Data Protection, Privacy & Cookies Policy

Elm Capital Associates Limited and Elm Capital USA limited (Collectively “Elm Capital”) collects personal data about you. Elm Capital as the controller processes your personal data in compliance with the provisions under the General Data Protection Regulation (“GDPR”). This Data Protection & Privacy Policy (“Policy”) explains how we use any personal data we collect about you.

What Personal Data do we collect?

“Personal Data” is any information relating to you or that we can otherwise link to you. The Personal Data we collect includes but is not limited to, name, role, firm name, email address, LinkedIn profile URL and business address. When you connect to our services, we may log your IP address.

How do we collect your Personal Data?

We collect personal data that you voluntarily provide to us, for example when you;

      • provide us with your business card;
      • request to be added to our newsletter distribution list via our website;
      • enquire about employment opportunities;
      • respond to requests to submit personal information about yourself (e.g. for due diligence checks); and
      • otherwise contact us, and we keep a record of that correspondence.

In some cases, your Personal Data has been supplemented by information retrieved from other sources, including searches via publicly available search engines, sector-specific newsletters and data depositories, social media and your own company’s or employer’s website.

How do we use your Personal Data?

We use the Personal Data we collect for communication purposes, including to:

      • identify your requirements, deliver services and information, and promote other services which may be of interest to you;
      • contact you for your views on our services and to notify you occasionally about important changes or developments to our services;
      • administer and manage delivery of our services to you;
      • comply with compliance obligations;
      • market to you, for example by sending you email newsletters; and
      • to maintain our list of contacts.

The personal information that we collect from you may be transferred to and stored at a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us, or by a supplier with such staff. By submitting your personal details, you agree to us potentially transferring, storing and processing your personal information in this way.

Why do we process your Personal Data and on what legal basis?

As set out above we process your Personal Data for communication and compliance purposes. We rely on our legitimate interests in maintaining business relationships and communicating with you as a business contact about Elm Capital’s activities. We consider that our legitimate interests are in compliance with GDPR and your legal rights and freedoms.

Where is your Personal Data stored?

The majority of Personal Data that Elm Capital receives is processed and stored on servers in EEA datacentres.

In some circumstances, your data may be stored by trusted partners and service providers outside of the EEA, namely on servers located in the United States of America or Canada. In such cases, similar privacy laws exist and a contractual agreement is in place.

With whom do we share your Personal Data?

In the context of legitimate business interests, we may share your personal data with:

      • third party service providers (“third parties”), such as parties that provide dataroom, CRM and compliance retention services for Elm Capital; and
      • business partners where a contractual agreement is in place; or
      • business partners where a legitimate business interest exists.

We will ensure that, where relevant, contractual safeguards are implemented to ensure the protection of your Personal Data when disclosing your Personal Data to a third party. For example, we will enter into data processing agreements with relevant parties (providing for restrictions on the use of your Personal Data and obligations with respect to the protection and security of your Personal Data).

The majority of Personal Data that Elm Capital shares with legitimate third parties is processed and stored on servers in EEA datacentres. In some circumstances, and similar to the data we hold directly, your data may be stored by third party trusted partners and service providers outside of the EEA, namely on servers located in the United States of America or Canada. In such cases, proper measures are taken to ensure adequate protection of your Personal Data in accordance with applicable data protection legislation. Generally, we will enter into the standard contractual clauses with the recipient of your Personal Data.

As a general rule, we do not share your Personal Data with third parties located outside the EEA, United States of America or Canada, which countries may offer a lower level of data protection.

How long do we keep your Personal Data?

Your Personal Data will be saved for the specified purposes mentioned above for as long as you are a business contact to us or it is subject to compliance obligations.

Elm Capital retains all due diligence data for 7 years to ensure compliance obligations are met in respect of its registrations with the FCA and FINRA.

Your personal data will be deleted:

      • when it is no longer reasonably required for the specified purposes mentioned above; or
      • you withdraw your consent, in such circumstances where we are not legally required or otherwise permitted to continue storing such data.

You can ask us at any time if you no longer wish to receive any and all communications from Elm Capital.

Should you wish to cease all communications, you may contact us at

If you currently receive or subscribe to our newsletter(s), we will use your name and email address to send the newsletter to you. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in such emails or by contacting us at

Data security

Elm Capital has implemented appropriate technical and organisational security measures to help protect your Personal Data against loss and to safeguard against access by unauthorised persons.

IP addresses and cookies

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns and does not identify any individual. IP addresses will not be used to deliver targeted marketing messages and we will not disseminate this information to anyone other than our partners, employees and contractors.

For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive.

They enable us to:

      • improve our site and to deliver a better service;
      • analyse trends and estimate audience size and usage patterns;
      • speed up your searches;
      • gather broad demographic information for aggregate use; and
      • recognise you when you return to our site.

You may refuse to accept cookies by activating the setting on your browser that allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our site.

Links to other websites

Elm Capital’s website may contain links to other websites. This Privacy Policy extends only to the Elm Capital’s website and does not cover the use of data by any website not connected to us which you may link to by using hypertext links within Elm Capital’s website. We recommend that you check the relevant privacy policy of each site that you visit and contact the owner or operator of that website if you have any concerns.

Your rights

You have the right to know what Personal Data we process about you and may request a copy. You are also entitled to have incorrect Personal Data about you corrected and you may in some cases ask us to delete your Personal Data. You can also object to certain Personal Data about you being processed and request that processing of your Personal Data be limited. Please note that the limitation or deletion of your Personal Data may mean we will be unable to provide the communications described above. You also have the right to receive your Personal Data in a machine-readable format and have the data transferred to another party responsible for data processing. If you disagree with how we process your Personal Data, you are also entitled to report this to the Information Commissioners Office (ICO) and/or to other the competent supervisory authorities in the EEA.

Updates to this Data Protection, Privacy & Cookies Policy

We reserve the right to update and change this Policy from time to time in order to reflect any changes to the way in which we process your personal data or change in legal requirements. In case of any such changes, we will post the changed Data Protection & Privacy Policy on our website or publish it otherwise. The changes will take effect as soon as they are posted on this website.

How to contact us

If you have any questions about how we process your Personal Data, please feel free to contact us at