![$site_logo['alt']](https://www.elmcapital.com/wp-content/uploads/2019/05/EC_Logo_RGB-e1588361706837.png){kind=logo}
PRIVACY POLICY
Introduction
The Firm collects personal data about you and understands that your privacy is important and that you care about how your personal data is used.
The Firm, as a data controller, processes your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where applicable, the Firm also complies with the EU General Data Protection Regulation (EU GDPR) in relation to data subjects located in the European Economic Area (EEA).The Firm respects and values the privacy of its clients, employees and business contacts. It will only collect and use personal data as described in this Privacy Policy.
Any personal data that the Firm collects will only be used as permitted by law.
Personal Data
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’.
Personal Data is any information relating to you that enables you to be identified.
The Personal Data the Firm may collect about you might include your name, role, firm name, email address, LinkedIn profile URL and business address; it may also cover less obvious information such as identification numbers, electronic location data and other online identifiers.
Your Rights
Under European data protection law, you may have certain rights regarding your personal information. Depending on the circumstances, these rights may include the ability to:
- request further details about how we use your personal information;
- request a copy of the personal information you have provided to us;
- ask us to correct any inaccuracies in the information we hold;
- request that we electronically transfer the personal information you provided to us to a third party;
- ask us to delete personal information where we no longer have a lawful basis to use it;
- withdraw your consent, where processing is based on consent, so that we stop that specific activity;
- object to processing carried out on the basis of legitimate interests, unless we can demonstrate compelling reasons that override your rights;
- object at any time to your information being used for direct marketing (including related profiling); and
- request that we restrict the use of your information while a complaint is under review.
The exercise of these rights may be subject to certain exemptions to protect the public interest (such as preventing or detecting crime) and our own interests (such as preserving legal privilege). If you choose to exercise any of these rights, we will verify your eligibility.
For more information about the Firm’s use of your personal data or exercising your rights as outlined above, please contact the Firm’s Data Protection Officer by email at dpo@elmcapital.com.
You can find more details about your rights from the Information Commissioner’s Office at www.ico.org.uk/concerns or by calling their helpline on 0303 123 1113.
Please address any complaints about the Firm’s use of your personal data in writing, by email of post, to the Data Protection Officer.
It is important that your personal data is kept accurate and up-to-date; please inform the Firm immediately if any of your personal data changes.
Data Collected
The Firm may collect, amongst other voluntarily offered data, your name and email address when you correspond electronically with the Firm.
The Firm may furthermore collect personal data, voluntarily provided, through the following means:
- Correspondence via email or online platforms.
- The offering or forwarding of a business card.
- A request to be added to the Firm’s newsletter distribution.
- An enquiry about employment opportunities.
- Responses to due diligence or compliance information requests.
- Other contact with the Firm.
In some cases, your personal data may be supplemented by information retrieved from other sources, including searches via publicly available search engines, sector-specific newsletters and data depositories, social media and your own company’s or employer’s website.
The Firm does not collect any ‘special category’ personal data. In the rare event that special category data is collected (e.g. as part of recruitment or compliance checks), the Firm will ensure it is processed only where a specific condition under Article 9 UK GDPR is met.
The Firm’s website may also collect certain information automatically, including your IP address, the type of browser you are using and certain other non-personal data about your computer or device such as your operating system type or version and display resolution. This is statistical data about browsing actions and patterns and does not identify any individual. IP addresses will not be used to deliver targeted marketing messages and the Firm will not disseminate this information to anyone other than our partners, employees and contractors.
Cookies will only be used in accordance with the Privacy and Electronic Communications Regulations (PECR). A cookie notice will appear on the website and your preferences can be managed through browser settings.
The Firm’s website may contain links to other websites; please note that the Firm has no control over how your data is collected, stored or used by other websites and the Firm advises you to check the privacy policies of any such websites before providing any data to them.
Data Processing and Lawful Basis
When personal information is collected, it may be used or shared for the purposes set out below. For each purpose, the applicable ‘lawful basis’ for processing is indicated, as required under European data protection law. The lawful bases typically relied upon include:
Consent: where the individual has agreed to the use of their information.
Contract Performance: where the information is necessary to enter into or perform a contract.
Legal Obligation: where processing is required to comply with legal or regulatory requirements.
Legitimate Interests: where information is used to achieve a legitimate business interest such as maintaining and growing professional networks, improving services, ensuring compliance with regulatory obligations and securing IT infrastructure, provided this does not override the individual’s data protection rights.
Legal Claims: where information is required to establish, exercise or defend legal claims.
Purpose for Processing Personal Information |
Description |
Lawful Basis |
| Providing and managing requested services | Administering services, performing contractual obligations and making relevant introductions in connection with advisory activities. | Contract performance; legitimate interests (to deliver services, perform obligations and provide updates on services) |
| Delivering services and responding to enquiries | Providing requested services and responding to enquiries or requests from individuals. | Legitimate interests |
| Sending newsletters and marketing updates | Sending information about services or opportunities that may be of interest. Consent is obtained where required by law and can be withdrawn at any time. | Consent; legitimate interests (where applicable) |
| Effective communication | Responding to enquiries and notifying individuals of updates or changes to services. | Contract performance; legitimate interests (to maintain effective communication and provide updates) |
| Compliance with legal or regulatory requirements | Processing information to meet regulatory obligations, cooperating with regulators or managing claims. Fraud and background checks may be carried out and if false or misleading information is provided or fraud is suspected, details may be shared with fraud prevention agencies and recorded. | Legal obligation; legal claims; legitimate interests (to cooperate with regulators and law enforcement); substantial public interest |
| Carrying out due diligence and compliance checks | Performing regulatory, fraud prevention or background checks and meeting other compliance obligations. | Legal obligation |
| Managing business contacts and relationships | Maintaining and managing contacts, professional relationships and communications. | Legitimate interests |
| Administering website and internal systems | Operating, maintaining and improving internal systems, websites and IT infrastructure. | Legitimate interests |
| Reorganisation or transfer of business | Sharing personal information with relevant third parties (and/or their advisers) during a sale, transfer or reorganisation for due diligence or related purposes. | Legitimate interests (to enable business changes) |
If the Firm intends to process personal data for a purpose other than that for which it was originally collected, you will be informed and the applicable lawful basis will be explained. In certain circumstances, where permitted or required by law, the Firm may process your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.
Data Use
Under the Data Protection Legislation, the Firm must always have a lawful basis for using personal data.
The Firm uses the personal data that it collects to:
- identify your requirements, deliver services and information and promote other services which may be of interest to you;
- contact you for your views on its services and to notify you occasionally about important changes or developments to its services;
- administer and manage delivery of its services to you;
- comply with compliance obligations;
- market to you, for example by sending you periodic newsletters (you will not be sent any unlawful marketing or spam);
- maintain its list of contacts and CRM databases; and
- analyse usage of its website and improve functionality.
The Firm will always work to fully protect your rights and comply with the Firm’s obligations under the Data Protection Legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
The Firm will always obtain your consent before sharing your personal data with third parties for marketing purposes and you will be able to opt-out at any time.
Data Retention
Your personal data will be saved for the specified purposes mentioned herein for as long as you are a business contact to the Firm or the data is subject to compliance obligations.
The Firm retains all due diligence data for 7 years to ensure compliance obligations are met in respect of its registrations with regulatory bodies.
Your personal data will be deleted:
- when it is no longer reasonably required for the specified purposes mentioned above; or
- you withdraw your consent, only applicable in such cases where the Firm is not legally required or otherwise permitted to continue storing such data.
You can ask us at any time if you no longer wish to receive any and all communications from the Firm.
Should you wish to cease all communications, please do so by email to donotcontact@elmcapital.com.
If you receive or subscribe to the Firm’s newsletter(s), you may choose to stop receiving such newsletter or marketing emails by following the unsubscribe instructions included in such communications or by contacting us at unsubscribe@elmcapital.com.
Data Storage and Transfer
The majority of Personal Data that the Firm receives is processed and stored on servers in UK or European Economic Area (EEA) datacentres.
In some circumstances, your data may be transferred to and stored by trusted partners and service providers at a destination outside the UK or EEA, namely on servers located in the United States of America or Canada.
If any personal data is transferred outside of the UK or EEA, the Firm will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK or the EEA and under the Data Protection Legislation.
As a general rule, the Firm does not share your Personal Data with third parties located outside the EEA, United States of America or Canada, in which countries may offer a lower level of data protection.
The Firm will only transfer your personal data to third countries whose levels of data protection are deemed ‘adequate’ by the European Commission, where similar privacy laws exist and in such cases, where a contractual agreement is in place.
Data Security
The security of your personal data is essential to the Firm. To protect your data, the Firm has implemented commercial reasonable and appropriate technical and physical security measures designed to safeguard your personal data against loss, misuse and access by unauthorised persons. Such measures include:
- limiting access to your personal data to those employees, agents, consultants, contractors and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality; and
- implementing procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to, your personal data) including notifying you and/or the Information Commissioner’s Office where the Firm are legally required to do so; and
- maintaining agreements and safeguards with third-party service providers to ensure that any information shared with them is protected and used solely for the purpose of delivering necessary services.
Data Sharing
In the context of legitimate business interests, the Firm may share your personal data with:
- third party service providers, including CRM platforms, data room services and compliance support providers; and
- business partners, where there is a legitimate business interest or contractual agreement in place.
The Firm may further share your personal data with third parties for the following reasons:
- if the Firm sells, transfers or merges parts of the Firm’s business or assets, any new owner of the Firm’s business may continue to use your personal data in the same way that the Firm has used it;
- for legal proceedings or complying with legal obligations, a court order or the instructions of a government authority; and
- with other companies within the Firm’s group, including its holding company, affiliates and subsidiaries.
If any of your personal data is shared with a third party, as described above, the Firm will take steps to ensure that your personal data is handled safely, securely and in accordance with your rights and where relevant, contractual safeguards are implemented to ensure the protection of your personal data.
Cookies
When the Firm’s website is accessed, certain information (including IP addresses) may be collected automatically, for example through the use of cookies. Cookies are small files created by a website that can be temporarily or permanently stored on a device. They enable the website to recognise returning visitors and remember preferences. Cookies are issued when the website is accessed unless they are disabled in browser settings.
The Firm’s website may also use third-party web analytics services to help understand how its site is used. Information collected for this purpose is gathered directly by the analytics service providers. For more information, please refer to the Firm’s Cookie Policy.
Data Privacy Enquiries
To contact the Firm about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:
Contact: Data Protection Officer
Email address: dpo@elmcapital.com
Telephone number: +44 (0)20 7901 8940
This policy will be reviewed annually or when there is a change in circumstances, in work practices or the introduction of new legislation.
Any changes will be updated on the Firm’s website and you will be deemed to have accepted the terms of the Privacy Policy on your first use of the Firm’s website following the alterations.