• Important information and who we are
• The data we collect about you
• How is your personal data collected?
• How we use your personal data
• Disclosures of your personal data
• International transfers
• Data security
• Data retention
• Your legal rights
• Glossary

Important information and who we are

Purpose of this privacy notice

This privacy notice aims to give you information on how Positive Impact Technology collects and processes your personal data through your use of this website, including any data you may provide through this website when you sign up to our newsletter, pre-register your profile on our Website, exchange information with other users through the use of our workflow tools, or engage in our social network.

pi2Life’s Terms of Service require all account owners to be at least 18 years of age. Minors under 18 years of age and at least 13 years of age are permitted to use pi2Life’s Services only if they have the appropriate permission and direct supervision by the owner of the account. Children under age 13 are not permitted to use pi2Life or the Services. You are responsible for any and all account activity conducted by a minor on your account.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

This privacy policy explains our privacy practices for Positive Impact Technologies’ websites pi2.Life, pi2Life.com, all sub-domains, emails, and mobile applications (together referred to as the “Platform”), Pattern by pi2Life, pi2Life’s public Application Programme Interface (the “API”), and our other services provided by Positive Impact Technologies LLC, Switzerland (“pi2Life,” together with “we”, “us”, and “our”) and covers our processing activities as a data controller. We’ll refer to the Platform, the Apps, Pattern by pi2Life, the API, and our other services as the “Services”. This policy does not apply to the practices of third parties (including other Users who sell using the Services or API users) who may also collect or receive data in connection with your use of the Services.

We have in place a protocol for data protection and a designated officer responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us using the details set out below.

Contact details

Full id of legal entity: Positive Impact Technologies
Contact Person: Dhanesh Kothari
Email address: contactpi2life@gmail.com

You have the right to make a complaint at any time to the Federal Data Protection and Information Commissioner (FDPIC), the Swiss supervisory authority for data protection issues (https://www.edoeb.admin.ch/edoeb/en/home.html) We would, however, appreciate the chance to deal with your concerns before you approach the FDPIC so please contact us in the first instance.

Changes to the privacy notice and your duty to inform us of changes

This version was last updated on 2nd April 2024

The data protection laws in Europe changed on 25 May 2018. Although this privacy notice sets out most of your rights under the new laws, we may need some extra time to respond to some of your requests (for example, a request for the transfer of your personal data).

https://www.kmu.admin.ch/kmu/en/home/facts-and-trends/digitization/data-protection/data-protection.html

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party users and websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:

• Identity Data includes first id, maiden id, last id, userid or similar identifier, title, or gender.
• Contact Data includes professional address, delivery address, email address, social media handle and telephone numbers.
• Financial Data includes bank account and payment card details.
• Transaction Data includes details about payments to and from you and other details of products and services you have purchased from or through us.
• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
• Profile Data includes your userid and password, network activity or orders made by you, your interests, preferences, feedback and survey responses.
• Usage Data includes information about how you use our website, products and services. This may also include an activity log.
• Marketing and Communications Data includes your preferences in receiving marketing or recommendations from us and our third parties and your communication preferences.We may also in the longer term collect, use and share Aggregated Data such as statistical or demographic data for any purpose, although we do not currently do so today. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific network feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time. It is important to note that ours is a social network and therefore the interactions you enter into with others on our platform are not within the purview of our responsibility from a data or transaction perspective.

How is your personal data collected?

We use different methods to collect data from and about you including through:

• Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by phone, email or otherwise. This includes personal data you provide when you:
• apply / pre-register on our platform to set up a user profile;
• apply to access on or another of our products or services;
• create an account on our website;
• subscribe to our service or publications;
• request to be subscribed to newsletters or other updates to be sent to you;
• enter a competition, promotion or survey; or give us some feedback.
• Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, [server logs] and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy for further details
• Third parties or publicly available sources. We may receive personal data about you from various third parties [and public sources] as set out below:
• Technical Data from the following parties:
  • analytics providers, such as Google based outside the EU;
  • search information providers, such as LinkedIn based [inside OR outside] the EU.
• Contact, Financial and Transaction Data from providers of technical, payment and delivery services, such as various deal flow / social impact platforms based [inside OR outside] the EU.
• Identity and Contact Data from publicly availably sources, such as Companies House and the Electoral Register based inside the EU.
• Attendee lists from industry / sector / ecosystem conferences and gatherings at which we are present.

Information Collected or Received
In the course of providing our Services, we collect or receive your personal information in a few different ways. Often, you choose what information to provide, but sometimes we require certain information for you to use and for us to provide you the Services.

Registration, Account Setup, Service Usage
In order to use the Services, you need to provide us with a valid email address, and for Services that require registration, a name associated with your account that you can choose to represent your identity (first name at least) on pi2Life. You may review or change that name through your account settings. You need to provide this information to enable us to provide you with the Services. Depending on which services you choose to use, additional information, such as a company name, address, telephone number may be necessary in order for us to provide a particular service. You are not required to provide us with this information to sign up, but we will need it to provide certain services. Platform in order to use certain products or services on pi2Life, you may be required to complete an application; information that you submit through the application processes will not be displayed publicly and will only be used internally by pi2Life, unless otherwise specified.

Profile
You may be asked to provide your name and other personal information (such as gender, location) in connection with your account and activity. You can edit or remove this information through your account settings.

Confidential Information
You shall pay extra attention prior to sharing any information (for example password) that you may regard as confidential with other Users on the Platform or posting it on the Platform.
Similarly, do not post other User’s confidential information without their prior written consent.
In either case, pi2Life will not be responsible if your confidential information is either disclosed or compromised on our Platform.

Automated Information
pi2Life automatically receives and records information from your browser or your mobile device when you visit the Platform or use the Apps or use certain other Services, such as your IP address or unique device identifier, cookies, and data about which pages you visit in order to allow us to operate and provide the Services. This information is stored in log files and is collected automatically. We may combine this information from your browser or your mobile device with other information that we or our partners collect about you, including across devices. This information is used to prevent fraud and to keep the Services secure, to analyse and understand how the Services work for Users, and to provide advertising, including across your devices, and a more personalised experience for Users.

We may also automatically collect device-specific information when you install, access, or use our Services. This information may include information such as the hardware model, operating system information, app version, app usage and debugging information, browser information, IP address, and device identifiers. For more information about these online tools and how we use them, see our Cookies & Similar Technologies Policy and “Information Uses, Sharing & Disclosure” section below.

Location Information
We may collect information about your use of the Services for advertising, for analytics, to serve content and to protect the Services. This may include your IP address, browser information (including referrers), device information (such as iOS IDFA, IDFV for limited non-advertising purposes, Android AAID, and, when enabled by you, location information provided by your device). When you use the Platform, your geolocation details will be read by pi2Life Platform in order to use functions like our local shop finder.

We may obtain location information you provide in your profile or your IP address. With your consent, we may also determine location by using other information from your device, such as precise location information from GPS or information about wireless networks or cell towers near your mobile device. We may use and store information about your location to provide features and to improve and customise the Services, for example, for pi2Life’s internal analytics and performance monitoring; localisation, regional requirements, and policies for the Services; for local content, search results, and recommendations; for shipping and mapping services; and (using non-precise location information) marketing. If you have consented to share your precise device location details but would no longer like to continue sharing that information with us, you may revoke your consent to the sharing of that information through the settings on the Apps or on your mobile device. Certain non-precise location services, such as for security and localised policies based on your IP address or submitted address, are critical for the Platform to function. We will only share your geolocation details with third parties (like our mapping, payments, or, to the extent applicable, advertising providers) in order to provide you with the Services. You may also choose to enable the Apps to access your mobile device’s camera to upload photographs to pi2Life.

Analytics Information
We use data analytics to ensure Platform functionality and improve the Services. We use mobile analytics software to allow us to understand the functionality of the Apps on your phone. This software may record information such as how often you use the Apps, what happens within the Apps, aggregated usage, performance data, app errors and debugging information, and where the Apps were downloaded from. We do not link the information we store within the analytics software to any personally identifiable information that you submit within the mobile application.

Information from Third Parties
Some Users may choose to connect to pi2Life or register a pi2Life account using an external third-party application, such as Facebook, or an app developed using the pi2Life API. pi2Life may receive information from those connected third-party applications. Connecting your pi2Life account to third-party applications or services is optional. If you choose to connect your account to a third-party application, pi2Life may receive information from that application. We may also collect public information in order to connect with you. We may use that information as part of providing the Services to you. You can also choose to share some of your activity on pi2Life on certain social media networks which are connected to your pi2Life account, and you can revoke your permission anytime in your account settings.

Platform Choice & Control
We know that Users of our community value having control over their own information, so pi2Life gives you the choice of providing, editing or removing certain information, as well as choices about how we contact you. You may change or correct your pi2Life account information through your account settings. You may also remove certain optional information that you no longer wish to be publicly visible through the Services, such as your name. You can also request the deletion of the personal information in your account.

Depending on your location, you may also have certain additional rights with respect to your information, such as: (i) data access and portability (including the right to obtain a copy of your personal data you provided to pi2Life, via your settings); (ii) data correction (including the ability to update your personal data, in many cases via settings); (iii) data deletion (including the right to have pi2Life delete your personal information, except information we are required to retain, by contacting us); and (iv) withdrawal of consent or objection to processing (including, in limited circumstances, the right to ask pi2Life to stop processing your personal data, with some exceptions, by contacting us).

You may also control the receipt of certain types of communications from pi2Life in your account settings. pi2Life may send you messages about the Services or your activity. Some of these messages are required, service-related messages for Users (such as transactional messages or legal notices). Other messages are not required, such as newsletters. You can control which optional messages you choose to receive by changing your account settings, and you can learn more in the “Messages from pi2Life” section of this policy.

We partner with third parties to manage our advertising on other sites. Our third-party partners may use cookies or similar technologies in order to provide you with advertising based upon your browsing activities and interests. If you have chosen to connect your account to an external third-party application, such as Facebook, or an app developed using the API, you can change your settings and remove permission for the app by changing your account settings.

If you no longer wish to use the Services or receive service-related messages (except for legally required notices), then you may close your account.

Many changes that you make to your account settings are updated immediately, but some may take a few days to take effect, particularly those that impact email or marketing preferences. Some major requests, such as changes to account data deletion, may require verification of identity before they can be processed.

Messages from pi2Life
On occasion, pi2Life may need to contact you. Primarily, these messages are delivered by email or by push notifications for a variety of reasons, including marketing, transactions and service update purposes. If you no longer wish to receive push notifications, you can disable them at device level. You can opt out of receiving marketing communications via email in your account settings or by following the unsubscribe link in any marketing email you receive. To ensure you properly receive notifications, we will need to collect certain information about your device, such as operating system and user identification information. Every account is required to keep a valid email address on file to receive messages. pi2Life may also contact you by telephone to provide User support or for transaction-related purposes if you request that we call you.

Some messages from pi2Life are service-related and necessary for Users. You agree that pi2Life can send you non-marketing emails or messages, such as those related to transactions, your account, security, or product changes. Examples of service-related messages include an email address confirmation/welcome email when you register your account, notification of an order, service availability, modification of key features or functions, relaying Conversations with buyers, and correspondence with pi2Life’s Support team.

When you register for an account, subscribe to a newsletter, or provide us with your email address or phone number you receive notice of and agree to receive marketing emails and messages from us. You can unsubscribe at any time from marketing emails through the opt-out link included in marketing emails or messages. Users may also control which marketing emails or messages they receive from pi2Life through their account settings. Please note that some changes to your account settings may take a few days to take effect.

If someone in your contact list is not already a User, you may invite them to join pi2Life, and an email will be sent to them on your behalf. Recipients of email invitations may opt out of receiving future invitations by following instructions in the email invitation message. You may send an invitation only to someone who has given you consent to receive one.

Information Uses, Sharing, & Disclosure
When you access or use the Services, we collect, use, share, and otherwise process your personal information as described in this policy. We rely on a number of legal bases to use your information in these ways. These legal bases include where:

Necessary to perform the contractual obligations in our Terms of Service and in order to provide the Services to you;

You have consented to the processing, which you can revoke at any time;

Necessary to comply with a legal obligation, a court order, or to exercise or defend legal claims;

Necessary for the purposes of our or a third party’s legitimate interests, such as those of Users, or partners;

You have expressly made the information public;

Necessary in the public interest; and

Occasionally necessary to protect your vital interests or those of others.

Note that we principally rely on consent to send marketing messages, for third-party data sharing related to advertising, and, to the extent applicable, (iii) for the use of location data for advertising purposes. We rely on consent for targeted online and offline marketing. We or our Users may advertise our Services or our User’s Vegan products and services through a variety of different mediums and rely on your consent to do so off our-Platform. As part of this, we may work with advertising partners.

Where we process your information on the basis of legitimate interests, we do so as follows:

Providing and Improving our Services:
We may use your information to improve and customise our Services, including sharing of your information for such purposes, and we do so as it is necessary to pursue our legitimate interests of improving our Services for our users. This is also necessary to enable us to pursue our legitimate interests in understanding how our Services are being used, and to explore and unlock ways to develop and grow our business. It is also necessary to allow us to pursue our legitimate interests in improving our Services, efficiency, interest in Services for users, and obtaining insights into usage patterns of our Services.

Keeping our Services Safe and Secure
We may also use your information for safety and security purposes, including sharing of your information for such purposes, and we do so because it is necessary to pursue our legitimate interests in ensuring the security of our Services. This includes enhancing protection of our community against spam, harassment, intellectual property infringement, crime, and security risks of all kind.

We respect your privacy. pi2Life will not disclose your name, email address or other personal information to third parties without your consent, except as specified in this policy.

We use your information to provide and improve the Services and our products, for billing and payments, for identification and authentication, and for general research and aggregate reporting. We may use information you provide to resolve disputes with pi2Life or other Users. We may learn the sorts of products that you’re interested in from your browsing and posts on the Platform or Apps and suggest potential purchases as a result. As a core part of our Services, we have a legitimate interest in customising your on-Platform experience to help you search for and discover relevant items and recommended purchases, including using this information to help Businesses find the best ways to market and promote their products on pi2Life. You may control your privacy settings through the opt-out buttons in your account settings privacy tab. Please note that some changes to your privacy settings may take a few days to take effect. We or our Business users may advertise our Services or our Business user’s products and services through a variety of different mediums and rely on your consent to do so off-Platform. As part of this, we may use analytics aggregated from usage information including, for example, search keywords, favourites, browsing history and purchase history. In addition to consent as noted above, we also rely on our legitimate interest to send you marketing messages and for pi2Life’s advertising programs.

Legal and Safety
pi2Life may also retain, preserve, or release your personal information to a third party in the following limited circumstances: in response to lawful requests by public authorities, including to meet legitimate national security or law enforcement requirements; to protect, establish, or exercise our legal rights or defend against legal claims, including to collect a debt; to comply with a subpoena, court order, legal process, or other legal requirement; or when we believe in good faith that such disclosure is reasonably necessary to comply with the law, prevent imminent physical harm or financial loss, or investigate, prevent, or take action regarding illegal activities, suspected fraud, threats to our property, or violations of pi2Life’s Terms of Service. In these cases, our use of your information may be necessary for the purposes of our or a third party’s legitimate interest in keeping our Services secure, preventing harm or crime, enforcing or defending legal rights, or preventing damage. Such use may also be necessary to comply with a legal obligation, a court order, or to exercise or defend legal claims. It may also be necessary in the public interest (such as to prevent crime) or to protect vital interests (in rare cases where we may need to share information to prevent loss of life or personal injury).

If pi2Life receives a lawful, verified request for a User’s records or information in one of the limited circumstances described in the previous paragraph, pi2Life may disclose personal information, which may include, but may not be limited to, a User’s name, address, phone number, email address, and company name.

Affiliated Businesses
pi2Life is affiliated with a variety of businesses and works closely with them for a variety of purposes, including assisting us to perform and improve the Services. These businesses may sell items or services to you through the Services or, with your consent, offer promotions (including email promotions) to you. pi2Life may also provide services or sell products jointly with affiliated businesses, including providing information to such partners to allow them to more effectively market to you. We rely on consent (which can be withdrawn at any time) to send marketing messages and for third-party sharing relating to advertising.

Aggregated Information
pi2Life may share demographic information with partners, but it will be aggregated and de-personalised so that personal information is not revealed.

Service Providers
pi2Life also needs to engage third-party companies and individuals (such as payment processors, research companies, and analytics and security providers) to help us operate, provide, and market the Services. These third parties have only limited access to your information, may use your information only to perform these tasks on our behalf, and are obligated not to disclose or use your information for other purposes. Our engagement of service providers is often necessary for us to provide these Services to you, particularly where such companies play important roles in helping us keep our Service operating and secure. In some other cases, these service providers aren’t strictly necessary for us to provide the Services, but help us make it better, like by helping us conduct research into how we could better serve our users. In these latter cases, we have a legitimate interest in working with service providers to make our Services better.

Business Reorganisation
In some cases, pi2Life may choose to buy or sell assets. Such transactions may be necessary and in our legitimate interests, particularly our interest in making decisions that enable our business to develop over the long term. In these types of transactions (such as a sale, merger, liquidation, receivership, or transfer of all or substantially all of pi2Life’s assets), User information is typically one of the business assets that is transferred. If pi2Life intends to transfer information about you, pi2Life will notify you by email or by putting a prominent notice on the Platform and the App, and you will be afforded an opportunity to opt out before information about you becomes subject to a different privacy policy.

Third Parties
Third-party plug-ins also may collect information about your use of the Platform. For example, when you load a page on pi2Life that has a social plug-in from a third-party site or service, such as a “Like” or “Send” button, you are also loading content from that third-party site. That Platform may request cookies directly from your browser. These interactions are subject to the privacy policy of the third-party site. In addition, certain cookies and other similar technologies on the Platform are used by third parties for targeted online marketing and other purposes. These technologies allow a partner to recognise your computer or mobile device each time you use the Services. Please be aware that when you use third-party sites or services, their own terms and privacy policies will govern your use of those sites or services. pi2Life chooses and manages these third-party technologies placed on its Sites and Apps. However, these are third-party technologies, and they are subject to that third party’s privacy policy. For more information, see our Cookies & Similar Technologies Policy. We rely on your consent to drop and read non-technically necessary cookies.

We can speak only for ourselves; this policy does not apply to the practices of third parties (such as other Users who sell using the Services or API users) that pi2Life does not own or control or individuals that pi2Life does not employ or manage. If you provide your information to such third parties in connection with your use of the Services, different practices may apply to the use or disclosure of the information that you provide to them. While pi2Life requires these third parties to follow pi2Life’s privacy and security requirements, pi2Life does not control the privacy or security policies of such third parties. To the full extent applicable in your jurisdiction, pi2Life is not responsible for the privacy or security practices of these third parties, API users, or other websites on the internet, even those linked to or from the Services. We encourage you to read the privacy policies and ask questions of third parties before you disclose your personal information to them. For the purposes of European law, these sellers and API users are independent controllers of data, which means that they are responsible for providing and complying with their own policies relating to any personal information they obtain in connection with the Services.

Transfers
pi2Life operates a global service.

Each country has different laws. When your information is moved from your home country to another country, the laws and rules that protect your personal information in the country to which your information is transferred may be different from those in the country in which you live. For example, the circumstances in which law enforcement can access personal information may vary from country to country.

Necessary for the Performance of the Contract between pi2Life and its Users
pi2Life provides a voluntary service; you can choose whether or not you want to use the Services. However, if you want to use the Services, you need to agree to our Terms of Service, which set out the contract between pi2Life and its Users. As we operate in countries worldwide (including in the US) and use technical infrastructure in the EU to provide you with the Services, we are not able to perform our contract with you without moving your personal data around the world. When we transfer your data to other countries, we will protect the data as described in this Privacy Policy and comply with applicable legal requirements providing adequate protection for the transfer of data to countries outside Switzerland and the EEA.

Cookies

[You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see cookie policy

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Disclosures of your personal data

We may have to share your data with the parties set out below for the purposes set out above.

• Internal Third Parties, which may include the likes of peer impact investors who are engaged in our portfolio management work, or other co-conveners who may wish to organized collaborative events offline or online. [As defined in Glossary Section, below]
• External Third Parties, which may include network and event conveners, and/or the third party service providers whose interest may be in bidding upon ‘tender offers’ from investors in search of support on a given pipeline project or other opportunity. [As defined in Glossary Section 10, below]
• Third parties to whom we may one day in the future choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International transfers

In principle, your data on pi2Life resides in and on servers hosted in Switzerland.

We may eventually share your personal data with external third-party platforms, who are party to collaborative standards that we have been a participant in creating. This may involve transferring your data outside the European Economic Area (EEA). All Users will be notified before this occurs and will have the option to opt-out.

We strive to ensure your personal data is protected by requiring all our group companies to follow the same rules when processing your personal data.

[A great many of our external third parties are based outside the European Economic Area (EEA) so their processing of your data may involve a transfer of data outside the EEA.]

Whenever personal data is transferred out of the EEA, we strive to ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
• Where we may work with providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

• Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.

Where we may work with providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, entities, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we must keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six [6] years after they cease being customers for [tax] purposes.]

In some circumstances you can ask us to delete your data: see [Request erasure] below for further information. Otherwise, in general it is archived.

In future, we may need to anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. This is not currently (as of April 2024) something we do.

Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please click on the links below to find out more about these rights:

• [Request access to your personal data].
• [Request correction of your personal data].
• [Request erasure of your personal data].
• [Object to processing of your personal data].
• [Request restriction of processing your personal data].
• [Request transfer of your personal data].
• [Right to withdraw consent].

If you wish to exercise any of the rights set out above, please contact us.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we reserve the right to and may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Glossary

Lawful basis

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Performance of Contract means processing your data where it is necessary for the performance of a facilitated interaction on our platform or a contract to which you are a party or to take steps at your request before entering into such a contract.

Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

Third parties

Internal Third Parties

Other companies associated closely with Positive Impact Technologies and pi2Life and who are based in other countries to provide IT and system administration services and undertake leadership reporting.

External Third Parties

• Service providers [acting as processors] based in any number of other countries in which tenant platforms based on pi2Life architecture are launched and who provide IT and system administration services.
• Professional advisers [acting as processors or joint controllers] including lawyers, bankers, auditors and insurers based in any number of other countries who provide consultancy, banking, legal, insurance and accounting services.

Partner organizations who may provide market research or benchmark data, or who may support our platforms through offers of integration

Your legal rights

You have the right to:

• Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You may also always view and edit this data when you log into our systems directly.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. You may also edit your personal data directly upon login.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. We will endeavour to anonymize your role in any collaborative interaction you may have engaged in on our social network, to the extent possible, such that previous data streams are not affected.
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is some aspect about your particular situation which drives your objection to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In rare cases, we may demonstrate that we may have compelling legitimate grounds to process your information which override your rights and freedoms.
• Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish data accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
• Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
• Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.