PRIVACY POLICY
Introduction
The Firm collects personal data about you, and in doing so, understands that your privacy is important and that you care about how your personal data is used.
The Firm as a data controller processes your personal data in compliance with the provisions under the General Data Protection Regulation (“GDPR”).
The Firm respects and values the privacy of its clients and employees and will only collect and use personal data in ways that are described in this Privacy Policy.
Any personal data that the Firm collects will only be used as permitted by law.
Personal Data
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal Data is any information relating to you that enables you to be identified.
The Personal Data the Firm may collect about you might include your name, role, firm name, email address, LinkedIn profile URL and business address; it may also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
Your Rights
Under the Data Protection Legislation, you have the following rights, which the Firm will always work to uphold:
- The right to be informed about the Firm’s collection and use of your personal data;
- The right to request access to your personal data;
- The right to have your personal data rectified if it is inaccurate or incomplete;
- The right to be forgotten, i.e. the right to ask the Firm to delete or otherwise dispose of any of your personal data;
- The right to restrict (i.e. prevent) the processing of your personal data;
- The right to object to your personal data being used for a particular purpose;
- The right to data portability; and
- The right to withdraw consent.
For more information about the Firm’s use of your personal data or exercising your rights as outlined above, please contact the Firm’s Data Protection Officer by email at dpo@elmcapital.com.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you disagree with how we process your Personal Data, you are entitled to report this to the Information Commissioners Office (ICO) and/or to other the competent supervisory authorities in the EEA.
Please address any complaints about the Firm’s use of your personal data in writing, by email of post, to the Data Protection Officer.
It is important that your personal data is kept accurate and up-to-date; please inform the Firm immediately if any of your personal data changes.
Data Collected
The Firm may collect, amongst other voluntarily offered data, your name and email address when you correspond electronically with the Firm.
The Firm may furthermore collect personal data, voluntarily provided, through the following means:
- The offering or forwarding of a business card;
- A request to be added to the Firm’s newsletter distribution;
- An enquiry about employment opportunities;
- A response to requests to submit personal information about yourself (e.g. for due diligence checks); and
- Other contact with the Firm
In some cases, your personal data may be supplemented by information retrieved from other sources, including searches via publicly available search engines, sector-specific newsletters and data depositories, social media and your own company’s or employer’s website. The Firm does not collect any ‘special category’ or ‘sensitive’ personal data.
The Firm’s website may also collect certain information automatically, including your IP address, the type of browser you are using and certain other non-personal data about your computer or device such as your operating system type or version, and display resolution. This is statistical data about browsing actions and patterns and does not identify any individual. IP addresses will not be used to deliver targeted marketing messages and the Firm will not disseminate this information to anyone other than our partners, employees and contractors. The Firm’s website may contain links to other websites; please note that the Firm have no control over how your data is collected, stored, or used by other websites and the Firm advise you to check the privacy policies of any such websites before providing any data to them.
Data Use
Under the Data Protection Legislation, the Firm must always have a lawful basis for using personal data.
The Firm uses the personal data that it collects to:
- identify your requirements, deliver services and information, and promote other services which may be of interest to you;
- contact you for your views on its services and to notify you occasionally about important changes or developments to its services;
- administer and manage delivery of its services to you;
- comply with compliance obligations;
- market to you, for example by sending you periodic newsletters (you will not be sent any unlawful marketing or spam); and
- maintain its list of contacts
The Firm will always work to fully protect your rights and comply with the Firm’s obligations under the Data Protection Legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
The Firm will always obtain your consent before sharing your personal data with third parties for marketing purposes and you will be able to opt-out at any time.
If the Firm need to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose for which it was originally collected, the Firm will inform you and explain the legal basis which allows the Firm to do so. In some circumstances, where permitted or required by law, the Firm may process your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.
Data Processing
The Firm processes your Personal Data for communication and compliance purposes. It relies on legitimate interests in maintaining business relationships and communicating with you as a business contact about the Firm’s activities. The Firm considers its legitimate interests to be in compliance with GDPR and your legal rights and freedoms.
Data Retention
Your personal data will be saved for the specified purposes mentioned herein for as long as you are a business contact to the Firm or the data is subject to compliance obligations.
The Firm retains all due diligence data for 7 years to ensure compliance obligations are met in respect of its registrations with regulatory bodies.
Your personal data will be deleted:
- When it is no longer reasonably required for the specified purposes mentioned above; or
- You withdraw your consent, only applicable in such cases where the Firm is not legally required or otherwise permitted to continue storing such data.
You can ask us at any time if you no longer wish to receive any and all communications from the Firm.
Should you wish to cease all communications, please do so by email to donotcontact@elmcapital.com.
If you receive or subscribe to the Firm’s newsletter(s), you may choose to stop receiving such newsletter or marketing emails by following the unsubscribe instructions included in such communications or by contacting us at unsubscribe@elmcapital.com.
Data Storage and Transfer
The majority of Personal Data that the Firm receives is processed and stored on servers in UK or European Economic Area (EEA) datacentres.
In some circumstances, your data may be transferred to and stored by trusted partners and service providers at a destination outside the UK or EEA, namely on servers located in the United States of America or Canada.
If any personal data is transferred outside of the UK or EEA, the Firm will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK or the EEA and under the Data Protection Legislation.
As a general rule, the Firm do not share your Personal Data with third parties located outside the EEA, United States of America or Canada, in which countries may offer a lower level of data protection.
The Firm will only transfer your personal data to third countries whose levels of data protection are deemed ‘adequate’ by the European Commission, where similar privacy laws exist and in such cases where a contractual agreement is in place.
Data Security
The security of your personal data is essential to the Firm, and to protect your data it has implemented appropriate technical and organisational security measures to help protect your personal data against loss and to safeguard against access by unauthorised persons. Such measures include:
- limiting access to your personal data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality; and
- procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the Information Commissioner’s Office where the Firm are legally required to do so.
Data Sharing
In the context of legitimate business interests, the Firm may share your personal data with:
- Third party service providers (2third parties”), such as parties that provide dataroom, CRM and compliance retention services;
- Business partners where a contractual agreement is in place; or
- Business partners where a legitimate business interest exists.
The Firm may further share your personal data with third parties for the following reasons:
- If the Firm sells, transfers, or merges parts of the Firm’s business or assets, any new owner of the Firm’s business may continue to use your personal data in the same way that the Firm has used it;
- For legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority;
- With other companies within the Firm’s group, including its holding company, affiliates and subsidiaries;
If any of your personal data is shared with a third party, as described above, the Firm will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, and where relevant, contractual safeguards are implemented to ensure the protection of your personal data.
Data Privacy Enquiries
To contact the Firm about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:
Contact: Data Protection Officer
Email address: dpo@elmcapital.com
Telephone number: +44 (0)20 7901 8940
This policy will be reviewed annually or when there is a change in circumstances, in work practices or the introduction of new legislation.
Any changes will be updated on the Firm’s website and you will be deemed to have accepted the terms of the Privacy Policy on your first use of the Firm’s website following the alterations.