Privacy Policy

1. Introduction and Scope

Purple Turtle Capital and its affiliates (collectively, “Purple Turtle Capital,” “we,” “our,” or “us”) are committed to protecting the privacy and security of the personal information we collect. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information in connection with our company acquisition services, website, and related activities.

This Policy applies to individuals who visit our website, inquire about our services, participate in transactions, and others whose personal information we process. By accessing our website or engaging with our services, you acknowledge that you have read and understood this Policy.

We operate internationally and comply with applicable privacy laws in each jurisdiction where we operate, including:

  • United States — including applicable federal laws and the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)
  • European Union — General Data Protection Regulation (GDPR)
  • United Kingdom — UK GDPR and Data Protection Act 2018
  • Canada — Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws
  • South Africa — Protection of Personal Information Act (POPIA)

2. Data Controller and Contact Information

Purple Turtle Capital acts as the data controller (or “responsible party” under POPIA) for personal information collected through our website and services.

For all privacy-related inquiries, requests, or concerns, please contact our designated privacy contact:

Purple Turtle Capital — Privacy Office

Email: s i t e @purpleturtlecapital.com

EU/UK Representative: If you are located in the EU or UK and wish to exercise your rights, you may contact us directly or through our appointed EU/UK representative at the address above.

South Africa Information Officer: Purple Turtle Capital has appointed an Information Officer as required by POPIA. Contact: s i t e @purpleturtlecapital.com

3. Personal Information We Collect

We collect the following categories of personal information:

3.1 Identity and Contact Information

  • Full name, job title, and employer
  • Business and personal contact details (email address, phone number, mailing address)
  • Government-issued identification where required by law or for transaction verification

3.2 Financial and Investment Information

  • Financial statements, revenue figures, balance sheets, and related business records
  • Investment history, portfolio information, and asset details
  • Accredited investor status and related documentation
  • Bank account details or payment information where required for transactions
  • Tax identification numbers and related compliance documentation

3.3 Website and Technical Data

  • IP address and approximate geographic location derived from it
  • Browser type, operating system, and device identifiers
  • Pages visited, time spent on site, referral URLs, and clickstream data
  • Cookie identifiers and similar tracking technology data (see Section 8)

3.4 Communications Data

  • Correspondence and communications sent to us via email, contact forms, or otherwise
  • Records of calls, meetings, and negotiations related to potential or completed transactions

3.5 Information We Do Not Collect

We do not intentionally collect sensitive categories of personal information (such as racial or ethnic origin, political opinions, health data, or biometric data) unless required by applicable law or with your explicit consent. Our website is not directed at children under 16 years of age.

4. How We Use Personal Information

We process personal information for the following purposes and on the following legal bases:

4.1 Transaction and Service Delivery

Legal Basis: Contract performance; Legitimate interests; Legal obligation

  • Evaluating, structuring, and executing company acquisitions and related transactions
  • Conducting due diligence and financial analysis
  • Communicating with counterparties, advisors, and other transaction participants
  • Fulfilling obligations under executed agreements

4.2 Legal and Regulatory Compliance

Legal Basis: Legal obligation; Vital interests

  • Complying with anti-money laundering (AML) and know-your-customer (KYC) requirements
  • Responding to regulatory inquiries, subpoenas, or court orders
  • Maintaining records as required by applicable financial regulations
  • Satisfying tax reporting obligations in applicable jurisdictions

4.3 Website Operations and Analytics

Legal Basis: Legitimate interests; Consent (for non-essential cookies)

  • Operating and improving our website and digital services
  • Analyzing website traffic and usage patterns
  • Detecting and preventing fraud, security incidents, and technical issues

4.4 Marketing and Business Development

Legal Basis: Legitimate interests; Consent (where required)

  • Sending information about our services and acquisition activities where permitted
  • Responding to inquiries and maintaining business relationships

Note: We will obtain your consent before sending direct marketing communications where required by applicable law (e.g., CASL in Canada, ePrivacy Directive in the EU). You may opt out at any time.

5. Disclosure and Sharing of Personal Information

We do not sell personal information. We may share personal information with the following categories of recipients:

5.1 Service Providers and Processors

We engage third-party service providers to assist with operations including: analytics providers (e.g., Google Analytics), customer relationship management (CRM) platforms, legal and financial advisors, cloud hosting providers, and communication tools. These parties are contractually bound to process information only on our instructions and in compliance with applicable law.

5.2 Transaction Parties

In connection with acquisitions or investments, we may share information with target companies, sellers, buyers, co-investors, lenders, legal counsel, accountants, and other advisors involved in the transaction.

5.3 Group Companies and Affiliates

We may share information within the Purple Turtle Capital group of companies for internal business and administrative purposes.

5.4 Legal and Regulatory Authorities

We may disclose personal information when required by law, regulation, or legal process, or to protect the rights, property, or safety of Purple Turtle Capital, our clients, or others.

5.5 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, personal information may be transferred as part of the transaction, subject to applicable legal requirements.

6. International Data Transfers

As a global company, we may transfer personal information to countries other than the country where it was collected. When we transfer personal information internationally, we ensure appropriate safeguards are in place:

  • EU/EEA and UK transfers: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other lawful transfer mechanisms under GDPR and UK GDPR.
  • Canada: Transfers comply with PIPEDA requirements, including contractual protections for information transferred to processors.
  • South Africa: Cross-border transfers comply with POPIA Section 72, requiring recipient countries to have adequate data protection laws or appropriate safeguards in place.
  • United States: We comply with applicable state privacy laws, including the CCPA/CPRA for California residents.

7. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law. Our retention practices are:

  • Transaction records: Retained for a minimum of 7 years following the close of a transaction, or longer if required by applicable financial, tax, or regulatory law.
  • Due diligence materials: Retained for the duration of a transaction process and for 5–7 years afterward to address potential claims.
  • Website analytics data: Retained for up to 26 months from collection (consistent with industry standards).
  • Marketing contact records: Retained until you opt out, or for up to 3 years from last contact if no earlier opt-out is received.
  • Legal hold: Where litigation, regulatory inquiry, or legal obligation requires it, data may be held beyond standard retention periods.

When personal information is no longer required, we securely delete or anonymize it.

8. Cookies and Tracking Technologies

Our website uses cookies and similar technologies (pixels, local storage, web beacons) to operate the site, analyze usage, and support marketing.

8.1 Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for website functionality. These cannot be disabled.
  • Analytics Cookies: Help us understand how visitors interact with our site (e.g., Google Analytics). Used with your consent where required.
  • Preference Cookies: Remember your settings and preferences across visits.
  • Marketing Cookies: Used to deliver relevant content and measure advertising effectiveness. Used with consent.

8.2 Your Cookie Choices

Upon first visiting our website, you will be presented with a cookie consent banner. You may accept or decline non-essential cookies at any time by visiting our Cookie Settings page or adjusting your browser settings. Note that disabling certain cookies may affect website functionality.

For more information, see our separate Cookie Policy available on our website.

9. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information. We will respond to verified requests within the timeframes required by applicable law.

9.1 Rights Available in All Regions

  • Right to Access: Request a copy of the personal information we hold about you.
  • Right to Correction: Request that inaccurate or incomplete information be corrected.
  • Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.

9.2 EU/EEA and UK Rights (GDPR / UK GDPR)

  • Right to Erasure (Right to be Forgotten): Request deletion of your personal information, subject to legal exceptions.
  • Right to Restrict Processing: Request that we limit how we use your information.
  • Right to Data Portability: Receive a structured, machine-readable copy of data you provided to us.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Lodge a Complaint: File a complaint with your local supervisory authority (e.g., the ICO in the UK, your national DPA in the EU).

9.3 California Rights (CCPA/CPRA)

  • Right to Know: Request disclosure of the categories and specific pieces of personal information collected, used, and disclosed.
  • Right to Delete: Request deletion of personal information (subject to exceptions).
  • Right to Opt Out of Sale or Sharing: We do not sell personal information. We do not share it for cross-context behavioral advertising.
  • Right to Limit Use of Sensitive Personal Information: Request that we limit the use of sensitive personal information to specified purposes.
  • Right to Non-Discrimination: Exercise your rights without receiving discriminatory treatment.

To submit a California rights request, contact us at privacy@purpleturtlecapital.com. We will respond within 45 days.

9.4 Canada Rights (PIPEDA)

  • Right to Access: Request access to personal information we hold about you.
  • Right to Challenge Accuracy: Request correction of inaccurate information.
  • Right to Withdraw Consent: Subject to legal and contractual restrictions.

9.5 South Africa Rights (POPIA)

  • Right to Access: Request confirmation of whether we hold personal information and request a copy.
  • Right to Correction or Deletion: Request correction or deletion of inaccurate, irrelevant, or unlawfully processed information.
  • Right to Object to Processing: Object to processing of your personal information.
  • Right to Lodge a Complaint: File a complaint with the Information Regulator of South Africa.

Information Regulator South Africa: inforeg@justice.gov.za

9.6 How to Exercise Your Rights

Submit requests to us by email. We may need to verify your identity before processing requests. We will not charge a fee for reasonable requests and will respond within the legally required timeframe.

10. Data Security

We implement appropriate technical and organizational measures to protect personal information against unauthorized access, loss, destruction, or alteration. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest where appropriate
  • Access controls and role-based permissions limiting data access to authorized personnel
  • Regular security assessments, penetration testing, and vulnerability management
  • Confidentiality agreements with employees and contractors who handle personal data
  • Incident response procedures for detecting and responding to data breaches

While we take reasonable precautions, no method of transmission over the internet is 100% secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and applicable regulatory authorities as required by law.

11. Third-Party Websites and Links

Our website may contain links to third-party websites. This Privacy Policy does not apply to those websites. We encourage you to review the privacy policies of any third-party sites you visit. We are not responsible for the content or privacy practices of third-party sites.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or regulatory requirements. When we make material changes, we will update the “Last Updated” date at the top of this Policy and, where required, notify you via email or a prominent notice on our website.

We encourage you to review this Policy periodically. Your continued use of our website or services after changes are posted constitutes your acknowledgment of the updated Policy.

13. Children’s Privacy

Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately by email and we will take steps to delete such information.

14. Regulatory Complaints

If you have concerns about our data practices that we have not adequately addressed, you have the right to lodge a complaint with your relevant supervisory authority:

  • EU: Your national Data Protection Authority (DPA)
  • UK: Information Commissioner’s Office (ICO) — ico.org.uk
  • Canada: Office of the Privacy Commissioner of Canada — priv.gc.ca
  • South Africa: Information Regulator — inforeg.org.za
  • California (US): California Attorney General — oag.ca.gov

15. Contact Us

For any questions, concerns, or requests related to this Privacy Policy or your personal information, please contact:

Purple Turtle Capital — Privacy Office

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by