17Capital LLP (“17Capital”, “we” and “us”) is committed to protecting the privacy and security of the Personal Data that we hold.
This notice (“Data Protection Notice”) is intended to explain how we collect, use and protect your Personal Data.
References to Personal Data, Processing and Data Subjects shall have the meaning given to these terms by the Data Protection Laws (as defined below).
2. WHO WE ARE
17Capital is a private equity investment fund manager specialized in the provision of liquidity to other private equity funds and their managers. 17Capital is authorized and regulated by the Financial Conduct Authority (“FCA”) under licence number 481506.
17Capital is committed to handling Personal Data fairly and lawfully and takes its data protection obligations very seriously. We have taken measures to ensure that we process Personal Data in compliance with applicable data protection laws, including without limitation, the UK General Data Protection Regulation (“GDPR”), as tailored from time to time by the Data Protection Act 2018, and any applicable national data protection law (together with GDPR, the “Data Protection Laws”).
3. WHAT IS PERSONAL DATA AND WHAT DATA DOES 17CAPITAL HOLD?
GDPR defines Personal Data as “any information relating to an identified or identifiable natural person”. The information we collect and hold can be categorised as follows:
- Employees and Prospective Employees – includes contact details, identification information, bank account details, background checks, employment history, performance information, remuneration, healthcare and pension arrangements.
- Clients and Prospective Clients – in relation to our individual clients, includes contact details, identification information, bank account details, background checks, transaction histories etc. For our corporate clients, includes the names and contact details of the individuals we interact with together with background and identification information of directors and officers that we are required to collect for regulatory purposes. For our prospective clients, primarily includes names and contact details but if being on-boarded could also include other information as described above.
- Service Providers, Suppliers and Contractors – the names and business contact details of the individuals we interact with at our service providers, suppliers and contractors together with background and identification information that we are required to collect.
- Other Business Partners / Contacts (e.g. banks, brokers, registrars, lawyers, accountants, actuaries, regulators, HMRC, investee companies, managing agents etc) – the names and business contact details of the individuals we interact with at these entities together with background and identification information that we are required to collect.
4. HOW IS PERSONAL DATA COLLECTED?
17Capital uses different methods to collect Personal Data including the following:
- personal details provided directly by employees, clients, suppliers & contractors and other business contacts; and
- third parties and publicly available sources e.g. Companies House, registrars and background check providers.
5. HOW DO WE USE PERSONAL DATA?
The Personal Data we obtain and hold is used to enable us to:
- provide investment management services to our investors; and
- fulfil our contractual and other obligations to employees, suppliers, contractors and other business partners; and
- meet our legal and regulatory obligations; and
- market to professional individuals whom 17Capital believe support our business.
Under the GDPR a firm must have a legal basis / justification for processing data. In the vast majority of instances, 17Capital will have one of the following justifications:
- performance of a contract;
- compliance with legal obligations; and/or
- legitimate business interests – and, in this instance, the processing must be “necessary” and must balance the interests of the controller with the rights of the individual.
Our “legitimate interests” referred to above are:
- the provision of the proof, in the event of a dispute, of a transaction or any commercial communication as well as in connection with any proposed purchase, merger or acquisition of any part of our business;
- compliance with laws and regulations and/or any order of a court, government, supervisory, regulatory or tax authority;
- risk management; and/or
- exercising our business in accordance with reasonable market standards.
We may combine the Personal Data that we collect from Data Subjects with information obtained from other sources to the extent permitted by law.
It is important that the Personal Data we hold is accurate and current and therefore the Data Subject should advise us as soon as possible in the event of any changes.
6. TO WHOM DO WE DISCLOSE PERSONAL DATA?
We will only use a Data Subject’s Personal Data for our internal business purposes. This includes the provision of marketing related correspondence to the Data Subject on our products and services. We may disclose Personal Data to our group companies, including 17 Capital Services Limited, in which case they will process such Personal Data in accordance with this Data Protection Notice.
We do not sell any Personal Data to third parties and we do not share Personal Data with third parties for the third parties’ marketing purposes.
7. WHAT DO WE DO TO KEEP PERSONAL DATA SECURE?
We have put in place appropriate physical and technical measures to safeguard the Personal Data we collect in connection with our services. In addition, we limit access to Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process Personal Data on our instructions and are subject to a duty of confidentiality.
However, please note that although we take appropriate steps to protect Personal Data no device, computer system, transmission of data or wireless connection is completely secure and therefore we cannot guarantee the absolute security of Personal Data.
8. INTERNATIONAL TRANSFER OF DATA
The Personal Data that we collect may be stored and processed in the European Economic Area (“EEA”) or transferred to, stored at or otherwise processed outside the EEA.
Where Personal Data is transferred outside the EEA we will take all steps reasonably necessary to ensure that the Data is kept secure and treated in accordance with this Data Protection Notice and the requirements of applicable law wherever the data is located. Appropriate transfer agreements and mechanisms (such as the EU Model Clauses) will be put in place to help ensure that our third-party service providers provide an adequate level of protection for Personal Data. We will only transfer Personal Data outside the EEA in accordance with applicable laws or where the Data Subject has given us consent to do so. In this respect, you have a right to request copies of the relevant document for enabling the Personal Data transfer(s) towards such countries by writing to us.
9. DATA RETENTION – HOW LONG IS PERSONAL DATA STORED / KEPT?
17Capital’s policy is to ensure that Personal Data is complete, accurate and up to date and only held where relevant and necessary. 17Capital retains Personal Data for as long as necessary to fulfil the purposes for which the Data has been collected as outlined in this Data Protection Notice unless a longer retention period is required by law and will be held securely to safeguard against unauthorised access and to prevent loss, destruction or damage. Data is kept under regular review to ensure that it is not held longer than is strictly necessary, whilst taking account of 17Capital’s other regulatory obligations such as the requirement to retain evidence of anti-money laundering checks.
When Personal Data is no longer required for the purpose for which it was collected or as required by applicable law, it will be deleted or in certain circumstances returned to the Data Subject in accordance with applicable law.
10. ACCESSING PERSONAL DATA AND OTHER RIGHTS THAT A DATA SUBJECT HAS
17Capital will collect, store and process Personal Data in accordance with the Data Subject’s rights under the GDPR. Under certain circumstances the Data Subject has the following rights in relation to their Personal Data:
a) the right to request details of their Personal Data held by 17Capital and to request copies of such information;
b) where 17Capital’s use of Personal Data is based upon their consent, the right to withdraw such consent at any time;
c) the right in certain circumstances to request 17Capital to port (i.e. transmit) their Personal Data direct to another organisation;
d) the right to ask 17Capital to rectify or update any Personal Data that is incorrect or complete;
e) the right to have Personal Data erased in certain specified circumstances;
f) the right to ask 17Capital to stop processing their Personal Data and to only store such Data;
g) the right to object to specific types of processing of Personal Data, for example where it is being used for the purpose of direct marketing; and
h) the right in certain circumstances not to be subject to decisions being taken solely on the basis of automated processing (e.g. profiling).
11. HOW CAN A DATA SUBJECT ENFORCE THEIR RIGHTS?
In the event of a Data Subject wishing to enforce any of their rights under the GDPR then please contact us using the details at section 15. A response to the request will be made without undue delay and no later than one month from receipt of such a request. We will not charge a fee for processing such a request.
If a Data Subject is concerned that we have not complied with their legal rights under applicable Data Protection Laws, they may contact the Information Commissioner’s Office (www.ico.gov.uk) which is the data protection regulator in the UK. Non-UK Data Subjects may contact their local data protection supervisory authority.
12. THIRD-PARTY LINKS AND PRODUCTS ON OUR SERVICES
Our websites, applications and products may contain links to other third-party websites that are not operated by 17Capital, and our website may contain applications that can be download from third parties. These linked sites and applications are not under 17Capital’s control and as such, we are not responsible for the privacy practices or the content of any linked websites and online applications. If a user chooses to access any third-party websites or applications, any Personal Data collected by the third party’s website or application will be controlled by the Data Protection Notice of that third party. We strongly recommend that you take the time to review the privacy policies of any third parties to which you provide Personal Data.
You can click the icon in the bottom-left at any time to change your analytics cookie preferences.
14. CHANGES TO THIS DATA PROTECTION NOTICE
We will update this Data Protection Notice from time to time and hence it is important to check the “Date Notice Last Updated” legend at the bottom of this Notice. Any changes will become effective upon our posting of the revised Data Protection Notice.
We will provide notice to Data Subjects where any of the changes are material and, where required by applicable law, we will obtain your consent. We will provide this notice by e-mail or by posting notice of the changes on our website.
15. CONTACT US / FURTHER INFORMATION
If you have any questions concerning the content of this Data Protection Notice, including any requests to exercise your legal rights, the relevant contact details are set out below.
Email address: firstname.lastname@example.org
Phone: +44 (0)20 7493 2462
Postal address: Almack House, 28 King Street, London, United Kingdom, SW1Y 6QW
Date notice last updated: 10 February 2023