TERMS OF USE

Each person using the Whale Rock Capital Management, LLC (“Whale Rock”) website (“Site”) (a “User” or “you”) expressly agrees to the following Terms of Use. These terms, together with the Privacy Policy (collectively, the Terms of Use and Privacy Policy are referred to as “Terms”) govern, as a condition to accessing and using this Site, any content, functionality or services offered on or through this Site, as well as all information about you collected by this Site whether such information is collected automatically, through the use of cookies and equivalent technology, or if provided by you. Please read the Terms carefully before you start to use the Site. By using the Site, you accept and agree to be bound by the Terms. If you do not agree to the Terms, you must not access the Site.

This Site is offered and available to users who are 18 years of age or older and reside in the United States or any of its territories or possessions. The owner of the Site is based in the Commonwealth of Massachusetts in the United States. We make no claims that the Site or any of its content is accessible or appropriate outside of the United States. Access to the Site may not be legal by certain persons or in certain countries. If you access the Site from outside the United States, you do so on your own initiative and are responsible for compliance with local laws.

Whale Rock may revise and update these Terms from time to time in our sole discretion. All changes are effective immediately when we post them and apply to all access to and use of the Website thereafter. Users continued use of the Site following the posting of revised Terms means that you accept and agree to the changes. Users are expected to check this page each time you access this Site so you are aware of any changes, as they are binding. Whale Rock reserves the right to withdraw or amend this Site, and any service or material we provide on the Site, in our sole discretion without notice. Whale Rock will not be liable if for any reason all or any part of the Site is unavailable at any time or for any period. From time to time, Whale Rock may restrict access to some parts of the Site, or the entire Site, to Users.

The Site and its entire contents, features, and functionality (including but not limited to all information, software, text, displays, images, video, and audio, and the design, selection, and arrangement thereof), are owned by Whale Rock, its licensors, or other providers of such material and are protected by United States and international copyright, trademark, patent, trade secret, and other intellectual property or proprietary rights laws. These terms permit you to use the Site for your personal or internal business use only. You must not reproduce, distribute, modify, create derivative works of, publicly display, publicly perform, republish, download, store, or transmit any of the material on our Site, except as follows:
• Your computer may temporarily store copies of such materials in RAM incidental to your accessing and viewing those materials.
• You may store files that are automatically cached by your Web browser for display enhancement purposes.

You must not:
• Modify copies of any materials from this Site.
• Use any illustrations, photographs, video or audio sequences, or any graphics separately from the accompanying text.
• Delete or alter any copyright, trademark, or other proprietary rights notices from copies of materials from this Site.
• Collect data through automated means, such as through scrapers, spiders, robots, or other harvesting programs (collectively referred to as “Auto Data Collection”).

No User may use the Site at any time for any purpose that is unlawful or prohibited and shall comply with any applicable local, state, national or international laws or regulations when using this Site.

Whale Rock, and the logos and marks included on the Whale Rock website that identify Whale Rock services and products are proprietary materials. The use of such terms and logos and marks without the express written consent of Whale Rock is strictly prohibited. Copyright in the pages and in the screens of the Site, and in the information and material therein, is proprietary material owned by Whale Rock unless otherwise indicated. The unauthorized use of any material on the Whale Rock website may violate numerous statutes, regulations and laws, including, but not limited to, copyright, trademark, trade secret or patent laws.

If you print, copy, modify, download, or otherwise use or provide any other person with access to any part of the Site in breach of the Terms, we may restrict your right to use the Site and you must, at our option, return or destroy any copies of the materials you have made. No right, title, or interest in or to the Site or any content on the Site is transferred to you, and all rights not expressly granted are reserved by Whale Rock. Any use of the Site not expressly permitted by these Terms is a breach of these Terms and may violate copyright, trademark, and other laws.

Disclaimer of Warranties

You understand that we cannot and do not guarantee or warrant that files available for downloading from the internet or the Site will be free of viruses or other destructive code. You are responsible for implementing sufficient procedures and checkpoints to satisfy your particular requirements for anti-virus protection and accuracy of data input and output, and for maintaining a means external to our Site for any reconstruction of any lost data.

TO THE FULLEST EXTENT PROVIDED BY LAW, WHALE ROCK WILL NOT BE LIABLE FOR ANY LOSS OR DAMAGE CAUSED BY A DISTRIBUTED DENIAL-OF-SERVICE ATTACK, VIRUSES, OR OTHER TECHNOLOGICALLY HARMFUL MATERIAL THAT MAY INFECT YOUR COMPUTER EQUIPMENT, COMPUTER PROGRAMS, DATA, OR OTHER PROPRIETARY MATERIAL DUE TO YOUR USE OF THE WEBSITE OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE OR TO YOUR DOWNLOADING OF ANY MATERIAL POSTED ON IT, OR ON ANY WEBSITE LINKED TO IT.

YOUR USE OF THE WEBSITE, ITS CONTENT, AND ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE IS AT YOUR OWN RISK. THE WEBSITE, ITS CONTENT, AND ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITHOUT ANY WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. NEITHER THE COMPANY NOR ANY PERSON ASSOCIATED WITH THE COMPANY MAKES ANY WARRANTY OR REPRESENTATION WITH RESPECT TO THE COMPLETENESS, SECURITY, RELIABILITY, QUALITY, ACCURACY, OR AVAILABILITY OF THE WEBSITE. WITHOUT LIMITING THE FOREGOING, NEITHER WHALE ROCK NOR ANYONE ASSOCIATED WITH THE COMPANY REPRESENTS OR WARRANTS THAT THE WEBSITE, ITS CONTENT, OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE WILL BE ACCURATE, RELIABLE, ERROR-FREE, OR UNINTERRUPTED, THAT DEFECTS WILL BE CORRECTED, THAT OUR SITE OR THE SERVER THAT MAKES IT AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS, OR THAT THE WEBSITE OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE WILL OTHERWISE MEET YOUR NEEDS OR EXPECTATIONS.

TO THE FULLEST EXTENT PROVIDED BY LAW, THE COMPANY HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR PARTICULAR PURPOSE.

THE FOREGOING DOES NOT AFFECT ANY WARRANTIES THAT CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.

Limitation on Liability

TO THE FULLEST EXTENT PROVIDED BY LAW, IN NO EVENT WILL WHALE ROCK, ITS AFFILIATES, OR THEIR LICENSORS, SERVICE PROVIDERS, EMPLOYEES, AGENTS, OFFICERS, OR DIRECTORS BE LIABLE FOR DAMAGES OF ANY KIND, UNDER ANY LEGAL THEORY, ARISING OUT OF OR IN CONNECTION WITH YOUR USE, OR INABILITY TO USE, THE WEBSITE, ANY WEBSITES LINKED TO IT, ANY CONTENT ON THE WEBSITE OR SUCH OTHER WEBSITES, INCLUDING ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO, PERSONAL INJURY, PAIN AND SUFFERING, EMOTIONAL DISTRESS, LOSS OF REVENUE, LOSS OF PROFITS, LOSS OF BUSINESS OR ANTICIPATED SAVINGS, LOSS OF USE, LOSS OF GOODWILL, LOSS OF DATA, AND WHETHER CAUSED BY TORT (INCLUDING NEGLIGENCE), BREACH OF CONTRACT, OR OTHERWISE, EVEN IF FORESEEABLE.

THE FOREGOING DOES NOT AFFECT ANY LIABILITY THAT CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.

All matters relating to the Site and these Terms and any dispute or claim arising therefrom or related thereto (in each case, including non-contractual disputes or claims), shall be governed by and construed in accordance with the internal laws of the Commonwealth of Massachusetts without giving effect to any choice or conflict of law provision or rule (whether of the Commonwealth of Massachusetts or any other jurisdiction).

No waiver by Whale Rock of any term or condition set out in these Terms shall be deemed a further or continuing waiver of such term or condition or a waiver of any other term or condition, and any failure of Whale Rock to assert a right or provision under these Terms shall not constitute a waiver of such right or provision. If any provision of these Terms is held by a court or other tribunal of competent jurisdiction to be invalid, illegal or unenforceable for any reason, such provision shall be eliminated or limited to the minimum extent such that the remaining provisions of the Terms will continue in full force and effect.

* * *

Nothing on the public portion of the Site is an offer to sell securities or a solicitation of an offer to buy securities. Nothing in the public portion of the Site constitutes advice regarding, or a recommendation of, the purchase or sale of a security.

Registration with the SEC as an Investment Advisor does not imply any level of skill or training.

Last revised: November 2018

POLICY STATEMENT ON PRIVACY AND SECURITY

Whale Rock Capital Management LLC of 2 International Place, 24th Floor, Boston, MA 02110, US (“Whale Rock”) and the investment funds for which it serves as investment manager may collect nonpublic information of Whale Rock’s customers. This Privacy Policy applies to the processing of personal information to process and administer Whale Rock’s customers’ business needs and to ensure that we are satisfying their financial needs. This Privacy Policy also addresses how Whale Rock complies with Massachusetts, California, and other applicable state data security and consumer privacy regulations. This Privacy does not apply to residents of the European Economic Area or the United Kingdom (collectively, “Europe”). If you are a resident of Europe, Whale Rock will provide you a data protection notice intended for you.

Information collected by Whale Rock in connection with the offering of financial products and services for individual, family or household use may be “nonpublic personal information” or “NPI” subject to the SEC’s Regulation S-P.  For more information on how we collect, use and share NPI, please see our Reg. S-P Privacy Notice.

Whale Rock collects and maintains nonpublic personal information about or from its customers including, but not limited to, the following types of information:

• Basic personal information such as name, social security number, address, current employment, company name, company email address, business phone number, and business address.
• Financial data including assets, transactions and income information.

The source of this personal information is usually our customers (directly or on their behalf by service providers or agents), recorded calls and from the following documents:

• Information provided to Whale Rock, such as on applications, questionnaires, contracts, or other forms.
• Transactions, account balances, account history, and transactions with us, affiliates or third parties.

Website Data Collection:

When a customer logs-in and/or anyone visits our website (whalerockcapital.com or the “Site”) from either their computer, mobile phone, tablet, or other device, we may collect certain information from them, including their Internet Protocol (“IP”) address through the use of cookies, listed below, that are necessary for the operation of our Site, or otherwise for the efficient functionality of the Site where the user consents to the use of the cookie (as described below):

• .ASPXFORMSAUTH – This is a session cookie that is utilized for post login. This cookie is generated at the time of log in for ensuring the site user remains logged in as they browse the site pages as well as auditing activity and security controls. This cookie is deleted as the user closes the browser, when the user explicitly logs out, or visits any page after 20 minutes of inactivity and are logged out automatically, whichever is first.
• ReturnUrl - This is a session cookie that is used for post-login. This cookie is generated during the first step of log in (before showing disclaimer or forced password update) and is removed when the user closes the browser, presses agree (if no forced password) or presses “OK” after updating their password/security question.
• ASP.NET_SessionId: This is a session cookie to maintain the state of the session for the user while they are browsing the site from page to page. This cookie is also deleted once the browser session is closed entirely.
• RequestVerificationToken: This token is created to prevent Cross-Site Request Forgery. It is a randomly generated token that is passed along with a matching hidden field value from the page to assure the request is a valid one.
• PopupDisclaimerAgree - This cookie is added when the user agrees to the pre-login site disclaimer banner/popup. This cookie expires after a customizable number of days, by default 30.

We only share such information with our service providers to perform a business, professional or technical support function for us.  

Security Measures:

It is the policy of Whale Rock to restrict access to personal information to those employees, agents, representatives or third parties that need to know the information to provide products and services to its customers. This includes:

• Physical safeguards including restricted elevator access to its offices and full-time staffed reception desk to check people who arrive at the office.
• Electronic safeguards including firewalls for server database protection, passwords for computer login, and limited access to the computer room.
• Restricting access to customer information to those required to have access to service customer needs.

Sharing of personal information:

All financial companies need to share customers’ information to run their everyday business. Whale Rock may disclose personal information with its affiliated Whale Rock companies and brokers, banks, agents, employees, and third parties who need to know to perform services on the customer’s behalf and to other third parties, including but not limited to the following types of third parties:

• Financial service providers, such as Whale Rock’s administrator, placement agent and prime broker registered broker/dealers, auditors, regulators, and transfer agents in order to service customer accounts and/or who assist Whale Rock as part of the ordinary course of servicing your investments or providing any other services to you;
• Legal representatives of Whale Rock, such as our counsel, accountants and auditors;
• Third parties who perform marketing services for Whale Rock or with whom we have entered into joint marketing agreements for services or information about services that you have requested;
• Parties to a dispute or litigation, and their representatives and advisors, or regulatory or governmental authorities or otherwise as permitted by law;
• Any other service providers.

In addition, to comply with Massachusetts Data Security Regulation and other applicable laws, Whale Rock has developed a process to ensure confidentiality and integrity of personal information, maintained by the firm and its administrators that could create the risk of identity theft or fraud against a resident of the Commonwealth of Massachusetts and have codified the policies and procedures in writing. These procedures include:

• Designation of one or more individuals responsible for maintaining and monitoring the information security program;
• Assessment of information security risks on an ongoing basis;
• Encryption of portable devices – portable devices that contain personal information of customers or employees and only where technically feasible are encrypted.
• Encryption of backup tapes and emails – backup tapes and emails containing personal information are encrypted on a prospective basis if it is technically feasible;
• Maintaining up-to-date virus definitions, firewall protections, and operating system security patches;
• Overseeing third party service providers;
• Documenting responsive actions taken in connection with any incident involving information security breaches and records of corrective actions taken.

Your State Privacy Rights:

To the extent applicable, Whale Rock complies with the state privacy laws (including the California Consumer Privacy Act (“CCPA”), Colorado Privacy Act, Connecticut Data Privacy Act, Virginia Consumer Data Protection Act, and other state laws that may become effective, by providing relevant state residents with the following rights with respect to their personal information:

• The right to know the categories and specific personal information collected from you that Whale Rock has collected, used, disclosed and sold.  To submit a request to know, you may call Whale Rock at (617) 502-9900 or email Whale Rock at info@whalerockcapital.com.  You may also designate an authorized agent to make a request for access on your behalf by contacting Whale Rock by phone or email.
• The right to request correction of any inaccurate personal information that Whale Rock has collected about you.  To submit a request for correction, you may call Whale Rock at (617) 502-9900 or email Whale Rock at info@whalerockcapital.com.  You may also designate an authorized agent to make a request for correction on your behalf by contacting Whale Rock by phone or email.
• The right to request that Whale Rock delete any personal information it has collected.  To submit a request for deletion, residents may call Whale Rock at (617) 502-9900 or email Whale Rock at info@whalerockcapital.com.  You may also designate an authorized agent to make a request for deletion on their your by contacting Whale Rock by phone or email.

When you exercise these rights and submit a request, Whale Rock will verify their identity and state residency by asking them for their email address, telephone number, and/or information about their account with Whale Rock. Whale Rock will endeavor to honor customers’ requests unless such a request conflicts with certain lawful exemptions under applicable state law.  Please note that Whale Rock is only required to honor such requests twice in a twelve (12) month-long period.

Exercise of these rights will have no adverse effect on the price and quality of Whale Rock’s services.

For the twelve (12) month-long period prior to the date of this Privacy Notice, Whale Rock has not sold any personal information about its customers as defined by the CCPA and it does not share information for targeted advertising; nor does it have any plans to do so in the future. 

We may change this Privacy Policy from time to time, including as required to keep current with rules and regulations, new technologies and security standards. When we do, we will post the change(s) on our Site. If we change this policy in a material and retroactive manner, we will provide appropriate notice.

If you have any questions about this Privacy Notice or to request a copy of this Privacy Notice in another format, call (781) 552-4019 or email kbenz@whalerockcapital.com.

WHALE ROCK – WEBSITE GDPR DATA PROTECTION AND COOKIE NOTICE

Introduction and Scope:

This data protection and cookie notice (this “Notice”) describes how Whale Rock (“us”, “we”, or “our”) collect, use, disclose and otherwise process personal data of data subjects who are both resident in the European Economic Area (“EEA”) or the United Kingdom (“UK”) and who:

• visit or interact with our website Home : Whale Rock (whalerockcapital.com) (the “Website”);
• communicate with us, including through e-mail, telephone, or post

(collectively, the “Data Subjects”). If you are not a Data Subject, this Notice does not apply to you. If are a director, officer, employee, or contact at an Investor, or if you reside outside the EEA or the UK, we will provide you with a different data protection notice. We will deploy cookies (which are not “strictly necessary”) on your device only with your consent.

Each of us act as joint controllers of Data Subjects’ personal data under the EU General Data Protection Regulation, the UK General Data Protection Regulation, and related data protection laws in the EEA and the UK (collectively, the “GDPR”) in relation to the processing activities covered by this Notice. We have set out in section 10 (How to Contact Us) our respective responsibilities to deal with your data protection rights under the GDPR.

Capitalised terms not defined in the main body of this Notice have been defined in Schedule 1 (Definitions). To receive this notice in another format (for example, audio, large print, braille) please contact us using the contact details in section 10 (How to Contact Us) below.

What Types of Personal Data Do We Process and How Do We Collect This Personal Data?

In this section we set out the types of personal data we may collect and the potential sources of such information. We may also receive any or all the types of personal data referred to in this section from our Affiliates.

Automatically Generated Personal Data

We may receive the following personal data which is automatically collected or logged from our information systems or third parties when Data Subjects access the Website:

• Cookie and Technical Data

Data Subject Provided Personal Data

We may receive the following personal data directly from Data Subjects:

• Voluntarily Provided Data
• Contact and Professional Data
• Marketing and Communications Data

We may combine Personal Data that you provide to us with Personal Data that we collect from you, or about you from other sources, in some circumstances. This will include Personal Data collected in an online or offline context.

Special Category Personal Data

We do not request any special categories of personal data with respect to the data processing activities covered by this Notice (this includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information concerning health, and genetic and biometric data). However, Data Subjects may provide these types of personal data to us as Voluntarily Provided Personal Data. We will rely on “conditions” (including explicit consent) provided for in the GDPR to process such special category data.

Criminal Convictions and Offences Personal Data

We do not also request any personal data relating to criminal convictions and offences with respect to the data processing activities covered by this Notice. However, such personal data may provided to us as Voluntarily Provided Personal Data. We will rely on “conditions” provided for in the GDPR to process such criminal convictions and offences data.

Personal Data relating to Children

Our Website and our services are not intended for children. We do not knowingly collect personal data from children under the age of 13. Parents or guardians of a child under the age of 13 who believe such child has disclosed personal to us, should contact us using the contact details at section 10 (How to Contact Us) below. A parent or guardian of a child under the age of 13 may review and request deletion of such child’s personal data as well as prohibit the use thereof.

How Do We Use Personal Data?

This section sets out how we use the personal data that we obtain or receive and our lawful basis under the GDPR for doing so (as defined in Part B of Schedule 1).

If a Data Subject has provided consent to processing and subsequently withdraws that consent, we may still process that Data Subject’s personal data where we have another lawful basis for doing so, provided that the Data Subject has not expressly asked us to stop processing their personal data in accordance with section 7 (Data Protection Rights).

Where we need to collect personal data by law or under the terms of a contract that we have with a Data Subject and the Data Subject fails to provide that personal data when requested, we may not be able to perform the contract we have with the Data Subject.

Sharing of Personal Data

We may share Data Subjects’ information with the following third parties (as defined in Part C of Schedule 1):

• Affiliates
• Business Partners
• Governmental Authorities
• Investors
• Professional Advisors
• Service Providers

Please see section 6 (International Data Transfers) below for information on international transfers to such third parties. We require all our data processors and any other third party that we provide Data Subjects’ personal data to respect the security of Data Subjects’ personal data and to treat it in accordance with applicable law.

Cookies

We deploy and use cookies on our Website as set out in our website privacy policy available here: https://www.whalerockcapital.com/login#ContactUs

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. We use certain cookies on our Website and platforms. Please see our cookie banner on our Website for more details.

Many web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org. To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.

International Data Transfers

Personal data may be transferred, stored, and accessed within the EEA or the UK or transferred to, stored in, and accessed from countries outside the UK or EEA in order to fulfil the purposes described in this Notice. For transfers to countries outside the UK and the EEA, the data protection regime may be different than in the country in which the Data Subject is located and may not provide the same level of data protection.  Therefore, whenever we transfer personal data out of the UK and the EEA, we will rely on, to the extent necessary under the GDPR, appropriate “adequacy decisions”, safeguards (including Standard Contractual Clauses), or derogations.

Data Protection Rights

If you are a Data Subject, you may have the following rights under the GDPR in relation to your personal data:

• Request access to your personal data
• Request correction of the person-al data that we hold about you
• Request erasure of your personal data
• Object to processing of your personal data
• Request restriction of processing of your personal data
• Request the transfer of your per-sonal data to you or to a third party
• Withdraw consent at any time where we are relying on consent to process your personal data

To exercise any of the rights set out above, please contact us using the contact details provided in section 10 (How to Contact Us) below. There are exceptions and exemptions that apply to some of the rights, which we will apply in accordance with the applicable data protection laws. Where you have any such rights under applicable laws, we will respond to any such rights that you want to exercise within one (1) month of receiving the request, unless the request is complex, in which case it may take longer. In addition to the above rights, you have the right to lodge a complaint with a supervisory authority.

We may need to request specific information from you to help us confirm your identity and your right to access the personal data (or to exercise any of the other rights).

Automates Processing and Decision Making

We do not make any decisions regarding Data Subjects solely using automated decision making (including profiling) based on Data Subjects’ personal data where such decision produces legal effects concerning the Data Subject or similarly affects the Data Subjects. We may use automated software tools to produce transcripts of audio and video virtual meetings which may involve the processing of your personal data. These transcripts will be reviewed by a human being.

Retention of Personal Data

We will only retain Data Subjects’ personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, regulatory requirements, the potential risk of harm from unauthorized use or disclosure of the personal data, the purposes for which we process the personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Details of retention periods for personal data are available from us on request using the contact details at section 10 (How to Contact Us) below.

How to Contact Us

To ask any questions regarding this Notice or to exercise any rights, please contact either of us using the following contact details: 2 International Place, 24th Floor, Boston, MA 02110, United States. info@whalerockcapital.com

Links to Other Websites

Our Website may contain links to other websites. These websites may have separate privacy and data collection practices, independent of our practices, and data subjects’ use and access to such sites is subject to those terms and policies. We have no responsibility or liability for these independent policies or actions and we are not responsible for the privacy practice or the content of such websites.

Amendments to This Notice

This notice may be revised from time to time, including where we add new features and services, as laws change, and as industry privacy and security best practices evolve.  We display a “Last Updated” date in at the top of this Notice so it is clear when there has been a change. If we make any material change to this Notice regarding use or disclosure of personal data, we will provide notice on the Website and as otherwise required.