Privacy Policy for Professional Profiles and Ecosystem Analytics

1. Introduction

This Privacy Policy explains how Harambe Czech s.r.o. processes personal data relating to natural persons who appear in our startup and venture-capital intelligence products and services, including in our database, dashboards, subscriber-only analytics, and periodic PDF reports.

This Privacy Policy applies in particular to founders, co-founders, executives, general partners, investment partners, board members, advisers, angel investors, and other persons acting in a professional role within the startup and venture-capital ecosystem.

In many cases, we do not obtain personal data directly from the relevant person. Instead, we collect and verify data from publicly available or otherwise professionally accessible sources. This Privacy Policy is intended to provide the information required in those cases as well.

2. Who We Are and What We Do

Harambe Czech s.r.o. operates an information and analytics service focused on the startup and venture-capital ecosystem, with a particular focus on Czechia, Central Europe, and related markets.

Our services are designed to help users understand professional relationships, historical founder and investor activity, portfolio development, investment patterns, company trajectories, and ecosystem-level signals relevant to business and investment analysis.

Our platform focuses on professional and business-context information. We do not seek to build profiles about individuals' private lives. We aim to process data in a manner that is relevant, proportionate, and limited to the professional analytical purposes described in this Privacy Policy.

3. Categories of Personal Data We Process

Depending on the role of the individual, the available sources, and the relevant product features, we may process the following categories of personal data:

a) Identification data

• full name
• publicly used professional name or identifier
• public profile image where professionally published

b) Professional-role data

• founder, co-founder, executive, partner, investor, board, advisory, or similar role
• current and former professional positions
• role history and relevant date ranges
• public biographies and career summaries

c) Organisation and relationship data

• links to startups, venture funds, accelerators, portfolio companies, and related organisations
• founder-company links
• investor-company links
• board and advisory links
• co-founder or co-investor links
• timeline and network relationships

d) Public professional contact data

• publicly available business email addresses
• publicly available professional social-profile links
• other public business contact information where relevant and appropriate

e) Source and verification data

• source URLs
• publication titles
• publication dates
• excerpts, notes, citations, or verification references necessary to document the source of a profile entry

f) Historical business-event data

• funding rounds
• exits
• insolvency-related public business events
• appointments and departures
• public portfolio outcomes
• other business events relevant to the analytical purpose of the service

g) Derived analytical data

• relationship maps
• historical summaries
• ecosystem indicators
• confidence markers
• source-backed tags
• limited professional-context scores or indicators derived from business and investment data

We aim to keep personal data accurate, up to date where necessary, and limited to what is relevant and necessary for the purposes described below.

3A. Cookies and Website Analytics

In addition to the professional data described above, we also collect certain technical and usage data when you visit and use our website through cookies and similar tracking technologies.

Types of Cookies We Use

Managing Your Cookie Preferences

You can manage your cookie preferences at any time by visiting our Cookie Preferences page. Your consent banner will appear when you first visit the site, and you can:

• Accept all cookies
• Reject non-essential cookies
• Customize which cookies you allow
• Change your preferences at any time

Third-Party Analytics

We use Google Analytics (implemented via Firebase) as a third-party service to collect and analyze usage data. Google may process your data in accordance with their own privacy policy. For more information about how Google uses data, please visit Google's Privacy Policy.

To opt out of Google Analytics across all websites, you can install the Google Analytics Opt-out Browser Add-on.

4. Categories of Data We Do Not Intentionally Seek to Process

We do not intentionally seek to collect or publish:

• private-life information unrelated to a professional or business role
• non-business family information
• unnecessary private contact details
• special categories of personal data unless there is a clear legal basis and a compelling reason to process them

If we discover that a source contains data that are unnecessary for our purposes, we may suppress, redact, archive, or remove those data.

5. Sources of Personal Data

We may obtain personal data from sources including:

• publicly available media articles, interviews, and press releases
• company, fund, and portfolio websites
• startup and investor profile pages
• publicly accessible corporate or commercial records
• conference, event, accelerator, and incubator materials
• public professional profiles and biographies
• information submitted by the relevant individual, company, fund, or authorised representative
• internal verification and quality-control work based on the above sources

Where required, we identify the source of the data and, where applicable, that the data originated from publicly accessible sources.

6. Purposes of Processing and Legal Bases

We process personal data for the following purposes:

a) Building, maintaining, verifying, and presenting a professional ecosystem database

We process personal data to build, maintain, verify, update, and present a structured database of professional participants in the startup and venture-capital ecosystem.

Legal basis: Article 6(1)(f) GDPR – legitimate interests.

b) Relationship mapping and analytical insights

We process personal data to analyse and present professional relationships and historical connections between founders, companies, funds, investors, boards, advisers, and related entities, including ecosystem mapping, trend analysis, and related professional intelligence.

Legal basis: Article 6(1)(f) GDPR – legitimate interests.

We consider identified professional data necessary for this purpose because relationship and historical network analysis cannot be performed effectively using only anonymised or company-level data.

c) Subscriber-only reports and premium analytics

We may display or deliver personal data and derived professional-context analytics through subscriber-only products, including dashboards, benchmarking tools, comparison views, ranking interfaces, and periodic PDF reports made available to paying customers or other authorised users.

Such reports may include market developments, company-level analysis, relationship mapping, and professional-context analytical outputs relevant to the subscribed scope of service.

Legal basis: Article 6(1)(f) GDPR – legitimate interests.

This commercial access model does not limit any rights available to data subjects under applicable data protection law.

d) Limited professional-context scoring, tagging, and indicators

We may use partly automated methods to generate source-backed professional-context indicators, relationship signals, tags, and limited scores based on historical business and investment data.

Legal basis: Article 6(1)(f) GDPR – legitimate interests.

Where such analysis is used, we aim to ensure that it is explainable, tied to documented source material, and capable of review.

e) Quality assurance, security, fraud prevention, legal compliance, and dispute handling

We process personal data to verify quality, secure the service, prevent misuse, investigate incidents, respond to rights requests, and comply with legal obligations.

Legal basis: Article 6(1)(f) GDPR for security, fraud prevention, service integrity, and dispute handling, and Article 6(1)(c) GDPR where processing is necessary to comply with a legal obligation.

7. Our Legitimate-Interest Position

We rely in substantial part on legitimate interests because our service is designed to provide a structured view of the professional startup and venture-capital ecosystem and because this purpose cannot be achieved effectively without identifying the relevant professional actors and their historical business relationships.

In assessing our legitimate interests, we take into account in particular that:

• the data concern primarily professional roles and business activities rather than private-life information
• the data are typically obtained from public or otherwise professionally accessible sources
• the processing is limited to a defined business-analysis purpose
• access to certain outputs may be restricted to subscribers, authorised users, or limited professional audiences rather than unrestricted mass-public indexing
• we seek to provide source-backed and explainable outputs
• we provide correction, objection, and review channels

8. Profiling and Automated Processing

Our platform may use automated or partly automated methods to organise source data, classify relationships, generate historical summaries, produce ecosystem indicators, and create limited professional-context analytical outputs.

For GDPR purposes, certain parts of this activity may qualify as profiling where personal data are used to evaluate aspects of an identifiable person.

However, we do not intend our platform to make solely automated decisions that themselves produce legal effects or similarly significant effects about a person. Our analytics are intended as professional decision-support information and are not presented by us as the sole basis for decisions about funding, employment, partnership, credit, access to services, or any other legally significant outcome.

Where required by law, we will provide meaningful information about the logic involved, the main categories of data used, and the principal reasons why a profile entry, tag, indicator, or similar output was generated, taking into account the protection of legitimate trade secrets, data concerning other persons, and system integrity.

The full commercial presentation of our analytics, including subscriber dashboards, premium benchmarking views, full comparative interfaces, periodic PDF reports, and related premium features, is part of our paid service offering. We do not automatically provide the full premium analytical presentation to every data subject. This does not affect any statutory rights of access, rectification, objection, restriction, or other rights under applicable data protection law.

9. Recipients of Personal Data

We may disclose relevant personal data to:

• our employees and authorised contractors who need access for their work
• hosting, analytics, communication, security, support, and infrastructure providers acting on our instructions
• paying subscribers, enterprise customers, or other authorised users where the data are included in the service offering
• legal advisers, auditors, accountants, insurers, and other professional service providers
• courts, regulators, supervisory authorities, law-enforcement bodies, or other parties where disclosure is required by law or necessary for legal claims

We do not sell personal data as a standalone data commodity outside the purposes described in this Privacy Policy.

10. International Transfers

If we use service providers or partners outside the EEA, we will transfer personal data only where the GDPR permits it, including where an adequacy decision applies or where appropriate safeguards are in place.

11. Retention

We retain professional-profile data only for as long as necessary for the purposes described in this Privacy Policy, including maintaining an accurate historical and analytical record of the startup and venture-capital ecosystem.

In practice:

• current professional-role data may be kept while the role remains relevant
• former-role data may be retained where historically relevant to the analytical purpose of the service
• data may be updated, corrected, archived, suppressed, or removed where they are shown to be inaccurate, no longer relevant, or no longer justifiable in light of the purpose and balancing assessment
• source records and audit logs may be retained for longer where necessary to support verification, security, legal claims, complaint handling, and accountability

12. Data Subject Rights

Subject to the conditions and limits in applicable law, you may have the right to:

• obtain confirmation whether we process your personal data
• access your personal data and related information
• request rectification of inaccurate or incomplete data
• request erasure in certain circumstances
• request restriction of processing in certain circumstances
• object to processing based on Article 6(1)(f) GDPR on grounds relating to your particular situation
• request information about the source of the data
• where applicable, receive information about profiling and the logic involved
• lodge a complaint with a competent supervisory authority

13. How to Exercise Your Rights

You may contact us at matyas.broukal@harambe.cz to request access, correction, review, restriction, or to object to processing.

To help us process your request efficiently, please include:

• your full name
• the relevant profile URL or enough information to identify the relevant profile
• the nature of your request
• any supporting information showing that data are inaccurate, incomplete, out of date, misleading, or unfairly presented

Where necessary, we may request additional information to verify your identity before disclosing personal data or making changes.

Where you object to processing, we will review your request in light of our purposes, our legitimate-interest assessment, the accuracy and relevance of the data, and any specific circumstances you raise. If we conclude that data are inaccurate or that your rights override our interests in the specific case, we may correct, suppress, restrict, or remove the relevant content.

14. How We Provide Privacy Information

Where appropriate, we may provide privacy information and rights information by email or through other reasonable communication channels, including where we hold a suitable public professional contact address or otherwise communicate with the relevant person.

15. Supervisory Authority

If you believe that our processing of your personal data violates applicable law, you may lodge a complaint with a competent supervisory authority. If our main establishment is in the Czech Republic, the relevant authority may be the Úřad pro ochranu osobních údajů (ÚOOÚ).

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, sources, safeguards, or legal obligations. The latest version will be made available on our website.

17. Contact

If you have any questions about this Privacy Policy or the processing of personal data by Harambe Czech s.r.o., please contact: