Privacy Notice

Privacy Notice

This Privacy Notice informs you of important information about how Nordlink Capital Limited process the Personal Data that we collect in online and offline formats through the Services.

“Personal data” means data that reasonably can be used to identify a living person, or that reasonably relates to a living person.

When we use the term “Services” we mean to refer collectively to:

• The provision of fund placement services to our clients and prospective clients (“Client Services”);
• The websites and mobile applications owned and controlled by us that link to this Privacy Notice (“Sites”); and
• Our marketing and business development activities, including events we host, social media properties we create, and emails that we send (“Marketing Activities”).

This Privacy Notice covers the personal data that we collect through the provision of our Services.

How We Collect and Use Personal Data

We collect and process personal data about a number of different individuals through the provision of the Services. These individuals include our individual clients and prospective clients, their representatives, visitors to our offices, visitors to our Sites, vendors, and other individuals.

Clients and Prospective Clients

We operate in a regulated industry. This means we are required to obtain certain information before we can accept someone as a client. For individual clients, this includes, but is not limited to:

• Name
• Contact details
• Financial information
• Information to verify identity, such as passport

The majority of our clients are corporate entities and data about entities is not personal data. But we do process personal data of company employees, representatives and other personal data clients provide to us, or allow us to collect on their behalf, while providing the Client Services. This includes contact information and any other personal data that is relevant to or necessary for us to perform a proper background check, or a required “Anti-Money Laundering” or “Know Your Customer” background check in order to deliver the Client Services.

We also process personal data to assist in building relationships. This includes name, contact information and job title and may also include education information, work history and gender. If you attend one of our events, we may also have information about your dietary requirements.

We collect and use this information to provide the Client Services and for other legitimate business interests. For example, we use contact details to send communications, news updates and invitations to events. You can update your communication preferences by clicking on the link at the bottom of one of our marketing emails or contacting info@nordlinkcapital.com.

Our legal basis for processing personal data in connection with Client Services is:

• To comply with legal obligations and professional responsibilities;
• To perform contracts;
• To pursue our legitimate interests of:
  • ensuring that we deliver the best possible service to our clients,
  • keeping individuals informed of developments in the markets,
  • business development and general marketing,
  • providing you with information on our services and events, and
  • ensuring we build and maintain a good working relationship with you
• Your consent, but where we make it clear to you in advance that we are relying on you consent (for example, when you sign up to our mailing list).

For prospective clients, or an employee or representative of a prospective client, we will process personal data including your name and contact details as well as details of any interactions you may have with us or our attorneys (for example, meetings you have had or pitches you have invited us to).

We may obtain this information directly from you, from your employer or from publicly available sources like your employer’s website.

The legal bases we rely on to process your personal data is:

• To take steps requested by you prior to entering into a contract with you;
• To pursue our legitimate interests in building our business and developing a relationship with potential new clients.

Other Business Contacts

If you have had contact with Nordlink Capital Limited, for example through emailing us or meeting a representative of Nordlink Capital Limited, we collect, use and store limited amounts of personal information relating to you, such as your name, job title, employer organization and contact details. We also use publicly available information about you or information you have provided us with to add to Nordlink Capital Limited contact database.

We will collect and store this personal information for the purposes of:

• maintaining a record of contacts;
• providing periodic business updates as described below;
• organizing meetings between you and your Nordlink Capital Limited representatives; and
• sending you periodic updates about Nordlink Capital Limited business, activities and opportunities, in particular, by email and post; you can opt out of receiving updates at any time by asking your Nordlink Capital Limited business contact to remove you from updates.

We will share the personal information we hold about business contacts with:

• companies which process personal information on Nordlink Capital Limited  behalf;
• professional advisors, such as accountants, lawyers or other consultants;
• Nordlink Capital Limited auditors; and
• applicable regulators and other governmental agencies anywhere in the world.

Visitors to Our Sites

Certain visitors interact with the Sites in ways that lead us to gather personal data. The amount and type of data that we gather depends on the nature of the interaction. For example, if you sign up to our Investor Relations email alerts, we collect your email address. Visitors can always refuse to supply personal data, with the caveat that it may prevent them from engaging in certain Site-related activities.

In addition, we collect information automatically as disclosed in our “Cookie Notice” below.

The legal bases we rely on to process this information is:

• To pursue our legitimate interests in ensuring the safety and security or Sites;
• To pursue our legitimate interests in developing and growing our business, operating and improving the Sites; and
• Your consent, where we make it clear to you in advance that we are relying on you consent (for example, when you sign up to receive Investor Relations materials).

Visitors to Our Offices

For visitors to our offices we will take a record of name and contact information. This information is recorded for legitimate business purposes and for health and safety purposes so that we know who is in the building in event of an emergency.  If you attend one of our events and we serve food we may have information about your dietary requirements.

The legal bases we rely on to process your personal data is:

• To comply with our legal obligations;
• To pursue our legitimate interests in ensuring the safety and security or our employees and visitors.

Vendors and Business Partners

We process personal data of vendors and business partners, including name and contact details.  For vendors, we do this so that we can liaise about the services the vendors are providing to us now and in the future.  For business partners, we do this to support, grow and maintain the relationship. For individual vendors and business partners, we also may hold financial information in order to pay invoices. Sometimes we receive this information from a third party who is recommending the service to us.

The legal basis we rely on to process this personal data is:

• To pursue our legitimate interests of managing and operating our business, including through use of vendors.

The Personal Data we hold about individuals associated with our vendors and business partners will be shared with:

• companies which process personal information on Nordlink Capital Limited’s behalf;
• professional advisors, such as accountants, lawyers or other consultants;
• Nordlink Capital Limited auditors; and
• applicable regulators and other governmental agencies anywhere in the world.

Our Investors

We collect, use and store personal information about our investors for the purposes of:

• complying with our regulatory and legal obligations;
• communicating with investors (including the mailing, in physical or electronic format, of Annual Reports, annual meeting notices or proxy cards, or communications in relation to other corporate actions);
• facilitating the payment of dividends; and
• sending you periodic updates about Nordlink Capital Limited business, activities and opportunities, in particular, by email and post; you can opt out of receiving updates at any time by asking your Nordlink Capital Limited contact to remove you from such updates.

We share the personal information we hold about our investors with:

• companies which process personal information on Nordlink Capital Limited behalf;
• professional advisors, such as accountants, lawyers, proxy advisers or other consultants;
• Nordlink Capital Limited auditors; and
• applicable regulators and other governmental agencies anywhere in the world.

As discussed above, our legal basis for collecting and storing personal information about our investors is that such processing is necessary for our legitimate interests in running and operating our business, and ensuring effective communications with investors.

Webinar Attendees

Webinars or our quarterly analyst calls are hosted by a third-party vendor.  That vendor requires registrants to provide personal data, including name and email address. This personal data is not collected by us, but may be shared with us.  We use this personal data to track attendance, facilitate future communications with registrants and attendees, and for other purposes set forth in this Privacy Notice.

Other Individuals

When we provide certain types of Client Services we may be provided with personal data from third parties about a number of individuals other than those described explicitly in this Privacy Notice. The personal data we process will depend on the type of matter for which our client has retained us. For example, if we are engaged by our client to advise them on buying a business, we may receive personal data about the target company’s customers and employees in order to conduct a due diligence exercise and determine the risks that exist at the target business.

The primary reason we process this personal data is to provide the Client Services, fulfill our professional duties, comply with the law and operate our business.

We can obtain this information from a number of different sources including our client, our client’s opponent or counterparty, the courts, tribunals and law enforcement authorities.

The legal bases we rely on to process your personal data is:

• To comply with our legal obligations and meet our professional responsibilities;
• To pursue our legitimate interests of operating our business, providing Client Services and conduct Marketing Activities.

Additional Uses of Personal Data

In addition to the uses described above, we may use your Personal Data for the following purposes.  Some of these uses may, under certain circumstances, be based on your consent, may be necessary to fulfill our contractual commitments to you, or are necessary to serve our legitimate interests in the following business operations:

• Operating our business, administering the Services and managing your accounts;
• Contacting you to respond to your requests or inquiries;
• Processing and completing your transactions including, as applicable, order confirmation and delivering products or services;
• Providing you with newsletters, articles, alerts and announcements, event invitations, and other information that we believe may be of interest to you;
• Providing you with marketing information, and other information that is tailored to your interests;
• Conducting research, surveys, and similar inquiries to help us understand trends and client needs;
• Analyzing your interactions with us, and improving our products, services, programs, and other offerings;
• Preventing, investigating, or providing notice of fraud, unlawful or criminal activity, or unauthorized access to or use of Personal Information, our website or data systems; or to meet legal obligations; and
• Enforcing our Terms of Use and other agreements.

How We Share and Disclose Personal Data

We share Personal Data with the following categories of recipients.

Service Providers

We may disclose your Personal Data to third-party service providers to provide us with services such as background checks (including “Anti-Money Laundering” and “Know  Your Customer” checks), website hosting, professional services, including information technology services and related infrastructure, customer service, e-mail delivery, auditing and other similar services.

Affiliates

We may disclose Personal Data to our affiliates for the purposes described in this Privacy Notice, including for their marketing purposes, and to be consistent with our goal of providing our the superior client service and engagement experience that our clients have come to expect from us around the world.

To Perform Client Services

We will also disclose Personal Data to the following categories of third parties: (i) anyone involved in the transaction or other matter we are working on, (ii) law enforcement, tax and regulatory agencies and bodies, (iii) insurers, and (vi) service providers such as IT and telephony services, catering, document production and postal and delivery services.

We may disclose Personal Data to third parties in order to perform services you request or functions you initiate, such as when you post information and materials on message boards and forums.

Corporate Transactions or Events

We may disclose your information to a third party in connection with a corporate reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or capital, including in connection with any bankruptcy or similar proceedings.

Other Legal Reasons

In addition, we may use or disclose your Personal Data as we deem necessary or appropriate: (1) under applicable law, including laws outside your country of residence; (2) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (3) to comply with subpoenas and other legal processes; (4) to pursue available remedies or limit damages we may sustain; (5) to protect our operations or those of any of our affiliates; (6) to protect the rights, privacy, safety or property of  Nordlink Capital Limited, our affiliates, you and others; and (7) to enforce our terms and conditions.

How long will you use my information for?

We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

European Economic Area and United Kingdom

These disclosures (the “Disclosures”) supplement Nordlink Capital Limited’s Privacy Notice.

The Disclosures apply only to our processing of personal data within the scope of the General Data Protection Regulation (“GDPR”) from one or more of the European Union Member States plus Iceland, Lichtenstein and Norway (together known as the “European Economic Area” or “EEA”).

Data Retention

We retain personal data pursuant to our records retention program, for as long as is necessary for the purposes set out in the Nordlink Capital Limited’s Privacy Notice, unless a longer period is required under applicable law or regulation or is needed to resolve disputes or protect our legal rights, in accordance with the principles set forth in Article 5(1) of the GDPR. The criteria used to determine the period for which personal data about you will be stored varies depending on the legal basis under which we process such personal data:

Legitimate Interests	For a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of the data subjects.
Contractual Necessity	For the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the limitation period for legal claims that could arise from the contractual relationship
Legal/Regulatory Obligation	For the duration of time we are legally obligated to keep the information
Consent	For the period of time necessary to fulfill the underlying agreement with you, subject to your right, under certain circumstances, to have certain personal data about you erased (see “Data Subject Rights” below).

We may face a threat of legal claim and in that case, we may need to apply a “legal hold” that retains information beyond our typical retention period. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.

Transfers of Information Across Borders

Any information that you provide to us is stored and processed in, and transferred between, any of the countries in which Nordlink Capital Limited and its agents, contractors and affiliated organizations have offices, in order to enable Nordlink Capital Limited to use that information as set out in this Privacy Notice. This includes countries such as Australia, Hong Kong, Spain, the United Kingdom and the United States. Not all of these countries have data protection laws equivalent to those in force in the EEA. Except the United Kingdom, which is currently in the EU, the European Commission (in the EU) has yet to make a decision of adequacy in relation to the protection given to personal data in any of the other listed countries. In order to ensure the protection of your personal data we have put in place European Commission approved Standard Contractual Clauses between each of the Nordlink Capital Limited’s entities.

Data Security

We seek to use reasonable organizational, technical and administrative measures to protect personal data within our firm. Unfortunately, no data transmission or storage system can be guaranteed to be secure at all times. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Us” section below.

Data Subject

Rights Individuals from the EEA whose personal data we process subject to the GDPR have certain rights as required by law, including the right of access, erasure and data portability, as well as the right to rectification, to restrict processing, to withdraw consent, and to object to processing as follows.

Access

Individuals have the right to know if we are processing personal data about them and, if so, to access and obtain a copy of personal data about them, as well as information relating to the processing of that data.

Rectification

Individuals have the right to have us correct or update any personal data about them that is inaccurate or incomplete without undue delay.

Restriction

Individuals have the right to restrict or limit the ways in which we process personal data about them where the accuracy of the personal data is contested by them, where data has been obtained by us unlawfully, where the individual has objected to our processing of the data (see “Right of Objection” below) and we are considering whether to cease processing, or where we no longer need to process the personal data.

Right of Objection

Individuals have the right to object to our processing of their personal data where we are relying on legitimate interests as our legal basis and their rights override our legitimate interests in processing their personal data. Individuals also have the right to object to our processing of their personal data for direct marketing purposes.

Withdrawal of Consent

Where we may rely on consent as the basis for processing personal data, individuals have the right to withdraw their consent.

Erasure

Individuals have the right to request deletion or erasure of their personal data in a number of circumstances where required by law. These include where we no longer require the personal data for the purposes for which it was collected, the individual has withdrawn consent (As applicable) or, where we are relying on legitimate interests as a legal basis, and the individual’s rights override our legitimate interests.

Portability

Individuals have the right to obtain a copy of the personal data we hold about you in a structured machine-readable format and to have it transmitted to another controller. This right only occurs where we are relying on your consent or performance of a contract as our legal basis and the processing is carried out automatically.

Make a Complaint

Individuals also have the right to make a complaint about our personal data handling practices to their local Supervisory Authority.

Contact Us

To assert one of your legal rights described in these Disclosures, or if you have questions about these Disclosures or our data handling practices, please email info@nordlinkcapital.com or write to:

Nordlink Capital Limited:
Office 429,
8 Shepherds Market,
Mayfair,
London,
W1J 7JY,
UK

E-mail Marketing

We may periodically send you relevant alerts and newsletters by e-mail. To help improve our marketing activities, we often receive a confirmation when you open an e-mail or click on a link included in one of these emails, if your computer supports such capabilities. Instructions on how to unsubscribe from these alerts and newsletters are included in each e-mail.

Cookie Notice

How We Use Cookies

We use cookies and related technologies (“Cookies”) to provide Services, gather information when users navigate through the Sites to enhance and personalize the experience, to understand usage patterns, and to improve our Sites, products, and Services.

Cookies on our Sites are generally divided into the following categories:

• Essential Cookies: These cookies are strictly necessary to provide you with services available through our Services and to use some of their features, such as access to secure areas. Because these cookies are strictly necessary to deliver the Services, you cannot refuse them without impacting how our Services function.
• Performance and Functionality Cookies: These cookies are used to enhance the performance and functionality of our Services but are non-essential to their use. However, without these cookies, certain functionality may become unavailable.
• Analytics and Customization Cookies: These cookies collect information that is used to help us understand how our Services are being used or how effective our marketing campaigns are, or to help us customize our Services for you in order to enhance your experience.
• Targeting Cookies: These record your visit to our Sites, the pages you have visited and the links you have followed to recognize you as a previous visitor and to track your activity on the Sites and other websites you visit. These Cookies qualify as persistent cookies, because they remain on your device for us to use during a next visit to our Sites. You can delete these cookies via your browser settings. See below for further details on how you can control third-party targeting cookies.

We may also allow third parties to use Cookies on our Sites to collect information about your online activities over time and across different websites you visit. This information is used to provide advertising tailored to your interests on websites you visit, also known as interest based advertising, and to analyze the effectiveness of such advertising.

How to Control Cookies

You can review your Internet browser settings, typically under the sections “Help” or “Internet Options,” to exercise choices you have for certain Cookies. If you disable or delete certain Cookies in your settings, you may not be able to use features of the Sites.

To learn more about the use of Cookies by Google for analytics and to exercise choice regarding those Cookies, please visit the Google Analytics Opt-out Browser Add-on.

The opt-outs described above are device- and browser-specific and may not work on all devices. If you choose to opt-out through any of these opt-out tools, this does not mean you will cease to see advertising. Rather, the ads you see will just not be based on your interests.

For more information on specific Cookies used on our sites please see our Cookie Notice.

Links to Other Sites

Occasionally we provide links to other websites for your convenience and information. These sites operate independently from our Sites and are not under our control. These sites may have their own privacy notices or terms of use, which you should review if you visit any sites linked through our Sites. We are not responsible for the content or use of these unrelated sites.

Updates to this Privacy Notice

Although most changes are likely to be minor, Nordlink Capital Limited may change its Privacy Notice from time to time, and at Nordlink Capital Limited sole discretion. Nordlink Capital Limited encourages visitors to frequently check this page for any changes to its Privacy Notice.

How to Contact Us

If you have any queries, questions or concerns about this Privacy Notice or our personal data handling practices, please contact us at info@nordlinkcapital.com.