PRIVACY POLICY:

This is the privacy policy of Hesabu Capital Kenya Limited.
Hesabu Capital Kenya Limited and its affiliates collectively “Hesabu” “us” “we” understand the importance of data privacy to “you.” “You” means an identified or identifiable natural person who is the subject of personal data under Hesabu’s control.
In our commitment to respecting your data privacy and protecting your personal data, this “Privacy Policy” describes how we will handle and protect your personal data in connection with Hesabu’s sites which will include collectively, its website, portfolio company information and any communication that posts links to this Privacy Policy.

What is Personal Information?

“Personal Information” means information that identifies or is identifiable to “you” which includes and is not limited to, name, address, date of birth, nationality, photos, and income. It does not include information that is aggregated or anonymized and is not capable of being associated or being linked to “you.”

Sources of Collection

1. Personal Information

Personal Information collected from you, its collection and use are solely dependent on our relationship with you and how you interact with our website.

How do we “Collect” your Personal Information?

Information collected automatically from website visits.

This includes technical information such as the Internet Protocol (IP)address used to connect your computer to the internet operating system or browser type and platform for system information.

      2. Information voluntarily submitted to us.

This is personal information submitted voluntarily to us through your use of our website. Since this information is voluntarily submitted, you have the choice and control over what to submit and the choice not to submit any personal information at all.

     3. Information collected from other sources and third parties.

This is information which we might collect from industry databases or other professionals in the venture capital industry even before our first direct interaction with you.

Services

The term “Services” in this Privacy Policy refers to the services that we offer as managers of Venture Capital funds of which we process, for our own personal use, the Personal Information belonging to:

• Current and prospective portfolio companies/investees and their representatives.
• Current and prospective service providers and their representatives.
• Counterparties to investments transactions and their representatives.
• Any other party that we may interact with when conducting our business.

The term Services in this Privacy Policy is excluded from our interaction with job applicants, employees, or personnel.

How do we “Use” your Personal Information?

In our communication with current or prospective investees, we collect their personal information which may include:

• Investee’s name, authorized representatives, email address and telephone number.
• Business information about the goods or services they provide, their physical location, financial performance, and reputation.

Use of Personal Information

We use the investee personal information for the following purposes:

• Assessment of attractiveness as potential investment opportunities
• Monitoring our investment in the portfolio companies
• Monitoring the corporate, environmental, social and governance obligations of the portfolio companies
• Providing financial, management and other support to the portfolio companies
• Evaluating and reviewing the portfolio companies’ performance
• Reporting to our investors regarding the portfolio companies.
• Current and Prospective Service Providers and their Representatives Collection of Personal Information.
• In the ordinary course of business, when we purchase goods and services from a service provider, we collect personal information about goods and service providers.
• The personal information we collect, contains the following:
  • Goods or service provider name; authorized representative’s email address and telephone number;
  • Business Information relating to the goods and services provided, business location, businessperformance and reputation.Use of Personal Information
    We use the personal information collected from goods and service providers for obtaining goods and services, maintaining relationships and for communication purposes.Counterparties (co-investors, buyers, sellers, partners) to Investment transactions and their representativesCollection of Personal Information
    In the ordinary course of business, where we interact with counterparties, we collect personal information about them which includes:
  • Contact Information which includes, name of the counterparty, authorised representatives’ emailaddress, location, and phone number.
  • Business information that includes, nature of business – goods and services it provides, business location, performance, and reputation.

When we collect our counterparty data, we use it for the following purposes:

• Make informed decisions about our transactions with the counterparty.
• Provide our company and investment information.
• Communicate with the counterparty regarding the transaction.
• Conduct due diligence and risk management relating to the counterparty.
• Exercise our rights and perform our obligations under the transaction.

Collection of Personal Information from other Sources and Third Parties.

While we obtain Personal Information from current and prospective portfolio companies, goods and service providers, counterparties and all their representatives, we may obtain personal information from other sources and third parties which we combine with the information already collected directly. In such instances, we collect the same category of information which includes the following:

• Industry Contacts – In conducting our due diligence or for business development purposes, we maycollect names and contact details from other professionals in the Venture Capital industry. For instance, we may request a contact recommendation from a counterparty.
• Information Providers – From time to time, we may correct or supplement the personal informationwe have with that which we may collect from third-party providers. For instance, we may collectpersonal information from other databases.
• Enquiring Information – If a person contacts us through email or through the “Contact Us” section of our website, we may collect personal information in connection with their enquiry and correspondence, which may include, that person’s name, email address, telephone number and any other information disclosed by the person. In such instances, we might need further personal information to respond to their enquiry or request.
• Publicly available information – In addition to the Personal Information identified above, we may collect personal information from publicly available sites such as government records or publicly available websites.
• Automatically collected information – Where persons are merely visiting our website, our logfile may collect the following information; IP (Internet Protocol) address, device and browsing information, browser type, device type, device identifiers, screen resolution, device manufacturer and model, Internet Service Provider, referring and exit pages, date/time stamp, clickstream data and language preferences.

Other Uses of Personal Information in addition to the above “uses” of Personal Information.

We may use your Personal Information for the following purposes:

• In the ordinary course of business – developing and monitoring investments, financial and accounting support, monitoring and insuring our assets, administering our services, evaluating and reviewing our business performance.
• Responding to our investor enquiries and reporting.
• Developing investment strategies.
• Enforcing and carrying out contracts and agreements.
• Complying with legal obligations.

Disclosure of Personal Information.

Our Disclosure of personal information is done in the following manner:

•  Amongst ourselves at “Hesabu” with our affiliates. For instance, an investment director at Hesabu may disclose investee information with its affiliates and counterparties.
• To our service providers – where we engage third parties to transact on our behalf, including advocates, auditors, banks, lenders, custodians, insurance brokers and providers and IT support providers.
• For Business transactions – where we may take part in or be involved in corporate business transactions – merger, acquisition, joint venture, financing, or sale of company assets, we may disclose personal information to third parties during the negotiation or in connection with a business transaction or insolvency.
• In compliance with legal obligations and rights, we may disclose Personal Information to legal advisers and law enforcement authorities in connection with the establishment, exercise or defence of legal claims
• To protect our rights and property and those of our investors, including to enforce our agreements and policies.
• To detect, suppress or prevent fraud.
• To reduce credit risks and collect debts owed to us.
• To protect our health and safety as well as the health and safety of others.
• As required by applicable law.

With consent, we may disclose an individual’s personal information to third parties.

Data Retention

We will only retain your personal data for as long as we need it to fulfil the purposes for which we collected it for. This will include ensuring legal, regulatory, accounting and reporting compliance.
In determining the data retention period, we consider the amount, nature, sensitivity of personal data, its potential risk of harm from unauthorized use or disclosure, the purpose for which we process and whether we can achieve the purpose through other means and for legal compliance.

Data Security

The personal data we collect from you will be stored by our service providers and protected on their highly secured database. While your personal data is protected as such, we cannot guarantee its utmost safety from damage, loss, misuse, or alteration. We are not liable under applicable law for any such damage, loss, misuse, or alteration.
Where required by law, we will notify you of any damage, loss, misuse, or alteration of your Personal Information.

Privacy Rights

In accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act, 2019, you have the following rights:

• Right of Access to your personal data;
• Right of rectification of your personal data;
• Right to request restriction to processing of your personal data;
• Right to request erasure of personal data;
• Right to transfer personal data;
• Right to object to the processing of your personal data;
• Right to withdraw consent of personal data;
  For more information, please contact us through the “Contact Section.”

Notification of Changes

We reserve the right to change this Privacy Policy in our sole discretion, of which we may send you a notice regarding material changes. We however encourage you to frequently check this Privacy Policy as your continued use of our sites after any changes to this Privacy Policy will constitute acceptance of any such changes.