Privacy Notice

As defined by General Data Protection Regulation (GDPR), personal data is: “Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

Special categories of personal data relate to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health and sexual orientation.

This privacy notice explains how Karlsrock Limited (‘we’, ‘our’) uses any personal information we collect about you.

2.1) Karlsrock collects and uses personal data on the basis that it is in its legitimate interests to do so such as providing a service to our customers and keeping records of transactions made.

2.2)    Throughout our relationship, we will collect information from you during our business with you including but not limited to client meetings, telephone calls and data collection forms. We require your personal data to fulfil our service with you and to comply with regulation.

2.3)    If you choose not to provide certain data and we are unable to comply with our obligations, we will inform you about the implications of that decision.

2.4)    Any information you provide us for marketing purposes is completely voluntary and you can opt out at any time.

2.5)    We may record and monitor phone calls made to or by us in order to comply with regulatory obligations.

3.1) We keep your personal information in accordance with our internal retention procedures, which are determined by our professional obligations including applicable data protection laws and good practice. The retention periods differ depending upon the nature of the data we hold and the reasons why we are holding it, and are subject to change. We only keep your personal information for as long as we need to. When your information is no longer required, we will delete it securely.

3.2)    Where we are required to hold your data for regulation purposes, we will do so for the duration as required by law.

3.3) Where required by law or regulation, we keep recordings of telephone conversations with you for 5 years after they took place.

4.1) We will share your data:

in the event that we work on any merger or acquisition prospect, investment or strategic consulting engagement, in which case we may disclose your personal information

with our appointed partners, accountants, lawyers, auditors and other professional advisers, to the extent that they require access to the information to provide advice;

with our IT providers and services providers in order to provide and maintain the provision of our services;

with credit check organisations and fraud prevention agencies and other organisations, to allow us to undertake the relevant financial checks;

with investment providers;

with the Financial Conduct Authority, the Information Commissioner’s Office, or any relevant regulatory authority where they are entitled to require disclosure;

if required to do so to meet applicable law, the order of a Court and codes of practice applicable to the circumstances at the time.

4.2) We will not lend or sell your information to third parties.

4.3)    If you agree, we may send you information about our services by email or post which may be of interest to you. If you have consented to receive such marketing information, you have the right to opt out at a later date. We may also use your name and address to post invitations to join clubs and events or offer further services, which we may reasonably consider to be of interest to you. Again, you have the right to opt in and out of these communications at any point.

4.4)    If you no longer wish to be contacted for marketing purposes, please email or write to us using the contact information in 8.2.

5.1) We will not transfer your personal data outside the EU without your consent.

5.2)    We have implemented generally accepted standards of technology and operational security to protect personal data from loss, misuse, or unauthorised alteration or destruction. This includes where possible password protection and restricted access rights.

5.3) Please note however that where you are transmitting information to us over the internet, in particular via email, this can never be guaranteed to be 100% secure. We cannot accept responsibility for unauthorised access by a third party or for the loss, theft or modification of data while it is being sent to us via email.

5.4) We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.

6.1) Under the General Data Protection Regulation (GDPR), you have a number of rights with regard to your personal data, which can also be found on the Information Commissioners website. These include the right:

to access and receive a copy of your personal data;

to be provided with information about how your personal data is processed;

to have your personal data corrected (data rectification);

to have your personal data erased in certain circumstances;

to object to or restrict how your personal data is processed;

to have your personal data transferred to yourself or to another business in certain circumstances (data portability).

6.2) If you have provided consent for the processing of your data, you have the right (in certain circumstances) to withdraw that consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn.

6.3) Please note that the application of these rights will vary according to the legal basis used to process your data.

6.4) We will endeavour to keep your information accurate. However, if at any time after giving us this information it becomes out of date, then we ask you to notify us directly and we shall remove or amend the information within a reasonable time frame and in accordance with legislative requirements.

6.5) You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR with regard to your personal data.

7.1) Cookies: Please see our online Cookie disclaimer for information regarding cookies.

7.2)    Other Websites: Where our website contains links to other websites, please note that this privacy notice only applies to our website. When you use a link to another website, you should read the privacy policy of that site.

8.1) Karlsrock is the controller and processor (other than cases where service providers are used as stated in 4.1 above, in which case the service provider is the processor) of data for the purposes of the GDPR.

8.2) If you have any questions about our privacy notice, information we hold on you, concerns as to how your data is processed or wish to make a complaint, you can contact via email through this link: dpo@karlsrock.com

or by post at the address below:

Data Protection Officer,

Karlsrock Ltd.,

86-90 Paul Street, London, EC2A 4NE,

United Kingdom

Registered in England and Wales No. 09915733

Data Protection Officer

Charles J. Gannon c/o Karlsrock Ltd.,

86-90 Paul Street, London, EC2A 4NE,

United Kingdom

Registered in England and Wales No. 09915733

9.1) If you are unhappy with the way in which your personal data has been processed, you may in the first instance contact Karlsrock’s Data Protection Officer using the contact details above (8.2).

9.2)    If you remain dissatisfied, then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at:

Information Commissioner’s Office,

Wycliffe House, Water Lane, Wilmslow,

Cheshire, SK9 5AF

www.ico.org.uk

10. We keep our privacy notice under regular review. This privacy notice was last updated in September 2019. We reserve the right to update this privacy notice at any time and we will advise you when we make any substantial update to it.