Zenvest Privacy Policy


Last updated on May 15th 2019

We at Zenvest value the integrity of personal data and aim to process personal data fairly and transparently. This Privacy Policy describes the types of personal information we obtain, how we may use that personal information, with whom we may share it and how you the concerned persons may exercise their rights regarding our control, if any, and processing of such data. The Privacy Policy also describes the measures we take to safeguard the personal date we obtain and how we can be contacted about privacy issues.



Scope of this Privacy Policy

This Privacy Policy aims to describe how we process, for our own purposes, the personal data we collect or store about natural persons who visit our website  www.zenvest.com  (respectively “you” and the “Site”), use the services based on a software owned and operated by us (“Services”) or otherwise interact with us.  
This Privacy Policy applies only to your relationship with Zenvest. It does not apply to the interactions that you have with any other individual, entity, investor or other group through the use of our Services. In particular, this Privacy Policy does not apply to data uploaded on the Site into Zenvest accounts created by our customers or representatives (each, respectively, a “Customer Account”, “Customer”, or “Club Administrator”), or any (group of) natural or legal person(s) who has been given access to a Customer Account, for the purposes of being stored and processed by Zenvest on behalf of such Customers (“Customer Data”). In respect of Customer Data, the Customer is considered as the data controller within the meaning of the General Data Protection Regulation (known as the “GDPR”), and we act only as a data processor.  The protection of your personal data when you interact with our Customer, the Club Administrator and/or other people having access to the Customer Account through the use of our Services is governed solely by any agreements that you may enter into with such Customer and by its own privacy policy. Any query in this respect should be addressed to the relevant Customer.



Identity and contact details

Personal data is received or collected by eFounders SA, a company registered under the laws of Belgium, company ID number BE0833.922.163 and having its registered office at Place Flagey 7, 1050 Brussels (Belgium).
In this Privacy Policy, “Zenvest”, “we” and “us” refer to eFounders SA., as controller of your personal data, acting for its Zenvest division.
If you have any questions regarding this Privacy Policy, feel free to email us directly at:  team@zenvest.com .
You may lodge any complaints on the manner in which we handle your personal data with your local supervisory authority.



Data collected

In subscribing to our Services, filling in a contact form on the site, or using our Services through a Customer Account, you acknowledge that (i) we have access to your personal data  given by you (or our Customer or the individual designated by our Customer to manage the Customer account to which you are connected, or any other person authorized to access the Customer account) and (ii) we may receive, collect, store, or otherwise process and/or use any personal data thus provided in accordance with this Policy.
Personal data collected may include information about who you are, how to contact you, the Customer account(s) through which you use our Services, your browsing data and other technical data collected automatically through your activity on our Site or in respect of our Services.
You are responsible for ensuring that any third party whose personal data is entered into the Site by you through your use of a Service has been adequately informed and has consented to their personal data being collected.


Purposes of processing and legal basis

In general, we use your personal data:
in the context of the performance of a contract or pre-contractual measures;
for reasons that are in Zenvest’s legitimate interest, while preserving the balance between that legitimate interest and respect for your privacy;
in order to comply with all the legal and regulatory provisions to which we are subject;
when we have obtained your consent.
Our principal purpose for collecting and processing your personal data is to offer you an optimum, efficient and personalized experience when you use our Services. To this end, you acknowledge that we may use your personal data, on the basis of our legitimate interest in offering high quality services and developing our Customer relationship.
In particular, we use personal data to:
provide, maintain, improve, and protect the Site and our Services;
resolve technical issues, and respond to Customer requests;
develop new products and services;
confirm your identity, verify accounts and activity;
monitor suspicious or fraudulent activity and identify violations of Zenvest SaaS Subscription Agreement;
provide more tailored Services to our Customers;
analyze the volume and history of your use of our Services;
inform you about our Services, its possible uses and tips to use them as efficiently as possible, any updates, and any new services that may be of interest to you.
We may also use the data that we receive or collect in relation to a Customer Account (including personal identification information or documents of any person accessing or using such account) for the purpose of completing or updating the data that we hold in relation to another account.
In addition, we use personal data for the purpose of managing the contractual relationship with our Customers and for billing purposes.



Marketing emails

Subject to your consent, we may use your personal data to send you marketing communications by email. You may unsubscribe from receiving any marketing emails we may send you at any time by following the unsubscribe link included in every marketing email sent to you by Zenvest or by sending an email to  team@zenvest.com .



How we share your personal data

Your personal data may be consulted by members of our staff who need it to carry out their mission.
Certain personal data relating to you may be shared with Zenvest’s partner companies or third-party providers so that we may obtain assistance and support in the context of carrying out our Services. Zenvest ensures that it has in place clear data protection requirements for all of its third party providers. The current third party providers of Zenvest are:


Zenvest does not disclose your personal data to third parties, except as provided herein and except if: (1) you (or the Customer or Club Administrator of the Customer Account to which you have access) requests or authorizes such disclosure; (2) the disclosure is required to supply the Services; (3) Zenvest is compelled to do so by a government authority or a regulatory body, in the case of a court order, a summons to appear in court or any other similar requisition from a government or the judiciary, or to establish or defend a legal application; or, (4) the disclosure is necessary to comply with Zenvest’s legal and/or regulatory obligations.
Zenvest does not sell or rent your personal data to third parties for their own marketing purposes.
Zenvest will inform you immediately to the extent we are legally authorized to do so, in case of any application or order originating from an administrative or judicial authority relating to your personal data.



Cookies/Tracking

As a general rule, Zenvest uses cookies to improve its Website and/or measure its audience. Cookies are files saved on your computer’s hard drive when browsing on the Internet and in particular on our site. A cookie is not used to gather your personal data without your knowledge but instead to record information on site browsing which can be read directly by the Zenvest on your subsequent visits and searches on the site.
The cookies used by the Zenvest are intended to enable or facilitate communication, to enable the services requested by users to be supplied, to recognize users when they revisit the site, to store the first referrers of traffic, to register logged-in sessions and to enable the Zenvest, internally, to carry out analyses on hit rates and browsing experience so as to improve content, and to track email opening rates, click rates and bounce-back rates at individual levels.
By default, cookies are not installed automatically (with the exception of those cookies needed to run the site and the Zenvest‘s services), and your consent is sought prior to their installation by way of a banner, in compliance with applicable regulations. You may provide your consent implicitly by continuing your navigation on the website after having been informed of the use of cookies.
You can choose to decline acceptance of any or all cookies, but depending on the cookies you choose to decline, your experience of the website may be deteriorated. To oppose the use of the cookies used on our Website, please refer to the links provided below.

Sentry: Used to report bugs, help debugging and improving our Website ( opt-out  ) .
Segment: Used to collect data and connect with analytics tools. We use it to connect with Sentry


Your data protection rights

You can have access to your personal data
You have the right to request access to your personal data. We will then provide you with an overview of the personal data we process on you and if you request, provide you with additional information such as why these personal data are processed, the origin of the data, the types of third parties with whom we share your personal data, etc.

You can correct your personal data
If you notice that certain data that Zenvest holds about you are no longer correct, you can adapt them.

You can have your personal data deleted
In certain cases (e.g. if you suspect that Zenvest has unlawfully processed your personal data), you can ask for your personal data to be deleted. This may result in your access to the Services and the relevant Customer Account being blocked or permanently cancelled.

You may object to the use of certain personal data
You may object (without a motivation) to the use of your personal data for marketing purposes.
If you have a specific reason (motivated request), you can object to Zenvest using your personal data for purposes other than those required for the performance of an agreement or for complying with a legal obligation (e.g. fraud prevention). In case of a justified request, Zenvest will stop using your personal data unless we have compelling grounds to continue using it.

You may withdraw a consent previously given
Whenever you give us explicit consent to process personal data for specific purposes (e.g. sending marketing emails), you may withdraw the consent previously given at any time.

You may request the transfer of your personal data
You may have the right to request transfer of personal data in machine readable format directly to a third party where this is technically feasible.

Exercising your rights
You may request to exercise your rights by sending us an email at  team@zenvest.com . We will acknowledge receipt of your shortly after receipt, but it may take up to 30 days for us to react to your request (unless specific circumstances justifying a longer reaction time apply, in which case you will be notified accordingly). We may require that your request be accompanied by a photocopy of proof of identity or authority.



Data retention period

Zenvest will only retain your personal data for as long as necessary to fulfil the purposes Zenvest collected it for, including for the purposes of satisfying any legal or accounting requirements.
Zenvest retains the personal data it receives or collects about you in active databases, log files or other types of files so long as you use our Services, and in accordance with the current regulations in force.
Zenvest in no way undertakes to store all your data indefinitely. You are able to access your data so long as you hold or uses an active account with us and for a period that varies depending on the type of data concerned but, in no event for longer than one year after closing of the Customer account in respect of which your data have been collected.



Location of data storage and international transfer

The host servers on which Zenvest processes and stores its databases are located in the European Union. However, some data might transit through and/or be stored outside of the European Union via the usage of certain third-party processors located in the United States. Any transfers towards such third-parties will be protected by adequate frameworks such as a Privacy Shield certification or a data transfer agreement based on the EU Commission’s model clauses.



Security

Within the framework of the Services, Zenvest attributes the very highest importance to the security and integrity of personal data.
Thus and in accordance with the GDPR, Zenvest undertakes to take all pertinent precautions in order to preserve the security of the data and, in particular, to protect them against any accidental or unlawful destruction, accidental loss, corruption, unauthorized circulation or access, as well as against any other form of unlawful processing or disclosure to unauthorized persons.

To this end, Zenvest implements industry standard security measures to protect personal data, including Customer Data from unauthorized disclosure.  Such measures include the following:
Authentication: Zenvest is served 100% over https. Zenvest relies on Auth0 ( https://auth0.com/ ), an authentication management platform. Upon request, each person accessing Zenvest can set up a two-factor authentication (2FA) to ensure the best security for their authentication.
Hosting: All of our services run in the cloud. Zenvest does not host our own routers, load balancers, DNS servers, or physical servers. All our services and data are provided and hosted in Amazon AWS facilities in Paris. Amazon AWS has implemented strong security protocols, as explained here:  https://aws.amazon.com/security/ . All personal data is stored in the EU. Personal data is stored in multi-tenant datastores, we do not have individual datastores for each user. However strict privacy controls exist in our application code to ensure data privacy and prevent one club from accessing another club data.
Data Transfer: All data sent to or from Zenvest is encrypted in transit using strong TLS encryption (we followed Mozilla's recommendations). Our API and application endpoints are TLS/SSL only and score an "A" rating on SSL Labs' tests. This means we only use strong cipher suites and have features such as TLS 1.2 fully enabled.
Moreover, in order to avoid in particular all unauthorized access, to guarantee accuracy and the proper use of the data, Zenvest has put the appropriate electronic, physical and managerial procedures in place with a view to safeguarding and preserving the data gathered through the use of its Services.

Notwithstanding the above, there is no absolute safety from piracy or hackers. That is why in the event a breach of security were to affect your rights, Zenvest undertakes to inform you thereof without undue delay and to use its best efforts to take all possible measures to neutralize the intrusion and minimize the impacts.



Privacy policy changes

This Privacy Policy may change at any time, in particular pursuant to any changes in applicable law, or if we make any substantial improvements, additions or changes to our practices regarding your personal data. It is your responsibility to review this Privacy Policy frequently and to remain informed of any changes. The then-current version of this Privacy Policy will supersede all earlier versions. All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this Privacy Policy or other notice on the Site. If we make material changes to this Privacy Policy, we will notify you through email or any other electronic notification.