Privacy Policy

1. Introduction

Holocen Tech ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services, in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

By using our website and services, you consent to the data practices described in this policy.

2. Data Controller

The data controller responsible for your personal data is:

3. Information We Collect

3.1 Personal Data You Provide

We collect personal data that you voluntarily provide to us when you:

• Fill out our contact form
• Complete our readiness assessment
• Request information about our services
• Subscribe to our newsletter or communications

This may include:

• Name and contact information (email address, phone number)
• Company name and position
• Funding stage and interests
• Assessment responses and business information
• Any other information you choose to provide

3.2 LinkedIn Profile Data

When you choose to connect your LinkedIn account to our platform, we collect limited profile information through LinkedIn's OAuth API:

• First and last name
• Profile photo
• Professional headline
• LinkedIn profile URL

This data is collected only when you explicitly authorize the connection through LinkedIn's authorization flow. We use this information solely to pre-populate your team member profile and improve your experience on our platform. You can disconnect your LinkedIn account at any time from your profile settings.

Important: We do not store your LinkedIn password or access token beyond the initial authorization. We comply with LinkedIn's API Terms of Use and data storage guidelines.

3.3 Automatically Collected Data

When you visit our website, we may automatically collect certain information about your device and usage, including:

• IP address and browser type
• Pages visited and time spent on pages
• Referring website addresses
• Device information and operating system

4. How We Use Your Information

We use your personal data for the following purposes:

• Service Delivery: To provide our consulting and advisory services, including readiness assessments and funding support
• Communication: To respond to your inquiries, send requested information, and provide updates about our services
• Assessment Reports: To generate and send personalized assessment reports via email
• Analytics: To understand how visitors use our website and improve our services
• Legal Compliance: To comply with legal obligations and protect our legal rights

5. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: You have given explicit consent for us to process your data for specific purposes (e.g., contact forms, assessments)
• Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., website analytics, service improvement)
• Legal Obligation: Processing is necessary to comply with legal requirements

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal data to third parties. We may share your information with:

• Service Providers: Third-party vendors who assist us in operating our website and providing services (e.g., email service providers, analytics tools)
• Legal Requirements: When required by law, court order, or to protect our rights and safety
• Business Transfers: In connection with any merger, sale, or transfer of our business assets

All third-party service providers are contractually obligated to maintain the confidentiality and security of your personal data.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. Specifically:

• Contact Form Data: Retained for up to 2 years after last contact
• Assessment Data: Retained for up to 3 years to support ongoing advisory relationships
• Analytics Data: Anonymized and retained indefinitely for statistical purposes

You may request deletion of your data at any time (see Your Rights below).

8. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data appropriately.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. Cookies are small text files stored on your device that help us:

• Remember your preferences and settings
• Understand how you use our website
• Improve website performance and functionality

We use the following types of cookies:

• Essential Cookies: Necessary for the website to function properly
• Analytics Cookies: Help us understand visitor behavior and improve our website

You can control cookie preferences through our cookie consent banner or your browser settings. Note that disabling certain cookies may affect website functionality.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication
• Employee training on data protection

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

12. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: