HEALTHQUEST CAPITAL PRIVACY POLICY
HealthQuest Capital Management, L.P. and HealthQuest TOF Capital Management, L.P., together with their affiliates and funds (“HealthQuest”, “us”, “our” or “we”), have prepared this Privacy Policy to explain how we collect, use, store, share and transfer personal data and information (“Personal Data”) we obtain through our website located at www.healthquestcapital.com and our secure investor portal located at https://healthquestcapital.hosted.investorbridge.com (the “Sites”), the Internet services that we offer (together with the Sites, the “Internet Services”), as well as through other means, as described below.
Investors, employees, contractors and job applicants may receive a supplementary privacy notice and, in the event of any conflict with this Privacy Policy, the terms of such supplementary privacy notice will control.
When we use the term “Personal Data” in this Privacy Policy, we mean information relating to an identifiable individual person.
Where permitted by law, by using the Internet Services you consent to the use of your Personal Data as described herein and agree to the terms of this Privacy Policy.
Depending on where you are located and your interactions with the Internet Services, certain processing of your Personal Data by HealthQuest may be subject to data protection and privacy laws, including the EU’s General Data Protection Regulation (the “GDPR”), the UK Data Protection Act of 2018 along with the “UK GDPR” as retained as UK law by the European Union (Withdrawal) Act 2018 (together, the “UK GDPR”) and the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the “CCPA”). For example, this may be the case where HealthQuest processes the Personal Data of individuals in the EU and the UK who use the Internet Services (the “EU/UK Processing”) or of users of the Sites who reside in California (the “CCPA Processing”).
This Privacy Policy makes clear where its disclosures apply only to the EU/UK Processing or to the CCPA Processing. All other disclosures in this Privacy Policy relate to Personal Data to which the GDPR, the UK GDPR and the CCPA do not apply.
This Privacy Policy was updated as of June 21, 2024.
Personal Data We Collect
We collect and use Personal Data in a number of ways, depending on how you interact with us, including when you interact with us on our Sites and Internet Services, when you contact us by email, telephone or by other means, and when you visit one of our offices. If you provide Personal Data about any person other than yourself, you must ensure they understand how their Personal Data will be used and that they have given their permission for you to disclose the Personal Data to us and our outsourced service providers to use.
Information You Submit Through the Internet Services. When you interact with our Sites and other Internet Services, we may collect information you voluntarily provide to us, such as when you complete one of our online forms, join our mailing list or login to our investor portals. This information may include:
(1) Identifiers, such as your name, user name and password, as well as contact details, such as your personal or work postal address, email address and phone number;
(2) Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as name, address and telephone number;
(3) Sensitive Personal Information such as your account log-in;
(4) Information about your communications with us, including the Personal Data you provide to us in email or in conversations with our employees and personnel; and
(5) Your marketing preferences, including any consents you have given us.
Information We Collect Automatically Through Our Internet Services. We may automatically collect certain Personal Data including internet and other electronic activity information to help us understand how you use the Internet Services (collectively, “Usage Data”). For example, each time you visit the Sites, we may automatically collect your IP address, browser and computer or device type, access time, the webpage from which you came and the webpage(s) that you access during your visit. We may combine Usage Data with other Personal Data in a manner that enables us to trace Usage Data to an individual user.
Information We Collect From Third Parties. On occasion, we may receive Personal Data from third party sources, such as where our trusted suppliers provide web analytics and reporting services to us.
Information We Collect When You Visit One of Our Offices. When you visit one of our offices, we may collect Personal Data from you, including identifiers (e.g., your name, employer, phone number, email, etc.) if you sign in at our front desk, and visual information collected through security cameras.
Sensitive Personal Information. We may collect information that is considered “sensitive” under some laws (e.g. account log-in information if you log into our portal). When we do so, we use such information only for lawful purposes in compliance with applicable laws such as the CCPA, GDPR and other privacy laws, such as to perform the services or provide the goods requested by you and to resist malicious, deceptive, fraudulent or illegal actions. If required by applicable law, we will obtain your consent prior to processing.
Cookies. We may use cookies for reasons including keeping track of your use of the Internet Services, validating your identity, remembering your password and preferences, tailoring the Internet Services to your account and improving the quality of the Internet Services. Generally, you can set your browser not to accept cookies or to notify you if you are sent a cookie, giving you the opportunity to choose whether or not to accept the cookie. Please note that if you do set your browser not to accept cookies, certain Internet Services may not function properly. We use Squarespace to understand Site traffic. To learn more about the use of cookies by Squarespace for analytics and to exercise choice regarding those Cookies, please visit the SquareSpace Cookie Policy.
Children. We do not knowingly collect Personal Data from minors under the age of 16 nor do we target the Sites to minors.
Our Use of Personal Data The following table describes the purposes for which we process the Personal Data referred to above, and any information you give us, as well as the legal basis for the use of Personal Data that is subject to the EU/UK Processing.
| Purpose |
Legal Basis To Process Personal Data Under The EU & UK |
|---|---|
| To verify your identity | Contractual necessity and/or our legitimate interest in operating our business and providing investment services |
| To conduct business with you or to provide you with the services or products you have requested, including responding to your enquiries and requests and providing you with support | Contractual necessity and/or our legitimate interest in operating our business and providing investment services |
| To keep a record of and manage your relationship with us | Our legitimate interest in operating our business and providing investment services and/or consent |
| To respond to requests from government law enforcement authorities conducting an investigation or in connection with legal claims and for compliance, regulatory and investigatory purposes. | When necessary to comply with a legal obligation or where necessary for our, or another party’s legitimate interests (where those interests are not overridden by your data protection rights) |
| To communicate with you, to operate, schedule and facilitate meetings and in relation to your participation in any of our events | Our legitimate interest in operating our business and providing investment services and/or with your consent |
| To promote our services (including Internet Services) to clients, potential clients and other individuals and advising you of news and industry updates | Where necessary for our, or another party’s legitimate interests (where those interests are not overridden by your data protection rights) |
| To monitor the use of the Sites and using Personal Data to help us improve and protect the Internet Services, both online and offline | Where necessary for our, or another party’s legitimate interests (where those interests are not overridden by your data protection rights) |
EU/UK Disclosure: Where we require Personal Data to comply with our legal or contractual obligations, the provision of such Personal Data is mandatory. If it is not provided, then we may not be able to provide the Internet Services. In all other cases, the provision of requested Personal Data is optional. We will not use Personal Data to formulate a decision based solely on automated processing (including profiling) which produces legal effects or similarly significantly impacts you.
Our Personal Data Sharing Practices
We may employ other companies and individuals to perform functions on our behalf, such as for analyzing data and providing certain of the Internet Services. These third-party service providers have access to Personal Data needed to perform their functions, but we require that they do not use Personal Data for other purposes. Personal Data is not shared with any unaffiliated third parties for their marketing purposes unless we have obtained your consent to do so in accordance with applicable law.
We may share Personal Data with third parties: (1) in response to subpoenas, court orders, regulatory requests or legal process, or to establish, protect or exercise our legal rights and interests or to defend against legal claims; (2) if we believe it is necessary in order to investigate, prevent or take action regarding inappropriate or illegal activities, fraud or situations involving potential threats to the safety of any person or property; (3) if we believe it is necessary to investigate, prevent or take action regarding inappropriate use of the Internet Services; (4) to our parent company, subsidiaries, joint ventures or other companies under common control with us (in which case we will require such entities to honor this Privacy Policy); and (5) as part of a corporate transaction with a successor or affiliate or in connected with any acquisition, merger or sale of assets.
CCPA Disclosure: We may disclose the following categories of Personal Data to third parties for the business or commercial purposes described above: (1) identifiers, including your name, user name and password and contact details, such as your personal or work postal address, email address and phone number; (2) commercial information, including your marketing preferences and any consents you have given us; (3) Internet or other electronic network activity information, including information related to the browser or device you use to access the Sites, your IP address and your cookie preferences; (4) professional and employment information, such as where we are making employment references; and (5) visual information collected through our security cameras for legal or regulatory compliance or investigatory purposes. We do not sell your Personal Data, nor do we share it for purposes of cross-context behavioral advertising, and we have not done so in the last 12 months.
EU/UK Disclosure: Your Personal Data may be transferred to, processed in and accessed from jurisdictions outside the EU and the UK by HealthQuest and the third parties with which we share your Personal Data. Specifically, your Personal Data will be transferred to HealthQuest entities and third parties in the United States of America. When we transfer your Personal Data among HealthQuest entities, or to other third party organizations, we will do in accordance with the GDPR and/or the UK GDPR, including, as necessary or applicable, through the use of European Commission-approved standard contractual clauses, a third party’s binding corporate rules or where we are entitled to rely on one of the other safeguards permitted by the GDPR and/or the UK GDPR.
Your Rights
We have controls in place designed to ensure that the Personal Data we collect and process is relevant, accurate and appropriate for the purposes it is used. If you believe that any Personal Data about you is inaccurate, please let us know by contacting us at compliance@hqcap.com. Please note that any Personal Data we have copied may remain in back-up storage for some period of time after your request, and that if you delete certain Personal Data, you may not be able to use the Internet Services in the future without re-submitting such information. Please also note that we will maintain Personal Data whenever we are required to do so by law or regulation.
Individuals in a number of jurisdictions may have certain rights in relation to their Personal Data. These rights vary, but they may include the right to: (1) request access to and rectification or erasure of their Personal Data; (2) restrict or object to the processing of their Personal Data; and (3) obtain a copy of their Personal Data in a portable format. Individuals may also have the right to lodge a complaint about HealthQuest’s processing of their Personal Data with a data protection authority. The rights described herein are not absolute and may not be applicable to you. We reserve all of our rights available to us at law in this regard. If you wish to exercise any of the rights described in this Your Rights section, please email compliance@hqcap.com.
If you wish to exercise your rights, we may need to verify your identity. To do so, we may request that you match specific pieces of information you have provided us previously, as well as, in some instances, ask you to provide a signed declaration under penalty of perjury that you are the individual whose Personal Data is the subject of the request. If it is necessary to collect additional information (including Personal Data) from you, we will use the information only for verification purposes and will delete it as soon as practicable after complying with the request. For requests related to particularly sensitive Personal Data, we may require additional proof of identification. If you make a request through an authorized agent, we may require written proof that the agent is authorized to act on your behalf. We will process your request within the time provided by applicable law.
EU/UK Disclosure: You may be entitled to ask HealthQuest for a copy of your Personal Data, to correct, delete or restrict processing of it, and to obtain the Personal Data you provide in a structured, machine-readable format and ask us to share this Personal Data with other organizations. You may also have the right to object to processing in some circumstances and can ask us not to send you direct marketing or to carry out profiling at any time. You have the right to lodge a complaint about HealthQuest’s processing of your Personal Data with a data protection authority in the place you live, work or where the breach occurred. Where we have asked for your consent, you may withdraw consent at any time. If you ask to withdraw your consent to HealthQuest processing your Personal Data, this will not affect any processing that has already taken place. These rights may be limited, for example, if fulfilling your request would reveal Personal Data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete Personal Data that we are required by law to keep or have compelling legitimate interests in keeping. We will inform you of relevant exemptions we rely upon when responding to any request you make.
CCPA Disclosure: If you are a California resident, you may be entitled to request access to the categories or specific pieces of Personal Data that HealthQuest collects about you, to request that HealthQuest deletes or corrects your Personal Data and to opt out of the sale and/or sharing of your Personal Data. Although California residents may have the right to opt out of the sale and sharing of Personal Data, HealthQuest does not sell or share Personal Data as the terms “sell” and “share” are used under the CCPA to third parties, including Personal Data of individuals under 16 years of age, and we have not sold or shared such Personal Data in the last 12 months. The CCPA prohibits HealthQuest from discriminating against you for exercising your applicable CCPA rights.
If you wish to exercise any of the rights described in this CCPA Disclosure section, please email compliance@hqcap.com. In order to respond to a request, you will be required to supply a valid means of identification as a security precaution. Depending on the sensitivity of the information in question, we may require additional proof of identification. We will not disclose or delete any information until the individual’s identity is verified. If an agent makes a request on your behalf, they will be required to verify the request by submitting your written authorization, and we may still ask that you verify your identity with us before we can proceed with the request. We will not honor any requests from agents until authorization is verified. We will maintain records of consumer requests made under CCPA and how we responded to those requests in accordance with the CCPA.
California Disclosure: Under California Civil law, Californians are also entitled to request information relating to whether a business has disclosed Personal Data to any third parties for the third parties’ direct marketing purposes. If you are making a request for access, we may not be able to provide specific pieces of Personal Data if the disclosure creates a substantial, articulable and unreasonable risk to the security of your Personal Data, your account with us or our systems or networks. If you are making a request for erasure, we will ask that you confirm that you would like us to delete your Personal Data again before your request is submitted. To make a request, please contact us at compliance@hqcap.com.
Retaining Your Personal Data
Where we process your Personal Data in connection with the Internet Services, we keep the Personal Data to comply with our legal obligations or to communicate with you because you still have another connection with HealthQuest. Where we process your Personal Data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after that (to allow us to implement your requests). We retain all other Personal Data for the time necessary to achieve the purposes outline in this Privacy Policy or pursuant to our record keeping policies, taking into account the statute of limitations period and record retention requirements under applicable law. We do not sell any of the personal information we collect about you to third parties. However, we reserve the right to transfer any personal information we have about you in the event of an actual or proposed sale or transfer of all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, divestiture, dissolution, or liquidation).
SEC Regulations S-P, S-AM and the Gramm-Leach-Bliley Act
Some regulators, such as the Securities and Exchange Commission, the U.K. Information Commissioner and the Federal Trade Commission, have adopted rules that require financial institutions, like HealthQuest, to provide privacy policy notices to their clients. If you are a natural person who invests with us, that notice will govern how we use your Personal Data for the purposes specified in that notice.
Security
We have implemented measures to help protect Personal Data from loss, misuse or unauthorized access or disclosure. While we strive to protect Personal Data, we cannot guarantee its security. Our website and communication facilities do not provide a means for completely secure and private communications and use. Although we will attempt to keep personal information confidential, from a technical standpoint, there is still a risk. We suggest that you use caution when using the website, e-mail and other communication methods to communicate information to HealthQuest that is considered to be sensitive and/or confidential.
Links
The Sites may contain links to other websites. We are not responsible for the privacy practices of any such other website (whether accessed through an advertisement, service or content link) and urge you to review such practices prior to submitting any information or Personal Data to such websites.
Changes
We may update this Privacy Policy from time to time in our sole discretion and encourage visitors to review this page frequently for any changes. Any updated version of this Privacy Policy will be effective as of the date set forth therein. If you are located in the United States of America or otherwise outside the EU or the UK, by continuing to use the Internet Services after such updates, you expressly agree to the terms of the updated Privacy Policy.
Questions
If you have any questions about this Privacy Policy, please feel free to contact us by e-mail at compliance@hqcap.com.