Last updated: March 2026
SDC Website and Vendor Privacy Notice
SDC respects your privacy and is committed to safeguarding your personal data. This website and vendor privacy notice (“privacy notice”) describes the types of personal data that SDC Capital Partners, LLC and its subsidiaries (“SDC”, “we” or “our”) collects about individuals who visit SDC’s website (“website users”) and who interact with SDC in the context of their activities working for SDC’s current or potential suppliers, partners or vendors (“vendor representatives”) or and collectively with website users, “you”, and how SDC uses, shares, protects and otherwise processes your personal data. Please read the following carefully to understand SDC’s data practices. Where relevant, this Policy applies together with our Website Terms of Use. Personal data of our investors, processed through our investor portal, linked from our website, is processed in accordance with our Investor Privacy Notice, available through our investor portal.
Who does this notice apply to?
- This privacy notice applies to all website users and vendor representatives.
- Additional details on our processing of European Economic Area (“EEA”) or United Kingdom (“UK”) individuals’ personal data are set out in Annex 1.
- Additional details on our processing of Californian individuals’ personal data are set out in Annex 2.
What Data Do We Collect About You and Why?
The personal data we collect about you, and the purposes for which we process it, in connection with the operation of our website and the procurement of goods or services for SDC are:
| Data Category | Purpose of Processing |
| Technical information: electronic device and usage information (for example, from cookies and similar technology). | Maintaining the safety, security and integrity of our website and other products and services, databases, technology assets and business, including detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity. |
| Vendor representative business contact information: name, corporate email address, corporate telephone number from vendor representatives. | Communication with vendor representatives in relation to the goods or services the entity they work for provide to SDC. |
| Vendor correspondence information: Information we receive from vendor representatives in conversations over the telephone, in voicemails, through written correspondence, via email and other electronic communications. | Responding to correspondence from vendor representatives and managing ongoing communications related to the relationship with the vendor. |
We also process personal data where necessary to respond to and comply with requests and legal demands from regulators, courts, or other authorities in the jurisdictions in which SDC operates.
To Whom Do We Disclose Personal Data?
We do not disclose your personal data to other organizations, except:
- To comply with laws, regulators, authorities and related to legal proceedings. We share personal data with regulators, courts and other authorities (e.g. tax and law enforcement authorities), for legal, protection, and safety purposes, including compliance with applicable laws and regulations, requests from regulators or other authorities, and court orders, as well as to prepare for and participate in legal proceedings and investigations.
- With professional advisors. We share personal data with our professional advisers such as lawyers and accountants who need your personal data to provide products and services to us.
- Service providers. We share personal data with IT service providers such as Microsoft Office 365 (file storage) and Dropsuite (backup and recovery).
- For business transfers. We may share or transfer your personal data in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
- With affiliates. From time to time, we share your information with our affiliates, in which case we will require those affiliates to honor this privacy notice. Affiliates may include other companies that we control or that are under common control with us.
What Security is Provided for Your Personal Data?
We employ appropriate administrative, technical and operational safeguards designed to protect the security of personal data submitted to us. These measures are aimed at providing ongoing security, integrity and confidentiality of personal data.
Where Do We Transfer Your Personal Data?
SDC is a global company and as such your personal data may be transferred outside of your country of residence to other countries, including the United States of America, where privacy laws may not be the same as those in your jurisdiction.
How Long Is Your Personal Data Retained?
We retain your personal data only for as long as is necessary for the purposes set out in this privacy notice and to the extent permitted by applicable legal requirements. In general, in relation to website users, this will be for 7 years from the time you accessed our website, and in relation to vendor representatives this will be for the duration 7 years from the date the relationship with the vendor ended.
What Are Your Rights?
To the extent applicable under data protection or privacy laws of your jurisdiction, you may have specific rights in relation to the personal data we hold about you and how that personal data is processed by SDC. If you would like to exercise any rights afforded to you under applicable data protection or privacy laws, please use the contact details set out below.
If you would like to submit a complaint about our use of your personal data or response to your requests regarding your personal data, you may contact us using the contact details set out below.
Contacting us about this notice
You can contact us with any questions about this notice through the following addresses:
privacy@sdccapitalpartners.com
Changes To This Policy
We will update this privacy notice when necessary to reflect changes in our data processing. When we post material changes to this privacy notice, we will inform you in advance of the changes coming into effect. The most recent version of this policy is available at https://sdccapitalpartners.com/privacy-policy.
Annex 1 – UK and EEA Terms
Scope of this Annex
This Annex applies only to website users and vendor representatives located in the UK or EEA. The data controller in relation to your personal data is SDC Capital Partners Limited (“SDC UK”).
If you have any questions about this Annex or our processing of your personal data, you can contact us at privacy@sdccapitalpartners.com
Legal Basis for Processing
Our legal bases for processing your data are set out in the following table:
| Data Category | Legal Basis for Processing |
| Technical information: electronic device and usage information (for example, from cookies and similar technology). | Our legitimate interests in operating our website. |
| Vendor business contact information: name, corporate email address, corporate telephone number from vendor representatives. | Our legitimate interests in managing our relationship with current or potential vendors. |
| Vendor correspondence information: Information we receive from vendor representatives in conversations over the telephone, in voicemails, through written correspondence, via email and other electronic communications. | Our legitimate interests in managing our relationship with current or potential vendors. |
International Transfers
SDC UK is part of a global set of companies and as such your personal data may be transferred outside of the European Economic Area (‘EEA’), or United Kingdom (‘UK’), where privacy laws may not be as protective as those in your jurisdiction.
When transferring data outside the EEA or UK, SDC UK will take steps that are reasonably necessary so that your personal data is treated securely and appropriately safeguarded in accordance with this privacy notice and applicable data protection or privacy laws. This includes entering the UK or EU’s controller-to-processor or controller-to-controller standard contractual clauses as applicable.
Your Rights
You have the right (subject to certain limitations) to (a) confirm that SDC UK is processing your personal data, and how; (b) to access or rectify the personal data we keep about you; (c) to request the restriction of, or object to, our processing of your personal data; (d) to request the deletion of your personal data; and (e) in some circumstances, transfer/port any information we hold about you to a specified third party. Where we rely on your consent, you have the right to withdraw it anytime by contacting us using the details below (though this will not affect the lawfulness of any processing undertaken before your withdrawal). You can exercise these rights by contacting us using the address below.
Lodging a complaint
If you would like to submit a complaint about our use of your personal data or response to your requests regarding your personal data, you may contact us using the contact details set out above. You also have the right to lodge a complaint with the appropriate regulatory body/supervisory authority in the country in which you reside. Contact details are available for EEA data protection authorities are available here:
https://www.edpb.europa.eu/about-edpb/about-edpb/members_en
and for the UK here:
Annex 2 – California Privacy Notice
This Annex 2 supplements the privacy notice set forth above with respect to specific rights granted under the California Consumer Privacy Act of 2018, as amended (the “CCPA”) to natural person California residents and provides information regarding how such California residents can exercise their rights under the CCPA. This Annex 2 is only relevant to you if you are a resident of California.
Categories of Personal Information We Collect, Use, and Disclose: We have collected and disclosed for a business purpose the following categories of personal information to the following categories of recipients within the last twelve (12) months:
| Category | Examples | Categories of Recipients |
| Internet or other similar network activity | Use of our website and other online platforms (e.g., cookies, browsing history and/or search history), as well as information you provide to us when you correspond with us in relation to inquiries. | Our service providers, administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and other parties as necessary for the management of vendor relationships. |
| Geolocation data | IP address. | Our service providers, administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and other parties as necessary for the management of vendor relationships. |
| Identifiers | Name, contact details and address (including physical address, email address and Internet Protocol address), and other identification of vendor representatives. | Our service providers, administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and other parties as necessary for the management of vendor relationships. |
| Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | Telephone number for vendor representatives. | Our service providers, administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and other parties as necessary for the management of vendor relationships. |
| Professional or employment-related information | Place of employment, job title, and role of vendor representatives. | Our service providers, administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and other parties as necessary for the management of vendor relationships. |
We do not collect or use sensitive personal information for purposes that require us to offer a right to limit. We do not share for the purpose of cross-context behavioral advertising or sell (as such terms are defined in the CCPA) any of the personal information we collect about you to third parties.
We collect personal information for the business or commercial purposes and from the sources set forth in the “What Data Do We Collect About You and Why?” sections in the Privacy Notice above.
We retain the categories of personal information set forth above in the “Categories of Personal Information We Collect, Use, and Disclose” section of this California Privacy Notice as set forth in the “How Long Is Your Personal Data Retained?”
Your California Privacy Rights
You may have certain rights over the personal information that we collect, subject to certain exceptions and limits.
Deletion Rights: You have the right to request that we delete the personal information that we retain, subject to certain exceptions.
Know and Access Rights: You have the right to request that we disclose to you certain information regarding our collection, use, and disclosure of personal information specific to you. Such information includes:
- The categories of personal information we collected about you;
- The categories of sources from which the personal information is collected;
- Our business or commercial purpose for collecting such personal information;
- Categories of third parties with whom we disclose the personal information; and
- The specific pieces of personal information we have collected about you.
Correction Right: You have the right to request that we correct any inaccuracies in the personal information that we retain, subject to certain exceptions.
No Discrimination: We will not discriminate against you for exercising your rights under the CCPA, including by denying service, suggesting that you will receive, or charging, different rates for services or suggesting that you will receive, or providing, a different level or quality of service to you.
How to Exercise Your Rights: To exercise any of your rights under the CCPA, or to access this notice in an alternative format, please submit a request using any of the methods set forth below.
- Call us using the following number: (212) 813-6700.
- Email us at the following address: privacy@sdccapitalpartners.com
- Submit the webform available at the following link: [link]
We will contact you to confirm receipt of your request under the CCPA and request any additional information necessary to verify your request. We verify requests by matching information provided in connection with your request to information contained in our records.
You may designate an authorized agent to make a request under the CCPA on your behalf, provided that you provide a signed agreement verifying such authorized agent’s authority to make requests on your behalf, and we may verify such authorized person’s identity using the procedures above.