Last updated: 13 July 2026
Coravel Privacy Policy
Coravel respects your privacy and is committed to protecting your Personal Data. This privacy policy (this “Privacy Policy”) explains how we collect, use, disclose, and safeguard your Personal Data when you visit the Site and use our Services. This Privacy Policy is intended to apply globally. Additional provisions are included below for individuals who are located in specific jurisdictions, such as the European Economic Area (EEA) or certain U.S. states, where specific privacy laws may apply. This Privacy Policy will be revisited as the Site is updated. Any changes will be posted on this page. This Privacy Policy does not apply to services offered by other companies or individuals, including third-party services used by Coravel, or third-party websites accessed through the Site.
Data Controller
The controller responsible for the processing of your Personal Data is Vanguard Platform HoldCo, LP, with registered address at One Alhambra Plaza, Suite 1200, Coral Gables, FL 33134 (“Coravel”, “we”, “us” or “our”).
If you have any questions or concerns regarding this Privacy Policy, want to update your information maintained by Coravel, or want to address any other inquiry regarding our privacy practices, please email us at dataprivacy@coravel.com.
Definitions
For the purposes of this Privacy Policy:
“Personal Data” means any information that identifies you, relates to you, describes you, is reasonably capable of being associated with you, or could reasonably be linked to you, directly or indirectly (for example: name, email address, postal address, phone number, device identifiers, online identifiers, and other similar information).
“Services” means any products, services, features, content, and functionality offered by Coravel through the Site, digital platforms, and related communications.
“Site” means Coravel’s websites and other digital platforms that link to this Privacy Policy.
“Processing” means any operation performed on Personal Data, such as collection, use, storage, disclosure, or deletion.
Categories of Personal Data We Collect
When you interact with our Site and Services, we may collect the following categories of Personal Data:
Contact and identification data: name, email address, company name, job title, postal address, and phone number, collected when you submit enquiries or information requests through forms on the Site, or when you communicate with us via email or other channels.
Recruitment data: if you submit your curriculum vitae or apply for a position through the Site, we may collect your name, contact details, employment history, education, qualifications, and any other information provided by you.
Technical and browsing data: when you access the Site, we may automatically collect certain technical data, including your IP address and other usage data. This data is collected through cookies and similar technologies, as described in the section titled Cookies and Analytics below.
Purposes of Processing
We process your Personal Data for the following purposes:
To respond to your enquiries and requests for information about our Services submitted through the Site or via email.
To manage and evaluate job applications and CVs received through the Site, where applicable.
To send you commercial communications and updates about our Services, where permitted by applicable law. Where required, we will obtain your prior consent, and we will provide a clear and simple way to opt out of further commercial communications.
To operate, maintain, and improve the Site, including analysing usage patterns and ensuring the security of the Site.
To comply with applicable legal obligations, respond to lawful requests from public authorities, investigate and process whistleblower complaints, and protect our legal rights and interests.
Coravel does not carry out profiling activities or automated decision-making, including any automated processing that produces legal effects or similarly significant effects on individuals.
Legal Basis
We process Personal Data only where we have an appropriate reason to do so and in accordance with applicable privacy laws. The purposes for which we process Personal Data are described in this section. Where a specific legal basis is required under applicable law, additional information is provided in the jurisdiction-specific sections below.
Disclosure of Personal Data
We may disclose your Personal Data to the following categories of recipients:
Affiliated companies: we may disclose Personal Data with companies within our corporate group (including parent companies, subsidiaries, and joint venture partners) for internal administrative purposes and to provide you with our Services. You can check the relevant affiliated companies in this link.
Service providers: we engage service providers who process Personal Data on our behalf to help us operate the Site, provide analytics, host our infrastructure, and deliver our Services. When a service provider processes your Personal Data as a data processor on behalf of Coravel, we will conclude a data processing agreement with such party that meets the requirements set out in applicable data protection laws. We will require that service providers process your Personal Data only in accordance with our instructions and applicable data protection laws, and subject to appropriate confidentiality and security obligations.
Public authorities and legal requirements: we may disclose Personal Data to public authorities, courts, or other parties when required by applicable law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, safety, or property, or to detect, prevent, or address fraud, security, or technical issues.
Data Retention
Personal Data is retained only for as long as necessary to fulfil the purposes described in this Privacy Policy, or as required or permitted by applicable law. The specific retention periods depend on the nature of the Personal Data and the purpose for which it was collected.
International Data Transfers
Coravel operates globally. Your Personal Data may be transferred to, accessed from, stored, or otherwise processed in countries other than the country in which you are located, including the United States and other jurisdictions where our affiliated companies or service providers operate. These countries may have data protection laws that differ from those of your jurisdiction.
Where required by applicable law, we will implement appropriate measures to protect your Personal Data in connection with such international transfers or overseas disclosures.
For individuals in the European Economic Area (“EEA”), UK and similar jurisdictions: where Personal Data is transferred to a country that has not been recognized as providing an adequate level of protection, we will rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses, or other legally recognized transfer mechanisms, as applicable.
Cookies and Analytics
We may use cookies, tracking pixels, and similar technologies to operate the Site, understand how it is used, and improve the Services. These technologies may collect information about your device and your interactions with the Site, such as pages viewed, time spent on pages, referring links, and approximate location (based on IP address).
We will ask for your consent before placing non-essential cookies or using similar technologies for analytics. You can manage your preferences at any time through the cookie settings available on the Site (where provided) and through your browser settings.
Most web browsers allow these technologies by default, though you may disable them if you wish. Please note that if you decline to accept browser cookies or delete previously existing cookies, you may not be able to access some features of the Site.
You can find more information about how we use cookies in our Cookie Policy.
Children
The Site is not directed to anyone under the age of 18, and we do not intend to, or knowingly, collect Personal Data from anyone under the age of 18.
Jurisdiction-Specific Privacy Information
Additional Information for Individuals in the EEA, UK and similar jurisdictions
This section applies only where the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”) or similar laws requiring a legal basis for processing apply to our processing of your Personal Data.
Legal basis for processing (EEA, UK and similar jurisdictions)
Where this section applies, Coravel processes Personal Data only where we have a lawful basis to do so. The legal bases we rely on depend on the specific processing activity:
Consent (Art. 6(1)(a) GDPR): where you have given your consent to the processing, such as opting in to receive marketing communications or accepting non-essential cookies.
Performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR): where processing is necessary to perform a contract with you or to take steps at your request prior to entering into a contract, such as responding to your enquiries or providing requested information about our Services.
Legitimate interests (Art. 6(1)(f) GDPR): where processing is necessary for our legitimate interests or those of a third party, provided such interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include operating and improving the Site, ensuring security, preventing fraud, conducting analytics, and managing business relationships.
Compliance with legal obligations (Art. 6(1)(c) GDPR): where processing is necessary to comply with a legal obligation to which we are subject, such as retaining records, responding to regulatory requests, or cooperating with competent authorities.
Your rights
If you are located in the EEA, UK or similar jurisdictions, you have the right to exercise your rights of access, rectification, as well as the right to erasure or of objection, limitation of processing, the right to the portability of your data and the right to withdraw the consent for the processing of personal data that you have consented to at any time, proving your identity by sending an email to dataprivacy@coravel.com.
You may also lodge a complaint with your local supervisory authority if you believe your data has been processed unlawfully.
Additional Information for Residents of Certain U.S. States
Certain U.S. state laws require us to notify you of the categories of Personal Data we collect, the purposes for which we collect or use such Personal Data, whether such Personal Data is sold or shared, and the length of time we intend to retain such Personal Data, or if that is not possible, the criteria we use to determine that period, among other information. This Privacy Policy contains such information in this section and the sections titled Categories of Personal Data We Collect, Purposes of Processing, Disclosure of Personal Data and Data Retention. Please read this Privacy Policy and any other terms provided to you at or before the collection of your Personal Data carefully.
If you are a resident of certain U.S. states, you may have certain of the following additional rights regarding your Personal Data, subject to certain exceptions and limitations:
Right to access the categories and specific pieces of Personal Data we have collected about you, the categories of sources from which we have collected your Personal Data, our purposes for collecting your Personal Data, and the categories of third parties to whom we have disclosed your Personal Data, and obtain a copy of your Personal Data in a portable and, to the extent technically feasible, readily useable format.
Right to correct any incomplete or inaccurate Personal Data that we maintain about you, in certain circumstances.
Right to delete any Personal Data that we maintain about you, in certain circumstances.
Right to limit the use and disclosure of your sensitive Personal Data. We only process sensitive Personal Data in connection with recruitment for HR-related purposes and as otherwise permitted by applicable U.S. state laws, such that we are not required to provide this right.
Right to opt-out of “sales” and “sharing” of your Personal Data and processing of your Personal Data for targeted advertising purposes. We do not “sell” or “share” (as such terms are defined by applicable laws) your Personal Data for cross-context behavioral advertising or process your Personal Data for purposes of targeted advertising, and we therefore are not required to provide this right.
We will not discriminate against you for exercising any of your rights.
You may exercise your right to access, correct or delete by sending an email to dataprivacy@coravel.com.
We will acknowledge your request within 10 business days. Within 45 calendar days, we will provide a substantive response to your request or notify you of an extension period (of up to an additional 45 calendar days) and the reason for the extension.
We must verify your identity in order to respond to your request. In order to do so, we may require you to provide additional information and/or give a declaration as to your identity under penalty of perjury.
Only you or an authorized agent may make a request relating to your Personal Data. You may designate an authorized agent by giving them written permission and verifying your identity or through power of attorney.
If we deny your request and you are a resident of certain U.S. states, you have the right to appeal our decision. You may do so by sending an email to dataprivacy@coravel.com.
California’s Shine the Light Law
California’s “Shine the Light” law allows you to obtain information about our disclosure of your Personal Data to third parties for such third parties’ direct marketing purposes. We do not share Personal Data with third parties for such purposes.
Do Not Track
The Site does not respond to Do-Not-Track (DNT) signals.