A set of stairs with pillars

Privacy notice

Effective as of June 6, 2024

This website (“Website”) is operated by Datasite LLC (“Datasite”). The terms “Datasite,” “we,” “us,” “our” and “ours” when used in this privacy notice (“Privacy Notice”) includes subsidiaries, divisions, branches, affiliates, or companies common control of Datasite, unless such entity maintains its own privacy notice. The terms “you,” “your” and “yours” when used in this Privacy Notice means any user of this Website or Online Services (defined below).

IMPORTANT: BY SUBMITTING PERSONAL DATA TO US AND/OR BY USING OUR WEBSITE OR ONLINE SERVICES, YOU AGREE THAT ALL PERSONAL DATA THAT YOU SUBMIT MAY BE PROCESSED BY US IN THE MANNER AND FOR THE PURPOSES DESCRIBED BELOW.

Click a link below for information on each topic:

SCOPE OF PRIVACY NOTICE

NOTIFICATION OF CHANGES TO THIS PRIVACY NOTICE

COLLECTION, USE AND DISCLOSURE OF YOUR PERSONAL DATA

SENSITIVE PERSONAL DATA

LINKS TO OTHER WEBSITES

COOKIES

USE OF PERSONAL DATA

SHARING OF PERSONAL DATA

RETENTION

DATA SECURITY

TRANSFERS

DATA PRIVACY FRAMEWORK

YOUR RIGHTS

CONTACT US

Scope of Privacy Notice

This Privacy Notice describes our current policies and practices with regard to personal data collected by us from you directly and/or through the Website or Online Services (as defined below). The term “personal data” refers to information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your device. This Privacy Notice applies only to operation of Websites and Online Services that directly link to this notice when you click on the Privacy Notice link. We adopt this Privacy Notice to comply with applicable law. Nothing in the Privacy Notice shall be interpreted or construed to limit, undermine, curtail other rights granted to you by applicable law. We may provide separate privacy notices that apply to specific products or services that we offer; in which case this Privacy Notice does not apply.

Online Services

We provide online services and service facilitation tools such as: Datasite Outreach™, Datasite Diligence™, Datasite Prepare™, Datasite Acquire™, Datasite Pipeline™, Datasite Archive™ and such other online tools introduced by us from time to time (“Online Services”). These Online Services are part of a business relationship. If you have been invited to an Online Service, you have been so by a Datasite client or client advisor. By accepting the invitation to the Online Service, you are agreeing to the use of your contact details in accordance with this Privacy Notice. If you request access to an Online Service, you are agreeing to the use of your personal data in accordance with this Privacy Notice.

Notification of changes to this Privacy Notice

Datasite is continually improving our methods of communication and adding new functionality and features to this Website and to our existing services. Because of these ongoing changes, changes in the law and the changing nature of technology, our data privacy practices may change. We encourage you to check this page frequently and anytime you submit personal data via the Website or Online Services. If we make any changes to this Privacy Notice, we will change the Effective Date above. If such changes are material in nature, we will provide you with additional notice (such as adding a statement to the main website page or sending you an email notification).

Collection, Use and Disclosure of your Personal Data

Datasite as a Service Provider or Processor 

Some of Datasite’s services require Datasite to process data that has been uploaded, stored, and shared via Datasite’s clients. Datasite does not review or analyze the content of the data. However, it may contain personal data which Datasite processes pursuant to its clients’ instructions. Datasite does not control such data; rather it handles this type of data as a data processor only. Datasite processes such data as governed by written agreements in place with its clients and to the extent necessary to comply with applicable laws. As a result, Datasite’s clients are responsible for obtaining and providing all appropriate notifications and consents when they collect personal data. Personal data that is transferred to Datasite by its clients to be processed shall be deemed to have been collected with appropriate notifications and consents. Datasite assumes no responsibility for obtaining or validating that appropriate consent has been obtained or notifications provided with respect to data provided by its client(s).

Datasite as a Business or Controller

Data collected directly from you

When you provide information through the Website or Online Services, are a supplier or service provider,  provide contact information with one of our sales representative, or partner constituents, apply for employment, communicate with us by phone, or have included your personal data in an event registration form, certification, survey or questionnaire, we may request and obtain personal data about you such as your name, employer’s address, work e-mail, job title, voice, work telephone number, and other information you choose to share.

Further, with regard to Online Services, the client who is using the Online Services may add you as a user and provide certain personal data, such as your work email. We will use the work email to provide you a user ID and account activation email to access the Online Services and create a user profile for the uses as described below. When you first sign onto the Online Service, you will be presented with a requirement to set up a “profile,” which will require you to provide you name, job role, company name, and work phone number. You will be able to update or correct any of the personal data in your profile.

If you provide us with any personal data relating to other individuals, you represent that you have the authority to do so, and where required, have obtained the necessary consent, and acknowledge that it may be used in accordance with this Privacy Notice.

Information collected by automated means

We may also use technology to collect information indirectly about the use of our Website or Online Services that may reveal your identity. For example, if you are already identified as a user in our database, our Web server automatically logs interactions with our HTML-enabled emails, Website, Online Services, or advertisements, including IP addresses, device type, regional location, and which Web browsers our visitors use. Our HTML-enabled emails and Website contains hyperlinks to other pages on our Website. We may use technology to track how often these emails are accessed, links are used and which pages on our Website our visitors choose to view. In addition with regard to our Online Services, we will also will maintain a history of your access, and certain actions taken by you while accessing the Online Services (e.g. access to projects and documents, including time, date and length of access) will include maintaining a log of users' IP addresses, the websites from which users access the Online Service, the type of web browsers used to access the Online Service and the browser's settings that may affect Online Service performance. This type of information may also be collected when you read our HTML-enabled emails. Please refer to the section on Cookies and our Cookies Notice for more information.

Data we receive from third parties:

From time to time, we may obtain information about you from third-party sources, such as public databases and websites, resellers and distributors, joint marketing or business partners, security and fraud detection firms and social media platforms. Examples of the information we may receive from other sources include contact information from business partners with whom we operate co-branded events, services, and marketing campaigns.

SENSITIVE PERSONAL DATA

We do not collect sensitive personal data. Unless we specifically make a request and it is relevant to the services that we provide, we ask that you do not provide us with any sensitive personal data (meaning information revealing racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, genetic, health, or biometric information, information about sex life or sexual orientation, or criminal convictions or offenses) through our websites or mobile applications, or otherwise to us.

Links to other Websites

This Website may contain hyperlinks to websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of these third-party Websites or any association with their operators. We do not control these websites and are not responsible for their operation, data, or privacy practices. We urge you to review any privacy notice posted on any site you visit before using the site or providing any personal data about yourself.

Cookies

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.

Datasite relies on first-party cookies to record a visitor’s on-site activity. Datasite also relies on third-party cookies to understand a visitor’s off-site activity, such as activity on other domains you own.

We use the following cookies:

Strictly necessary cookies. These are cookies that are required for the operation of our Website or Online Services. They include, for example, cookies that enable you to log into secure areas of our Online Services.

Performance cookies. These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our Website.

Functionality cookies. These cookies enable the Website to provide enhanced functionality and personalization.

Targeting cookies. These cookies are used to make advertising messages more relevant to you.

The details of the types of Cookies that we use can be found at the footer of Datasite’s website. You can control the Cookies via Cookie Settings located as a footer to the Website. Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. You may exercise your cookie preferences generally by setting or amending your web browser controls to accept or refuse all cookies.

Use of Personal Data

We may share your personal data with other companies within our group of companies in order to use your personal data under these limited circumstances:

USE OF PERSONAL DATALEGAL BASIS

1. To provide you with the requested information on products or services;

For the performance of our contract with you or to take steps at your request before entering into a contract;

2. To provide and to facilitate the delivery of products and services you request;

For the performance of our contract with you or to take steps at your request before entering into a contract;

3. To provide customer service and support;

For the performance of our contract with you;

4. To send you related information, including confirmations, invoices, technical notices, updates, security alerts, training and support and administrative messages;

For the performance of our contract with you; 

5. To create, maintain, transition, customize, and secure your account with us; 

For the performance of our contract with you or to take steps at your request before entering into a contract;

6. For direct marketing purposes;

For our legitimate interests, i.e., to promote our business, products, and services to existing and former customers; and consent where applicable

7. To operate, audit and improve the Website or Online Services;

For the performance of our contract with you; and

For our legitimate interests, i.e.

  • to understand how Online Service or Website is accessed, and how it is used,
  • to determine if there are any potential security issues arising from such use,
  • to make sure we are following our own internal procedures so we can deliver the best service to you,     
  • to understand customer/potential customer feedback and in responding to your communications in a consistent way,
  • for other quality control and training purposes,
  • to understand impact of any marketing offers that we make, and
  • to maintain our accreditations so we can demonstrate we operate at the highest standards;

8. To conduct research and development; 

For our legitimate interests, i.e.

  • to be as efficient as we can so we can deliver the best service for you at the best price,
  • to develop, improve, support, service and maintain our products and services,
  • to develop new services and to improve or personalise existing services, and
  • to understand market and usage trends;

9. To perform customer surveys;

Create anonymous data

For our legitimate interests, i.e.

  • collecting and assessing feedback,
  • identifying usage and market trends,
  • determining the effectiveness of our marketing campaigns, and
  • to evaluate and improve our products, services;
  • marketing and customer relationships;

We may create anonymous data from your personal data and other individuals whose data we collect and make sure that we exclude data that personally identifies you and only use the data for our legitimate interests

10. To understand you and your preferences when using our Website or Online Services; 

For our legitimate interests, i.e., to develop new services and to improve or personalise existing services;

11. To disclose the information in our databases and server logs to comply with a legal requirement;

For the administration of justice, for the purposes of national security only to the extent that is strictly necessary and proportionate, to interact with anti-fraud databases, to protect your vital interests, to protect the security or integrity of our databases or this Website and Online Services, to take precautions against legal liability; 

12. Link or combine it with other personal information we get from third parties;

For our legitimate interests, i.e.

  • to minimize fraud that could be damaging for us and for you,
  • to promote our business, products, and services to existing and former customers,
  • to be as efficient as we can so we can deliver the best service for you at the best price, and
  • to help understand your needs, provide you with better service; 

13. If you submit your resume or CV, we will use the information to process your inquiry and to monitor recruitment statistics; 

For our legitimate interests, i.e.

  • Job candidate processing,
  • to provide more information about employment opportunities, or
  • to take steps at your request before entering into employment with us;

14. In the event of a corporate sale, merger, reorganization, dissolution or similar event, your personal data may be part of an asset transfer or sale;

For our legitimate interests, i.e., corporate development; 

15. Preparing internal and financial reports, and business modeling.

Our legitimate interest in the management of our business operations and reporting obligations.

Where we rely on our legitimate interest, we will balance that against our applicable legal obligations to you. Datasite will not collect additional categories of personal data or use the personal data we collected for materially different, unrelated, or incompatible purposes without providing you notice.

If we request your consent to use your personal data, you have the right to withdraw your consent any time in the manner indicated when we requested the consent or by contacting us. If you have consented to receive marketing communications from our third-party partners, you may withdraw your consent by contacting those partners directly.

SHARING OF PERSONAL DATA

Datasite may disclose your personal data to various third-party service providers for the following business purposes:

  • To support our information technology;
  • For customer service and account management, such as a chatbot that creates AI generated responses based on your service question;
  • To supplement, update, or correct the data or provide additional publicly available data;
  • To manage mailings on our behalf;
  • To aggregate data collected through our Online Services and Website;
  • To perform back-end services related to our Online Services;
  • To perform customer surveys and call recording;
  • To assist with direct marketing efforts;
  • To personalize your Website or Online Service experience;
  • To facilitate marketing events and customer surveys;
  • Where necessary in the course of the professional services that professional advisors such as lawyers, bankers, auditors, and insurers provide to us;
  • To prevent fraud, money laundering, undertake credit checks, comply with laws and check with identity verification agencies;
  • To process an order, issue invoices, take payment from, make payment to your organization, or manage account or payment history; and
  • In the event of a corporate sale, merger, reorganization, dissolution or similar event, your personal data may be part of an asset transfer or sale.

We may transfer your personal data to any third party who is not otherwise covered by the categories listed above where you have given us permission to do so, or with whom you have entered into a contract when we need to transfer your personal data to that party in order to fulfil that contract.

When we disclose your personal data for a business purpose, we enter a contract that requires that all third-party processors process your personal data with the same level of protection and in a manner consistent with the uses agreed upon in this Privacy Notice.

Datasite does not sell your personal data.

Retention

Datasite retains personal data we collect from you where we have an ongoing legitimate interest to do so. When personal data is no longer necessary or relevant for the stated purpose or to fulfill a legal or business requirement, it shall be securely destroyed. Datasite will either physically or electronically erase the personal data. When processing in our role as a processor, we will retain personal data for as long as our customer instructs us to and/or as required by applicable law. Personal data about unsuccessful candidates will be held for 12 months before being destroyed or deleted.

Data Security

We will maintain, monitor, and enforce reasonable organizational, administrative, technical, and physical safeguards to protect the security and confidentiality of your personal data from loss, misuse, unauthorized access or disclosure. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instruction, and they are subject to a duty of confidentiality.

Transfers

Your personal data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country, and in some cases, may not provide an adequate level of protection for personal data. With regard to our role as a Data Processor or Service Provider, our Online Services servers are located in the U.S., Australia and Germany and we may process your information in jurisdictions where our affiliates and third-party service providers are located. Our subprocessor list can be found at https://www.datasite.com/en/legal/sub-processors.

However, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with applicable law for such processing or transfer. These safeguards include implementing the United Kingdom International Data Transfer Agreements and European Commission’s Standard Contractual Clauses for transfers of personal data between us and our affiliates and third-party service providers to whom we transfer the personal data which require these companies to protect personal data they process from the EEA or Switzerland in accordance with European Union Data Protection Law, and with regard to the United Kingdom, United Kingdom General Data Protection Regulation and Data Protection Act 2018.

Data Privacy Framework

Datasite Global Corporation and Datasite LLC maintains compliance with the EU-U.S. Data Privacy Framework (and the UK Extension), and the Swiss-U.S. Data Privacy Framework and has certified to the Department of Commerce that it adheres to each Framework’s Principles regarding the collection, use and retention of personal data as well as the notice, choice, security, data integrity, access and enforcement requirements from European Union member countries, the United Kingdom and Switzerland. If there is any conflict between the terms in this Privacy Notice and the Principles, the Principles shall govern. For a listing of U.S. organizations that have self-certified to the Department of Commerce and declared their commitment to adhere to the Principles, visit https://www.dataprivacyframework.gov/.

By adopting the Data Privacy Framework Principles, Datasite understands that it is subject to the investigatory and enforcement powers of the Federal Trade Commission and may be liable, under U.S. law, in cases of onward transfer of data to third parties outside the permitted uses agreed upon in this Privacy Notice.

Enforcement under Data Privacy Framework

We will regularly review how we are meeting privacy objectives. If you are a citizen of European Union member countries, the United Kingdom and Switzerland and you have questions, requests, or complaints about our privacy practices, you may contact us by e-mailing [email protected]. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, we agree to participate in the dispute resolution procedures established by Judicial Arbitration and Mediation Services (JAMS). If necessary, you may submit a complaint, free of charge to JAMS at https://www.jamsadr.com/about/submitacase. Under certain conditions, you may invoke binding arbitration.

Your Rights

Data quality, access, choice, and corrections

Datasite will make reasonable efforts to keep personal data accurate, complete, and up to date as is necessary to fulfill the purposes for which the information is to be used.

Depending on the territorial jurisdiction in which you are a resident of, in certain circumstances you may have certain rights regarding your personal data including:

  • right to withdraw consent in cases where consent is relied upon;
  • right to obtain access to or a copy of, correct and erase of your personal data;
  • right to lodge a complaint;
  • right to object to any automated processing of personal data;
  • right to restrict, or object to, how we use your personal data;
  • right to move or provide some of your personal data to other companies;
  • right to ask us to stop using your personal data;
  • right to ask why we are using your personal data, what personal data we are using, with whom we are sharing, the period for which it is retained, the source of the personal data where it was not provided by you, and the transfers of the personal data to countries outside the EAA, Switzerland and the United Kingdom.

In certain circumstances we may not be able to do this or may not be required to do this. If you would like to exercise, or discuss, any of these rights, please see below (“Exercising Rights)

Automated decision making

You have the right not to be subject to automated decision making (e.g., profiling) that significantly affects you. The exercise of this right is not available to you in the following cases:

  • The automated decision is required to enter into, or perform, a contract with you;
  • We have your explicit consent to make such a decision;
  • The automated decision is authorised by local law of an EU member state.

Unless the automated decision is authorized by local or EU law, you still have the right to obtain human intervention in respect of the decision, to express your point of view and to contest the decision.

Exercising Rights

To exercise your data quality, access, choice, and corrections rights described above, please submit a verifiable request to our Office of the General Counsel by submitting a request to [email protected] or here. Only you may make a request related to your personal data. We endeavor to respond to a verifiable request within any legally required time limit or otherwise within thirty (30) days of its receipt, which thirty (30) day period may be extended with written notification, and deliver our response (or reasons we cannot comply with a request) via electronic mail. We will not discriminate against you for exercising any of your rights. We may make a charge, if excessive, repetitive, or manifestly unfounded.

If you no longer wish to receive electronic mail, please click the “unsubscribe” link located at the bottom of the e-mail, or, by contacting [email protected] or visiting https://go.datasite.com/preferencecenter. We will not honor opt out request made on behalf of other individuals, regardless of their affiliation to the requestor.

For inquiries related to our activities in the EEA, you may contact our data protection contact at [email protected] or via mail at Datasite Germany GmbH, Company # 49989, Barckhaussstraße 12-16, 60325 Frankfurt am Main Germany.

For inquiries related to our activities in the UK, you may contact our data protection contact at [email protected] or via mail at Datasite UK Limited, 15 Bonhill Street, London, EC4A 2DN, United Kingdom

For inquiries related to our activities in Brazil, you may contact our General Counsel, Patricia Elias, at [email protected] or via mail at Datasite Brasil ADM. De Informacao E Documentos Ltda., Av. Brigadeiro Faria Lima, nº 3.311, in the City of São Paulo, State of São Paulo, Postal Code 05426-100.