Co Ventures Pty Ltd ("Co Ventures", "we", "us" or "our") is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, store, and disclose personal information in accordance with applicable privacy laws including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), the EU General Data Protection Regulation (GDPR), the UK GDPR, and US state privacy laws.

This Policy applies to personal information provided to us by investors, founders and startup applicants, contractors and service providers, event or program participants, and others who interact with Co Ventures through our business activities, website, and community engagements.

1. Who We Are & How to Contact Us

Co Ventures Pty Ltd
Email: secretary@coventures.vc

EU Representative (GDPR Article 27): We do not target or monitor individuals in the EU

UK Representative (UK GDPR): We do not target or monitor individuals in the UK

2. Definitions

"Personal information" or "personal data" means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in material form or not. This includes names, email addresses, IP addresses, device identifiers, and any other information that can identify you directly or indirectly.

3. What Personal Information We Collect

We may collect the following categories of personal information:

3.1 Identity and Contact Data

• Name, email address, phone number, postal address
• Job title, company name, professional affiliation
• LinkedIn profile or website URLs
• Date of birth (for investor verification)

3.2 Professional and Financial Information

• Career history, qualifications, professional experience
• Financial information for investment purposes (income, net worth, investment capacity)
• Bank account details for payment processing
• Tax File Number or other government identifiers (where required)
• Investment preferences and risk tolerance

3.3 Application and Due Diligence Data

• Business plans, pitch decks, startup information
• Responses to application forms, surveys, questionnaires
• Background check information, identity verification documents
• Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) compliance data
• References and professional recommendations

3.4 Communications and Interaction Data

• Records of communications with us (emails, calls, messages)
• Event attendance records and participation details
• Marketing preferences and communication history
• Feedback, complaints, and support requests

3.5 Technical and Analytics Data

• IP address, device type, browser information
• Website usage patterns, pages visited, time spent
• Cookie identifiers and tracking data
• Geolocation data (country/region level)

3.6 Sensitive Information

We do not actively seek sensitive information (racial/ethnic origin, political opinions, religious beliefs, health data, biometric data, criminal records). Where we collect sensitive information, we do so only with your explicit consent or where legally required (e.g., passport nationality for AML checks, dietary requirements for events).

4. How We Collect Personal Information

4.1 Directly From You

• Application forms and pitch submissions
• Event registrations and program participation
• Communications via email, phone, or contact forms
• Account creation and profile updates
• Subscription to newsletters or updates

4.2 From Third Parties

• Referrals from mutual connections (with their permission)
• Publicly available sources (LinkedIn, company registers)
• Background check and verification service providers
• Professional references and recommendations
• Co-investors and business partners (with appropriate consent)

4.3 Automatically Through Technology

• Cookies and similar tracking technologies
• Website analytics and performance monitoring
• Email marketing tracking (opens, clicks)
• CRM integration and lead tracking

5. Cookies and Tracking Technologies

5.1 Types of Cookies We Use

Essential Cookies (No consent required):

• Security cookies (CSRF protection)
• Session management for form submissions
• Website functionality and accessibility preferences

Analytics Cookies (Consent required for EU/UK):

• Google Analytics: Tracks website usage, user journeys, and performance (2-year retention)
• Heatmapping tools: Understanding user interaction patterns (1-year retention)
• Performance monitoring: Site speed and functionality analysis (1-year retention)

Marketing and Advertising Cookies (Consent required for EU/UK):

• LinkedIn Insight Tag: Professional audience targeting (90-day retention)
• Email marketing platforms: Campaign effectiveness tracking (2-year retention)
• Retargeting cookies: Personalized advertising delivery (30-90 day retention)

Third-Party Integration Cookies:

• CRM systems (e.g., Salesforce, HubSpot): Lead tracking and attribution (2-year retention)
• Video platforms (YouTube, Vimeo): Embedded content delivery (varies by provider)
• Social media widgets: Sharing and engagement features (varies by provider)
• Customer service tools: Chat and support functionality (1-year retention)

5.2 Cookie Duration

• Session cookies: Deleted when you close your browser
• Persistent cookies: Stored for periods ranging from 30 days to 2 years, depending on purpose

5.3 Managing Your Cookie Preferences

EU/UK Visitors: We provide an equal-prominence Accept/Reject cookie banner with granular controls. Non-essential cookies are blocked by default until you provide consent.

All Visitors: You can:

• Access our Cookie Preference Center at any time
• Adjust settings by category (Analytics, Marketing, etc.)
• Withdraw consent through your browser settings
• Use our "Cookie Settings" link in the website footer

Browser Controls: You can also manage cookies through your browser settings, though this may affect website functionality.

6. Legal Bases for Processing (EU/UK)

For EU and UK visitors, we process personal data based on:

• Consent: Marketing communications, non-essential cookies, optional data sharing
• Legitimate Interests: Handling investment inquiries, website analytics, fraud prevention, business development
• Legal Obligation: AML/CTF compliance, tax reporting, regulatory requirements
• Contract Performance: Providing investment services, managing investor relationships

7. How We Use Personal Information

7.1 Investment and Business Operations

• Evaluating funding applications and investment opportunities
• Conducting due diligence and background checks
• Managing investor relationships and fund administration
• Processing investment transactions and distributions
• Providing investor updates and portfolio reports

7.2 Program and Event Management

• Processing program applications and event registrations
• Facilitating participation in accelerator programs and community events
• Providing relevant resources and support services
• Collecting feedback and measuring program effectiveness

7.3 Communications and Marketing

• Responding to inquiries and providing customer support
• Sending newsletters, event invitations, and industry updates
• Facilitating networking and community connections
• Promoting relevant opportunities and services

Marketing Opt-Out: You can unsubscribe from marketing communications at any time using the unsubscribe link in emails or by contacting us directly.

7.4 Legal and Regulatory Compliance

• Meeting AML/CTF and sanctions screening requirements
• Fulfilling tax and financial reporting obligations
• Complying with investor protection regulations
• Maintaining records for legal and audit purposes

7.5 Website and Service Improvement

• Analyzing website usage and user experience
• Identifying technical issues and security threats
• Developing new features and services
• Conducting market research and business analysis

8. How We Share Personal Information

We do not sell your personal information. We may share information with:

8.1 Service Providers and Contractors

• IT and cloud hosting providers
• CRM and email marketing platforms
• Analytics and performance monitoring services
• Payment processors and banking partners
• Background check and verification services
• Professional advisors (lawyers, accountants, auditors)

8.2 Business Partners and Network

• Co-investors and syndicate partners (with consent)
• Portfolio companies (for relevant connections)
• Event co-hosts and sponsors (with disclosure)
• Community program collaborators

8.3 Legal and Regulatory Requirements

• Government authorities and regulators (ASIC, ATO, AUSTRAC, IRS, HMRS and similar)
• Law enforcement agencies (when legally required)
• Courts and legal proceedings
• Sanctions screening and compliance systems

8.4 Corporate Transactions

• Potential acquirers or merger partners (under confidentiality agreements)
• Professional advisors in transaction due diligence
• Successor entities (with notice to affected individuals)

All third parties are contractually bound to protect your information and use it only for specified purposes.

9. International Data Transfers

We are based in Australia and primarily store data locally. However, some service providers may process data internationally. When transferring personal data outside Australia, we ensure appropriate safeguards:

For Australian residents: We comply with APP 8 by ensuring overseas recipients provide comparable protection or obtaining your consent after disclosure of risks.

For EU residents: We use approved transfer mechanisms:

• EU-US Data Privacy Framework (for participating US companies)
• Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission

For UK residents: We use approved transfer mechanisms:

• UK-US Data Privacy Framework extension
• UK International Data Transfer Agreement (IDTA)
• UK adequacy decisions

Countries where your data may be processed include the United States, Singapore, and other jurisdictions where our cloud service providers operate.

10. Data Retention

We retain personal information only as long as necessary for the purposes collected:

• Investment inquiry data: 20+ years from last contact
• Investor relationship data: Throughout investment period plus 7 years (regulatory requirements)
• Event and program data: 10+ years from participation
• Marketing communications: Until opt-out plus 1 year
• Legal compliance data: As required by applicable laws
• Website analytics: 2 years maximum

When retention periods expire, we securely delete or anonymize the information.

11. Security Measures

We implement industry-standard security measures including:

• Access controls and multi-factor authentication
• Regular security assessments
• Staff training on privacy and security practices
• Incident response and data breach procedures
• Secure cloud infrastructure with certified providers

Data Breach Notification: If we experience a data breach likely to result in high risk to your rights, we will notify you and relevant authorities within required timeframes (72 hours for EU/UK, serious harm threshold for Australia).

12. Your Privacy Rights

12.1 Australian Privacy Rights

• Access: Request copies of your personal information
• Correction: Request correction of inaccurate information
• Complaints: Lodge privacy complaints with us or the OAIC

12.2 EU/UK Privacy Rights (GDPR)

• Access: Obtain copies of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion in certain circumstances
• Restriction: Limit processing in specific situations
• Portability: Receive data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for consent-based processing

Supervisory Authority: You can contact your local data protection authority (ICO for UK, relevant authority for EU) if unsatisfied with our response.

12.3 US State Privacy Rights

California (CCPA/CPRA) and Other Applicable States:

• Right to Know: Categories and specific pieces of personal information collected
• Right to Delete: Request deletion of personal information
• Right to Correct: Request correction of inaccurate information
• Right to Opt-Out: Opt-out of "sale" or "sharing" of personal information
• Right to Limit: Limit use of sensitive personal information
• Non-Discrimination: No discrimination for exercising privacy rights

Opt-Out Preference Signals: We honor Global Privacy Control (GPC) and other recognized opt-out signals.

"Do Not Sell or Share" Link: Available in our website footer for applicable jurisdictions.

12.4 Exercising Your Rights

To exercise any privacy rights:

1. Email us at decretary@coventures.com

We will verify your identity before processing requests and respond within applicable timeframes (typically 30 days, may be extended in complex cases).

13. Direct Marketing and Electronic Communications

13.1 Marketing Consent

We only send marketing communications with appropriate consent. You can:

• Unsubscribe using the link in any marketing email
• Contact us directly to opt-out
• Update preferences in your account settings

13.2 Compliance Standards

• Australia: Comply with Spam Act 2003 requirements
• US: Follow CAN-SPAM Act guidelines
• EU/UK: Adhere to PECR and ePrivacy requirements

All marketing emails include clear sender identification and easy unsubscribe options.

14. Sanctions and Compliance Screening

We screen individuals and entities against sanctions lists including:

• Office of Foreign Assets Control (OFAC) - US
• Office of Financial Sanctions Implementation (OFSI) - UK
• Department of Foreign Affairs and Trade (DFAT) - Australia
• EU Consolidated List

This screening is conducted for legal compliance purposes and may result in restrictions on our ability to provide services.

15. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. If we become aware we have collected a child's information, we will delete it promptly. Under US law (COPPA), we do not collect information from children under 13.

16. Complaints and Contact Information

16.1 Making a Complaint

If you have concerns about our privacy practices:

1. Contact us first: secretary@coventures.vc
2. We will acknowledge within 5 business days
3. We aim to resolve complaints within 30 days
4. We will provide a written response outlining our findings

16.2 External Complaint Options

If unsatisfied with our response:

• Australia: Office of the Australian Information Commissioner (OAIC) - oaic.gov.au
• EU: Your local supervisory authority
• UK: Information Commissioner's Office (ICO) - ico.org.uk
• US: Relevant state attorney general or privacy authority

16.3 Contact Details

Privacy Officer: 

• Email: secretary@coventures.vc

16.4 If you are still unhappy

If you are not satisfied with our we handle your complaint, you can contact our Australian Financial Services Licensee Boutique Capital Pty Ltd by:

• Email: info@boutiquecapital.com.au
  
• Phone: 1800 541 155
  
• Online: www.boutiquecapital.com.au
  
• Mail: Boutique Capital, Suite 211, 3 Eden St, North Sydney NSW 2060

17. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be notified through:

• Updated "last modified" date

Continued use of our services after changes constitutes acceptance of the updated policy.

This Privacy Policy was last updated on 25 August 2025 and is effective immediately.

‍