linkedin.com |
li_fat_id | Member indirect identifier for Members for conversion tracking, retargeting, analytics | Cookie expires after 30 days. | Provided by LinkedIn |
li_sugr | Used to make a probabilistic match of a user’s identity outside the Designated Countries | Cookie expires after 90 days. | Provided by LinkedIn and domain is: .linkedin.com |
_guid | Used to identify a LinkedIn Member for advertising through Google Ads | Cookie expires after 90 days. | Provided by LinkedIn and domain is: .linkedin.com |
BizographicsOptOut | Used to determine opt-out status for non-members | Cookie expires after 10 years. | Provided by LinkedIn and domain is: .linkedin.com |
li_giant | Indirect indentifier for groups of LinkedIn Members used for conversion tracking | Cookie expires after 7 days. | Provided by LinkedIn |
oribi_cookie_test | To determine if tracking can be enabled on current domain | Cookie expires after session. | Provided by Oribi. |
oribili_user_guid | Used to count unique visitors to a website | Cookie expires after 1 year. | Provided by Oribi. |
ln_or | Used to determine if Oribi analytics can be carried out on a specific domain | Cookie expires after 1 day. | Provided by Oribi. |
You may wish to visit www.aboutcookies.org, which contains comprehensive information about types of cookies, how they are used, and how you manage your cookie preferences.
Further Information
Elda River reserves the right to update this Privacy Notice at any time. In the event that we do so, we will make an updated version of this Privacy Notice available to you via the website. The examples contained within this Privacy Notice are illustrations only and are not intended to be exclusive. This Privacy Notice complies with the privacy provisions of Regulation S-P under the Gramm-Leach-Bliley Act and certain privacy provisions of other laws. You may have additional rights under other foreign or domestic laws that apply to you.
Contact Us
If you have questions about this Privacy Notice, wish to contact Elda River, wish to exercise opt-out rights or submit verified requests, wish to appeal decisions, or wish to make any changes to the personal information you have provided to us, including removing it from a particular subscription list or removing it from our databases, please contact us at 346-614-4250 or InvestorRelations@eldariver.com.
Please note that, unless expressly advised otherwise, our website and communication facilities do not provide a means for completely secure and private communications and use. Although we will attempt to keep personal information confidential, from a technical standpoint, there is still a risk. For that reason, use caution when using the website, e-mail and other communication methods to communicate information to Elda River that is considered to be confidential.
Our goal is to respond to any verifiable consumer request within the timeframes mandated applicable law, and we will notify you in writing if we cannot meet any such timelines.
No Discrimination: We will not discriminate against you for exercising your rights under the applicable privacy regulations in your jurisdiction.
California Privacy Notice Supplement
This notice (the “California Privacy Notice Supplement”) supplements the Privacy Notice set forth above with respect to specific rights granted under the California Consumer Privacy Act of 2018, as amended (the “CCPA”) to natural person residents of California, and provides information regarding how such California residents can exercise their rights under the CCPA. This California Privacy Notice Supplement is only relevant to you if you are a resident of California as determined in accordance with the CCPA. Information required to be disclosed to California residents under the CCPA regarding the collection of their personal information that is not set forth in this California Privacy Notice Supplement is otherwise set forth above in the Privacy Notice. Please note that the rights under the CCPA do not apply to personal information collected, processed, sold or disclosed pursuant to the Gramm-Leach-Bliley Act (Public Law 106-102). To the extent there is any conflict with the privacy requirements under the Gramm-Leach-Bliley Act and/or Regulation S-P (“GLB Rights”), GLB Rights shall apply.
Categories of Personal Information We Collect: Elda River collects or within the last twelve (12) months has collected some or all of the following categories of personal information from individuals:
Category | Examples | Collected |
A. Identifiers | Name, contact details and address (including physical address, email address and Internet Protocol address), and other identification (including social security number, passport number and driver’s license or state identification card number). | YES |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | Telephone number, signature, bank account number, other financial information (including accounts and transactions with other institutions and anti-money laundering information), and verification documentation and information regarding investors’ status under various laws and regulations (including social security number, tax status, income and assets). | YES |
C. Protected classification characteristics under California or federal law | Date of birth, citizenship and birthplace. | YES |
D. Commercial information | Account data and other information contained in any document provided by investors to authorized service providers (whether directly or indirectly), risk tolerance, transaction history, investment experience and investment activity, information regarding a potential and/or actual investment in the applicable fund(s), including ownership percentage, capital investment, income and losses, source of funds used to make the investment in the applicable fund(s). | YES |
E. Biometric information | Imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns and voice recordings or keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contains identifying information. | NO |
F. Internet or other similar network activity | Use of our website, fund data room and investor reporting portal (e.g., cookies, browsing history and/or search history), as well as information you provide to us when you correspond with us in relation to inquiries. | YES |
G. Geolocation data | Physical location or movements. | NO |
H. Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information. | NO |
I. Professional or employment-related information | Current or past job history or performance evaluations. | NO |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO |
K. Inferences drawn from other personal information | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | NO |
L. Sensitive Personal Information (see further information on use of sensitive personal information below) | Social security, driver’s license, state identification card, or passport numbers; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin; religious or philosophical beliefs; union membership; genetic data; the contents of a consumer’s mail, email, and text messages unless you are the intended recipient of the communication; biometric information for the purpose of uniquely identifying a consumer; and personal information collected and analyzed concerning a consumer’s health, sex life, or sexual orientation. | YES, as to the following types of information: social security, driver’s license, state identification card, or passport numbers, account log-in, financial account in combination with any required security or access code password, or credentials allowing access to an account only. |
Elda River does not collect or use sensitive personal information other than:
- To perform services, or provide goods, as would reasonably be expected by an average consumer who requests those goods or services;
- As reasonably necessary and proportionate to detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information;
- As reasonably necessary and proportionate to resist malicious, deceptive, fraudulent, or illegal actions directed at us and to prosecute those responsible for such actions;
- As reasonably necessary and proportionate to ensure the physical safety of natural persons;
- For short-term, transient use (but not in a manner that discloses such information to another third party or is used to build a profile of you or otherwise alter your experience outside of your current interaction with Elda River);
- To perform services on behalf of the Elda River’s business;
- To verify or maintain the quality or safety of a service or to improve, upgrade, or enhance such service or device; and
- To collect or process sensitive personal information where such collection or processing is not for the purpose of inferring characteristics about a consumer.
Purposes for Collecting Personal Information: Elda River may collect or disclose the personal information Elda River collects about you for one or more of the following business or commercial purposes as set forth in the “Purposes for Collecting Personal Information” section of the Privacy Notice.
Elda River retains the categories of personal information set forth above in the “Categories of Personal Information We Collect” section of this California Privacy Notice Supplement only as long as is reasonably necessary for those business or commercial purposes set forth above, except as may be required under applicable law, court order or government regulations.
Disclosure of Personal Information: Elda River does not share for the purpose of cross-context behavioral advertising or sell (as such terms are defined in the CCPA) any of the personal information Elda River collects about you to third parties. In the preceding twelve (12) months, Elda River has not sold or shared any of the personal information Elda River collects about you to third parties. Elda River does not disclose any non-public personal information about you to anyone, except as permitted or required by law or regulation and to service providers.
Elda River discloses, or within the last twelve (12) months has disclosed, personal information collected from you for a business or commercial purpose to the categories of third parties indicated in the chart below. Elda River may also disclose your information to other parties as may be required by law or regulation, or in response to regulatory inquiries.
Personal Information Category | Category of Third-Party Recipients |
A. Identifiers | Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents. |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents. |
C. Protected classification characteristics under California or federal law | Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents. |
D. Commercial information | Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents. |
E. Biometric information | N/A |
F. Internet or other similar network activity | Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents. |
G. Geolocation data | N/A |
H. Sensory data | N/A |
I. Professional or employment-related information | N/A |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) | N/A |
K. Inferences drawn from other personal information | N/A |
L. Sensitive Personal Information | Administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents. |
Rights Under the CCPA
- Disclosure and Access Rights: You have the right to request that Elda River discloses to you certain information regarding Elda River’s collection, use, disclosure and sale of personal information specific to you. Such information includes:
- The categories of personal information Elda River collected about you;
- The categories of sources from which the personal information is collected;
- Elda River’s business or commercial purpose for collecting such personal information;
- Categories of third parties to whom Elda River discloses the personal information;
- The specific pieces of personal information Elda River has collected about you; and
- Whether Elda River disclosed your personal information to a third party, and if so, the categories of personal information that each recipient obtained.
- Correction: You have the right to request that Elda River corrects any inaccuracies in the personal information Elda River retains about you, subject to certain statutory exceptions, including, but not limited to, Elda River’s compliance with U.S., state, local and non-U.S. laws, rules and regulations, if that information is inaccurate. Elda River will notify you in writing if Elda River cannot comply with a specific request and provide an explanation of the reasons.
- Deletion Rights: You have the right to request that Elda River deletes any of your personal information that Elda River retains, subject to certain exceptions, including, but not limited to, our compliance with U.S., state, local and non-U.S. laws, rules and regulations. Elda River will notify you in writing if Elda River cannot comply with a specific request and provide an explanation of the reasons.
- No Discrimination: Elda River will not discriminate against you for exercising your rights under the CCPA, including by denying service, suggesting that you will receive, or charging, different rates for services or suggesting that you will receive, or providing, a different level or quality of service to you.
How to Exercise Your Rights: To exercise any of your rights under this California Privacy Notice Supplement, or to access this notice in an alternative format, please submit a request on your behalf using any of the methods set forth below.
Call us using the following toll-free number: 1-888-478-0853
Email us at the following email address: InvestorRelations@eldariver.com.
Elda River will contact you to confirm receipt of your request under the CCPA and request any additional information necessary to verify your request. Elda River verifies requests by matching information provided in connection with your request to information contained in our records. Depending on the sensitivity of the request and the varying levels of risk in responding to such requests (for example, the risk of responding to fraudulent or malicious requests), Elda River may request further information or your investor portal access credentials, if applicable in order to verify your request. You may designate an authorized agent to make a request under the CCPA on your behalf, provided that you provide a signed agreement verifying such authorized agent’s authority to make requests on your behalf, and Elda River may verify such authorized person’s identity using the procedures above. If Elda River requests you verify your request and Elda River does not receive your response, Elda River will pause processing your request until such verification is received. Elda River’s goal is to respond to any verifiable consumer request within forty-five (45) days of our receipt of such request. Elda River will notify you in writing if Elda River cannot meet that timeline.
EU & UK Privacy Notice Supplement
This EU and UK Privacy Notice Supplement supplements the information contained in the Privacy Notice above and applies solely to the processing of personal data which is subject to EU & UK Data Protection Laws. For the purposes of this EU & UK Privacy Notice Supplement, the “EU & UK Data Protection Laws” mean all applicable laws and regulations relating to privacy, protection or processing of personal data in the EEA, EU and UK, including (without limitation): the General Data Protection Regulation (Regulation (EU) 2016/679) (“EU GDPR”), the EU GDPR as it forms part of the laws of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union Withdrawal Act 2018 (“UK GDPR”), and including in respect of the foregoing any implementing or successor legislation and any amendments or re-enactments. The terms “controller”, “data subject”, “personal data”, “process” and “processing” or other applicable or analogous terms shall be interpreted in accordance with the applicable EU & UK Data Protection Laws.
To the extent that EU & UK Data Protection Laws apply to our processing of your personal data, Elda River (as defined in the Privacy Notice) is a “controller” of your personal data. In simple terms, when applicable, this means we: (i) “control” the personal data that we collect from you or other sources; and (ii) make certain decisions on how to use and protect such personal data.
What type of personal data do we collect?
The types of personal data that we collect are set forth in the “Categories of Personal Information We Collect and Process and How We Collect It” section of the Privacy Notice. Please note that we do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Purposes and Legal Bases for Collecting and Using Personal Data
We rely on various legal bases under the EU & UK Privacy Laws in order to process your personal data, as we have set forth in the “Purposes for Collecting Personal Information” section of the Privacy Notice. Note that we may process your personal data on more than one legal basis depending on the specific purpose for which we are using your personal data. These purposes are also set out in the “Purposes for Collecting Personal Information” section of the Privacy Notice, which in general are to operate our business, conduct business with you and perform essential or legitimate business operations.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.
If we require your personal data due to a legal requirement or obligation or in order to perform a contract with you, we will make you aware of this at the time we collect your personal data, and the possible consequences of you failing to provide this personal data (e.g., we may require your passport details to verify your identity for the purposes of anti-money laundering regulations).
No solely automated decision making, including profiling, is used when processing your personal data.
Disclosure of Personal Data
Elda River may disclose and transfer your personal data to third parties as set forth in the “Disclosure of Personal Information” section of the Privacy Notice above, which may involve the transfer of your personal data outside of the EEA, EU or UK. Elda River will only transfer your personal data in accordance with applicable laws. Furthermore, we may transfer personal data to a Non-Equivalent Country (as defined below), in order to fulfill the purposes described in the Privacy Notice and in accordance with applicable laws. For information on the safeguards applied to such transfers, please contact us at InvestorRelations@eldariver.com.
For the purposes of this Privacy Notice, “Non-Equivalent Country” means a country or territory other than (i) a member state of the EEA or EU; (ii) the United Kingdom; or (iii) a country or territory which has at the relevant time been decided by the European Commission or the Government of the United Kingdom (as applicable) in accordance with the applicable EU & UK Data Protection Laws to ensure an adequate level of protection for personal data.
Data Subject Rights
To the extent set forth in EU & UK Data Protection Laws, you may have certain rights relating to the collection and use of your personal data, including, as applicable, the right to (i) request a copy of the personal data retained by Elda River (ii) to correct any inaccurate information contained within the personal data retained by Elda River; (iii) delete any personal data retained by Elda River; (iv) restrict the processing of personal data retained by Elda River, including the purposes for which personal data is processed by or on behalf of Elda River; (v) object to the processing of personal data undertaken by Elda River; (vi) direct the transfer of your personal data to a third party designated by you; (vii) withdraw your consent to our processing of your personal data at any time; and (viii) not be subject to solely automated decision making. Individuals located in the UK, EU or EEA may also “opt out” or unsubscribe from any marketing communications from Elda River. An individual may contact Elda River’s at InvestorRelations@eldariver.com if they wish to exercise any of the rights set forth herein. Furthermore, you have a right to lodge a complaint with the local supervisory authority. These rights are not absolute and in certain circumstances their exercise may not be possible including when personal data must be maintained to comply with applicable laws.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
To the extent EU & UK Data Protection Laws apply, should you have any questions or wish to contact us in relation to this EU & UK Privacy Notice Supplement and the Privacy Notice, please contact us at InvestorRelations@eldariver.com.