Redwood Capital Partners
Privacy Policy
Effective Date: 16 July, 2025
This Privacy Policy describes how personal data is collected, used, stored, and disclosed by a group of private investment funds (venture capital and private equity), each with independent management entities incorporated in different jurisdictions, including Delaware (USA), Canada, and other international financial centers. The Policy applies to the common website operated on behalf of the group, and to all natural persons interacting with or providing data to any of the funds covered herein.
1. Identity and Contact of the Data Controller
Each fund operates independently through its respective management entity. For all privacy-related matters, the designated point of contact is:
Email: legal@redwood.ventures
This email may be used by data subjects to exercise their rights or submit inquiries related to privacy.
2. Scope of the Policy
This Policy applies to all individuals whose personal data may be collected or processed by the funds, including: - Investors and limited partners (LPs) - Employees and contractors - Advisors and consultants - Representatives of portfolio companies - Visitors and users of the group’s website and landing pages
The Policy is applicable regardless of jurisdiction and reflects standards that comply with multiple data protection laws, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and PIPEDA (Canada).
The Policy also applies to cross-border interactions with parties located in Latin America, Asia, and offshore jurisdictions.
3. Categories of Personal Data Collected
Depending on the relationship with the data subject, the funds may collect the following categories of personal data:
For investors and LPs: - Full name, nationality, contact details - Identification documents (e.g., passport, driver’s license) - Tax and financial information (e.g., bank account, KYC forms, source of funds)
For employees and contractors: - Name, contact details, address - Curriculum vitae, academic background - Employment documents and identification
For portfolio company representatives: - Name and contact information - Professional and corporate documents - KYC documentation and contracts
For website users: - Name, email address, company affiliation - Information voluntarily submitted through contact or pitch forms
4. Collection Methods
Personal data may be collected through the following means: - Subscription documents and onboarding forms - KYC/AML procedures - Web forms and landing pages - Direct communications via email (e.g., Microsoft 365) - Third-party platforms used by the funds, including Mailchimp, Airtable, Noloco, and Docusign
5. Purposes of Data Processing
The funds may use personal data for the following purposes: - Verification of identity and compliance with anti-money laundering (AML) obligations - Investor relations and fund administration - Processing contributions and disbursements - Regulatory compliance with authorities such as the SEC, FINTRAC, SAT - Human resources and contractor management - Marketing and communication of new investment vehicles or opportunities
Where required by applicable law, data will only be processed with the express consent of the data subject.
6. Legal Basis for Processing
Data processing is based on one or more of the following legal grounds: - The consent of the data subject - The performance of contractual obligations - The fund’s legitimate interest in operating, evaluating, and expanding its investment activities - Compliance with legal and regulatory obligations
This Policy is designed to comply with applicable privacy and data protection laws in the jurisdictions in which we operate
7. International Data Transfers
Personal data may be stored or processed on servers located in the United States, Canada, or other countries where the group’s third-party service providers operate. These providers include Microsoft 365, Mailchimp, Airtable, Noloco, and Docusign.
Where applicable, we take appropriate steps to ensure that cross-border transfers of personal data are carried out in accordance with applicable data protection laws and with adequate safeguards.
Where data is transferred across jurisdictions, appropriate safeguards will be implemented, such as standard contractual clauses, data protection agreements, and technical security measures.
8. Third-Party Service Providers
The funds may share data with external advisors or service providers for specific functions, including: - Legal, tax, accounting, and auditing services (including a fiduciary bank and law firms in Mexico and the U.S.) - IT and document management platforms
All such providers are subject to confidentiality obligations and contractual clauses that ensure data protection standards equivalent to this Policy.
9. Data Retention
Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal and regulatory obligations. Unless otherwise required, data will be retained for up to seven (7) years following the closure of the fund or the end of the relationship with the data subject.
We are currently reviewing and categorizing data types to apply tailored retention periods aligned with legal, regulatory, and business needs.
10. Data Subject Rights
Data subjects may exercise their rights under applicable laws, including: - Access to their data - Rectification of inaccurate information - Deletion of personal data - Objection to processing - Data portability
Requests can be submitted to legal@redwood.ventures.
To exercise these rights, please send an email indicating the right you wish to exercise, along with a copy of a valid government-issued ID. Upon verification of identity, requests will be responded to within 30 days.
11. Data Security Measures
The funds implement technical and organizational measures to safeguard personal data, including: - Controlled access within Microsoft 365 environment - Role-based access limitations - Use of passwords for user authentication - Execution of NDAs and inclusion of privacy clauses in contracts with relevant third parties - Internal practices for the responsible handling of sensitive information
Although the group is not formally certified under cybersecurity frameworks, it strives to follow generally accepted information security practices inspired by ISO/IEC 27001 and NIST principles.
12. Cookies and Tracking Technologies
The website and its landing pages use cookies, including: - Technical cookies necessary for site functionality - Analytical cookies for usage statistics - Marketing cookies used in campaigns
Users can configure their browser settings to reject cookies or manage their preferences via a cookie banner where applicable.
13. Updates to This Policy
This Policy may be updated from time to time. Any changes will be published on the website and indicated with an updated effective date. Users are encouraged to review the Policy periodically.
14. Incident Management
Although no internal breach management policy is formally adopted, the group will make reasonable efforts to: - Identify and contain any security incident - Notify affected individuals and/or authorities where legally required - Cooperate with relevant regulators and implement corrective measures
A simplified internal process is being developed to help track and learn from potential security incidents, in line with internal risk management priorities.
For any inquiries regarding this Privacy Policy, please contact:
