Privacy Notice
Effective Date: January 2026
Our Commitment to Your Privacy
Your privacy is important to Greenoaks Capital Partners LLC (“Greenoaks”) and our affiliates (together, “our”, “us”, or “we”). To better protect your privacy, we are providing information explaining our online information and research communication practices.
This Privacy Notice, together with the California Privacy Notice Supplement and the EEA-UK Privacy Notice Supplement (together, the “Privacy Notice”), describes how we gather and use personal data that we collect:
- on or through www.greenoaks.com (the “Website”);
- when you opt to receive communications from us;
- about representatives of our vendors, business partners, or portfolio companies;
- to conduct business with you;
- when we or our representatives, advisors, and third-party research service providers conduct investment-related research or due diligence activities in respect of current or potential investments; and
- through other data collection points where we refer to this Privacy Notice.
This Privacy Notice does not apply to any processing of personal data in relation to our investors, which is covered by a more specific investor privacy notice provided to all investors.
Please read this Privacy Notice carefully. If you are a California resident, please also see the California Privacy Notice Supplement. If you are located in the European Economic Area, the European Union, or the United Kingdom, or your personal data is otherwise subject to EU or UK data protection laws, please also see the EEA-UK Privacy Notice Supplement.
The Personal Data We Process and How We Collect It:
We collect your personal data in the following ways, and we only collect the personal data necessary to carry out our business for the purposes set out in the section below headed “Why we use your personal data”:
Information you provide to us.
We collect your personal data when you decide to interact with us (e.g., via the privacy inquiry link below, when you visit our offices, when you communicate with us in writing or orally, or when you respond to our research or due diligence communications) including your name, residential address, email address, telephone number, and other contact details; profession; demographic information; correspondence with you; and survey or questionnaire responses and confidential references or feedback when you participate in our research communications.
Information provided by third parties or publicly available sources.
We may receive personal data about you from third parties. Such third parties may include our clients, investment or market research providers, sample and list suppliers, analytics providers, data brokers, and third-party directories.
We may collect personal data from social media platforms such as LinkedIn. When you interact with social media, we may receive personal data that you provide or make available based on your settings, such as your contact details, professional history, and demographic information. In addition, the companies that host our social media pages may provide us with aggregate information and analytics regarding the use of our social media pages.
If you represent one of our vendors, business partners, or portfolio companies, we may also collect your personal data (e.g., your name, title, work email address, work postal address, job title, and work telephone number) from your employer when it is necessary to receive products or services from, or otherwise conduct business with, such third party.
We process information in relation to companies and founders that we are evaluating in connection with a current or potential investment or other corporate transaction. This information may include the personal data of current and former employees, vendors, or other third parties with insight into the current or potential investment or other corporate transaction, including name, title, email address, postal address, job title, telephone number, and references, opinions, or inferences regarding the current or potential investment or other corporate transaction.
Why We Use Your Personal Data:
We may use your personal data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| To conduct business with you or an entity with which you are affiliated (including making prospective investments) or to provide requested services | Contractual necessity; our legitimate interest in operating our business and providing investment services; consent; or legal requirement |
| To communicate with you, schedule and conduct meetings (in person and online), and facilitate your participation in any of our events | Our legitimate interest in operating our business and providing investment services; consent; or legal requirement |
| To keep a record of your relationship with us | Our legitimate interest in operating our business and providing investment services; consent; or legal requirement |
| To obtain advice from our professional advisors, including lawyers and accountants | Our legitimate interest in operating our business and providing investment services; or legal requirement |
| To administer and protect our business | Our legitimate interest in operating our business and providing investment services; consent; or legal requirement |
| To provide, operate, maintain, and improve the Website | Our legitimate interest in operating our business and providing investment services; consent; or legal requirement |
| To provide you with updates or other information when requested | Our legitimate interest in operating our business and providing investment services; consent; or legal requirement |
| For statistical analysis, market research, and other research and due diligence on current or potential investments or other corporate transactions | Our legitimate interest in operating our business and providing investment services; consent; or legal requirement |
| For any other purpose that has been notified, or has been agreed, in writing | Consent |
Note that we may process your personal data on more than one legal basis depending on the specific purpose for which we are using your personal data.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.
Disclosure and Transfer of Personal Information:
Unfortunately, the transmission of information and data via the Internet is not always completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of any information or data transmitted to or through our Website. Any transmission of information or data by you to or through the Website is at your sole risk.
Your personal data will be shared with and processed by our affiliates and certain service providers as necessary to fulfill the purposes set out in this Privacy Notice. We use a number of service providers that provide a wide range of services, including but not limited to IT and data security providers, data hosting providers, research agencies, legal and financial professional advisors, auditors, financial service providers, recruitment firms, fund administrators, and consultants. We require all service providers to enter into an agreement with us and meet our standards for data security.
We reserve the right to disclose your personal data as required by law or regulation, or when we believe that disclosure is necessary to protect our rights or comply with a request from a regulator, judicial proceeding, court order, any other legal or investigatory process involving us, or for purposes of national security or public importance. Should we, or any of our affiliated entities, be the subject of a takeover, divestment, or acquisition we may disclose your personal data to the new owner of the relevant business and their advisors.
Links to Other Websites and Services:
Our Website may contain links to other websites and services that we do not operate or control. The information that you share with such third-party services will be governed by the specific privacy policies and terms of service of those sites and not by this Privacy Notice. By providing such links, we do not imply that we endorse or have reviewed these sites. Please contact the relevant services directly for information on their privacy practices and policies.
Security and Retention of Personal Data:
We are committed to protecting the personal data we collect to limit, to the extent possible, unauthorized access and disclosure, improper use, or accidental loss. We consider the protection of personal information and sensitive information to 4 be a sound business practice, and to that end we employ appropriate technical and organizational measures including physical, electronic, and procedural safeguards, which seek to protect your personal information in our possession or under our control, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality and required to keep your personal data secure.
We have put in place procedures to address any suspected personal data breach and will notify you and any applicable regulator of a breach when we are legally required to do so.
We will keep your personal data only for as long as is reasonably necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required by law or regulation. We will not keep more personal data than we need for those purposes.
Notification of Changes:
We reserve the right to amend this Privacy Notice from time to time by updating this Privacy Notice. If we decide to change our Privacy Notice, we will post those changes so data subjects are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to collect personal data or use any collected personal data in a manner different from that stated at the time it was collected, we will notify affected data subjects. We will use information only in accordance with the Privacy Notice under which the personal information was collected.
Capacity:
This Website is only intended for individuals who are at least 13 years of age. We do not knowingly encourage or solicit visitors to this Website who are under the age of 13 or knowingly collect personal data from anyone under the age of 13 without parental consent. If we learn we have collected or received personal data from an individual under the age of 13, we will delete that information.
Further Information:
If you have any questions about this Privacy Notice or our policies, procedures, or practices related to the personal data we collect about you, please submit a privacy inquiry here, or email us at privacy@greenoaks.com.
California Privacy Notice Supplement
This notice (the “California Privacy Notice”) supplements the Greenoaks Privacy Notice set forth above with respect to specific rights granted under the California Consumer Privacy Act of 2018 (as amended, the “CCPA”) to natural person California residents and provides information regarding how such California residents can exercise their rights under the CCPA. This California Privacy Notice is only relevant to you if you are a resident of California as determined in accordance with the CCPA. Information required to be disclosed to California residents under the CCPA regarding the collection of their personal information that is not set forth in this California Privacy Notice is otherwise set forth above in the Greenoaks Privacy Notice.
This California Privacy Notice does not apply to any processing of personal data in relation to our investors, which is covered by a more specific investor privacy notice provided to all investors, including the California supplement to our investor privacy notice.
Categories of Personal Information We Collect:
We collect or have collected within the last twelve months some or all of the following categories of personal information from individuals:
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Name, contact details and address (including physical address, email address, and Internet Protocol address), and other identification (including social security number, passport number, and driver’s license or state identification card number) | YES |
| B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | Telephone number, signature, bank account number, other financial information (including accounts and transactions with other institutions and AML information), verification documentation and information regarding investor status under various laws and regulations (including social security number, tax status, income, and assets) | YES |
| C. Protected classification characteristics under California or federal law | Date of birth, citizenship, and birthplace | NO |
| D. Commercial information | Account data and other information contained in any document provided by investors to authorized service providers (whether directly or indirectly), risk tolerance, transaction history, investment experience and activity, information regarding a potential or actual investment in applicable funds, including ownership percentage, capital investment, income, and losses, and source of funds used to make the investment | NO |
| E. Biometric information | Imagery of the iris, retina, fingerprint, face, hand, palm, or vein patterns, voice recordings or keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contains identifying information | NO |
| F. Internet or other similar network activity | Use of our Website, fund data room and investor reporting portal (e.g., cookies, browsing history or search history), as well as information you provide to us when you correspond with us in relation to inquiries | YES, only as to information you provide to us in correspondence |
| G. Geolocation data | Physical location or movements | NO |
| H. Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information | NO |
| I. Professional or employment- related information | Current or past job history or performance evaluations | YES, only as to current or past job history |
| J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R. Part 99)) | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records | NO |
| K. Inferences drawn from other personal information | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, abilities, attitudes, intelligence, and aptitudes | NO |
| L. Sensitive Personal Information (see further information on use of sensitive personal information below) | Social security, driver’s license, state identification card, or passport numbers; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin; religious or philosophical beliefs; union membership; genetic data; the contents of a consumer’s mail, email, and text messages unless you are the intended recipient of the communication; biometric information for the purpose of uniquely identifying a consumer; and personal information collected and analyzed concerning a consumer’s health, sex life, or sexual orientation | NO |
We do not collect or use sensitive personal information other than:
- To perform services, as would reasonably be expected by an average consumer who requests those services;
- As reasonably necessary and proportionate to detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information;
- As reasonably necessary and proportionate to resist malicious, deceptive, fraudulent, or illegal actions directed at us and to prosecute those responsible for such actions;
- For short-term, transient use (but not in a manner that discloses such information to another third party or is used to build a profile of you or otherwise alter your experience outside of your current interaction with us);
- To perform services on behalf of our business; and
- To verify or maintain the quality or safety of a service or to improve, upgrade, or enhance such service.
Greenoaks does not collect or process sensitive personal information with the purpose of inferring characteristics about California consumers covered by this California Privacy Notice supplement.
Sources of Information:
We collect personal information from the sources set forth in “The Personal Data We Process and How We Collect It” section in the Greenoaks Privacy Notice above.
Purposes for Collecting Personal Information:
We may collect or disclose personal information for any of the business or commercial purposes set forth in the “Why We Use Your Personal Data” section in the Greenoaks Privacy Notice above.
Retention of Information:
We retain the categories of personal information set forth above in the “Categories of Personal Information We Collect” section of this California Privacy Notice only as long as is reasonably necessary for those purposes set forth in the “Why We Use Your Personal Data” section in the Greenoaks Privacy Notice above, except as may be required under applicable law, regulatory requirement, or court order.
Disclosure of Information:
We do not share for the purpose of cross-context behavioral advertising or sell to third parties (as such terms are defined in the CCPA) any personal information we collect about you.
Greenoaks does not disclose any non-public personal information about you to anyone, except as permitted or required by law or regulation and to service providers. We otherwise disclose personal information to third parties in connection with the purposes set out in this California Privacy Notice, as described in the “Disclosure and Transfer of Personal Information” section in the Greenoaks Privacy Notice above.
Security of Information:
We take measures to protect the security of your personal information as described in the “Security and Retention of Personal Data” section in the Greenoaks Privacy Notice above.
Rights under the CCPA
Deletion Rights:
You have the right to request that we delete any of your personal information that we retain, subject to certain exceptions, including without limitation our compliance with U.S., state, local, and non-U.S. laws, rules, and regulations. We will notify you in writing if we cannot comply with a specific request and provide an explanation of the reason.
Disclosure and Access Rights:
You have the right to request that we disclose to you certain information regarding our collection, use, and disclosure of personal information specific to you over the last twelve months. Such information includes:
- The categories of personal information we collected about you;
- The categories of sources from which the personal information is collected;
- Our business or commercial purpose for collecting such personal information;
- The categories of third parties with whom we share the personal information;
- The specific pieces of personal information we have collected about you; and
- Whether we disclosed your personal information to a third party, and if so, the categories of personal information that each recipient obtained.
Correction:
You have the right to request that we correct any inaccuracies in the personal information that we retain about you, subject to certain statutory exceptions, including without limitation our compliance with U.S., state, local, and non-U.S. laws, rules, and regulations. We will notify you in writing if we cannot comply with a specific request and provide an explanation of the reason.
No Discrimination:
We will not discriminate against you for exercising your rights under the CCPA, including by denying service, suggesting that you will receive, or charging, different rates for services, or suggesting that you will receive, or providing, a different level or quality of service to you.
How to Exercise Your Rights:
To obtain further information or exercise any of your rights under the CCPA, or to access this California Privacy Notice in an alternative format, please submit a request using any of the methods set forth below.
- Submit a privacy inquiry here;
- Email us at privacy@greenoaks.com; or
- Call 1-888-914-9661, pin number 809403.
We will contact you to confirm receipt of your request under the CCPA and request any additional information necessary to verify your request. We verify requests by matching information provided in connection with your request to information contained in our records. Depending on the sensitivity of the request and the varying levels of risk in responding to such requests (for example, the risk of responding to fraudulent or malicious requests), we may request further information to verify your request. You may designate an authorized agent to make a request under the CCPA on your behalf, provided that you provide a signed agreement verifying such authorized agent’s authority to make requests on your behalf, and we may verify such authorized person’s identity using the procedures above. If we request that you verify your request and we do not receive your response, we will pause processing your request until such verification is received.
EEA-UK Privacy Notice Supplement
This European Economic Area (“EEA”) and United Kingdom (“UK”) Privacy Notice supplement (“EEA-UK Privacy Notice”) supplements the Greenoaks Privacy Notice set forth above with respect to our processing of personal data which is subject to EEA-UK Data Protection Laws.
This EEA-UK Privacy Notice does not apply to any processing of personal data in relation to our investors, which is covered by a more specific investor privacy notice provided to all investors, including the EEA-UK supplement to our investor privacy notice.
For the purposes of this EEA-UK Privacy Notice, “EEA-UK Data Protection Laws” means all applicable laws and regulations relating to privacy, protection, or processing of personal data in the EEA, European Union (“EU”), or UK, including but not limited to (1) the General Data Protection Regulation (Regulation (EU) 2016/679) (“EU GDPR”); (2) the EU GDPR as it forms part of the laws of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union Withdrawal Act 2018 (“UK GDPR”); and (3) any other legislation which implements or supplements any other current or future legal act of the EU, EEA, or UK concerning the protection or processing of personal data and any national implementing or successor legislation and including any amendment or re-enactment of any of the foregoing. The terms “controller”, “data subject”, “personal data”, “processor”, and “processing” in this EEA-UK Privacy Notice shall be interpreted in accordance with the applicable EEA-UK Data Protection Laws.
Information required to be disclosed under EEA-UK Data Protection Laws regarding the processing of your personal data that is not set forth in this EEA-UK Privacy Notice is otherwise set forth in the Greenoaks Privacy Notice above. To the extent there is any conflict in respect of any processing subject to EEA-UK Data Protection Laws between the Greenoaks Privacy Notice and this EEA-UK Privacy Notice, this EEA-UK Privacy Notice shall apply. Please read this EEA-UK Privacy Notice carefully.
To the extent that EEA-UK Data Protection Laws apply to our processing of your personal data, we may be a “controller” of your personal data. In simple terms, when applicable, this means we: (i) “control” the personal data that we collect from you or other sources; and (ii) make certain decisions on how to use and protect such personal data. We may also enter into joint controller relationships with certain of our third-party investment research service providers. We process your personal data with those service providers to conduct investment-related research or due diligence activities in respect of current or potential investments.
Categories of Personal Data We Collect:
We collect limited categories of personal data through our Website and research-related activities, as further set forth in “The Personal Data We Process and How We Collect It” section in the Greenoaks Privacy Notice above.
We do not collect any special categories of personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).
If we require your personal information due to a legal requirement or obligation or in order to perform a contract with you, we will make you aware of this at the time we collect your 11 personal data, and the possible consequences of you failing to provide this personal data (e.g., we may require your passport details to verify your identity for the purposes of anti-money laundering regulations). Failure to provide the information may mean that we cannot conduct business with you. We will notify you if this is the case at the time.
How We Obtain Your Personal Data:
We collect and process personal data received from you, certain third parties, or publicly available sources listed in “The Personal Data We Process and How We Collect It” section in the Greenoaks Privacy Notice above.
How We Use Your Personal Data:
There is a need to process personal data for the purposes and on the legal bases set forth in the “Why We Use Your Personal Data” section in the Greenoaks Privacy Notice above.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.
Failure to provide personal data may mean that we cannot provide our services to you. We will notify you if this is the case at the time.
Disclosure and Transfer of Personal Data:
To the extent your personal data is transferred to a Non-Equivalent Country (as defined below), such transfers will only be made in accordance with EEA-UK Data Protection Laws. For the purposes of this EEA-UK Privacy Notice, “Non- Equivalent Country” means a country or territory other than (1) a member state of the EEA; (2) the UK; or (3) a country or territory which has at the relevant time been decided by the European Commission or the Government of the UK (as applicable) in accordance with the applicable EEA-UK Data Protection Laws to ensure an adequate level of protection for personal data.
Security and Retention of Personal Data:
We take measures to protect the security of your personal data as described in the “Security and Retention of Personal Data” section in the Greenoaks Privacy Notice above.
Data Subject Rights:
Subject to applicable EEA-UK Data Protection Laws, the data subjects to whom personal data relates have certain rights, including:
- o obtain information about, or (where applicable) withdraw any consent given in relation to, the processing of their personal data;
- to access and receive a copy of their personal data, and to request correction of any inaccurate personal data; and
- to request erasure of their personal data; the right to data portability; and the right not to be subject to automated decision-making. Please note that the right to erasure is not absolute, and it may not always be possible to erase personal data on request, including where the personal data must be retained to comply with a legal or regulatory obligation. In addition, erasure of the personal data may result in the inability to provide services.
If a data subject to whom personal data relates disagrees with the way their personal data is being processed, the data subject has the right to object to this processing of personal data and request restriction of the processing. The data subject may also lodge a complaint with the competent data protection supervisory authority in the relevant jurisdiction.
If you have any questions or concerns about this EEA-UK Privacy Notice or our policies, procedures, or practices related to the personal data we process about you, please send an email to greenoaks@gdpr-rep.com or privacy@greenoaks.com, or contact our data protection representatives according to Article 27 of the UK and EU GDPR at the following mailing addresses: EU: DP-Dock GmbH, Attn: Greenoaks Capital, Ballindamm 39, 20095 Hamburg, Germany; UK: DP Data Protection Services UK Ltd., Attn: Greenoaks Capital, 16 Great Queen Street, Covent Garden, London WC2B 5AH, United Kingdom
Should you wish to lodge a complaint regarding how your personal data has been processed by us under the UK GDPR, please contact the UK Information Commissioner’s Office here; or under the EU GDPR, please contact your local supervisory authority in the EU Member State of your residence, place of work, or place of the concern or complaint.