The scope and purpose of this Data Protection Privacy Notice
This Data Protection Privacy Notice explains how H2 Equity Partners Limited (“H2EP”, “we”, “us”, “our”), collects, uses, shares and otherwise processes your Personal Data in connection with your relationship with us in accordance with applicable data privacy laws and the General Data Protection Regulation (“GDPR”).
The term “Personal Data” as used in this Data Protection Privacy Notice means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
What information do we collect about you, how do we collect it and what do we use it for?
The kinds of Personal Data we may collect includes, your full name, who you work for, your contact details (such as your address, email address and telephone number) and, where we have an engagement with you, other information (such as date of birth, bank account details, identification documents and numbers). In most cases, we will collect the Personal Data directly from you but may also obtain it from other sources (such as public registers).
In accordance with Data Protection Law, we will only process your Personal for specific purposes where there is a lawful basis for doing so. The lawful basis, and purposes that we rely on are:
- you have consented to us doing so (consent) – we rely on consent when sending you marketing communications (if you’ve agreed we may send these to you). Please note, you can opt out of receiving such communications at any time by using the contact information provided below or by selecting unsubscribe on any one of these communications;
- we need it to perform the contract we have entered into with you (contract) – this involves the use of your Personal Data so that we can communicate with you about the contract (whether to provide or receive instructions, sending or receiving invoices, auditing performance of the contract and other communicates which are necessary for the performance of the contract);
- we need it to comply with a legal obligation (legal obligation) – these obligations include, where we have a regulatory obligation to conduct customer due diligence or are required to provide information to tax authorities , actions which we are required to take for the prevention and/or detection of fraud, money laundering, or other financial crimes, where we are required to respond to regulatory requests for information, we may also be required to disclose information to our professional advisors (lawyers, auditors, accountants), and/or governmental/regulatory bodies in within the scope of this lawful basis; or
- we (or a third party) have a legitimate interest which is not overridden by your interests or fundamental rights and freedoms (legitimate interest) – this includes the provision of services by us, administrative or operational processes within H2EP, recording incoming or outgoing calls (we will notify you about such call recording if it happens), the management and/or auditing of the performance of the contract, providing you with necessary updates in relation to this Privacy Notice (and any other updates which we consider we should reasonably provide to you), anonymising Personal Data so that it can be used to enhance our performance/products/services, disclosures to third parties who we use to assist us in meeting all of the above (including disclosures to service providers, such as our IT service providers, professional service providers (lawyers, accountants, auditors), we may also need to make disclosures to governmental/regulatory bodies in within the scope of this lawful basis.
Where we send periodic marketing emails to you, you will always be given the option to unsubscribe from receiving those e-mails within the e-mail itself, as well as by writing to us using the contact information provided below.
Please note that we may use or disclose Personal Data if we are required by law to do so or if we reasonably believe that use or disclosure is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.
Accuracy of information
It is important that the Personal Data we hold about you is accurate and current, and we rely on you to help us do this. Please let us know if your Personal Data changes during your relationship with us.
What if you do not provide the personal data we request?
Save where we require your information to enter into a contract with you, it is in your sole discretion to provide any other Personal Data to us. If you do not provide us with all or some of the Personal Data we request, we may not be able to accept an engagement from you, to provide all or some of our services, to enter into a contract with you or to send you information about us (e.g. marketing materials).
Change of purpose and anonymisation
We will only use your Personal Data for the purposes for which we collected it as set out above, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
With whom will we share your information?
When using your Personal Data for the purposes and on the legal basis described above we may share your Personal Data with other service providers we work with. Depending on the nature of your relationship with H2EP (e.g. a client, an employee, etc.) these service providers may include, but are not limited to, accountants, tax advisors, pension providers, auditors, legal and regulatory advisors and IT providers. We may also have to share your Personal Data with regulators, public institutions, courts or other third parties where we are legally required to do so.
H2EP will not sell your Personal Data nor will we distribute, disseminate or disclose your Personal Data to third party sales or marketing agencies.
When sharing your Personal Data with others (in particular our own service providers), we will take appropriate measures (including contracts and other safeguards) to protect your Personal Data. If you would like to know more about the organisations that we share your Personal Data with, please contact us using the contact information provided below.
Will we send your information outside the EEA?
For the purposes described above, from time-to-time, we may transfer your Personal Data outside of the European Economic Area (EEA). In such cases, we will always ensure that we have put in place appropriate safeguards for such data transfer so that your Personal Data is treated in a manner that is consistent with and respects the EU laws and other applicable laws and regulations relevant to data protection.
Your rights in relation to your information
You have rights as an individual which you can exercise under certain circumstances in relation to your Personal Data that we hold. These rights are to:
- request access to your Personal Data (commonly known as a “data subject access request”) and request certain information in relation to its processing;
- request your Personal Data in a way that it can be shared moved/copied/transferred to a third party, otherwise known as the right of data portability;
- request rectification of your Personal Data;
- request the erasure of your Personal Data;
- request the restriction of processing of your Personal Data;
- object to the processing of your Personal Data.
Please note, some of the above rights may only be exercised in specific circumstances, as they are not absolute. In addition to your having the above rights, you may also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues or, as the case may be, any other competent supervisory authority of an EU member state.
Right to withdraw consent
In those instances where our processing of your Personal Data is based on our having received you consent, you have the right to fully or partly withdraw your consent at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your Personal Data, unless we have another lawful basis for doing so (as discussed above).
How long will we retain your information?
We will only retain your Personal Data for as long as necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.
To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. If you would like to know more information about our retention practices, please contact us using the information provided below.
In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, in which case it is no longer Personal Data.
Upon expiry of the applicable retention period we will securely destroy your Personal Data in accordance with applicable laws and regulations.
Changes to this Data Protection Privacy Notice
H2EP reserves the right to update this Data Protection Privacy Notice at any time, and we will make an updated copy available on our website. , or where required by law, we will contact you directly.
If you have any queries, questions, concerns or require any further information in relation to the Data Protection Privacy Notice or you wish to exercise any of your rights, please do not hesitate to contact us at firstname.lastname@example.org.