Privacy

Welcome to Funder. The Funder platform and associated services are owned and operated by Positive Impact Technologies Sàrl (collectively referred to as “Funder”, “we,” “us,” or “our” in this privacy notice), a company incorporated in Lausanne, Switzerland.

We are committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access our digital platform or engage with our professional services. This document should be read in conjunction with our Terms of Service, which govern the use of our platform and services.

We process your personal data in strict compliance with the General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (FADP), and other applicable data protection laws. Our objective is to ensure transparency regarding how your data is handled, providing you with clear information about your rights and our obligations as a data controller.

By accessing the Funder platform or using our services, you acknowledge the practices described in this policy. We ensure that all personal data is processed lawfully, fairly, and in a transparent manner, maintaining the integrity and confidentiality required for our professional operations and stakeholder management.

The entity responsible for the processing of your personal data under this Privacy Policy is Funder (owned and operated by Positive Impact Technologies Sàrl,Lausanne, Switzerland).

As the Data Controller, Funder determines the purposes and means of processing personal data. We are committed to ensuring that your data is handled in accordance with the General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (FADP), and other applicable legal frameworks.

If you have any questions regarding this Privacy Policy, or if you wish to exercise your data protection rights, you may contact our privacy team

For all inquiries related to your data or our digital operations, please reference "Data Privacy Inquiry" in your communication to ensure it is routed to the appropriate department.

In order to provide our services and maintain the Funder platform, we may collect and process the following categories of personal data:

Funder collects and processes different types of data.

• First and last name
• email address

We collect the following data about an Enabler. Changes may not be reflected in this document.

• Personal data
• Business data such as:Company name, Enabler name, Location, Logo, cover picture, Description
• Investor and Investee data - either uploaded or added by you or those who have submitted their data to you (please see below)
• Result of running matchmaking between investors and investees
• Activities with other Enablers or Investees or Investors through Funder
• Users that are given access to your account on Funder
• Data purchased from Funder Data Store or Funding Calls on Funder
• Payment details
• Your preferences in receiving marketing and communication

We collect the following data about an Investor. Changes may not be reflected in this document.

• Personal data
• Business data such as:Investor type, profile picture or logo, LinkedIn page Company name, Location, Description, Website
• Investment thesis such as:investment stages, types, focus areas, geographies, ticket size, raise amount, revenue, SDGs, ESGs, Gender Lens, etc.
• Enablers to whom you have submitted your data
• Result of running matchmaking between your investment criteria and investees
• Activities with Enablers or Investees or other Investors through Funder
• Data purchased from Funder Data Store or Funding Calls on Funder
• Payment details
• Your preferences in receiving marketing and communication

We collect the following data about an investee. Changes may not be reflected in this document.

• Personal data
• Business data such as:Investor type, profile picture or logo, LinkedIn page Company name, Location, Description, Website
• Investment raise requirements such as:investment stage, type, focus areas, raise amount, revenue, SDGs, ESGs, Gender Lens, investment teaser, pitch, etc.
• Enablers to whom you have submitted your data
• Result of running matchmaking between your raise requirements and investors
• Activities with Enablers or Investees or other Investors through Funder
• Payment details
• Your preferences in receiving marketing and communication

We collect and sell following data about investors through Funder data store. Changes may not be reflected in this document.

• Business data such as:Investor type, profile picture or logo, LinkedIn page Company name, Location, Description, Website
• Investment thesis such as:investment stages, types, focus areas, geographies, ticket size, raise amount, revenue, SDGs, ESGs, Gender Lens, etc.
• Result of running matchmaking between your raise requirements and investors
• Activities by Enablers or Investees or other Investors through Funder
• Payment details and data purchase history
• Your preferences in receiving marketing and communication

We collect and sell following data about funding calls through Funder data store. Changes may not be reflected in this document.

• Business data such as:Funding provider, logo, LinkedIn page Company name, Location, Description, Website
• Funding call related details such as:Title, description, criteria, budget, number of applications, registration details, funding types, focus areas, etc.
• Result of running matchmaking between your funding requirements and funding calls
• Activities by Enablers or Investees or Investors through Funder
• Payment details and data purchase history
• Your preferences in receiving marketing and communication

When you access the Funder platform, we may automatically collect certain technical data regarding your device and usage patterns, including:

• Technical Data:IP address, browser type, time zone settings, and operating system.
• Usage Data:Information about how you use our platform, including page interaction, navigation paths, login count, view count, last login date/time

We may receive personal data about you from various third parties and public sources, such as:

• Enablers and Partners:Organizations within our network that facilitate introductions or manage catalyst ecosystems.
• Public Sources:Professional networking sites or corporate registries where information is publicly available.

We do not collect any Special Categories of Personal Data (e.g., details about race, ethnicity, religious beliefs, or health data) unless explicitly required by law or provided by you for a specific, documented purpose.

We use different methods to collect data from and about you including through:

• Direct interactions.You may give us your data by filling in forms or by corresponding with us by phone, email or otherwise. This includes personal data you provide when you:
• apply / pre-register on our platform to set up a user profile;
• apply to access on or another of our products or services;
• create an account on our website;
• subscribe to our service or publications;
• request to be subscribed to newsletters or other updates to be sent to you;
• enter a competition, promotion or survey; or give us some feedback.
• Automated technologies or interactions.As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, [server logs] and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy for further details.
• Third parties or publicly available sources.We may receive personal data about you from various third parties [and public sources] as set out below:
• Technical Data from the following parties:
  • analytics providers, such as Google based outside the EU;
  • search information providers, such as LinkedIn based [inside OR outside] the EU.
• Contact, Financial and Transaction Data from providers of technical, payment and delivery services, such as various deal flow / social impact platforms based [inside OR outside] the EU.
• Identity and Contact Data from publicly availably sources
• Attendee lists from industry / sector / ecosystem conferences and gatherings
• Data sourced from any type of third-party sources such as social media posts, websites, email newsletters, or your own websites
• Data entered by our users

We collect and use your personal information to ensure the efficient and secure operation of our services. The specific purposes include:

• Service Provision:To provide, operate, and maintain our website and services.
• Customer Support:To respond to your inquiries, provide technical assistance, and resolve issues.
• Communication:To send administrative information, such as changes to our terms or policies.
• Security and Fraud Prevention:To monitor for suspicious activity and protect the integrity of our platform.
• Legal Compliance:To comply with applicable laws, regulations, and legal processes.

We do not sell, rent, or trade your personal information. We may share your data with selected third parties only in the following circumstances:

• Service Providers (Sub-processors):We share data with third-party vendors who perform services on our behalf, such as website hosting, payment processing, data analysis, email delivery software development and support. These parties are contractually obligated to protect your data and are prohibited from using it for any other purpose.
• Business Transfers:In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity.
• Legal Obligations:We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
• Vital Interests:We may disclose data where necessary to protect the safety or vital interests of any individual or to prevent illegal activities.


6.1. International Data Transfers

If you are located in the European Economic Area (EEA) or the UK, your personal data may be transferred to, and processed in, countries outside of these regions.

To ensure your data receives an equivalent level of protection, we implement the following safeguards for all international transfers:

• Adequacy Decisions:We prioritize transferring data to countries that the European Commission has officially recognized as providing an adequate level of data protection.
• Standard Contractual Clauses (SCCs):For transfers to countries without an adequacy decision, we use Standard Contractual Clauses approved by the European Commission. These clauses require the recipient to protect your personal data according to European standards.
• Security Assessments:We conduct Risk Assessments for transfers to ensure that the laws of the destination country do not undermine the protections offered by the SCCs.


6.2. Referral-Related Data Sharing6.2.1 Limited Data Use


Where a User requests or authorizes a referral, pi2Life may share limited personal or business information with the relevant Referral Partner solely to facilitate the requested introduction.


6.2.2 Consent and Instruction


Such sharing occurs only: at the direction or request of the User; or where the User has provided explicit consent.


6.2.3 Controller Roles


For Enabler-managed referrals, the Enabler remains the data controller of their Users’ data.

For pi2Life-initiated referrals (if any), pi2Life may act as an independent data controller for that specific processing.


6.2.4 No Sale of Personal Data


Referral compensation does not involve the sale of personal data. Data is shared solely for the purposes of the referral, in compliance with applicable privacy laws.


6.2.5 User Responsibility


Users remain responsible for ensuring that any subsequent use of shared data complies with applicable laws and regulations.

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period, we consider:

• The amount, nature, and sensitivity of the personal data.
• The potential risk of harm from unauthorized use or disclosure.
• The purposes for which we process your data and whether we can achieve those purposes through other means.
• Applicable legal requirements (such as statutory limitation periods or tax record-keeping laws).

Once the retention period expires, we will securely delete or anonymize your personal data so that it can no longer be associated with you.

We delete most of your data when you have deleted your account with us. We must keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six [6] years after they cease being customers for [tax] purposes.

In some circumstances you can ask us to delete your data.  Otherwise, in general it is archived.

We have implemented appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorized way, altered, or disclosed. These measures include:

• Encryption:We use industry-standard encryption protocols (such as TLS/SSL) to protect data during transmission and at rest.
• Access Control:Access to your personal data is strictly limited to employees, agents, and contractors who have a business "need to know." They are subject to a duty of confidentiality.
• Anonymization/Pseudonymization:Where possible, we remove or mask identifying details to reduce the risk to your privacy.
• Regular Audits:We periodically review our security practices and system vulnerabilities to ensure your data remains protected.Data Breach:
• Data Breach:We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Cookies are small text files placed on your device (computer, smartphone, or tablet) when you visit our website. They allow us to recognize your device and store information about your preferences or past actions. We also use similar tracking technologies, such as web beacons, pixels, and local storage, to monitor site performance.

We use cookies to enhance your browsing experience and analyze our traffic. We categorize our cookies as follows:

• Strictly Necessary Cookies:These are essential for the website to function (e.g., for security, login sessions, or your shopping cart). These cannot be switched off and do not require your prior consent.
• Functional Cookies:These allow the website to remember choices you make (such as your language or region) to provide enhanced features.
• Performance and Analytics Cookies:These help us understand how visitors interact with our website by collecting and reporting information anonymously (e.g., Google Analytics).
• Targeting and Advertising Cookies:These are used to track your browsing habits so that we can show you advertising that is more relevant to your interests.

Under the GDPR, you have the right to choose which non-essential cookies you allow. You can manage these at any time:

• Consent Banner:When you first visit our site, you can select "Accept All," "Reject All," or "Customize Settings" to provide granular consent.
• Consent Banner:You can update your preferences at any time by clicking the "Cookie Settings" link in our website footer.
• Consent Banner:Most web browsers allow you to block or delete cookies through their settings. Please note that disabling essential cookies may affect the functionality of our website.

Some cookies are placed by third-party services that appear on our pages (e.g., embedded videos or social media sharing tools). We do not control these cookies; please refer to the privacy policies of these third parties for more information.

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

We may update our Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

When we make material changes to this policy, we will notify you by:

• Posting a prominent notice on our website.
• Sending an email notification to the address associated with your account (if applicable).
• Updating the "Last Updated" date at the top of this policy.

We encourage you to periodically review this page for the latest information on our privacy practices. Changes to this Privacy Policy are effective when they are posted on this page.

Your continued use of our services after any changes have been posted constitutes your acknowledgement of the updated Privacy Policy. If you do not agree with the changes, you should stop using the services and may request the deletion of your data.

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data. You may Contact Us to exercise these rights at any time.

• Right of Access:You have the right to request a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Right to Rectification:You have the right to have any incomplete or inaccurate data we hold about you corrected.
• Right to Erasure (“Right to be Forgotten”):You have the right to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
• Right to Object:You can object to the processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.
• Right to Restrict Processing:You have the right to ask us to suspend the processing of your personal data in certain scenarios, such as if you want us to establish the data’s accuracy.
• Right to Data Portability:You have the right to request the transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format.
• Right to Withdraw Consent:If we are relying on your consent to process your data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.
• Rights Related to Automated Decision-Making:You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or significantly similar effects on you.

We aim to respond to all legitimate requests within one month. Occasionally, it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

If you have questions about this policy or how your personal data is handled, you may contact our Data Protection Officer (DPO). Our DPO is an independent expert responsible for monitoring our compliance with data protection laws

You have the right to lodge a complaint with a data protection authority if you believe our processing of your personal data violates the GDPR.

You have the right to make a complaint at any time to the Federal Data Protection and Information Commissioner (FDPIC), the Swiss supervisory authority for data protection issues (https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection—switzerland.html). We would, however, appreciate the chance to deal with your concerns before you approach the FDPIC so please contact us in the first instance.