Privacy Policy

...

Privacy Notice

Please do not send any information to NEA that constitutes a trade secret or is confidential or proprietary. NEA cannot agree to obligations of confidentiality or non-disclosure with regard to information submitted to it. By submitting information or materials to NEA, you or anyone acting on your behalf, agree that any such information or materials will not be considered confidential or proprietary.

NEA Website Privacy Notice

Last Updated: September 2023

For all California residents, please refer to the New Enterprise Associates (“NEA”) California Consumer Privacy Act Privacy Notice, which may be found below. 

New Enterprise Associates, Inc. and NEA Management Company, LLC and their corporate affiliates (referred to collectively in this Notice as “NEA,” “we,” “us,” “our,” and similar pronouns) know that your privacy is important to you, and we want you to know that it is important to us too. We created this Privacy Notice (the “Notice”) to explain the types of information we collect through www.nea.com and www.careers.nea.com, and the various social networking platforms that we use and other sources as outlined in this Notice (each, a “Site”), how we will use, disclose and protect this information once it is collected, and how you can opt-out of some of our uses and disclosures of your information. We are the data controllers of your personal information to which this Notice covers. 

The Site also links to websites and portals that are operated by third-parties or are limited to NEA’s limited partners. These include portal.nea.com, neaconnect.mobilize.io, and nea.getproven.com (referred to collectively as “Restrictive Sites”).  Please note that we have no control over the privacy practices of websites or applications that we do not own. We encourage you to review the privacy practices of those third parties.

This Notice does not apply to our limited partners, who can find their applicable Regulation S-P Privacy Notice, European Economic Area and United Kingdom Privacy Notice, Privacy Notice for California Residents, or their Cayman Islands Fund Privacy Notice in the NEA Investor Portal.

Here are a few general principles to keep in mind as you read through this Notice:

- As our business evolves or as applicable laws change, this Notice may change, so check back to this page periodically to make sure you understand how your personal information will be treated.

- This Notice does not apply to information that you may provide to us, or that we may obtain, other than through our Site, such as over the phone, by mail, by e-mail, by electronic data room or in person.

What Personal Information is collected on this Site?

“Personal Information” is information that can be used to identify you as an individual or allow someone to contact you, as well as information attributed with such information. 

We collect certain personal information about you from multiple sources, including: (i) collecting personal information directly from you; (ii) personal information that is automatically generated about you; (iii) personal information that we receive about you from others; and (iv) personal information we received from social networking platforms and blogging (see further below). Your personal data that we may collect includes:

- Identity/Contact data: including your first name, last name, middle names, title, work email address, work phone number as well as other information you directly give us on our Site, telephone numbers; 

- Professional information: including your job title, email address, phone number, addresses, employment status, employer name, previous positions, and professional experience, dietary requirements, Resume or CV information; and

- Usage data: including IP address, website usage and other technical data such as details of your visit to our websites, or information collected through cookies and other tracking technologies (see applicable Cookie Notice for the website).

Social Networking
We maintain a presence on social networking and blogging platforms, some of which are operated by third parties, such as LinkedIn, Twitter, Facebook, Instagram, and YouTube. This Notice applies to our use of information you submit to us directly, but it does not apply to what any third-party platforms do with your information. Those platforms have their own privacy notices, and we encourage you to read them.

How is your Personal Information used?

Under certain data protection laws, we can only use your personal information if we have a valid reason. With respect to the processing of your personal data in the context of the Site, this is generally because:

- you have given consent (“Consent”);

- to comply with our legal and regulatory obligations (“Legal Obligations”);

- it is necessary for the performance of a contract with you or to take steps at your request before entering into a contract (“Performance of a Contract”); or

- it is in our legitimate interests or those of a third-party (“Legitimate Interests”).

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.

The nature of your interaction with us will determine how we will process your personal data. The relevant specific purposes and lawful bases (to the extent required by applicable data protection laws) for which we will process your personal data are set out below in the relevant tables:

For visitors to and users of our Site:

Purpose of Processing: To operate our Site and maintain, and improve our sites and services

- Category of Personal Data: Identity/Contact data, Usage data

- Lawful Basis (to the extent applicable under relevant data protection laws): Where your consent is required by applicable laws. In all other cases, where it is in our legitimate interests to process such data in order for us to operate its Site and business, such as for IT operations and security.

- Third-Party Recipient: IT service provider

2. Purpose of Processing: To respond to comments, concerns and questions

- Category of Personal Data: Identity/Contact data, Professional information

- Lawful Basis (to the extent applicable under relevant data protection laws): It is in our legitimate interests to process such data in order for us to provide the expected service, including to send technical notices, updates, security alerts, and support and administrative messages.

- Third-Party Recipient: N/A

3. Purpose of Processing: To conduct electronic direct marketing to you and to alert you to our financial products or services

- Category of Personal Data: Identity/Contact data, Professional information

- Lawful Basis (to the extent applicable under relevant data protection laws): Where your consent is required by applicable laws. In all other cases, where it is in our legitimate interests to process such data in order to promote our services and products and provide value added benefits to clients.

- Third-Party Recipient: N/A

For visitors to our offices:

1. Purpose of Processing: To register your attendance at our offices

- Category of Personal Data: Identity/Contact data

- Lawful Basis (to the extent applicable under relevant data protection laws): To comply with our legal obligations, including to comply with any applicable health and safety obligations. Where it is in our legitimate interests to ensure safety and security in our offices.

- Third-Party Recipient: N/A

For our clients, representatives of our service providers or professional advisers or other counterparties:

1. Purpose of Processing: To invoice you

- Category of Personal Data: Identity/Contact data, Professional information

- Lawful Basis (to the extent applicable under relevant data protection laws): In order to perform our obligations under our contract (with you or with the entity you represent). In all other cases, where it is in our legitimate interests to invoice you or an entity that you represent.

- Third-Party Recipient: N/A

For all visitors, users, clients, representatives, professional advisers, and other counterparties:

1. Purpose of Processing: To meet current or future legal and regulatory obligations

- Category of Personal Data: Identity/Contact data

- Lawful Basis (to the extent applicable under relevant data protection laws): To comply with our legal obligations. In all other cases, where it is in our legitimate interests to protect and enhance our business and its operations, including (i) to comply with applicable regulations and guidance as well as internal policies and procedures; (ii) for audit purposes and quality checks, and (iii) to respond to requests from legal, regulatory, judicial, administrative, governmental and other official bodies.

- Third-Party Recipient: Relevant governmental or regulatory authorities or any other party to whom we are under an obligation or required or expected to make disclosure, Professional Advisers (e.g. lawyers, auditors, accountants, banking, insurance, consultancy), Administrators

2. Purpose of Processing: To protect our rights, including initiating and defending claims, protecting, investigating, and deterring against fraudulent, unauthorized, or illegal activity

 - Category of Personal Data: Identity/Contact data, Professional information

- Lawful Basis (to the extent applicable under relevant data protection laws): Where it is in our legitimate interests to protect our business including by: (i) collecting amounts from you; (ii) enforcing our legal rights; (iii) initiating claims; (iv) defending claims; (v) preventing and detecting crime, fraud and other abuses; (vi) investigating and attending to enquiries; and (vii) creating and maintaining our risk related models.

- Third-Party Recipient: Relevant governmental or regulatory authority or any other party to whom we are under an obligation or required or expected to make disclosure, Professional Advisers (e.g. legal advisors, auditors, and accountants), Administrators

3. Purpose of Processing: In case of sale, merger, reorganization, restructuring, investment or similar

 - Category of Personal Data: Identity/Contact data, Professional information, Usage Data

- Lawful Basis (to the extent applicable under relevant data protection laws): Where it is in our legitimate interests to manage and develop our business by enabling corporate transactions. Such transactions may require the provision of your personal data to actual or potential buyers, investors, merger entities, or our assignees business or assets. Such data provision may also occur to allow such parties to evaluate or complete the corporate transaction.

- Third-Party Recipient: Professional Advisers (e.g. lawyers, auditors, accountants), Administrators, Actual or potential buyers, investors, merger entities, or assignees of our business or assets.

Failure to provide us with the relevant personal data, in cases where you are legally or contractually required to provide it, may result in our being unable to establish or continue our business relationship with you or to provide products and services to you.

In general, we will not conduct any processing activities relating to your personal data that involves any automated decision-making (including profiling). Typically, there is always human involvement. However, where we make a decision or profile through automated means, then we will put systems in place that comply with applicable laws. 

Do we share Personal Information with others?

Yes. We may share information we collect on our Site with Third-Party Recipients as set out in the column above and otherwise set out in this notice, for the purposes outlined in this Notice. In addition to the kinds of information sharing you might expect, such as sharing with third-parties who need your information in order to provide services to us (or on our behalf), we may share your information with: 

Affiliates.

Firms that provide assistance in servicing NEA and that have a need for such information, such as customer relationship managers (“CRMs”) or other service providers.

Do Not Track Disclosures

Some web browsers may transmit “do-not-track” (DNT) signals to the websites with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not change our tracking practices (which are explained in more detail under “Site Usage Information” above) in response to DNT settings in your web browser.

Our third-party partners, such as Google Analytics, collect information about your online activities over time and across our Site and other online properties. These third-parties may not change their tracking practices in response to DNT settings in your web browser and we do not obligate these parties to honor DNT settings. We utilize Google Analytics for our web analytics and you can opt out of your Site usage data being included in our Google Analytics reports by visiting https://tools.google.com/dlpage/gaoptout.

Security

While we endeavor to protect the security and integrity of sensitive Personal Information collected via this Site, due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that any information, during transmission through the Internet or while stored on our system or otherwise in our care, will be absolutely error-free or safe from intrusion by others, such as hackers. We do not warrant or represent that the Site’s level of security meets or exceeds any particular standard, and any information you submit via the Site is at your own risk.

If you correspond with us by e-mail, text message, or using a “contact us” feature on our Site, you should be aware that your transmission might not be secure. A third-party could view the information you send in transit by such means. We will have no liability for disclosure of your information due to errors or unauthorized acts of third-parties during or after transmission.

If at any time during or after our relationship we believe that the security of your Personal Information in our care may have been compromised, we may seek to notify you. We will endeavor to notify you as promptly as possible under the circumstances. If we have your e-mail address, we may notify you by e-mail to the most recent e-mail address you have provided us.

“Linked-To” Web Sites 

The Site may contain links, banners, widgets or advertisements that lead to other Web sites. We are not responsible for these other sites, and so their posted privacy policies (not this Notice) will govern the collection and use of your information on them. We encourage you to read the privacy statements of each Web site visited after leaving the Site to learn about how your information is treated by others.
In particular, the Restricted Sites may be maintained by a third-party service provider who may have its own privacy notice. We encourage you to review the policies that are applicable to the Restricted Sites. We are not responsible for any such policies.

Data Subject Rights Under UK/European Union Law 

If you are a natural person (a “Data Subject”), you may have certain rights in addition to those described elsewhere in this Notice. These rights are in relation to your Personal Information, and include the right to be informed about the collection and use of your Personal Information, as outlined in this Notice.

Such rights may also include, where certain conditions are met: 

- the right to request access to the Personal Information we hold about you;

- the right to have information about you amended, updated, or deleted;

- the right to object to processing of Personal Information about you;

- the right to withdraw consent at any time (where relevant);

- the right to have Personal Information about you erased or to restrict processing in certain limited situations;

- the right to data portability and to request the transmission of Personal Information about you to another organization;

- the right to object to automated decision making that materially impacts you, direct marketing, and processing for research or statistical purposes;

- the right to lodge complaints with applicable data supervisory authorities;

As a Data Subject, you should use the contact information below to get more information and/or to make a formal request. We will endeavor to keep the Personal Information we store about you reasonably accurate and up-to-date by enabling you to correct it by request.

You should notify us if any of your Personal Information changes or if you become aware of any inaccuracies in the Personal Information we hold about you.

Disclosure & Retention of Data Subjects’ Personal Information

We will take reasonably necessary steps to ensure that where Personal Information of Data Subjects is shared with third-parties, it is treated securely and in accordance with this Notice and applicable laws.

We will endeavor not to keep Personal Information in a form that allows a Data Subject to be identified for any longer than is reasonably necessary for achieving the permitted purposes. At the end of the applicable retention period, we may destroy, erase from our systems, or anonymize Personal Information as part of such efforts. To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of the Data Subject’s Personal Information, the purposes for which we process the Data Subject’s Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements. 

Storage & Transfer of Data Subjects’ Personal Information

We maintain physical, electronic and procedural safeguards designed to protect Data Subjects’ personal information, prevent unlawful or unauthorized processing of personal information, and prevent unauthorized disclosure of, or accidental loss of, or damage to, such information.

Personal information will be collected in the USA and may be transferred to other jurisdictions. Where we share personal data internationally, we will seek to ensure that applicable safeguards are in place to the extent required by applicable data protection laws.  In that regard, we may use specific contracts approved by the relevant data protection authorities which give your personal data the same protection it has in the UK/EEA (where applicable).

We restrict access to non-public personal information about Data Subjects to those of our employees and agents who need to know the information to enable us to provide services. 

Complaints

In the event that you wish to make a complaint about how your personal data is being processed by NEA (or third-parties as described above), or how your complaint has been handled, you have the right to lodge a complaint directly with your domestic supervisory authority or you can contact us per the below.

Changes to this Privacy Notice
We may change this Notice from time to time. When we do, we will let you know by posting the changed Notice on this page with a new “Last Updated Date.” In some cases (for example, if we significantly expand our use or sharing of your Personal Information), we may also tell you about changes by additional means, such as by sending an e-mail to the e-mail address we have on file for you. 

Contact Us  
If you have any questions or comments regarding our privacy practices, you may contact us at:

1954 Greenspring Drive, Suite 600, Timonium, MD 21093, United States of America

T: (410) 842-4000   Toll Free: 1-877-507-6425    Email: privacy@nea.com

Privacy Notice for California Residents

Last Updated: September 2023

This Privacy Notice for California Residents (this “Notice”) supplements the information contained in the New Enterprise Associates and its corporate affiliates (referred to collectively in this Policy as “NEA,” “we,” “us,” “our,” and similar pronouns) Privacy Policy and applies solely to all visitors and users who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 as significantly amended by the California Privacy Rights Act of 2020 (“CPRA”) (collectively, “CCPA”), and any terms defined in the CCPA have the same meaning when used in this Notice.

This Notice does not apply to employment-related personal information collected from California-based employees, job applicants, contractors, or similar individuals. Where noted in this Notice, the CCPA temporarily exempts personal information reflecting a written or verbal business-to-business communication (“B2B personal information”) from some its requirements.

Information We Collect 

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device ("personal information”). 

Sensitive personal information is a subtype of personal information consisting of specific information categories, such as race, ethnic origin, Social Security number, driver’s license, state identification card and passport and visa information. While we may collect information that falls within the sensitive personal information categories, the CCPA does not treat this information as sensitive because we do not collect or use it to infer characteristics about a person.

Personal information does not include: 

- Publicly available information from government records.

- Deidentified or aggregated consumer information.

- Information excluded from the CCPA’s scope, like:

health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;

personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

In particular, the below indicates which categories of personal information we have, and have not, collected from our clients and investors within the last twelve (12) months:

Category: A. Identifiers

Examples: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.

Collected: Yes

Category: B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

Examples: A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.

Collected: Yes

Category: C. Protected classification characteristics under California or federal law.

Examples: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information) and professional or employment-related information.

Collected: Yes

Category: D. Commercial information.

Examples: Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Collected: Yes

Category: E. Biometric information.

Examples: Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

Collected: No

Category: F. Internet or other similar network activity.

Examples: Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

Collected: Yes

Category: G. Geolocation data.

Examples: Physical location or movements.

Collected: Yes

Category: H. Sensory data.

Examples: Audio, electronic, visual, thermal, olfactory, or similar information.

Collected: Yes

Category: J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Examples: Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

Collected: No

Category: K. Inferences drawn from other personal information.

Examples: Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Collected: No

We obtain certain personal information from the following categories of sources:

- Directly from you. For example, from forms you complete or products and services you purchase. 

- Indirectly from you. For example, from observing your actions on our Site. 

- Third-party vendors that provide databases.

Use of Personal Information  

We do not sell your personal information. We may process, use, or disclose the personal information we collect for one or more of the following purposes:

- To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to ask a question about our services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a service, we will use that information to provide that service to you. We may also save your information to facilitate future communications and services.

- To provide, support, personalize, and develop our Site, products, communications, and services.

- To create, maintain, customize, and secure your account with us.

- To process your requests, transactions, and payments and prevent transactional fraud.

- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.

- To help maintain the safety, security, and integrity of our Site, networks, products and services, databases and other technology assets, and business.

- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

As described to you when collecting your personal information or as otherwise set forth in the CCPA.

To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our consumers is among the assets transferred.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information 

We may disclose your personal information to a third-party for business purposes. When we disclose personal information for a business purpose, we make efforts to ensure that the recipient will both keep that personal information confidential and not use it for any purpose except performing the contract.

We share your personal information with the following categories of third-parties:

- Affiliates.  

- Firms that provide assistance in servicing NEA and that have a need for such information, such as CRMs or other service providers.

- Disclosures of Personal Information for a Business Purpose 

[In the preceding twelve (12) months, NEA has disclosed the following categories of personal information for a business purpose:

- Identifiers

- Personal information categories listed in the California Customer Records statute 

- Protected classification characteristics under California or federal law.

- Commercial information.

- Internet or other similar network activity.

- Geolocation data.

- Sensory data.

Sales of Personal Information 

In the preceding twelve (12) months, NEA has not sold personal information.

Your Rights and Choices 

The CCPA provides California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights 

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

- The categories of sources for the personal information we collected about you.

- Our business or commercial purpose for collecting information. 

- The categories of third parties with whom we share that personal information.

- The specific pieces of personal information we collected about you (also called a data portability request).

- We do not provide these access and data portability rights for B2B personal information.

Deletion Request Rights 

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

- Complete the transaction for which we collected the personal information, provide a service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you or otherwise perform our contract with you.

- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

- Exercise another right provided for by law.

- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).

- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.

- Comply with a legal obligation.

- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

We do not provide these deletion rights for B2B personal information.

Exercising Access, Data Portability, and Deletion Rights 

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

- Calling us at 1-410-842-4000 

- Emailing us at: privacy@nea.com

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include: An email address that operates as a user log-in, name, and date of birth.

- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format 

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period in writing.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination 

We will not discriminate against you for exercising any of your CCPA rights.

Changes to Our Privacy Notice 

We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this Notice, we will post the updated Notice on the Site and update the Notice’s “Last Updated” date. Your continued use of our Site following the posting of changes constitutes your acceptance of such changes.

Contact Information 

If you have any questions or comments about this Notice, the ways in which we collect and use your information described here and in the Privacy Policy, your choices and rights regarding such use, or you wish to exercise your rights under California law, please do not hesitate to contact us at: (410) 842-4000.

Or by mail at: 1954 Greenspring Drive, Suite 600 Timonium, MD 21093 United States of America.