top of page

PRIVACY POLICY

​

Last Modified: November 2024

 

Your privacy is important to us. Please read this Privacy Notice (“Policy”) and any other privacy notice or fair processing notice Bloom (“BLOOM”, “we” and “us”) may provide on specific occasions carefully, as it is meant to help you understand what information we collect, why we collect it, and how you can update, manage, export, and delete your information.

​

This Policy has been drafted as to be applied to personal information processing activities globally. The processing activities may be more limited in some jurisdictions due to the restrictions of their laws. For example, the laws of a particular country may limit the types of personal data we can collect or the manner in which we process that personal data. In those instances, we may adjust our internal policies and/or practices to adapt to the requirements of local law.

​

This Privacy Notice supplements our other notices (for example specific privacy notices we provide for the purposes of a specific clinical trial in a specific jurisdiction) and is not intended to override them.

​

1.    Policy Scope

This Policy applies to ways in which we interact with individuals and include consumers, which we referred to herein as “Data Subjects”, in connection with our business, including, without limitation:

  • Visitors to our website located at https://www.bloomequitypartners.com/ (the “Website”);

  • Directors, officers, employees and other representatives of portfolio companies in which BLOOM has made an investment or is considering making an investment;

  • Individual representatives of third-party sellers, placement agents, finders, investment bankers, consultants, lawyers, accountants, advisers and other service providers, whether or not engaged by BLOOM;

  • Directors, officers, employees and other representatives of BLOOM;

  • Individuals applying for or enquiring about employment with us;

  • Individuals who consider or do invest with us and their representative agents with whom we interact during the normal course of business; and

  • Visitors to our websites and users of any digital services we provide.

​

We may provide you, as required with a supplementary country specific privacy notice when required to do so by the law of that country.

​

2.    Privacy Law and Principles

This Privacy Notice has been generally drafted is in accordance with the GDPR (EU General Data Protection Regulation) but may be applied to personal information processing activities globally. The processing activities may be more limited in some jurisdictions due to the restrictions of their laws. For example, the laws of a particular country may limit the types of personal information we can collect or the manner in which we process that personal data. In those instances, we may adjust our internal policies and/or practices to adapt to the requirements of local law.


We always strive to:

  • Process personal data lawfully, fairly and in a transparent way

  • Obtain personal data only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes

  • Collect personal data relevant to the purposes we have told you about and limited only to those purposes

  • Take reasonable steps to ensure that personal data is accurate and kept up to date

  • Subject to applicable legal or other requirements, keep personal data only as long as necessary

  • Use appropriate technical and/or organizational measures to ensure appropriate security of the personal data

Please see the following sections for more information about specific jurisdictions:

  • Further information for EEA and UK residents 

  • Further information for Californian  Residents

​

3.    Additional and supplementary privacy notices

Employees
We provide our former or existing employees with supplementary privacy notices where we are required to do so and dependent on the employees’ geographies and jurisdictions.
General 
We may also provide additional privacy notices for certain entities within BLOOM, categories of Data Subjects (e.g., certain investors or prospective investors in a fund managed or advised by BLOOM, and certain geographies and jurisdictions.


4.    Important information and who we are 

The Website is provided by Bloom (‘we’, ‘our’ or ‘us’), an Investment Equity Company Investing in Technology and we are the controller of the personal data which is the subject of this privacy notice.


5.    How to contact us

Name:  Please contact us via the Bloom Privacy Team  
By email: privacy@bloomequitypartners.com


6.    What types of personal data do we collect?

Personal Data:  the term “Personal Data,” can also be referred to as “Personal Information" or "Personally Identifiable Information (PII)." This refers to information that reasonably can be used to identify you as an individual person. 


The personal information that we collect depends on the context of your interactions with us and the website, the choices you make and your relationship with us and may include the following types of personal data:

•    Appointment and Interview Data
•    Behavior: information about daily habits and moods.
•    Candidate data: your resume, application letters and forms; job details, work history interview notes and any other information you provide us with as part of your application process.
•    Commercial data: including tax information, bank account details, credit card number, money transfers including communications on bank transfers, assets, investor profile, credit history, debts, and expenses. 
•    Communication Data: Any information you voluntarily provide, including online or through communication.

•    Contact data: data such as your postal address, tax ID, personal or work email address, mail address, work address, phone number, or other similar identifiers.  
•    Education and Training data: information about your education, qualifications, training, degrees, certifications, specialisms, school name; school contact details; student number; qualification details; field of study; attendance dates; graduation

•    Identification data: name, passport number, tax ID, study identification number, internet protocol address, account name, social security number, driver’s license number, Age, gender, biological sex and date of birth.
•    Images: including your picture and other visual information. 
•    Location data: includes your IP Address, telephone codes, address, clinic or hospital, work address, country of birth and/or residence, questionnaires. The physical location of your device by, for example, using satellite, ‎cell phone tower or Wi-Fi signals.

•    Marketing data: includes preferences in receiving marketing from us and our third parties and communication preferences.

•    Payment data: money owed and paid and bank account for payment, tax details.

•    Professional data: includes professional or employment-related information, including your employment history, employer’s name, remuneration, references, training records, disciplinary and performance records, health and safety records, employment status: employer name; employer contact details; manager name; manager contact details; job title; pay rate; dates of employment; reason for leaving.

•    Technical data: includes internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices used to access our website.

•    Profile Data: includes username and password, interests, preferences, feedback, and survey responses.

•    Publicly available data: includes identity and contact data from publicly available data sources such as LinkedIn.
•    Relationship data: Guardians and Parents relationship to minor data subject
•    Observations preferences and opinions: information included in questionnaires and consent.
•    Usage Data: includes information about how you use our website and services, and online activity based on your interaction with us, our websites and applications for example searches, site visits browsing actions and patterns. Internet or other electronic network activity information, including, but not limited 
•    Other Information relevant to conducting business with us or becoming our customer or Information classified as personal or protected information by state, federal, or other applicable law.


7.    What is Sensitive or Special Category Data

Sensitive or Special Category Data is personal data that needs more protection because it is sensitive.

​

Where you choose to provide us with this information or we have a lawful reason for collecting it, we will only process that sensitive personal information in such jurisdiction if and to the extent permitted or required by applicable law.


8.    Do you collect sensitive personal data?

We may collect sensitive Personal Data depending on your relationship with us e.g. we may collect sensitive data from employees or others including:

  • Health data: data concerning health, sick absence notes, disabilities, medical history, medications, work accident injuries, examination notes and test results from the study (e.g., blood type, vital signs, urine test, x-rays, physical exams, known conditions, medical survey or questionnaire results, and other study-specific procedures required by the study protocol); 

  • Demographic Data: including ethnicity and race 

  • Sex:  including sex life and sexuality

When we employ you, we may, where required by applicable law, provide you with a supplementary country specific privacy notice that sets out exactly what sensitive personal data we will collect for the purposes of your employment.


9.    How do we collect your Personal Data?

  • From you directly 

We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us, when you apply to work for us, participate in activities with us or on the Website or otherwise when you contact us.

  • Information Collected through Technical means

Indirectly, such as your browsing activity while on our website; we will usually collect information indirectly using the technologies explained in our ‘Cookies Notice.

When you visit our website and its subdomains as referenced above, and the landing pages of marketing campaigns that we may create and run from time to time.

Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some services to, among other things, track the actions of users of the services (including email recipients), and compile statistics about usage of the services and response rates as well as general demographic information and aggregated information.


When you download a white paper available or other digital content from our website.
Information we receive from third parties in each case where permissible and in accordance with applicable law

  • Sometimes we collect your personal data from third parties such as Clinical Research organizations, agencies, marketing agencies, market research companies, our suppliers, contractors, partners or consultants, group companies

  • We may also collect other identifiable information from M & A staff 

  • Information we receive from public sources 

We may collect Information about you from publicly available sources, including any social media platforms such as LinkedIn, public websites and public agencies.
If you are located outside of the United States, please be aware that the Personal Data we collect will be processed and stored in the United States, a jurisdiction in which the data protection and privacy laws may not offer the same level of protection as those in the country where you reside or are a citizen. For more jurisdiction specific information on how we use and process your information see the sections below:
•    EEA and UK residents 
•    Californian Residents


10.    How and on what basis do we use your Personal Data?

We may use your Personal Data for a variety of purposes, and (to the extent applicable) on the basis of various legal bases, including, but not limited to, the following:

  • Complying with legal or regulatory obligations, such as our obligations regarding know-your-client and anti-money laundering due diligence;

  • Performing a contract with you or to take steps at your request before entering into a contract, including to: (i) provide you with information regarding BLOOM; (ii) assist you and answer your requests; (iii) evaluate whether we can offer you a BLOOM service and under what conditions; and (iv) responding to know-your-client and anti-money laundering information requests presented by counterparties with whom we do business on your behalf or for your benefit; and

  • Other legitimate business interests, such as:

    • Communicating with Data Subjects;

    • Acquisitions

    • Performing activities relating to client management, financial management and administration;

    • Investigating and resolving disputes and security issues and enforcing our Terms of Service and other agreements;

    • Monitoring and auditing compliance with internal policies and procedures, legal obligations and to meet requirements and orders of regulatory authorities; and

    • Processing and considering applications for employment, including evaluating and confirming your suitability for the position and accuracy of any information submitted.

We will not use your Personal Data for any purposes inconsistent with this Policy and the purpose for which it was collected, without your permission or otherwise in accordance with applicable law.


For further information on this for EEA/UK residents see Section 27.


11.    Selling Personal Data

We do not sell any Personal Data and have not sold any Personal Data in the past.


12.    With whom do we share your Personal Data?

Within BLOOM.  We share your Personal Data among BLOOM entities and affiliates for the purposes set forth above. In general, BLOOM entities and affiliates, in turn, are not permitted to share your information with other non-affiliates entities, except as described herein or otherwise permitted by applicable laws.

​

To Third Parties.  We share your Personal Data with third parties in certain circumstances, including the following:

  • Service Providers: We share Personal Data with service providers that perform services on our behalf (e.g., third-party service providers to operate the Website) and with service providers and other counterparties to our clients and investors. These companies may have access to your Personal Data but are permitted to use the information solely to provide the specific service or as otherwise permitted by law.  We generally require these providers by contract to keep the information confidential.

  • Transaction or Other Corporate Event: Your Personal Data can be disclosed as part of a corporate business transaction, such as a merger, acquisition, joint venture, financing, or sale of company assets, including bankruptcy proceedings, or other investment activity, and could be transferred to a third party as one of the business assets in such a transaction. It also can be disclosed in the event of insolvency, bankruptcy, or receivership. In such an event, we will post prominent notice of the change in ownership.

  • As Required by Law: We also disclose your Personal Data if we are required to make disclosures by applicable law or to the government or private parties in connection with a lawsuit, subpoena, investigation, or similar proceeding, or as part of our legislative or regulatory reporting requirements.

​

13.    Do you have a choice about the data we collect and use about you?

Yes, you may always choose what personal information (if any) you wish to provide to us. 


In cases where you are requested to affirmatively provide information, such as to complete a form, or an application, or a survey on our website, you may decline to do so. Please understand, however, that in some cases certain information is required to complete an application, form, contract, recruitment activity or other service or acquisition and if you decline to provide the information requested you may not be able to submit your application or participate in the applicable activity or service.   


If you would like to restrict our placement of cookies on your device, please see our Cookie Notice.


If you would prefer not to receive e-mail marketing messages from us, please use the opt-out instructions included in the email message to opt-out of additional communications.


You may be given additional choices in the context of particular preferences tools or functions that we make available through our website.


14.    How do we protect your Personal Data?

We take seriously the obligation to safeguard your Personal Data.  Your Personal Data held by us will be kept confidential in accordance with applicable BLOOM policies and procedures.  


We will use all reasonable efforts to ensure that all Personal Data is kept secure and safe from any loss or unauthorized disclosure or use.  All reasonable efforts are made to ensure that any Personal Data held by us are stored in a secure and safe place and accessed only by our authorized employees and transferees.


Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal information, we do not have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many Information security risks that exist and take appropriate steps to safeguard your own information. 


We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

​

15.    Transferring your information overseas

We do business globally and may centralize certain aspects of our information processing activities and data storage in different countries. We may therefore have to share and transfer your personal data from one country to another, or even across multiple jurisdictions, including, but not limited to transfers between the EU and US, EEA and the US, the UK and US. Your personal data may therefore be subject to privacy laws that are different from those in the country where the personal information is collected or those in your country of residences. 


We will ensure your personal information has an appropriate level of protection and will undertake appropriate due diligence and risk assessments prior to transferring the information. 
We will ensure the transfer your personal information in line with applicable Privacy Law. Often, this protection is set out under a contract with the organization that receives your personal data. You can find more details of the protection given to your information when it is transferred overseas by contacting us.


Where a privacy regulatory authority requires a corresponding privacy regulatory approval before we transfer your Personal Data outside your jurisdiction, we will obtain the approval before transferring your personal data.


16.    Keeping your Personal Data current

In general, we seek to ensure that we keep your Personal Data accurate and up to date. However, you are responsible for, and we kindly request that you inform us of, any changes to your Personal Data (such as a change in your contact details).  


To update or edit your Personal Data that we have on file, including your communication preferences, please contact us using the contact details set out under the “Contact and Complaints” heading below or by sending an e-mail to privacy@bloomequitypartners.com


17.    How long do we keep your Personal Data?

In general, we will process and store your Personal Data for as long as it is necessary in order to fulfil our contractual, regulatory and statutory obligations, which may differ depending on the relevant BLOOM entity or jurisdiction.  Subject to those qualifications, our goal is to keep such data for no longer than necessary in relation to the purposes for which we collect and use the Personal Data (we refer to the purposes as set forth above). If you have any specific questions in this respect, please feel free to contact us.

​

18.    Data Subject Rights

BLOOM uses your personal data in compliance with applicable Privacy laws.  Most notably, the General Data Protection Regulation (GDPR) and US data protection legislation these privacy laws and some laws in other regions have rights that allow you greater control of and access to your Personal Data.

​

These rights may include the right:

  • To request and obtain a copy of your personal information

  • To request rectification and/or erasure

  • To restrict processing of your personal information

  • Data portability (if applicable)

​

BLOOM does not use automated decision making that has a legal consequence for or otherwise materially and negatively impacts a data subject.


The application of these and any other privacy rights you may have depends on applicable privacy laws and if you would like more information about your specific rights under data protection law in your jurisdiction and how to exercise those rights, please contact us at: privacy@bloomequitypartners.com. 


We may request specific information from you to help us confirm your identity, verify your rights, and respond to your request, including to provide you with the personal data that we hold about you, if applicable. 

​

Applicable law may allow or require us to deny your request, or we may have destroyed, erased, or made your personal data anonymous in accordance with our record retention obligations and practices. 

​

We will consider and act upon any requests in accordance with applicable privacy laws.

​

19.    Withdrawing Consent

If we rely on your consent to process your personal information, which may be express or implied consent according to the applicable law, you have the right to withdraw consent at any time. You can withdraw your consent by contacting us at privacy@bloomequitypartners.com


Please note that this will not affect the lawfulness of the processing before the withdrawal, nor when applicable law allows, will it affect the processing of your personal information on the basis of any other lawful ground other than consent.


20.    Changes to Our Privacy Notice

We may update this Policy from time to time.  If we make any material changes to this Policy, we will change the "last updated" date so that you can quickly determine whether there were material changes since the last time you reviewed the Policy. You are advised to review this Policy periodically for any changes. Changes to this Policy are effective when they are posted on this page.


21.    Data Privacy Framework

Bloom Partners Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Bloom has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) regarding the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program and to view our certification, please visit https://www.dataprivacyframework.gov.


In relation to the personal information we process and transfer from the European Union or the United Kingdom to the United States, we are a committed participant in the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as applicable. The Federal Trade Commission oversees our compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.


For dispute resolution and complaints regarding our adherence to the EU-U.S. Data Privacy Framework or the UK Extension, we rely on the European Data Protection Supervisory (DPS) authorities and the UK Information Commissioner’s Office (ICO) as our designated independent recourse mechanisms. Individuals in the EU and the UK may submit complaints to their respective Data Protection Supervisory Authorities or to the ICO, who will work with us to resolve any issues. If a complaint is not resolved through these channels, individuals may seek binding arbitration under certain conditions as described in Annex I of the Data Privacy Framework, available at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf.


When we engage third parties to process personal information on our behalf under the Data Privacy Framework, these third parties are also required to comply with the obligations of the Framework. We accept liability for any non-compliance by these third parties unless we can demonstrate that we are not responsible for the event leading to the damages.


22.    Dispute Resolution

If a privacy complaint or dispute relating to Personal Data received by Bloom , Inc. in reliance on the Data Privacy Framework (or any of its predecessors) cannot be resolved through our internal processes, we have agreed to participate in the  commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints.

​

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Bloom , Inc. commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.


23.    Binding Arbitration

If your dispute or complaint related to your Personal Data that we received in reliance on the Data Privacy Framework cannot be resolved by us, nor through the dispute resolution mechanism mentioned above, you may have the right to require that we enter into binding arbitration with you under the Data Privacy Framework “Recourse, Enforcement and Liability” Principle and Annex I of the Data Privacy Framework.


24.    Do Not Track

BLOOM does not track Data Subjects over time and across third-party websites to provide targeted advertising and therefore does not respond to Do Not Track (“DNT”) signals. However, some third-party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your browser allows you to set the DNT signal so that third parties (particularly advertisers) know you do not want to be tracked. You should consult the help pages of your browser to learn how to set your preferences so that websites do not track you.


25.    Contact and Complaints

BLOOM takes very seriously any complaints we receive about our use of your Personal Data.  Questions, comments, requests or complaints regarding the Website, this Policy, the Terms of Service and/or our use of your Personal Data should be addressed to Complaints privacy@bloomequitypartners.com


Any Personal Data we receive from you when making a complaint will be treated in accordance with this Policy and only to process the complaint and check on the level of service we provide. Similarly, where inquiries are submitted to us, we will only use the information supplied to us to deal with the inquiry and any subsequent issues and to check on the level of service we provide.


For further information on contacts and complaints EEA/UK residents can refer to the sections regarding those countries.


26.    Bloom Equity Partners Website Servers 

Bloom Equity Partners is operated from servers in the United States.


Please be aware that a website may contain links to other websites hosted by third parties. BLOOM does not control and is not responsible for the content or privacy practices and policies of such third-party websites.  We encourage you to be aware when you leave the Website and to read the privacy policies of each third-party website, especially if such website collects Personal Data from you.


27.    Additional Information for Residents of the European Economic Area (the “EEA”) and the United Kingdom (the “UK”)

For purposes of the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 and the UK GDPR (as defined in the UK Data Protection Act 2018 (as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2018 (SI 2019/419)) (both referred to herein as the “GDPR”), in addition to the information above, the below applies to any Data Subject whose personal data we collect whilst  they are resident in the EEA or the UK. 


Further details about our processing of your personal information: The section below describes the ways we plan to use your Personal Data, and which Lawful Basis we rely on to do so. We have also identified what our legitimate interests are where appropriate.

​

Lawful Basis of processing

Contract
Under this basis, we process personal data to evaluate applications and candidates for vacant roles prior to entering into employment or services contracts. This includes assessing skills, qualifications, and suitability for the role, using data such as appointment and interview records, communication data, contact information, identification details, location data, publicly available data, preferences, opinions, and education and training records.


For employment contracts, personal data is used to fulfill obligations like salary processing, benefits administration, and contract performance. Data categories include behavior, contact details, professional and commercial data, identification information, images, payment information, location data, education and training data, relationship data, and health data.


In the context of business contracts, personal data is processed to ensure compliance with vendor, supplier, consultancy, and other third-party agreements. This involves using commercial, communication, education, identification, and payment data.

​

Legitimate Interest
We process personal data under legitimate interests to manage our business effectively, maintain website functionality, monitor performance, troubleshoot, secure networks, and respond to user inquiries. This may involve using communication, contact, location, marketing, technical, profile, and usage data.


Legitimate interest also applies to providing website maintenance, making marketing recommendations, measuring advertising effectiveness, and complying with laws and regulations. Data categories include identity data, contact information, technical data, and marketing and communications data.


We also rely on legitimate interests to enforce contracts, defend claims, verify identities for data rights requests, prevent fraud, and manage business restructuring. Depending on the circumstances, all relevant categories of personal data may be used.

​

Legal Obligations
We process personal data to comply with legal and regulatory requirements, including responding to court orders, supporting tax inquiries, and detecting fraudulent activities. This involves using communication data, professional data, payment information, identification data, and other relevant personal data as required by law.

​

Consent
In cases where consent is necessary, such as for marketing purposes, individuals have the right to withdraw consent at any time. With consent, we may use personal data to measure advertising effectiveness, store cookies, and improve our website, products, and services. Categories of data processed under consent include communication data, contact information, marketing data, profile data, technical data, and usage data.

​

In all scenarios, personal data is handled in compliance with applicable laws and regulations, ensuring individuals' rights are respected and protected.

​

Sensitive Personal data
The lawful basis of processing for sensitive personal data is set out below:

Compliance with Laws and Regulations
Sensitive personal data is processed to comply with applicable laws and regulatory obligations, enforce legal rights, or defend and undertake legal proceedings, depending on the circumstances. The legal basis for this processing is that it is necessary for scientific research purposes under GDPR Article 9(2)(j) and Article 89(1). The data we may use for this purpose includes health data, demographic data, sex, and pregnancy information.

 

Employment Purposes
For employment-related processing, the legal basis is that it is necessary for carrying out obligations and exercising specific rights in the field of employment, social security, and social protection law, as per GDPR Article 9(2)(b). This may include health data such as information about health conditions, sick absence notes, disabilities, medical history, medications, work accident injuries, examination notes, and test results (e.g., blood type, vital signs, urine tests, x-rays, physical exams, known conditions, medical survey results, or other study-specific procedures). Additionally, demographic data may also be used for this purpose.

​

These processes are carried out in compliance with GDPR and other relevant legal frameworks to ensure the protection and appropriate use of sensitive personal data.

​

Transfer of Personal Data Outside of the UK/EEA
Your personal data will be hosted in the United States and will therefore be transferred and stored outside of the UK or European Economic Area (“EEA”) both inside of our group and to certain third-party suppliers, where such information is collected in the EU or UK. For the purpose of applicable EU/UK laws, such third countries (including the U.S.) may not offer the same level of data protection as your country of residence, and additional safeguards may be necessary for such transfers. 


We ensure that such transfers will be made in accordance with applicable EU/UK data privacy laws, for example using specific contracts approved for use in the EU/UK which give Personal Data the same protection it has in the EU/UK. This may include the EU Standard Contractual Clauses, the UK IDTA (International data transfer agreement) and/or the UK Addendum to the EU Standard Contractual Clauses.


GDPR Data Subject Rights
Under the GDPR, in certain circumstances, a UK or EEA-resident Data Subject has certain individual rights with respect to the Personal Data that we hold about them. In particular, you may have the right to:

  • Request access to any data held about you;

  • Ask to have inaccurate data amended;

  • Request data held about you to be deleted, provided the data is not required by BLOOM to perform a contract, defend a legal claim or to comply with applicable laws or regulations;

  • Prevent or restrict processing of data which is no longer required; and

  • Request transfer of appropriate data to a third party where this is technically feasible.

​

Additionally, in the circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.


You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive.


To exercise any of these rights, please contact us using the contact details set out under the “Contact and Complaints” heading above. We may need to request further information from you to help us confirm your identity to help facilitate your request. This is a security measure to ensure that Personal Data is not mistakenly disclosed.


Automated Decision Making
We respect your legal rights not to be subject to decisions that are based solely on automated processing of your Personal Data, including profiling, especially where such processing has legal or other significant effects on you.  In establishing and carrying out a business relationship, we generally do not use any automated decision making pursuant to the GDPR.  We may process some of your Personal Data automatically, with the goal of assessing certain personal aspects (profiling), such as to comply with legal or regulatory obligations to combat money laundering, terrorism financing, and offenses that pose a danger to assets.  We also use assessment tools in order to be able to allow communications and marketing to be tailored as needed, all following applicable EEA or UK law.


Complaints to Local Authorities
As a resident of the EEA or UK, you are also entitled to direct any complaints in relation to our processing of your Personal Data to your national or local data protection supervisory authority.


UK residents can contact the ICO here.
EU residents can find their applicable local data protection supervisory authority here.

​

28.    Additional Information for Residents of California
The information below may apply to Data Subjects who are residents of California. 


California Data Subject Rights 
California’s “Shine the Light” law permits California residents to annually request and obtain information free of charge about what personal information is disclosed to third parties for direct marketing purposes in the preceding calendar year. For more information on these disclosures, please contact us using the contact details set out under the “Contact and Complaints” heading above.


In addition, Data Subjects in California may have a right under the California Consumer Privacy Act (“CCPA”) to request erasure of their Personal Data or access to Personal Data that we have collected in the last twelve (12) months.


You may submit requests for access or erasure of your personal information by contacting us at privacy@bloomequitypartners.com 


Individuals who submit requests for access or erasure of personal information will be required to verify their identity by answering certain questions. We will not disclose or delete any information until identity is verified.


If you are making a request for access, we may not be able to provide specific pieces of personal information if the disclosure creates a substantial, articulable, and unreasonable risk to the security of your personal information, your account with us, or our systems or networks.


If you are making a request for erasure, we will ask that you confirm that you would like us to delete your personal information again before your request is addressed.


You may designate an authorized agent to submit a request on your behalf by providing that agent with your written permission. If an agent makes a request on your behalf, we may still ask that you verify your identity directly with us before we can honor the request.


Agents who make requests on behalf of individuals, will be required to verify the request by submitting written authorization from the individual. We will not honor any requests from agents until authorization is verified.
Under the CCPA, you cannot be discriminated against for exercising your rights to access or request erasure of their Personal Data.

bottom of page