Privacy Policy

The following information sets out the way in which Zeren will collect and use information about you in a way that is consistent with our responsibilities and your rights under relevant privacy law. Please read it carefully so that you understand how we will use your information.

Renovata and Company

Privacy Policy

Effective Date: August 2023

Renovata and Company is an international executive search and talent solutions business that is made up of different legal entities, including those set out in the table below. This policy is intended to explain to you how companies in the Renovata and Company group collect and use your personal data including via our websites (as listed below) or by email, marketing communications, social media, and other methods (to the extent applicable).

The “Renovata Entities” which are made up of	Renovata London Limited (a company registered in England and Wales under company number: 07970468) Renovata Partners Ltd (a company registered in England and Wales under company number: 05593911) Renovata Partners Inc (a company registered in the State of New York, USA under company number EIN 46-1603965)) Renovata Partners GmbH (a company registered in Germany under company number HRB 264820) Renovata Partners AB (a company registered in Sweden under company number 559049-1311)
The “Zeren Entities” which are made up of	Zeren Search Ltd (a company registered in England and Wales under company number: 11434483) Zeren Search LLC (a company registered in the State of New York, USA under company number EIN 86-1235220) Zeren Search GmbH (a company registered in Germany under company number HRB 271947)
The “Renovata Affiliate Entities” which are made up of	Capital Search USA LP (a company registered in California, USA under company number EIN 47-2419533) L Capital Advisors LLC (a company registered in California, USA under company number EIN 83-3280505)

The companies within the Renovata and Company group from time to time shall be referred to collectively as the “Renovata Group”. Where we mention “we”, “us” or “our”, we are referring to the relevant company in the Renovata Group that is responsible for processing your personal data.

The websites operated by the Renovata Group include:

At the Renovata Group, we are committed to protecting your data and privacy.

We have provided this policy to ensure that you are fully aware of how and why we collect personal data about you when you are engaging with either our candidate placement recruitment services or our private equity advisory services. We will also provide you with information about why and when we may share your personal data and with whom.

Your Consent

You should ensure that you have read and understood this policy before providing your personal data to us. Whenever you submit information via one of our websites or otherwise to us, whether online or offline, you consent to the collection, use and disclosure of that information in accordance with this policy.

The data we collect about you

For your information, personal data (also known as personal information), means any information about an identifiable person which can be directly or indirectly assessed.

We may collect, use, store and transfer different types of personal data about you. These can be separated into the following different categories, however, please note that not all of these categories will be applicable to you:

Identity Data includes first name, maiden name, last name, title, gender and age. If you are a registered company, this will include your company name and company number (where applicable).
Contact Data includes your current address, email address and phone number. Where you are a candidate, this will be as listed on your curriculum vitae (“CV”)/résumé or relevant application form; where you are not a candidate, this will be as provided to us or extracted from your public profile, as set out below.
Image Data includes your photograph if you have opted to include this in your CV/résumé and/or your LinkedIn profile. Image Data is only collected in respect of candidates.
Education Data includes details about your current and/or previous education history. Education Data is only collected in respect of candidates.
Employment Data includes details about your current and previous employment roles, your expected salary, and the specific sector that you work in. Employment Data is only collected in respect of candidates.
Technical Data includes internet protocol (IP) address, browser type and version, universally unique identifiers, time zone setting and location, browser plug-in types and versions, operation system and platform, and other technology on the devices you use to access our website.
Usage Data includes information about how you use our website and services.
Marketing Data includes your preference in receiving marketing from us and our third parties and your communication preferences.
Diversity Data includes details of your gender, sexual orientation, race or ethnicity or religious or philosophical beliefs if you choose to engage with our diversity questionnaire. Diversity Data is generally only collected in respect of candidates and only where reasonably required. Our use of Diversity Data is occasional only.

We may also collect, use, and share Aggregated Data such as statistical or demographic data. Aggregated Data could be derived from your personal data but is not considered personal data under UK law as it does not directly or indirectly reveal your identity. For example, we may aggregate your Contact Data and Employment Data to ascertain whether there is a specific geographical area where we are placing the most candidates. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data in accordance with this privacy policy.

Other than Diversity Data (which is collected by us only occasionally and when reasonably required) we do not collect any Special Category Personal Data about you (this includes details about your sex life, political opinions, trade union membership and genetic and biometric data). Nor do we collect any information about criminal convictions and offences, unless expressly disclosed.

How do we collect your personal data?

We only collect personal data (including information concerning your health)by lawful and fair means. We use different methods to collect data from and about you, depending on how and which of our services that you interact with. We do this through the following:

Direct interactions. You may give us certain personal data by providing us with a copy of your CV or résumé, completing any questionnaire we provide to you or by choosing to interact with us via phone, email, our website(s) or in any other way.
Automated technologies or interactions. As you interact with our website(s), we will automatically collect personal data relating to your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookies policy here. Do Not Track Notice: Because there are not yet common, industry-accepted “do not track” standards and systems, our websites do not respond to Do Not Track signals.
Third-party or publicly available sources. We may receive and collect personal data about you from various third parties from time to time. We may collect personal data available on your LinkedIn profile. Your personal data will not be extracted from LinkedIn to our own database where your personal LinkedIn preferences are set to ‘private’ (or equivalent). We may also collect publicly available personal data about you through the use of the PitchBook platform, which we use to collect information relevant to our services.

We do not intend for the above list to be exhaustive but rather provide you with some examples of the types of third parties from which we may receive data. This list may therefore be updated from time to time.

What personal data do we collect, how do we use this and what is our lawful basis for such use?

The table below sets out the personal data we collect from you, how we use it and our lawful basis for doing so.

Purpose/Activity

Type of Data

Lawful basis for processing including basis of legitimate interest

To register your interest as a prospective candidate for our candidate placement services which will include:

· Adding you to our candidate database (this may be based on information obtained via LinkedIn or other public sources of information you provide directly to us);

· Where requested by you, contacting you throughout the registration process;

· Making you aware of any suitable up-and-coming job prospects;

· If you are a decision maker in a company, contacting you regarding investment opportunities we think may be of interest to you.

(a) Identity

(b) Contact

(d) Employment

(e) Marketing

(f) Diversity (where reasonably required)

Necessary for our legitimate interests of maximising our database of potential candidates to ensure we provide the best possible service to our clients and therefore are able to expand our business.

In respect of Diversity Data, your explicit consent.

Providing your profile to our clients (potential employers) once you confirm you’re happy for us to do so.

(a) Identity

(b) Contact

(d) Education

(e) Employment

(f) Diversity (where reasonably required)

Necessary for our legitimate interests of properly servicing our clients and your legitimate interests of finding an appropriate role.

To manage our relationship with you which will include:

· notifying you about changes to our terms or policies; and

· asking you to leave a review for feedback or take a survey.

(a) Identity

(b) Contact

Necessary to comply with a legal obligation.

Necessary for our legitimate interests to understand and analyse what our clients think about us and how they use our service so that we can further grow our business.

To administer and protect our business and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).

(a) Technical

(b) Usage

Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise).

Necessary to comply with a legal obligation.

To use data analytics to improve our website, services, marketing, customer relationships and experiences.

(a) Technical

(b) Usage

Necessary for our legitimate interests to define types of candidates, to keep our website updated and relevant, to develop our business and to inform our marketing strategy.

To provide updates to you about open job opportunities which may suit your expertise. This may include marketing campaigns.

(a) Identity

(b) Contact

(d) Employment Data

(e) Marketing

Where such communications are marketing communications made by email, phone or SMS or other electronic message, with your consent.

In all other cases, necessary for our legitimate interests to engage our prospective candidates and employers so that we can develop our business.

Where you are an employer client, to contact you about potential candidates, upcoming job vacancies and generally to provide our services to you.

(a) Identity

(b) Contact Data

Necessary for the performance of a contract.

We may also use all types of personal data across the Renovata Group as necessary for the establishment, exercise and defence of legal claims.

Intended Audience of Websites; COPPA Compliance

The Children’s Online Privacy Protection Act (“COPPA”) does not apply to us because our websites are not directed to children under the age of 13. For purposes of clarity, our websites do not request or knowingly collect personal data from individuals under the age of 13. If you are not 13 or older, you should not visit or use our websites. If we learn that personally identifiable information of persons under 13 years of age has been collected on our websites without verified parental consent, then we will take appropriate steps to delete the information.

Where we store your personal data

Your personal data will be stored in one or more of our candidate databases (which are hosted by third-party service providers). We may also store your personal data in our cloud storage systems.

Sharing/disclosing your personal data

We may share your personal data with the parties below for the purposes set out in the table above. The way we share your personal data will depend on your type of engagement with the Renovata Group Entities.

We may share your personal data internally within the Renovata Group as necessary to provide our services and because we use shared databases within the Renovata Group, this enables us to use the data we hold in the most efficient way, given the services provided by the different companies in the Renovata Group are complementary to one another.
Externally to third parties outside of the Renovata Group such as:
- Our service providers (who will only process personal data in accordance with our instructions unless you are notified otherwise);
- Our professional advisers including, lawyers, bankers, auditors and insurers based in any of the countries that the Renovata Group operates within, provide consultancy, banking, legal and accounting services;
- Regulators (such as the ICO), government agencies, accreditation bodies and other legal or enforcement bodies based in any of the countries that the Renovata Group operates within, to the extent required by law, rule, regulation or industry practice;
- Any of our third-party researchers or consultants who we may employ from time to time for the legitimate aim of progressing our business needs; and
- Any third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Contact Preferences; Opt-In and Opt-Out

We would like to keep in touch with you in ways that you find to be beneficial. You can ask us to stop sending you marketing or job notification messages at any time by following the opt-out links on any marketing message sent to you. Keep in mind that these particular preferences do not mean that we might not contact you for other reasons, such as those related to a matter you initiated on your account, a legally required notice and so on.

International transfers

Due to the structure of the Renovata Group, depending on the entity that you interact with, your personal data may be shared with other countries outside of your country of residence, as follows:

Transfers made by our third-party service providers:

When we record your personal data on our candidate database, this may involve a transfer of your personal data to another country, if the server upon which our candidate database is hosted is based in another country or countries.

If a Renovata Entity or a Renovata Affiliate Entity is processing or collecting your personal data, any personal data we log in our candidate database is hosted by our third party service provider in the United States.

If a Zeren Entity is processing or collecting your personal data, any personal data we log into our candidate database may be transferred to a country outside of the UK and EU.

In both the above cases, our third-party service providers have implemented adequate safeguards to ensure the protection of your privacy and fundamental rights and freedoms. Further information about the specific safeguards that have been implemented is available on request.

Transfers made within the Renovata Group:

Given the international nature of our business, when we share personal data within the Renovata Group, this may mean your personal data is being accessed in another country. We will only do this where your data has been stored on one of our candidate databases. This may mean that a member of the Renovata Group based in the United States has access to your personal data.

Transfers of personal data between entities based in the UK and the EEA are based on the UK and EEA adequacy decisions issued by the relevant data protection authorities.

Transfers of personal data between entities based in the UK and the EEA; and entities based in the United States are based on entry to standard clauses approved by the relevant regulators. Further details regarding the safeguards we have in place to protect your personal data when it is transferred outside of the UK or EEA are available upon request.

External Links

We may make available third party applications through our websites and social media applications for your use. Links to such applications, any other websites included in our website or links on our social media accounts operate with privacy policies beyond our control. Unless otherwise indicated, once you have left our websites or our social media account, all use of information you provide is governed by the privacy policy of the other website’s or social media account’s operators. We are not responsible for any transactions that occur between you and a third-party website or social media account.

How do we protect your personal data?

We protect your personal data in the following ways:

We will not request information which is excessive for our purposes.

We try, with your assistance, to keep any information we hold about you up to date and accurate.

We delete any information we hold about you that is no longer relevant in accordance with our retention policy.
We anonymise information where we do not require personally identifiable information for the purposes for which it is used.
Where reasonably possible, we store any Diversity Data we collect in a pseudonymised form (which means, by way of example, that data relating to your ethnicity is recorded in a coded way which is not accessible by third parties without access to further information that is not readily available to them). We do not collect Diversity Data unless reasonably necessary.

We follow strict security procedures in the storage and disclosure of information that you have given to us to prevent unauthorised access.

We have appropriate written agreements in place with those advertisers with which we may share any application form submitted by you.
We have in place technical and organisational security measures to ensure the protection of your personal data, these include:
- Annual employee training which includes, data protection and cyber security training
- Being certified under the NCSC Cyber Essentials Self-Certification scheme; and
- Use of Microsoft Intune which provides (amongst other technical security protections) two-factor authentication, encryption of data, private and secure VPN systems and malware detection systems.

If you would like further information on the technical and security measures that we implement to protect your personal data, please contact our Data Protection Officer at: dataofficer@renovata.com

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our website; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.

Retention of personal data

We will retain the personal data provided to us in connection with the engagement of our services for the following periods:

If you have engaged with our candidate placement or talent solutions services and have uploaded or provided a copy of your CV/Resume, the information contained therein, together with any other personal data we have collected about you (as set out above) will be stored on our relevant case management system for no longer than is necessary to pursue our legitimate interests (as set out above). In any event, your data will be deleted no more than 10 years following your last contact with us.
If your personal data is obtained from your LinkedIn account, we will store the relevant data for no longer than is necessary to pursue our legitimate interest (as set out above) and in any event, it will be deleted no more than 10 years following its initial collection.
If you are a client of the Renovata Group, we will hold your personal data for at least six years following the termination or expiry of our contract with you or your business/employer (as applicable).
We retain Technical Data and Usage Data for up to 12 months following collection.

You have various rights in respect of your personal data

You have various rights in respect of your personal data, as follows:

a right of access to a copy of the personal data we hold about you;

a right to object to processing that is likely to cause or is causing damage or distress to you;
the right to object to our processing of your personal data for direct marketing purposes;

a right to object to decisions being taken by solely automated means;

a right in certain circumstances to have information transferred to you or a third party;
a right in certain circumstances for the personal data we hold about you to be erased; and
a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed.

If you wish to exercise any of these rights, please contact us by writing to us at Renovata and Company, 41-44 Great Queen Square, London, United Kingdom WC2B 5AD or by email at dataofficer@renovata.com. Alternatively, you can call us on 020 7440 4000.

We may make changes to our privacy policy

This privacy policy may be revised from time to time for any reason. Any changes we make to our privacy policy in the future will be posted on this website and notified to you the first time you access our website following such change. Be sure to check the privacy policy whenever you submit personal data to us or use one of our websites.

Your right to make a complaint in respect of our use of your personal data

You have the right to complain in respect of our use of your personal data. If you are a UK resident, your complaint would normally be addressed to the Information Commissioner’s Office (‘ICO’). Please contact us before you escalate your complaint.

You can contact us in respect of your personal data

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to the following:

If you are based in the UK: Renovata Partners Limited, 41-44 Great Queen Square, London, United Kingdom WC2B 5AD or by email to dataofficer@renovata.com.
If you are based outside of the UK: Renovata Partners GmBH, c/o Linn Goppold Treuhand GmbH
Leopoldstr. 175, 80804 München, Germany or by email to dataofficer@renovata.com.

UK and EU representatives

If you are a UK resident but wish to contact a member of the Renovata Group that is not established in the UK, please address your question to our UK data protection representative, Renovata Partners Limited, using the details above.

If you are an EU resident but wish to contact a member of the Renovata Group that is not established in the EU, please address your question to our EU data protection representative, Renovata Partners GmBH using the details above.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjFirstSeen	30 minutes	Identifies a new user’s first session. Used by Recording filters to identify new user sessions. 30 minutes duration, extended on user activity. Boolean true/false data type.
_hjHasCachedUserAttributes	session	Enables us to know whether the data set in _hjUserAttributes Local Storage item is up to date or not. Session duration. Boolean true/false data type.
_hjid	1 year	This is an old cookie that we do not set anymore, but if a user has it unexpired in their browser, we will reuse its value and migrate to _hjSessionUser_{site_id}. Set when a user first lands on a page. Persists the Hotjar User ID which is unique to that site. Ensures data from subsequent visits to the same site are attributed to the same user ID. 365 days duration. UUID data type.
_hjSessionUser_{site_id}	1 year	Set when a user first lands on a page. Persists the Hotjar User ID which is unique to that site. Hotjar does not track users across different sites. Ensures data from subsequent visits to the same site are attributed to the same user ID. 365 days duration. JSON data type.
_hjUserAttributes		Stores User Attributes sent through the Hotjar Identify API. No explicit expiration. Base64 encoded JSON data type.
_hjUserAttributesHash	2 minutes	Enables us to know when any User Attribute has changed and needs to be updated. 2 minutes duration, extended every 30 seconds. Content hash data type.
hjActiveViewportIds		Stores user active viewports IDs. Stores an expirationTimestamp that is used to validate active viewports on script initialization. JSON data type.
hjViewportId		Stores user viewport details such as size and dimensions. Session duration. UUID data type.