Confidentiality policy

Parallel Services, a simplified joint stock company with a capital of €20,000, registered with the Paris Trade and Companies Register under number 949 431 076, whose head office is located at 4, Rue Saint-Sauveur, 75002 Paris (the” Society ”), invites anyone who is required to share personal data with him (the” User ”) to carefully read this Personal Data Protection Policy (the” Policy”) before using the Website accessible at www.vasco.fund (the” Site ”), to conclude any contract with Parallel Services in order to use the services for digitizing the subscription processes offered by the Company (the” Services ”), or to access the password-protected user areas of the vasco.fund Platforms (the” Platform ”).

This Policy concerns all Users with whom the Company would be required to carry out operations for the collection and/or processing of personal data.

Personal data refers to the personal data that the User has provided or may be required to provide in the context of his use of the Site, when using his space on the Platform, or, in general, when he uses the Services offered by the Company.

This Policy details how the Company processes personal data in connection with the use of the Site and Parallel Services Services, and more specifically:
- how your personal data is collected and processed,
- the reasons why your personal data is collected and processed,
- the security procedures and standards applied to operations for the collection and processing of personal data,
- your rights in terms of personal data.

As data controller, the Company complies with the provisions of the General Data Protection Regulation (RGPD, regulation (EU) 2016/679) and the amended law “Informatique et Libertés” of January 6, 1978.

By using the Site or the Company's Platform, each User acknowledges having read this Policy.

Collection operations carried out

The Company may need to collect personal data in various situations, such as:
- Recruitment: when a User sends, by any means, an application in response to an offer to be filled or spontaneously
- Demo request: when a User submits a form on the Site in order to organize a demo of the Services offered by the Company
- Partnership: when a User sends, by any means, a request to establish a partnership with the Company
- Social networks: when a User sends a private message via social networks (in particular LinkedIn)
- Prospecting: when a User exchanges with a prospector by email or telephone
- Other contacts: when a User sends an email to a generic email address of the company or sends him a letter
- Use of the Platform: when a User uses the Platform that has been made available to him as part of the Services provided by the Company
- Conclusion and execution of contracts: in connection with the provision of Services and other agreements with the Company
- Legal obligations: compliance with legal and regulatory obligations, defense of legitimate interests

In this context, the Company will collect the following data in particular:
- Identification data: name, first name, postal address, email, telephone number
- Connection data: network type (4G, 5G, Wifi), operating system version, operating system version, browser type, time stamp, IP address, type of device used (smartphone, tablet, computer)
- Authentication data: identifiers and passwords to access the Platform
- Professional data: profession, SIRET numbers, and VAT, field of activity, share capital, legal form, company stakeholders, turnover
- Payment data: bank details of existing accounts
- Connection and usage data: IP address, internet browser, type of device, type of device, country of connection, number of connections or attempts, duration and history of sessions
- Data related to invoices and direct debit mandates: stored in the Platform or with the Company's financial service providers

Information marked with an asterisk in the forms on the Site is mandatory. In the absence of this information, a request made by a User cannot be processed.

The personal data collected on the Site is exclusively intended for authorized personnel of the Company for administrative, marketing or commercial management purposes.

All personal data collected:
- are treated fairly and lawfully,
- are recorded for specific and legitimate purposes,
- are used in accordance with these purposes, are adequate, relevant and limited to what is necessary,
- are subject to security and confidentiality measures to avoid damage, modification, destruction or communication to unauthorized third parties.

Purpose of collection operations

The personal data collected by the Company may in particular be used to:
- Process applications for jobs or internships, and spontaneous applications
- Respond to contact requests and other requests
- Manage partnership requests
- Disseminate newsletters or specific communications by email
- Respond to messages received on social networks
- Execute contractual commitments
- Invoice the Services provided by the Company
- Comply with legal and regulatory obligations
- Respond to requests from French and European authorities
- Put in place the security measures necessary for the proper functioning of the Services offered
- Design, test, improve, and market the Platform and Services

Basis of the transactions carried out

The legal bases for the collection and processing of personal data carried out by the Company are as follows:
- legitimate interest when the User provides personal data during his visit to the Site in order to obtain more information on the Services offered by the Company,
- the User's consent when it comes to the use of cookies described in section Use of cookies and Deactivating and deleting cookies of this Policy or that he uses the Services offered by the Company in the context of a contractual relationship

Recipients of the transactions carried out

The personal data collected is intended for persons in charge of managing the functions and jobs detailed in the “Purpose of collection operations” section.

Outside the Company, personal data may be transferred to the Company's service providers or third parties and to government bodies, supervisory authorities or financial institutions in the context of the Company's obligations, in particular:
- the providers in charge of the web hosting of the Company's Services (see the “Data Hosting” section),
- productivity software and tools used by internal teams, such as communication tools and customer databases,
- auditors, lawyers, external legal or financial advisers,
- the Company's financial institutions, settlement or billing systems,
- partners in the fight against money laundering and the financing of terrorism,
- recruitment agencies and other human resources management partners,
- regulatory authorities, administrations and other public bodies.

Some personal data may be hosted on servers external to the Company, located outside the European Union or the European Economic Area.

In these cases, the Company will ensure that the transfer of this data takes place to:
- a country considered adequate by the European Union, offering a satisfactory level of protection of personal data, such as the United Kingdom or the countries of the European Economic Area,
- an entity offering appropriate guarantees according to regulations, such as those provided by a contract including the European Commission's standard contractual clauses, binding corporate rules, or recognized certification.

Shelf life

Personal data is kept for the time strictly necessary for exchanges between the Company and its Users, or for the provision of Services.

For example:
- the personal data collected during a recruitment process are kept for two years after the last contact with the candidate,
- personal data collected as part of a marketing or commercial campaign are kept for three years after the last contact with the prospect,
- the personal data collected during the establishment of a relationship are kept for five years after the end of the contractual relationship with the customer or the last exchanges with the prospect.

Lodging

The personal data collected by the Company via the Site is stored on servers located within the European Union. Regarding the data collected by the Company via the Platform in its role as a subcontractor, refer to the section “Personal Data processed by Parallel Services as a subcontractor”.

security

Personal data is protected by appropriate physical, technical and organizational measures, taking into account current best practices. These measures aim to ensure the security of data against unauthorized or unlawful processing, as well as against accidental loss, destruction or damage.

Depending on the needs, risks, costs, and purposes of the processing, these measures may include pseudonymization, anonymization, and data encryption.

The Company has established a procedure to test, analyze and regularly assess the effectiveness of these technical and organizational measures, in order to ensure the security of data processing.

All persons who may process personal information within the Company are bound by a strict confidentiality obligation.

More information is available on the Company's security page: https://www.vasco.fund/securite

Personal Data Rights

In accordance with European privacy legislation, the User may, at any time, ask the Company to exercise the rights at his disposal concerning personal data held by the Company, namely:
- Right of access: he can obtain information on the processing of his personal data and receive a copy of this data
- Right to rectification: if he considers that his personal data is incorrect or incomplete, he can request their modification
- Right to erasure: he may request the deletion of his personal data within the limits authorized by law
- Right to limit processing: he may request to restrict the processing of his personal data
- Right to object: he can oppose the processing of his personal data for particular reasons and has the absolute right to refuse the processing of his data for commercial prospecting purposes
- Right to data portability: when this right applies, he may request that the personal data provided to the Company be given to him or, if technically possible, transferred to a third party
- Right to define post-mortem guidelines: he can establish guidelines on the conservation, deletion or communication of his personal data after his death
- Right to withdraw consent: if he has given his consent for the processing of his personal data, he can withdraw it at any time

To do this, simply contact the Personal Data Protection Officer at the email address dpo@vasco.fund.

Personal data processed by Parallel Services as a subcontractor

As part of its contractual commitments, the Company may process personal data on behalf of Users of its Services when they use their Platform to store personal data or documents containing personal information from third parties, and in particular:
- proof of identity or documents necessary in the context of entering into a relationship with a counterparty (investor, distributor, participation) of the user,
- contractual documentation relating to the issuance of a financial instrument,
- due diligence relating to the beneficial owners of the Users' counterparties.

In this context, the User must provide the third parties subject to the subcontracting with his own privacy policy, and the latter must be accepted by each third party prior to his first connection to the Platform.

This personal data is used as part of the dematerialization services, relationship entry processes, KYC “Know Your Customer” regulatory procedures, and subscription procedures offered by the Company. In this context, the User who gives instructions for these treatments acts as the data controller in accordance with the regulations.

Personal data that may be processed by the Company as a subcontractor includes:
- civil status information such as name, first name, email address or telephone number,
- banking and financial data such as account numbers or payment cards
- professional information such as the position occupied by the persons whose data is processed by our customers. proof of identity, accommodation certificates, criminal record extracts.

This data is hosted on a so-called Single Tenant infrastructure. This means that for each of its customers, Parallel Services creates a dedicated infrastructure hosted in the europe-west1 region of Google Cloud Platform. This region is located in Brussels, Belgium. Daily backups are made to a cloud storage bucket and contain documents and databases (stored in Finland and Madrid).

The Company applies to subcontracted personal data the same technical and organizational security measures as those described in the “Security” section. Likewise, any possible transfer of the subcontracted personal data follows the requirements described in the section “Data Collection Recipients and Transfers”.

Any subsequent subcontractor is required to comply with the same contractual and regulatory obligations as the Company, in particular with regard to the security and transfer of personal data.

In the event of a personal data breach, the Company undertakes to notify Users within 72 hours after becoming aware of it and to provide all the information required by the regulations.

Throughout the duration of our contractual relationship, the Company undertakes to respond quickly to any request to exercise rights or to provide all the necessary information as part of an impact assessment or a request from the authorities.

Users undertake to comply with applicable regulations and to instruct the Company to only process data that is relevant, proportionate and necessary for the treatments mentioned.

Use of cookies

A cookie is a file that contains data and is stored on the User's device. The cookies used allow:
- audience measurement,
- the performance of the Site (volume of visits, measurement of ergonomics),
- measuring the performance of online advertising campaigns.

When accessing the Site, a User can choose to accept or refuse cookies.

Deactivating and deleting cookies

The user can delete the cookies installed on his device from his browser. He can also set his browser to warn him before a cookie is installed on his device. For more information: http://www.allaboutcookies.org/.

Policy Update

The Company reserves the right to update this Policy at any time. The Company therefore advises Users to consult it regularly.

Data Protection Officer (DPO)

The User may contact the Personal Data Protection Officer at dpo@vasco.fund.

Complaints

If the User is unable to assert his rights with the Company, or if he wishes to file a complaint with a competent supervisory authority, he may contact the Commission Nationale de l'Informatique et des Libertés (CNIL).