We are committed to protecting and respecting your privacy. This Policy explains how we collect, use and process your personal data in compliance with our legal obligations, including, where applicable, the UK GDPR (as defined below). For the purposes of the UK GDPR, we are controllers of personal data. This Policy applies to the personal data of investors (or their representatives), directors and employees, service providers (or their representatives) and website users whose personal data we may process.
Depending on how you interact with us or where you are located, different laws may be applicable to our processing of your personal data, such as Regulation (EU) 2016/679 General Data Protection Regulation as it forms part of the laws of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (the "UK GDPR"), the Data Protection Act 2018, Regulation (EU) 2016/679 (the "EU GDPR") if and to the extent applicable, and the California Consumer Privacy Act (along with any implementing regulations and as may be amended from time to time, "CCPA"). If you are a California resident (as defined below), please review the below Section 11 ("Additional Information for California Residents") for additional disclosures, our notice at collection, and a description of your potential rights under the CCPA.
What personal data do we collect?
In the course of our business, we may collect information about you that can help us directly or indirectly identify you ("personal data"). "Personal data", for the purposes of this Policy, includes personal data as defined under the UK GDPR and, with regard to California residents, "personal information" as defined under the CCPA.
We may collect, use, store and transfer personal data from individuals that are employees, directors, officers or other representatives or agents of market counterparties, professional services and other service providers, trade associations, public bodies and other entities or undertakings.
Such personal data is typically limited in scope and may include the following:
- in relation to investors: name, postal address, email address, telephone number and other contact information, identity and nationality documentation, marital status, occupation and employer details, bank account details, signature, tax identification numbers, social security or other unique identifier numbers, capital account or other information about investments, risk tolerance and transaction history or investment experience, information about marketing and communication preferences, certain audio, electronic or visual information, online identifiers (such as internet protocol (IP) addresses), usage data (such as interactions with our website or use of certain online tools), or other similar identifiers, and inferences drawn from the information collected;
- in relation to former and current employees, directors, officers or representatives, or former and current applicants for position of employment: name, postal address, email address, telephone number and other contact information, biographical or professional information, performance records, salary data, references, identity and nationality documentation, information regarding immigration status, marital status, bank account details, signature, tax and social security identification numbers and next of kin information, certain audio, electronic or visual information, and some special categories of personal data such as race or ethnicity, sexual orientation, health and sickness records, and inferences drawn from the information collected;
- in relation to service providers: limited personal data of the individuals who are employees or other representatives of the service providers, such as names, email address, telephone number and other contact information; and
- in relation to website users, the categories may include name, email address, username, password, IP addresses, and inferences drawn from the information collected.
How do we collect personal data?
We may collect personal data through a range of means. These may include (i) direct interactions, where a person provides personal data to us through correspondence or other direct methods of communication, including in the course of account applications, subscription agreements or other related documentation, transactions or through interactions with our website or use of certain online tools; (ii) through third-party service providers (for example, recruitment agents, investor’s brokerage or financial advisory firm, or consultants); or (iii) publicly available sources (where we receive personal data through a publicly available source such as a website or publicly-available registry) or sources designed to detect and prevent fraud or other violations of applicable laws and regulations.
Why do we process and how do we use your personal data?
We will only process personal data in circumstances where we have established a lawful basis to do so under applicable laws, including the UK GDPR. These circumstances include where the processing of the relevant data relates to a legitimate interest of Blantyre, further described below. In such circumstances Blantyre will have established that the processing is necessary for the relevant purpose, and where we are satisfied our interests are not overridden by the interests or fundamental rights or freedoms of the individuals concerned.
In accordance with the above, we have determined that the lawful bases for our processing of personal data are our legitimate interests to undertake activities necessary and ancillary to the carrying on of an investment management business, including where necessary for the purposes of carrying out activities relating to investments in the relevant fund, the administration of the relevant fund, the investment activities of the relevant fund, otherwise in furtherance of any contract entered into with respect to the activities of the relevant fund and entering into contractual arrangements in the context of our investment management business, to exercise and comply with our rights and obligations at law or under regulation where such obligations are not set out under the laws of the United Kingdom ("UK"), to establish, exercise or defend legal claims and in order to protect and enforce our (or another person’s) rights, property, or safety, or to assist others to do the same, and in order to provide information about our services and any investment products we offer. Our legitimate and overriding interests which may necessitate the use of personal data may also include protecting against fraud, including detecting fraud risks and managing risk exposure; verifying your identity and responding to your inquiries, and keeping records of our communications with you; and complying with industry standards and our policies, including administering and improving our website and internal operations such as testing, research, statistical and survey purposes.
In addition, we may also control or process personal data where the individuals have provided their consent, where necessary to comply with legal or regulatory obligations applicable to us under the laws of the UK, or in order to give effect to a contract, or to take necessary pre-contractual steps with a view to potentially entering into a contract (including in our capacity as an employer or a prospective employer), to the extent applicable.
We may from time to time control or process personal data in respect of the relevant fund’s marketing, and advertising the relevant fund and/or other investment vehicles and/or related services. In certain circumstances, we may send communications about our services, events and other marketing communications to you. If you do not wish your personal data to be processed for marketing purposes you may have the right to opt out of such processing, as described further below (Section 8 "Your Rights").
In addition to the uses described above, in some circumstances, we may use personal data provided to us to establish, exercise or defend legal claims, including responding to a judicial process, law enforcement or governmental agency.
We will only use personal data for the purposes that it has been collected for, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose of the control or processing. Any person requiring information with respect to any additional purpose for which personal data may be controlled or processed may obtain such information by contacting us at the address set out below. If we need to control or process personal data for an unrelated purpose, we will use our reasonable endeavours to notify affected persons and to explain the basis on which we are permitted to undertake the same.
Should you have concerns regarding our use of your data described above, please contact us. In certain circumstances you may be entitled to object. We have set out further information about your rights in this Policy.
Who do we share with and disclose to your personal data?
In order to run our business and provide services to you, we may share personal data within the group.
We may also share personal data with certain third parties for the purposes set out above. The relevant third parties with whom such personal data may be shared include entities appointed to provide services to us and our affiliates, or those entities’ group companies (including administrators, banks, lenders, auditors, law firms, consultants, and placement agents; brokers or counterparties that we trade with and their agents; regulatory, legal and tax authorities, including governmental organisations and self-regulatory organisations; and third parties in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganisation, dissolution, or liquidation)). Further details of the third parties with whom personal data may be shared are available on request, by contacting us at the address set out below. Wherever possible, we will only disclose personal data to a third party in circumstances where that third party has agreed to respect the security and confidentiality of personal data and treat it in accordance with applicable law. We will seek to ensure that third parties to whom any personal data may be disclosed will not use personal data for their own purposes and only process personal data for specified purposes and otherwise in accordance with our instructions and/or with applicable laws, including the UK GDPR.
We may also disclose personal data about you to a third party at your request or direction or with your consent.
International transfers of personal data
Our activities are such that it may be necessary for personal data to be transferred and/or processed outside the UK.
In circumstances where we transfer personal data outside the UK, we will seek to ensure a similar degree of protection is afforded to it by ensuring that personal data is generally transferred only to persons in countries outside the UK in one of the following circumstances:
- to persons and undertakings in countries that have been deemed to provide an adequate level of protection for personal data by the relevant body in the UK;
- to persons and undertakings to whom the transfer of such personal data is made pursuant to a contract that is compliant with the standard data protection clauses for the transfer of personal data to third countries from time to time approved by the relevant body in the UK;
- to persons and undertakings outside of the UK pursuant to other appropriate safeguards for the transfer of personal data; and
- only on one of the conditions allowed under the UK GDPR in the absence of an adequacy decision or appropriate safeguards.
Further information on specific mechanisms utilised by Blantyre transferring personal data outside the UK and the countries to which such transfer may be made (which may include, but are not limited to the Cayman Islands and the United States) may be obtained upon request from the Chief Compliance Officer of Blantyre Capital Limited by contacting the address set out below.
Security and retention of personal data
We maintain physical, electronic, and procedural safeguarding arrangements to protect your personal data. Access to personal data is restricted on a need-to-know basis and to those employees and representatives who have been advised as to the proper handling of such data. We take reasonable steps and use security measures appropriate to the nature of the information in compliance with applicable laws to protect your personal data against unauthorised access and exfiltration, acquisition, theft, or disclosure. Given the nature of information security, there is no guarantee that such safeguards will always be successful.
We seek to maintain accurate, up to date data, and correct inaccurate information on a timely basis. Please also see below information about your right to rectification.
We will retain personal data for as long as necessary to fulfil the purposes for which it has been collected. This will include any period of retention required to satisfy any applicable legal, regulatory, taxation, accounting, regulatory or reporting requirements. In addition, some data may be retained with a view to potential litigation or complaints (subject to applicable limitation periods).
In determining the appropriate retention period for any personal data, we will consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of the data, the purpose for which the relevant data is being processed, the extent to which the purposes for which the relevant data is being processed can be achieved by other means and any applicable legal requirements. Without prejudice to the generality of the forgoing, we have determined that we will retain records for at least five years, in accordance with the rules, requirements and guidance of the FCA.
Details of retention periods applicable to personal data subject to the UK GDPR are available upon request, by contacting us at the address set out below. In some circumstances, a person may request that we delete any personal data retained by us. Further, in some circumstances, we may anonymise personal data for research or statistical purposes, in which case such information may be retained and utilised indefinitely without further notice.
Under the UK GDPR, persons whose data is processed by Blantyre will have certain rights. You can exercise these rights by contacting us using the information below. You may be asked to provide some proof of identification so that we can verify that it is you making the request.
Specifically, you have the following rights:
- Access. You have the right to know we collect certain personal data about you and to ask us for copies of your personal data. Please use the contact details provided at the end of this Policy.
- Rectification. You have the right to request that we correct your personal data you think is inaccurate or incomplete.
- Objection to processing. You have the right to object to processing in some circumstances, including where we are using your personal data for our legitimate interests and for direct marketing purposes, including by opting-out of marketing communications by contacting us at the address set out below.
- Erasure. You have the right to request that we erase the personal data we have collected about you in certain circumstances. The right to erasure is not absolute, and only applies if we no longer need your personal data to carry out the purpose that we collected it for; you have withdrawn your consent to our use of your personal data; you have objected to our use of your personal data and your interests outweigh our interests in using it; you believe we have processed your personal data unlawfully; or we have a legal obligation to erase your data. We will consider any request to erase personal data for any of the above reasons and endeavour to comply with the request to the extent permitted by law, but we may not always be able to comply with your request. If we are unable to comply with your request, we will contact you in writing.
- Restrict processing. You have the right to ask us to restrict the processing of your personal data in certain circumstances, including if you have concerns regarding the accuracy of your personal data, where you have made an objection to our use of your personal data; or if you believe we processed your personal data unlawfully, but you do not want us to delete it.
- Data portability. You have the right to receive a copy of the personal data that we collect about you in a way that is accessible and in a machine-readable format where the processing is based on your consent, the performance of a contract with you, or carried out by automated means. You have the right to request that such personal data be transmitted directly from us to another data controller, where technically feasible.
- Withdrawal of consent. You can withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
In certain circumstances, Blantyre may charge reasonable fees if any such request is clearly unfounded, repetitive or excessive.
If you wish to make a complaint regarding our handling of your personal data, you can contact us at the details set out below. You may also make a complaint to the relevant supervisory authority for data protection issues. In the UK this is the Information Commissioner’s Office ("ICO"). Contact details for the ICO may be found at www.ico.org.uk.
Links to other websites
Our website may contain links to third party websites. Any access to and use of such third party websites is not governed by this Policy, but, instead, is governed by the privacy policies of those third party websites. We are not responsible for the information practices of such third party websites.
We may use third-party web analytics services on the website, including Google Analytics. We use Google Analytics to help us understand how people are using our website. To find out more about how Google Analytics collects and processes data, please click here. Google Analytics has its own cookies that it uses to track and aggregate this information. You can prevent the use of Google Analytics relating to your use of our website by downloading and installing the browser plugin available here.
Some web browsers may transmit "do not track" ("DNT") signals. We currently do not respond to DNT settings in your web browser.
Additional Information for California Residents
The CCPA imposes certain obligations on us and grants certain rights to California residents ("California resident," "you" or "your") with regard to "personal information." If you are a California resident, please review the following information about our privacy practices surrounding how and why we collect, use, disclose, and share your personal information and your potential rights with regard to your personal information under the CCPA. The rights described in this section are subject to exemptions and other limitations under applicable law. Terms used in this section have the meaning ascribed to them in the CCPA. We are a "business" as described under the CCPA.
Notice at Collection and Use of Personal Information
Information We Collect
Depending on how you interact with us, we may collect the categories of personal information listed above in Section 2 ("What personal data do we collect?").
How We Use Collected Information
We also may use your personal information for the business or commercial purposes described above in Section 4 ("Why do we process and how do we use your personal data?").
For more information about our privacy practices, please review our entire Privacy Notice, which is available here.
Our Collection, Use, Disclosure, and Sharing of Personal Information
In the preceding 12 months, depending on how you interact with us, we may have collected the categories of personal information listed above in Section 2 ("What personal data do we collect?"). We may collect personal information from all or some of the categories of sources listed in Section 3 ("How do we collect personal data?"). We may collect all or a few of these categories of personal information for the business or commercial purposes identified in Section 4 ("Why do we process and how do we use your personal data?"). We do not knowingly sell the personal information of California residents under 16 years old. In the preceding 12 months, we may have disclosed for a business purpose all categories of personal data listed in Section 2 ("What personal data do we collect?") to the services providers and third parties listed above in Section 5 ("Who do we share with and disclose to your personal data?").
California Residents’ Rights under the CCPA
If your personal information is subject to the CCPA, you may have certain rights concerning that information, subject to applicable exemptions and limitations, including the right to: (i) be informed, at or before the point of collection, of the categories of personal information to be collected and the purposes for which the categories of personal information shall be used; (ii) not be discriminated against because you exercise any of your rights under the CCPA; (iii) request that we delete any personal information about you that we collected or maintained, subject to certain exceptions ("Request to Delete"); (iv) opt-out of the "sale" (as that term is defined in the CCPA) of your personal information if a business sells your personal information (we do not); and (v) request that we disclose to you the personal information, including specific pieces of personal information, we have collected, our business or commercial purposes for using the information, and the personal information we have disclosed about you and the categories of third parties to which we have disclosed that information ("Request to Know").
The CCPA does not restrict our ability to do certain things like comply with other laws or comply with regulatory investigations. We also reserve the right to retain, and not to delete, certain personal information after receipt of a Request to Delete from California resident clients where permitted by the CCPA or another law or regulation.
How to Submit a Request Under the CCPA
California resident clients may submit Requests to Know and Requests to Delete by emailing us at firstname.lastname@example.org.
We are required to provide certain information or to delete personal information only in response to verifiable requests made by you or your legally authorized agent. When you submit a Request to Know or Request to Delete, we may ask that you provide clarifying or identifying information to verify your request. Such information may include, depending on the sensitivity of the information you are requesting and the type of request you are making, your name and email address. Any information gathered as part of the verification process will be used for verification purposes only.
You are permitted to designate an authorized agent to submit a Request to Know or a Request to Delete on your behalf and have that authorized agent submit the request through the aforementioned methods. In order to be able to act, authorized agents have to submit proof that they are authorized to act on your behalf, or have a power of attorney. We may also require that you directly verify your own identity with us and directly confirm with us that you provided the authorized agent permission to submit the request.
Changes to this Policy
Our policies and procedures with respect to the control or processing of personal data may be amended from time to time. Similarly, the purposes for which we may control or process personal data may change from time to time. If any changes would require a material amendment to the information set out herein, details of such changes will be made available by posting a new version of this Policy on the website. We encourage you to check the website regularly for information about revisions to this Policy. If you object to the change to our Policy, then you must contact us by any of the methods set out below regarding your objection or you must not continue to use our services.
How to contact us
If you wish to request any information or have any questions regarding this Policy or its implementation, you should contact Blantyre Capital Limited (FAO Chief Compliance Officer) at email@example.com, or at:
Blantyre Capital Limited
52 Jermyn Street, London, SW1Y 6LX
Attention: Data Protection Compliance