Datenschutzhinweise / Privacy Policy

We, Cavalry Ventures Management GmbH, operate the following websites (“services”):

• https://cavalry.vc/
• https://cavalryventures.recruitee.com
• https://cavalry.paperform.co/

and collect certain data from you, whereas necessary. In the following privacy policy, you will be informed what we do with your data, so-called personal data, and why we do this. We will also inform you how we protect your data, when this data is deleted and what rights you have within data protection.

Who can I contact?

Responsible for this website is:

Cavalry Ventures Management GmbH

Novalisstraße 12

10115 Berlin

hello@cavalry.vc

Via the contact data you can reach our Data Protection Officer or another data protection relevant contact. Don't hesitate to contact us if you have specific questions about your personal data, deletion of your personal data or similar things:

Fresh Compliance GmbH, Frank Trautwein (Data Protection Officer), Fürbringerstr. 15, 10961 Berlin, dsb@freshcompliance.de, 030-2765751

What are my rights?

You can contact us at any time if you have any questions about your rights regarding data protection or if you wish to exercise any of the following rights:

• Right to withdraw your consent in accordance with Art. 7 para. 3 GDPR (e.g. you can contact us if you wish to cancel a previously given consent to a newsletter)
• Right to access your data in accordance with Art. 15 GDPR (e.g. you can contact us if you would like to know what data we have stored about you)
• Right to correct your data in accordance with Art. 16 GDPR (e.g. you can contact us if your e-mail address has changed and we should replace your old e-mail address)
• Right to have your data deleted in accordance with Art. 17 GDPR (e.g. you can contact us if you want us to delete certain data that we have stored about you)
• Right to limit data collection in accordance with Art. 18 GDPR (e.g. you can contact us if you do not want us to delete your e-mail address, but only to send absolutely necessary e-mails)
• Right to data portability in accordance with Art. 20 GDPR (e.g. you can contact us to receive your data in a zipped format, if you want to upload it to another website)
• Right to object how your data is handled in accordance with Art. 21 GDPR (e.g. you can contact us if you do not agree with advertising or user analytics procedures as described within this privacy policy)
• Right to send complaints to the supervisory authority in accordance with Art. 77 para. 1 f GDPR (e.g. you can contact the data protection supervisory authority directly: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm)

Deletion of data and storage periods

Unless otherwise stated, we will delete or anonymize your data as soon as it is no longer needed, e.g. your e-mail address after you have unsubscribed from a newsletter. Your data will also be deleted or blocked automatically if the mandatory storage period expires. Such data may be needed for longer periods of time for legal reasons. You can request information about all personal data we have stored about you. Data protection inquiries and other legal matters may also be stored for a longer period of time within the scope of the legally relevant retention and statute of limitations periods.

Visiting our website

If you merely wish to browse our website, we do not collect any personal data, with the exception of the data that your browser sends to us, e.g.:

• IP address (e.g. 82.93.116.example or 2a02:7122:99222:1112:bdb2:723f:example)
• Approximate location based on IP range (e.g. "Berlin")
• Internet provider (e.g. "Telecom" or „AT&T")
• Internet connection speed (e.g. 120 Mbit)
• Date and time of visit (e.g. 11:55 on 25.05.2023)
• Last visited website (e.g. google.com)
• Browser and version (e.g. Chrome or Safari)
• Operating system (e.g. Mac OS)
• Hardware (e.g. Intel processor)

As a protective measure in favour of your privacy, we delete or anonymise the IP address after your visit to our website. This means that the other technical data can no longer be traced back to you and are only used for anonymous, statistical purposes to optimise our website. The purpose of the temporary storage of the data is, on the one hand, the technical necessity for establishing the connection and, on the other hand, the correct, error-free presentation of our website. The IP address and the technical data already mentioned are necessary to display the website, to prevent display problems for visitors and to correct error messages. The legal basis is the so-called legitimate interest, which has been examined in the context of the aforementioned protective measures as well as in accordance with the European data protection requirements from Art. 6 para. 1 lit. f GDPR.

Contact

You can upload a pitch through the following form https://cavalry.paperform.co/. You can then submit the following data:

• First- / Last name
• E-mail address

Subsequently, we ask for specific information about your company and its online presence, such as the name of the company, the company website, and several key performance indicators (KPIs).

When you contact us, for example via email, your request including any resulting personal data (name, inquiry) will be stored and processed for the purpose of handling your concern. We only share this data if necessary to fulfill your request or if you have given your prior consent.

The data of existing business partners, especially contact details, are managed using a Customer Relationship Management (CRM) system. This allows us to conduct interactions via email, social media, or telephone. In individual cases, we send information to investors and business contacts which we believe might be of interest to you. If you do not wish to receive further emails of this kind, you can opt-out at any time using the unsubscribe link provided.

As a protective measure, initiating contact - just like visiting the rest of the website - is done over an encrypted connection. Depending on whether a business relationship is established or not, we store your data, subject to contractual or legal retention obligations, until you request deletion or object to the processing, or the data is no longer required for our business purposes. The purpose of the requested data is communication and automation of pitch submissions, enabling us to make the process for inquiries and communication more efficient. The legal basis, depending on the request, is the execution of pre-contractual measures according to Art. 6 para. 1 lit. b GDPR or the so-called legitimate interest, which has been examined for the purpose of pursuing the goal within the framework of the aforementioned protective measures as well as in accordance with the European data protection requirements from Art. 6 para. 1 lit. f GDPR.

Social Sign-In & Social Login

We maintain company presences on social media platforms

• Facebook: Cavalry Ventures - Startseite | Facebook
• LinkedIn: Cavalry Ventures: Overview | LinkedIn
• Twitter: Cavalry Ventures (@CavalryVC) / Twitter
• Medium: An introduction to the Cavalry Platform | by Cavalry Ventures | Cavalry Chronicle | Medium

and process your personal data if you communicate with us through these channels. Specifically, we process contact details (e.g., profiles, email addresses, or phone numbers, as far as you provide these) and content data (e.g., comments, tags, and links).

As a protective measure, the data you enter is transmitted via an encrypted connection of the respective platform. We do not use the sign-in to access personal data such as friend lists or contacts nor do we store this information for our own purposes. There is no permanent link between your user account and the operator's user account. We are unaware of which data the social networks collect during sign-in or how data is linked. Depending on your location, the data is processed either within the European Union or the USA. For more information, please refer to the privacy policies of the respective operators. The purpose of the requested data is to sign in using an existing user account to use extended features (such as information about our services or to communicate with you) on the website. Signing in via social networks is voluntary and can be revoked or the user account can be logged off at any time. If we use evaluations provided by the platform operators to create user profiles and place advertisements within and outside the networks, we are co-responsible in the sense of Art. 4 No. 7 GDPR with:

• Facebook, operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The Facebook application is a social media platform that allows users to connect with friends and family, share content, join groups, and communicate via text, video, or voice calls. The data is processed within the European Union. For more information, please refer to Facebook’s Privacy Policy.
• Facebook Pixel, operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We integrate Facebook Custom Audience Pixel and Facebook Conversion API into our pages. In this case, cookies are set in which personal data about user behavior is processed. The pixel is loaded when you visit our website or react to an ad we have placed on Facebook, for example, because you clicked on a link contained in the ad. In this context, a Pixel ID is created and stored in cookies, so we receive evaluations of your user behavior. The data is processed within the European Union. For more information, please refer to Facebook’s Privacy Policy.
• LinkedIn, operated by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. LinkedIn is a professional networking platform that allows users to connect with others in their industry, discover job opportunities, share content, and showcase their skills and work experiences. Depending on your location, the data is processed either within the European Union or the USA. For more information, please refer to LinkedIn’s Privacy Policy.
• X (formerly Twitter), operated by X Corp., Copyright Agent, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. This provider is a microblogging service. The data is processed in the USA. For more information, please refer to X’s Privacy Policy.
• Medium, operated by VeraSafe Ireland Ltd, Unit 3D North Point House, North Point Business Park, New Mallow Road Cork T23AT2P, Ireland. The data is processed within the European Union. For more information, please refer to Medium’s Privacy Policy.

As Joint Controllers as per Art. 26 GDPR of these pages, we have agreements with most platform operators stating they assume the key data protection obligations for information and fulfillment of the rights of the data subjects as well as data security and notification and information in case of data protection violations. As providers of the social media platforms, they have immediate access to necessary information and can also take immediate necessary actions and provide information. We only receive anonymized user statistics.

You can assert your rights as a data subject against any of the Joint Controllers. If you contact us, we will instruct the platform providers accordingly. For further information, we refer to the privacy policies and information provided by the operators of the respective networks.

Newsletter

If you are interested in receiving updates about our company or our products, you can subscribe to our newsletter. You will then receive an e-mail in which you must click on a link to confirm receipt of the newsletter. We will then save your e-mail address until you unsubscribe from the newsletter. For this purpose you will find a corresponding link to unsubscribe in every e-mail of our newsletter. The delivery of the newsletter is carried out by the specialized service provider MailChimp. Further information can be found in MailChimp’s privacy policy.

As a protective measureFurthermore, we have entered into a data processing agreement with the assigned service provider. You are also able to unsubscribe from the newsletter at any time and thus delete your e-mail address from the service provider's database. The purpose of the data requested is to send the newsletter to your personal e-mail address in order to fulfil your request for updates about our company or our products. The legal basis is your consent in accordance with the European data protection requirements under Art. 6 para. 1 lit. a GDPR.

Job applications

Insofar as you apply to us via our web form under https://cavalryventures.recruitee.com/ or via e-mail jobs@cavalry.vc we collect and process the personal applicant data for the purpose of handling the application process. The processing is primarily carried out electronically. This is particularly the case if corresponding application documents are submitted electronically to us, for example by e-mail or via a web form located on the website. If we conclude an employment contract, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract, the application documents will be deleted six months after notification of the rejection decision - this retention period is justified by a potential obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG). If consent was given (“Talent Pool”), applications may also be retained for longer than six months to be able to find other interesting positions for you.

As a protective measure, the transmission of the data you provide is carried out over an encrypted connection. We also ensure that only individuals involved in the application process have access to your application documents. Furthermore, we guarantee the deletion or anonymization of the data as described above. The purpose of the requested data is to carry out the application process and the associated hiring decision. The legal basis for processing is the decision on the establishment and performance of an employment relationship according to Art. 6 para. 1 lit. b GDPR, Art. 88 GDPR with § 26 BDSG (Federal Data Protection Act of Germany).

Cookies

Our website partially uses so-called cookies. Cookies are small text files that are usually stored in a folder of your browser. Cookies contain information about the current or last visit to the website:

• Name of the website
• Expiration date of the cookie
• Any value

If cookies do not contain an exact expiration date, they are stored only temporarily and are automatically deleted as soon as you close your browser or restart your device. Cookies with an expiration date will still be stored even when you close your browser or restart your device. Such cookies will not be deleted until the specified date or if you delete them manually.

We use the following three types of cookies on our website:

• required cookies (cookies that are required, e.g. to display the website correctly for you and to store certain settings temporarily)
• functional and performance-related cookies (cookies that help us improve our website, e.g. to evaluate technical data of your visit and avoid error messages)
• advertising and analytics cookies (cookies that provide analytics and personalized ads, e.g. advertising for shoes is displayed if you have previously searched for shoes)

You can configure, block and delete cookies in your browser settings. If you delete all cookies from our website, some functions of the website may not be displayed correctly. Helpful information and instructions for the most common browsers can be found here: https://www.allaboutcookies.org/manage-cookies/stop-cookies-installed.html

Data Receipents

In accordance with the descriptions and purposes mentioned above, we share your data with the following recipients, who are essential to the provision of our services (funding request) and communication with you. When our partners or service providers process personal data, they do so solely on the basis of contracts in which they commit to comply with strict contractual requirements for the protection of your data.

• Notion, operated by Notion Labs Inc, headquartered at 548 Market Street Suite 74567, San Francisco, CA 94104, United States. This is the hosting provider of our website. Data during website visits is processed in the USA. For more information, please refer to Notion's privacy policy.
• Paperform, operated by Paperform Pty. Ltd. – 64 Tabrett St – Banksia, NSW 2216, Australia. The service provider processes data that you provide for submitting a pitch (via forms) in Australia, a so-called third country. For more information, please refer to Paperform's privacy policy.
• Loggly, operated by SolarWinds Worldwide, LLC, 1 Post Street, San Francisco, CA 94104. We use the service provider for the creation of server logs for performance and error reporting. Data is processed in the USA. For more information, please refer to Loggly's privacy policy.
• Recruitment with Recruitee, operated by Recruitee B.V., Keizersgracht 313, 1016 EE Amsterdam, Netherlands. We use Recruitee for website analytics and marketing purposes. For more information, please refer to Recruitee's privacy policy.
• Google Analytics, operated by Google Ireland Ltd, headquartered in Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics is used to analyze user behavior and to serve personalized advertising. We use Google Analytics only with IP anonymization activated. This means the IP address of users is shortened by Google. Depending on your location, data is processed either within the European Union or the USA. For more information, please refer to Google's privacy policy.
• Google Ads, operated by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads allows us to display advertisements on the Google search engine or on third-party websites when you enter certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played out based on user data available at Google (e.g., location data and interests) (audience targeting). Depending on your location, data is processed either within the European Union or the USA. For more information, please refer to Google's privacy policy.
• Beamer, operated by Joincube Inc., 3500 South Dupont Highway, Dover, DE 19901. We use Beamer to inform our users about important changes, news, and updates as well as to collect user feedback on our latest updates. Data is processed in the USA. For more information, please refer to Beamer's privacy policy.
• Hotjar, operated by Hotjar Ltd, headquartered in Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta, Europe. Hotjar is a web analytics tool that helps businesses understand user behavior on their website by providing heatmaps, visitor recordings, conversion funnel analysis, and feedback collection. Data is processed within the European Union. For more information, please refer to Hotjar's privacy policy.
• Mailchimp, operated by The Rocket Science Group, LLC headquartered in 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA. Mailchimp is an all-in-one marketing platform that provides tools to create, manage, and analyze email campaigns and newsletters for businesses and individuals. Depending on your location, data is processed either within the European Union or the USA. For more information, please refer to Mailchimp’s privacy policy.

We only share data that is necessary for the performance of the mutual contract or if you have given us your consent, for example in the context of our newsletter or cookie banner. If no contract exists yet, we share the data in certain cases in the context of legitimate interests. This is the case, for example, if you only want to visit our website or contact us. When you visit our website, it is in the interest of both parties to provide access to the services and to communicate with each other.

We have also entered into data processing agreements with all external recipients to comply with European legal requirements. Depending on your location, some of the above service providers - if specified - will also transfer your data to the United States. The European Commission adopted an adequacy decision according to which the United States does have an equivalent level of data protection to the EU. To meet all requirements, we have concluded additional data processing agreements called Standard Contractual Clauses. We also check each service provider together with our data protection officer and ensure that additional security measures are available, such as strong encryption of data.

Date of the privacy policy: March 2024