Privacy Policy
Jan 13, 2026
1. Introduction
This Privacy Policy applies to the website hedronusa.com (hereinafter the “website”) published by the company Hedron Private Markets, LLC (hereinafter “Hedron” or “we”) and its other services and products for which personal data is being communicated to NMC.
Please read this Privacy Policy carefully as it explains how Hedron uses your personal data and how to exercise your rights. This Privacy Policy supplements the Terms & Conditions or any documents or notices that may refer to this Privacy Policy.
Should you have any questions, you may directly contact Hedron by sending an email to crew@hedronusa.com.
2. Definitions
DATA means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
USAGE DATA is data collected automatically either generated by the use of Service or from Service infrastructure itself (for example, the duration of a page visit).
COOKIES are small files stored on your device (computer or mobile device).
DATA CONTROLLER means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your data.
DATA PROCESSORS (OR SERVICE PROVIDERS) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
DATA SUBJECT is any living individual who is the subject of Personal Data.
THE USER is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.
3. Legal context
We abide by the recommendations of the relevant authorities and have put in place an organization to ensure our compliance with the regulatory framework established by the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and any other laws or regulations relating to personal information that apply to us.
4. What is our role?
Under the GDPR, we are considered as a data controller. It means that we set the whys and hows we process your personal information. For example, when you are visiting our website, we are in charge of determining the purposes and the means that are necessary to administer, operate and manage our users’ personal information that we collect from it.
Depending on the activity we perform on your data, we may also be considered as a data processor. This means that you are our customer’s end user and that we are processing your data under the instructions of our customer considered as a data controller. In this case, the data controller sets the purposes and means of the processing activity, and we abide and deliver our service in regards to these.
5. What kind of personal information do we process?
We only collect and process personal information that is relevant and adequate. We give special attention to its accuracy and updates when needed. Personal information includes in particular:
Type of data | Examples of data |
|---|---|
Economic and financial data | e.g. income, financial situation, tax situation, banking details, etc. |
Identification data | e.g. first name, last name, picture, birth date, etc. |
Contact data | e.g. email address, phone number, postal address, ect. |
Professional data | e.g. company name, skills, job title, diplomas, etc. |
Connection data | e.g. IP address, logs, terminal and connection identifiers, timestamp, etc. |
Location data | e.g. movements, GPS data, GSM, etc. |
Internet data | e.g. cookies, tracers, navigation data, audience metrics, etc. |
Personal data | e.g. lifestyle, family situation, etc. |
Images & video data | e.g. video footage or photography |
Sensible data | e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life or sexual orientation, criminal convictions and offenses. |
National identification number | e.g. social security number, personal public service number, ID number, etc. |
The collection of this information may at times be mandatory in order to provide our service, other times optional to enhance your experience and left to your good will. Mandatory information will be identified as such when we collect your data. Know that if you refuse to provide it, Hedron won’t be able to provide you with its utmost service and you will unfortunately experience inconveniences.
6. When do we collect your personal information?
We collect your personal information on various occasions.
Sources | Description |
|---|---|
Billing form | Individual filled in a payment checkout |
Online or paper form | Individual filled in a form |
Sign up form | Individual signed up online |
Website or software visit | Individual browsed our website or our solution |
Partner relationships | Individual gave their data to one of our partners |
Data enrichment tools | We've used tools to enrich personal data |
Chat & Email conversation | Individual contacted us directly by mail |
Third Party Service | We've collected data through the use of a third party solution or service |
Video recording | Individual is recorded on camera |
Job application | Individual sent us a job application |
Social Media | We've collected users social media profiles |
Opensource data | We've collected data openly accessible on the internet |
Database purchase | We've purchased a database containing personal data |
Import via API | Import of personal data via API |
7. How do we use your personal information?
Your personal information will never be processed for incompatible purposes regarding why it was first collected. We only collect and process personal information for specified, explicit and legitimate purposes, like:
Processing Activities | Purposes | Legal basis |
|---|---|---|
Payment & billing management | To process money transactions | Contractual duties |
Cloud Hosting | This infrastructure is crucial for the smooth operation and continuous availability of our website. Additionally, they handle the direct hosting of website content, ensuring that web pages, images, and multimedia elements are delivered efficiently and responsively to end-users. The primary purpose of this processing activity is to leverage advanced hosting capabilities, ensuring optimal website performance, scalability, and reliability. Operational data such as server logs and network performance metrics are processed to maintain and enhance the hosting services. By combining robust infrastructure management with efficient content delivery, these subprocessors ensure a high-quality, reliable, and secure online presence for our services, aligning with our commitment to operational excellence and data privacy standards | Contractual duties |
Website audience measurement | To gather analytics on the website traffic | Consent |
Customer Lead management | To interact with individuals and companies about the service whether by email or by phone and follow lead management | Consent |
Internal communications & collaboration | To collaborate internally on the company's projects | Legitimate interest |
Employee expenses management | To administer service fees and business travels | Legitimate interest |
Administrative employee management | To provide employees' with company benefits and manage payroll and leaves | Contractual duties, Legal and regulatory obligations, Legitimate interest |
Service improvement | To maintain and optimize the performance of the service and understand how individuals use it | Legitimate interest |
Customer support and social communications | To provide customer care and interact with individuals on social platforms | Legitimate interest |
Electronic signature management | To digitally seal contracts and legal documents | Legitimate interest |
Compliance with legal and regulatory obligations | To fulfill legal obligations and disputes | Legal and regulatory obligations |
Payment Services, Remittance, and Fintech services | To process your financial transactions. | Contractual duties, Consent |
KYC, AML, and Compliance Services | To process and verify identity of users accessing our financial services. | undefined |
In order to comply with the principle of lawfulness, the legal bases for each data processing is determined carefully and on a case-by-case basis in accordance with the list provided by Article 6 of the GDPR.
We do not process your data or use automated decision making without your knowledge, nor do we sell or rent your personal information without your explicit consent.
8. Who can access your personal information?
Recipients to whom we disclose your personal information are carefully chosen by us. They receive data for legitimate purposes, especially when it comes to pursuing our business activity and providing a qualitative service:
Subprocessor | Service provided |
|---|---|
Framer | Website builder |
Amazon AWS | Cloud Infrastructure for apps and services |
GitHub | Software development platform |
Mixpanel Inc | Product analytics |
Zoom | Video conferencing |
Notion | Note and database app |
OpenAI | Machine learning and text analytics |
Slack | Collaboration program |
Figma | Design, prototype, and feedback tool |
Rippling | HR platform |
New Relic | Product analytics |
Box | File storage + E-signature platform |
Stable | Physical mail services |
Nium | Payment services |
VertoFX | Payout services |
Finix | Payout services |
AiPrise | Identity verification, KYB, KYC |
HSBC (HSBC Holdings plc), HSBC Bank USA, N.A. | Treasury, banking, payment, credit, risk, and transaction support |
PostHog | Product analytics |
Email Services, file storage, collaboration, mapping, Product experience | |
Helpscout | Customer support platform |
Loops | Email platform |
Google Analytics | Product analytics |
Superhuman | |
1Password | Secure data sharing |
Sendgrid | Email platform |
CircleCI | Development services |
Algolia | Integrated search |
Launch Darkly | Engineering / product experience management platform |
Coface | Financial underwriting |
Coinbase | Financial / payment services |
Mux | Video hosting |
Roam | Collaboration platform |
Reibus Logistics | Logistics services |
The New Money Company of San Francisco | Credit, risk, and financial transaction support |
The New Money Pte Ltd (SG) | Credit, risk, and financial transaction support |
Certain data recipients are considered our data processors in accordance with Article 28 of the GDPR, which means we review how they handle personal information and make sure they put in place appropriate guarantees to protect it.
Other recipients are considered authorized third parties in accordance with Article 4 of the GDPR, which means we have to communicate your personal information to them to comply with applicable legal obligations, lawful requests and processes (subpoenas, requests from government or tax authorities, etc.).
9. Where do we transfer your personal information?
As far as possible, your personal information is processed within the European Union. However, some of our service providers may be located in another country of which you are a resident or pursuing their activity outside of the European Union.
When we transfer your personal information to a recipient outside the European Union, we take care of putting in place sufficient guarantees in accordance with the list provided by Articles 44 to 50 of the GDPR, whether it is having it stored in a country with an adequate privacy protection or contracting Data Protection Agreements to ensure your personal information is protected.
Subprocessor | Location | Adopted safeguard |
|---|---|---|
AWS | USA | |
Framer | USA | |
USA | ||
Cal.com | USA | |
Notion | USA | |
OpenAI | USA | |
USA | ||
Twilio | USA | |
Superhuman | USA | |
HSBC Bank USA N.A. | USA |
If you have any further questions please contact support.