The privacy and security of personal information is very important to us. This privacy statement explains what information I Squared Capital Advisors (UK) LLP (“I Squared Capital”, “we”, “our” or “us”) gather about you, what we use that information for, the lawful basis on which that information is used and who we give that information to. It also sets out your rights in relation to your information and who you can contact for more information or queries.
As part of our commitment to protect your personal data in a transparent manner, we want to inform you of the following:
· why and how I Squared Capital collects, uses and stores your personal data;
· the lawful basis on which your personal data is processed; and
· what your rights and our obligations are in relation to such processing.
Who this privacy statement applies to and what it covers
This privacy statement sets out how we collect, handle, store and protect information about you in the operation of our business.
This privacy statement also contains information about when we share your personal information with other members of our group and third parties (for example, third parties carrying out due diligence activities on our behalf).
In this privacy statement, your information is sometimes called “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal information as “processing” such personal information.
What information we collect
In the course of our business we may collect or obtain personal data about you.
We may collect or obtain such data because you give it to us, because other people give that data to us (for example, your employer or adviser, or third party service providers that we use to help operate our business) or because it is publicly available.
The personal data that we collect or obtain may include: your name; age; date of birth; gender; e-mail address; home address; country of residence; lifestyle and social circumstances (for example, your pastimes); family circumstances (for example, your marital status and dependents); employment and education details (for example, the organisation you work for, your job title and your education details); financial and tax-related information (for example information relating to your investments, your income and tax residency); your IP address; your browser type and language; your access times; complaint details; details of how you use our services; details of how you like to interact with us and other similar information.
The personal data we collect may also include so called ‘sensitive’ or ‘special categories’ of personal data, such as details about your: dietary requirements, health (for example, so that we can make reasonable accommodations for you in our buildings, products and services) and sexual orientation (for example if you provide us with details of your spouse or partner).
The types of personal data and special categories of personal data that we collect may vary depending on the nature of the services that we provide to you. In some rare circumstances, we might also gather other special categories of personal data about you because you volunteer that data to us or we are required to gather that data as a result of legal requirements imposed on us.
Where we are provided with personal data about you by any third party such as a service provider, we take steps to ensure that that third party has complied with the privacy laws and regulations relevant to that information; this may include, for example, that the third party has provided you with notice of the collection (and other matters) and has obtained any necessary consent (if applicable) for us to process that information as described in this privacy statement.
We understand the importance of protecting children's privacy. Our website is not designed for, or intentionally targeted at, children. It is not our policy to intentionally collect or store information about children.
How we use information about you
We will use your personal data to carry out activities that form part of the operation of our business As part of this, we may use your personal data in the course of correspondence relating to such activities. Such correspondence may be with you, our affiliates, our service providers or competent authorities. We may also use your personal data to conduct due diligence checks relating to the relevant activities.
Because a wide range of activities form part of the operation of our business, the way we use personal data also varies. For example, we might use personal data for the purposes of, or in connection with:
· applicable legal or regulatory requirements
· requests and communications from competent authorities
· administrative purposes
· services we receive from our professional advisors, such as lawyers, accountants and consultants
· managing and making information available to third party service providers (e.g. providers of due diligence services) and our affiliates
· administrative, risk analysis and fraud/crime prevention purposes
· requests and communications from competent authorities (including courts and tribunals)
· protecting our rights and those of our affiliates
· to manage and improve our website or to manage and respond to any request you submit through our website
· otherwise corresponding with you
None of the information that we request from you is mandatory. However, such information may be necessary in connection with the performance of certain activities that form part of the operation of our business.
The legal grounds we use for processing personal information
We are required by law to set out in this privacy statement the legal grounds on which we rely in order to process your personal data.
As a result, we use your personal data for the purposes outlined above because: (a) of our legitimate interests in the performance of activities that form part of the operation of our business; (b) of our legitimate interests in the effective and lawful operation of our business so long as such interests are not outweighed by your interests; (c) of the legal and regulatory obligations that we are subject to, such as keeping records for tax purposes or providing information to a public body or law enforcement agency; or (d) the information is required in order to carry out the activities that form part of the operation of our business.
Examples of the ‘legitimate interests’ referred to above are: (i) to benefit from cost-effective services (e.g. we may opt to use certain IT platforms offered by suppliers); (ii) to verify the accuracy of information provided by a third party; (iii) to prevent fraud or criminal activity; (iv) to safeguard the security of our IT systems, architecture and networks, and of our physical premises; and (v) to exercise our rights under Articles 16 and 17 of the Charter of Fundamental Rights, including our freedom to conduct a business and right to property.
To the extent that we process any sensitive personal data relating to you for any of the purposes outlined above, we will do so because either: (i) we are required by law to process that data in order to ensure we meet our ‘know your client’ and ‘anti money laundering’ obligations (or other legal obligations imposed on us); (ii) the processing is necessary to carry out our obligations under employment, social security or social protection law; (iii) the processing is necessary for the establishment, exercise or defence of legal claims; or (iv) you have made the data public.
Who we disclose your information to
In connection with one or more of the purposes outlined in the “How we use information about you” section above, we may disclose details about you to: our affiliates; third parties that provide services to us and/or our affiliates, such as our professional advisors including our lawyers, accountants and consultants; competent authorities (including courts and supervisory or other authorities); your employer and/or their advisers; your advisers; organisations that help us reduce the incidence of fraud; and other third parties that reasonably require access to personal data relating to you for one or more of the purposes outlined in the “How we use information about you” section above.
Please note that some of the recipients of your personal data referenced above may be based in countries outside of the European Union whose laws may not provide the same level of data protection. Those countries currently include the United States of America, Singapore, India, the People’s Republic of China and will include certain other countries in which from time to time we carry out activities that form part of the operation of our business. In such cases, we will ensure that there are adequate safeguards in place to protect your personal data that comply with our legal obligations. To ensure this level of protection for your personal information, we typically use a data transfer agreement with the recipient based on standard contractual clauses approved by the European Commission. A copy of these clauses is available here:
Further details of the transfers of your personal information outside of the EEA and the adequate safeguards used by I Squared Capital in respect of such transfers (including copies of relevant agreements) are also available from us by contacting email@example.com.
Protection of your personal information
All I Squared Capital personnel accessing personal information must comply with the internal rules and processes in relation to the processing of personal information to protect them and ensure the confidentiality of such information.
We have also implemented adequate technical and organisational measures to protect personal information against unauthorised, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access and against all other unlawful forms of processing. These security measures have been implemented taking into account the state of the art of the technology, their cost of implementation, the risks presented by the processing and the nature of the personal information, with particular care for sensitive information.
Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to us or by us.
How long we keep your information for
We will hold your personal data on our systems for the longest of the following periods: (i) as long as is necessary for the relevant activity; (ii) any retention period that is required by law or regulation; and (iii) the end of the period in which litigation or investigations might arise in respect of our activities.
You have various rights in relation to your personal data. In particular, you have a right to:
· request a copy of personal data we hold about you
· ask that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete
· ask that we delete personal data that we hold about you, or restrict the way in which we use such personal data
· object to our processing of your personal data
To exercise any of your rights, or if you have any other questions about our use of your personal data, please email firstname.lastname@example.org.
You may also use these contact details if you wish to make a complaint to us relating to your privacy.
Right to complain
If you are unhappy with the way we handled your personal information or any privacy query or request you have raised with us you also have a right to complain to a data protection authority in the place where you live or work, or in the place where you think an issue in relation to your data has arisen. A list of national data protection authorities can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Changes to this privacy statement
We may modify or amend this privacy statement from time to time. We will communicate those changes to you using our usual means of communication with you.
Last revised: September 2018