SCALE POWERED BY HIVEBRITE 

Privacy Policy 

Last Updated: 7th May 2025 

Thanks for engaging with Scale, the BGF Community Platform powered by Hivebrite.  

This Privacy Policy has been created to help you understand the personal data which we may collect, how we intend to securely process and store that data, and the rights you have in relation to your personal data. 

Along with the Terms of Use, this Privacy Policy makes up our agreements with you as a user of Scale. 

1. Introduction 

This Privacy Policy will help you to understand what information We collect and process using Scale (and the related Apps/Website used to import and export user lists and data, manage content and events, organise email campaigns and conduct opportunity research and sharing, as well as the management of funds and contributions of any kind), hereinafter referred to as "the Service", and the choices and rights you have in connection with your personal information. 

In this Privacy Policy when we refer to 'Scale', 'We', 'Us' or 'Our' we are referring to BGF Investment Management Ltd of BGF, 13-15 York Buildings, London, GB, WC2N 6JU, telephone 020 7340 0600, email community@bgf.co.uk, the "Data Controller" for this Service. 

The Data Controller is responsible for determining the processing purposes of your personal data, and the content and related services or features which are made available to you from using this Service. 

2. Data Protection Framework 

Scale is a trading name of BGF which is based within the United Kingdom and is registered with the Information Commissioner's Office (ICO) as a Data Controller under the UK Data Protection Act of 1998 (registration number ZA383760). 

3. What is the purpose of this Service? 

The purpose of this Service is to provide a platform for BGF Portfolio Companies, in particular their CEOs, Chair, Non-Exec Directors and Management Teams, to connect, engage and collaborate with the wider BGF portfolio community and BGF investment teams. 

4. Where do We collect personal data about you from? 

5. What information do We collect and why? 

We will only ever collect the information We need to enable us to undertake the specific information processing activities noted later in this section. 

You will have the ability to search and find other Users, and send one-to-one messages or group messages. These messages are private between you and any other recipients and are not monitored but may be subject to review/investigation for legal and regulatory requirements. 

As you use the Service We will keep track of what sections you have visited, so that We can highlight sections or content to you that you may have missed. We also use this data in an aggregated form to understand how popular the Service and its different sections are so that We can improve the service. This data is never shared with anyone and is only used for Our internal purposes. 

We record the last IP address you accessed the service from so that We can protect the service from malicious access. As part of this We may look up the approximate location of the IP address such as country and city. 

Your decision to disclose your personal information to Us is entirely voluntary. If you do not provide the personal data necessary, or withdraw your consent for the processing of your personal data, you may not be able to access or use the Service. 

We will only retain your personal information for as long as you are a registered user of the Service and up to 90 days thereafter. We comply with all legislative and regulatory information retention requirements and will securely and permanently delete your personal information when there is (a) no justification for its further retention, or (b) you have asked Us to delete it. 

We will not use your personal information for any other purposes. We will not share your personal information with any other organisation, other than the declared Data Processors recorded in Section 11. 

6. What legal basis do We have for using your personal data? 

The legal basis we have for processing your data is based around the consent you have voluntarily provided us. 

7. Sensitive Personal Data 

GDPR Article 9 specifies a set of special categories which are considered to be "sensitive personal data" (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership) and which require special consideration by Data Controllers. 

This Service does not knowingly collect or process any sensitive personal information unless you have chosen to voluntarily disclose and share such information during your use of the Service. 

8. Children's Personal Data 

This Service, and any services available from it, are not directed to users under the age of 18.  

If you learn that a user under the age of 18 has provided Us with their personal information without having parental or guardian consent, please contact Us (see Section 17) immediately so we can take appropriate action. 

9. User Data Rights 

As prescribed within  Data Protection Regulation, you have several rights connected to the provision of your personal information to Us from using the Service:

We usually act on validated requests and provide the requested information or activity free of charge, but by law we are allowed to charge a reasonable fee to cover Our administrative costs of providing the information for: 
• baseless or excessive/repeated requests, or 
• further copies of the same information. 

Alternatively, there are reasons why We may be entitled to refuse to act on the request. 

Please consider your request responsibly before submitting it. We'll respond as soon as We can. Generally, this will be within one month from when We receive your validated request but, if the request is going to take longer to deal with, We will let you know. 

To contact Us please see Section 17 below. If We do not address your request or fail to provide you with a valid reason why We are unable to do so, you have the right to contact the Information Commissioner's Office to make a complaint. They can be contacted via their website (www.ico.org.uk) or by telephone 0303 123 1113. 

10. Personal Data Breach Reporting 

You have the right to be promptly informed by Us of any personal data loss, theft or compromise arising directly or indirectly from the Service, and any supporting systems or declared Data Processors (see Section 11) involved with delivering, supporting, maintaining, monitoring or improving the Service. Similarly, We are required to notify the Information Commissioner's Office promptly, as the supervisory authority for the United Kingdom. 

As a user of the Service, you have a responsibility to safeguard and manage your Service login credentials securely. This requires you to ensure that they are changed frequently, of sufficient strength and complexity, different from any other passwords you may use, and not recorded in a format which could be accessed or guessed by others. If you suspect that your credentials have been compromised, you should notify Us immediately (see Section 17 below). We will not be liable for any personal information loss, theft or compromise where this can be attributed to your failure to secure your Service login credentials. 

11. Declaration of Personal Data Sub-Processors 

To make an informed decision on whether to provide your personal data to Us when using this Service, we need to make you aware of the organisations that act as Data Sub-Processors for Us, helping in the provision of the Service and its functionality. 

Our main Sub-Processor for this service is:  

12. International Transfers of Personal Data 

As We have described above, to be able to provide you with the Services We may transfer your personal data to partners in countries outside the EEA (such as the United States). These countries' privacy laws may be different from those in your home country. 

Should We transfer data to a country which has not been deemed to provide adequate data protection standards We always have security measures and approved model clauses in place to protect your personal data. 

We are aware that Data Processors supporting the delivery of the platform may process data in the United Kingdom, Switzerland, The United States of America and Australia. 

By voluntarily submitting your personal data to us you consent to these international transfer. If you later wish to withdraw your consent, please contact the Data Controller using the details in Section 17. 

13. Use of Cookies 

Cookies are small text files sent by websites to your web browser and sent back to them each time you access or use the site, and may be necessary for the site to function. They are unique to you or your web browser and may contain personally identifiable information as well as technical information (e.g. your device manufacturer and model, screen resolution, internet service provider, browser, and geo-location data). Session-based cookies last only while your browser is open and are automatically deleted when you close the browser. Persistent cookies last until you or your browser delete them, or until they expire. 

When using this Service, cookie tracking is in place. In particular, Hivebrite may use a cookie called “Amplitude”, to enable analytics of the User’s journey on the platform. This cookie involves a transfer of personal data to the United States of America. Hivebrite has signed Standard contractual clauses in order to comply with the requirements of the GDPR on personal data transfer, and will not use this cookie without gathering your consent first. 

14. External Links 

The Service includes relevant hyperlinks (posted by Us or other Service users) to external websites which are not directly controlled by Us. Whilst all reasonable care has been exercised in selecting and providing such links, you are advised to exercise caution before clicking any external links. We cannot guarantee the ongoing suitability of external links, nor do we continually verify the safety or security of the contents which may be provided to you. You are advised, therefore, that your use of external links is at your own risk and We cannot be responsible for any damages or consequences caused by your use of them. 

15. Child Safety Standards 

Any explicit content or child sexual abuse and exploitation (CSAE) is strongly prohibited on our application. 

15.1. Compliance with Child Safety laws & reporting

Our app complies with applicable child safety laws and regulations, and ensures all content shared within the app is appropriate for a mixed audience, including children. User-generated content is moderated to prevent inappropriate material from being accessible.

Any CSAM (Child Safety Abuse Material) content will be automatically removed when flagged or reported through our moderation features or if we are directly contacted for this purpose. 

We will systematically take action to report confirmed CSAM content to the National Center for Missing and Exploited Children.
CSAM consists of any visual depiction, including but not limited to photos, videos and computer-generated imagery, involving the use of a minor engaging in sexually explicit conduct.

15.2. Child safety point of contact

You can reach out to [email protected] if CSAM content is detected. 

15.3. Privacy and Data Protection

Our app is committed to protecting user data, especially for children under 13, in compliance with applicable regulations. This privacy policy is displayed clearly and is accessible from the app settings and our website. All data is encrypted during transmission and is stored securely.

15.4. Ads and Monetization

Our app does not include ads or monetized content. 

15.5. Transparency and Disclosures

15.6. Validation and updates

Regular internal testing is conducted to ensure compliance with Google Play’s child safety standards, including functionality reviews and content audits.