Privacy Policy

1. What is the purpose of this document?

Gresham House is committed to protecting the privacy and security of your personal information. Within Gresham House there are a number of companies that act as data controllers. These are:

  • Gresham House Asset Management Limited, a company registered in England and Wales under company number 09447087 with registered office at 5 New Street Square, London, United Kingdom, EC4A 3TW.
  • Gresham House Holdings Limited, a company registered in England and Wales under company number 09514560 with registered office 5 New Street Square, London, United Kingdom, EC4A 3TW
  • Resi Capital Management Limited a company registered in England and Wales under company number 07588964 with registered office 5 New Street Square, London, United Kingdom, EC4A 3TW
  • Trade Risks Limited a company registered in England and Wales under company number 04042506 with registered office 5 New Street Square, London, United Kingdom, EC4A 3TW
  • Gresham House Asset Management Ireland Limited, a company registered in Ireland under registration number 364773 with registered office at 42, Fitzwilliam Place, Dublin 2, D02 P234, Ireland.
  • Gresham House Ireland Real Estate Limited, a company registered in Ireland under registration number 522670 with registered office at 42, Fitzwilliam Place, Dublin 2, D02 P234, Ireland.

For the purposes of this privacy notice these shall be referred to collectively as “The Gresham House Group”

For more details on the Gresham House Group follow this link: greshamhouse.com or greshamhouse.com/ie

This privacy notice describes how we collect and use personal information about you when you are:

  • a “Prospective Investor”: this is when you have expressed interest in the services or products of the Gresham House Group or any of its members or are considering a potential investment in any member of the Gresham House Group;
  • a “Business Contact”: this is when you are a business contact at any corporate entity with which any member of the Gresham House Group has a business relationship, and you are acting in your professional capacity;
  • an “Investor/Co-investor”: this is when you are an investor in, or are co-invested alongside, any fund or product managed by the Gresham House Group or when you are in the process of becoming an investor in, or a co-investor alongside, any fund of or product managed by the Gresham House Group (i.e. you have communicated to us your decision to invest or co-invest and we have started to process your application to invest or co-invest).

The companies within the Gresham House Group are data controllers. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

It is important that you read this privacy notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

IMPORTANT: Depending on whether you are a Prospective Investor, a Business Contact, or an Investor/Co-investor, some sections or part thereof in this privacy notice will not apply to you. Where a section or part of a section of this privacy notice applies only to a specific category of recipients, this is expressly specified. Please make sure you read the information that applies to you.

We can be contacted at any time if you have queries about this privacy notice or wish to exercise any of the rights mentioned in it. If you wish to contact us, please e-mail us at GDPRenquiries@greshamhouse.com or via phone at +44 (0)20 3837 6270 or dpc@greshamhouse.ie for Gresham House Ireland.

2. The kind of information we hold about you

Personal data, or personal information, means any information about an individual from which that person can be identified. Your name, address, contact detail and CV are all examples of your personal data, if they identify you.

There are “special categories” of particularly sensitive personal data which we are required to afford a higher level of protection.  This includes information about your race, ethnic origin, political opinion, religion, trade union membership, health, sex life or sexual orientation.  In addition, criminal convictions and offences personal data (if we identify or suspect fraud or money laundering) is a heightened category.

1. If you are a Prospective Investor, we may collect, store, and use the following categories of personal information about you:

  • your full name and professional title;
  • personal and business contact details such as addresses, telephone numbers (including mobile telephone number(s), and email addresses;
  • location of employment or workplace; and
  • your photograph.

We will not be collecting, storing, or using any special category of data about you nor information about criminal convictions and offences unless fraud or money laundering is identified.

Please note that we may also collect and use personal information about you when you visit the Gresham House Group’s websites greshamhouse.com and greshamhouse.com/ie. Our use of personal information collected through the Gresham House Group’s websites is subject to the websites’ Online Privacy and Cookie Policy, which can be accessed by following link: https://greshamhouse.com/online-privacy-and-cookies-policy/

 

2. If you are a Business Contact, we may collect, store, and use the following categories of personal information about you:

  • your full name and professional title;
  • business contact details such as addresses, telephone numbers (including mobile telephone number(s), and email addresses;
  • location of employment or workplace.

We will not be collecting, storing, or using any special category of data about you nor information about criminal convictions and offences unless fraud or money laundering is identified.

Please note that we may also collect and use personal information about you when you visit the Gresham House Group website https://greshamhouse.com/  Our use of personal information collected through the Gresham House Group’s websites is subject to the websites’ Online Privacy and Cookie Policy, which can be accessed by the following link: https://greshamhouse.com/online-privacy-and-cookies-policy/

 

3. If you are an Investor/Co-investor, we may collect, store, and use the following categories of personal information about you:

  • your name and professional title;
  • personal and business contact details such as addresses, telephone numbers, and email addresses;
  • date of birth;
  • National Insurance number;
  • bank account details and tax status information;
  • location of employment or workplace;
  • copy of your driving licence or of your passport;
  • your photograph;
  • details of ID verification and background checks, including information about your credit history and criminal convictions and offences (please note that information relating to criminal convictions and offences may be collected, stored or used only where the law allows us to do so. See section 5, “Information About Criminal Convictions”, below);

We may also collect, store and use the following special categories of data about you:

  • information about political affiliations;
  • information about your health.

(See section 6, “Special Categories of Personal Information: How We Use Them”).

Please note that we may also collect and use personal information about you when you visit the Gresham House Group website https://greshamhouse.com/. Our use of personal information collected through the Gresham House Group’s websites is subject to the websites’ Online Privacy and Cookie Policy, which can be accessed by the following link: https://greshamhouse.com/online-privacy-and-cookies-policy/

Some of the personal information we collect may come from publicly accessible sources such as professional networking sites.

3. How is your personal information collected?

If you are a Prospective Investor or an Investor/Co-Investor, we may collect personal information about you in the following ways:

  • directly from you.

We may also collect personal information about you from the following third parties:

  • through intermediaries, such as your financial advisor, broker, private bank or other intermediary. When such intermediaries process your personal information on our behalf, this privacy notice will apply (as well as the other fair processing information you will have received from us). When such intermediaries process your personal information as a data controller in their own right, their own privacy policy and notice will apply, and you should ask them for a copy if you do not have one; or
  • from publicly available sources such as internet search engines or social media.

If you are an Investor/Co-investor, we may also collect personal information about you from the following third parties:

  • from background check providers such as, for example, World Check;
  • from online ID verification systems such as, for example, Experian.

If you are a Business Contact, we may collect personal information about you in the following ways:

  • directly from you.

We may also collect personal information about you from the following third parties:

  • from the corporate entity that you represent in your professional capacity;

4. How we keep your information safe

We are committed to ensure that personal information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

5. Purposes and legal basis for our processing of your personal information

1. Prospective Investors

The table below explains the purposes for which we may process your personal information and the legal basis which relates to such purposes under data protection laws if you are a Prospective Investor. This section 4.1. applies to you only if you are a Prospective Investor (see above for what this means).

WordPress Table

 

2. Business Contacts

The table below explains the purposes for which we may process your personal information and the legal basis which relates to such purposes under data protection laws if you are a Business Contact. This section 4.2. applies to you only if you are a Business Contact (see above for what this means).

WordPress Table

 

3. Investors/Co-investors

The table below explains the purposes for which we may process your personal information and the legal basis which relates to such purposes under data protection laws if you are an Investor/Co-investor. This section 4.3. applies to you only if you are an Investor/Co-investor (see above for what this means).

WordPress Table

 

6. Information about criminal convictions and offences

This section 6 applies to you only if you are an Investor/Co-investor. We may only use information relating to criminal convictions and offences where the law allows us to do so. We are legally required to conduct due diligence checks as part of our anti-money laundering obligations which includes checks of criminal records. We are allowed to collect, store and use your personal information in this way to carry out our legal obligations.  This means that our lawful reasons for this processing under data protection laws are compliance with legal obligations, our compliance with regulatory requirements (which is one of our legitimate interests) and where processing is necessary in the substantial public interest.

7. Special categories of personal information: how we use them

This section 7 applies to you only if you are an Investor/Co-investor. “Special categories” of particularly sensitive personal information (see above for what this means) require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information, in the following circumstances:

  • if you have given your explicit written consent;
  • if it is necessary for reasons of substantial public interest on the basis of laws that are applicable to us. For example, in certain circumstances we may need to process data concerning your health and vulnerability details relevant to e.g. the administration of your investments/co-investment in order to fulfil our legal and regulatory requirements. For example, if you are a vulnerable customer and if we are aware that a member of the Gresham House Group who provides asset management and/or wealth management services to you does not know this detail, we may share your vulnerability detail with it, in cases where that is needed for reasons of substantial public interest. For example, where we have to share information with police or regulators or HMRC or other tax authorities in accordance with substantial public interest.

Less commonly, we may process this type of information where it is needed in relation to legal claims.

8. Monitoring of communications

We may monitor and record calls, emails, text messages, and other communications within the parameters of what is permitted by law. We will do this for compliance with regulatory rules, self-regulatory practices or procedures relevant to our business, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures, and for quality control and staff training purposes.

In particular, where we are required by law to record certain telephone lines (as relevant) we will do so. In addition, where appropriate and having regard to applicable data protection law, our monitoring may check for obscene or profane content in communications. In addition, telephone calls between us and you in connection with your enquiries or requests may be recorded to make sure that we have a record of what has been discussed and what your instructions are. We may also record these types of calls for the quality control and staff training purposes mentioned above.

9. Withdrawing your consent

You have the right at any time to withdraw your consent where that is relied upon as the lawful reason for processing your personal information. To withdraw your consent, please email GDPRenquiries@greshamhouse.com or dpc.greshamhouse.ie.

If you withdraw your consent and if there is no alternative lawful reason which justifies our processing of your personal information for the purpose or purposes you originally agreed to, we will no longer process your personal information for that purpose or purposes.

10. Automated decision-making

We currently make no decisions about you using automated means.

11. Data anonymisation and use of aggregated information

Your personal information may be converted into statistical or aggregated data which cannot be used to identify you, then used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described above and below.

12. Sharing of your personal information

Your personal information may be made available for the purposes mentioned above (or as otherwise notified to you from time to time), on a ‘need-to-know’ basis, including for instance to management, accounting, legal, logistics, audit, compliance, information technology and other corporate staff who need to know these details for their functions within the Gresham House Group. Please note that certain individuals who will see your personal information may not be based in the UK or in your country (please see below).

We may share your data with the other members of the Gresham House Group as needed for management, analysis, planning and decision making, including in relation to taking decisions regarding the expansion and promotion of our product and service offering, as part of our regular reporting activities on company or group performance, for the purpose of regulatory reporting, in the context of a business reorganisation or group restructuring exercise, and for use by those companies for the other purposes described in this privacy notice.

Your personal information may also be made available to third parties (within or outside the Gresham House Group) providing relevant services to the Gresham House Group.

Third parties in this context means any other member of the Gresham House Group and providers to the Gresham House Group of management, accounting, legal, logistics, audit, compliance, information technology, marketing and other services. This may also include fund administrators (where relevant), background check providers (where relevant), online providers of ID verification systems (where relevant), providers of call centres, data storage and database hosting services, IT hosting and IT maintenance services. These companies may use information about you to perform functions on our behalf or for us.

We may disclose specific personal information upon lawful request by HMRC, government authorities, law enforcement and regulatory authorities where required or permitted by law and for tax or other purposes and HMRC may itself share it onward with overseas tax authorities as required by relevant legislation. Personal information may also be released to external parties in response to legal process, and when required to comply with applicable laws and regulations, or to enforce our agreements, corporate policies, or to protect the rights, property or safety of our businesses, our employees, agents, customers, and others, as well as to parties to whom you authorise us to release your personal information.

Your personal information may also be made available to third parties or partners where necessary as part of any restructuring of the Gresham House Group or sale of any business or assets of the Gresham House Group. We will not sell your personal information to any third party other than as part of any such restructuring or business or asset sale.

We require all third parties to respect the security of your data and to treat it in accordance with the law.

We may transfer your personal information outside the European Economic Area (see below).

 

Transferring information outside of the United Kingdom

We may transfer your personal information to countries outside of the UK  including Guernsey and South Africa.

In relation to the transfer of personal information to Guernsey, the UK Government has issued an adequacy decision in respect of Guernsey. This means that Guernsey is deemed by the UK to provide an adequate level of protection for your personal information, which means we can transfer personal information to Guernsey without having to put in place additional measures to ensure an adequate level of protection of personal information.

Whilst some countries already have adequate protections for personal information under applicable laws, in other countries (such as South Africa) steps will be necessary to ensure appropriate safeguards apply to maintain the same levels of protection as are needed under data protection laws applicable to us in the UK.

We will only make such transfers if:

  • the country to which the personal data is to be transferred ensures an adequate level of protection for personal data;
  • we have put in place appropriate safeguards to protect your personal data, such as an appropriate contract with the recipient;
  • the transfer is necessary for one of the reasons specified in data protection legislation, such as the performance of a contract between us and you;
  • Binding Corporate Rules or US Privacy Shield apply; or
  • you explicitly consent to the transfer.

For more information about what are those appropriate safeguards and how to obtain a copy of them or to find out where they have been made available, email GDPRenquiries@greshamhouse.com or dpc@greshamhouse.ie

 

Transferring information outside of the EAA – Gresham House Ireland

In some cases, we may transfer information about you and your products and services with us to our service providers outside the EEA. We will always take steps to ensure that any transfer of information outside of the EEA is carefully managed to protect your privacy rights.

13. Data retention

How long will you use my information for?

 

We need to retain your personal information for as long as necessary to fulfil the purposes we collected it for (and those purposes are as described above), including for the purposes of satisfying any legal or regulatory requirements and in case of claims. If you would like further information about our data retention policy, email GDPRenquiries@greshamhouse.com or dpc@greshamhouse.ie

To determine the appropriate data retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

The criteria we use to determine data retention periods for your personal information include the following:

  • Retention in case of queries. We will retain some of it in case of queries from you. For instance, if you send to us a query, we will retain your personal information for as long as necessary for us to ensure that your query has been addressed exhaustively;
  • Retention in case of claims. We will retain some of it for the period in which you might legally bring claims against us; and
  • Retention in accordance with legal and regulatory requirements. We will retain some of it based on our legal and regulatory requirements.

14. Whether providing your personal information is required by law or contract and whether is obligatory

1. If you are a Prospective Investor, you are under no statutory or contractual obligation to provide your personal information to us. However, if you fail to provide information when requested, we may not be able to reply to your enquiries or provide you with the information you have requested or otherwise fulfil the purpose(s) for which we have asked for the personal information.

2. If you are a Business Contact:

  • if you fail to provide information when requested, we may not be able to reply to your enquiries or provide you with the information you have requested or otherwise fulfil the purpose(s) for which we have asked for the personal information.

3. If you are an Investor/Co-Investor:

  • if you are already an investor in, or co-invested alongside, any fund or product managed by the Gresham House Group, without your personal information we may be unable to provide you with our services, process your investor/co-investor’s rights, administer your investment/co-investment, and process your requests relating to it. This means that it is necessary for us to have most of it to perform the contract with you. If you fail to provide certain personal information, we may also be prevented from complying with our legal obligations.
  • if you are in the process of becoming an investor in, or co-invested alongside, any fund or product managed by the Gresham House Group (i.e. you have communicated to us your decision to invest/co-invest and we have started to process your application to invest/co-invest) and you fail to provide certain personal information when requested, we may not be able to process your application for investment/co-investment. This means that it is necessary for us to have most of it to enter into a contract with you. If you fail to provide certain personal information, we may also be prevented from complying with our legal obligations.
  • if we have entered into a contract with you, without your personal information we may be unable to perform our obligations under the contract. This means that it is necessary for us to have most of it to perform the contract with you.
  • if we are in the process of entering into contract with you, without your personal information we may be unable to enter into the contract with you.

15. Your rights

Your rights in connection with your personal information

Your personal information is protected under data protection law and you have a number of rights which you can enforce against us as your data controller. Your rights under data protection law are as follows (please note that some of these rights do not apply in all circumstances):

  • right to be informed – including about our processing of your personal information. This is the reason for this privacy notice;
  • right to request access to your personal information and to obtain information about how we process it. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
  • right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed;
  • right to have your personal information erased;
  • right to object to processing of your personal information (as relevant). This right allows you to object to processing for purposes of direct marketing, to processing based on legitimate interests and to processing for purposes of statistics;
  • right to restrict processing of your personal information;
  • right to move, copy or transfer your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, restrict the processing of your personal information, or request that we transfer a copy of your personal information to another party, please contact us via e-mail at GDPRenquiries@greshamhouse.com or via phone at +44 (0)20 3837 6270. For Gresham House Ireland you can contact us at dpc.greshamhouse.ie.

You have the right to complain to a supervisory authority. The supervisory authority in the UK is the Information Commissioner’s Office (ICO) (https://ico.org.uk/). The ICO has enforcement powers and can investigate compliance with data protection laws.

The supervisory authority in Ireland is the Data Protection Commission who can be contacted:

21 Fitzwilliam Square South, Dublin 2, DO2 RD28, Ireland.
Phone:  01 7650100 / 1800437 737
Fax: + 353 57 868 4757
Web: www.dataprotection.ie
Email: info@dataprotection.ie

 No fee usually required

There is generally no fee for making an access request. The main exception to this is where your access request is considered ‘manifestly unfounded or excessive’. For example, if you continue to make the same access request even though it has already been dealt with and this is proven to be the case, we may charge a reasonable fee for the administrative costs of providing the information requested. In addition, where additional copies of data that has already been provided is requested, this may result in an administrative cost to you.

 

What we may need from you

In some cases, we may need to request specific information from you to help us confirm your identity and ensure your right to exercise your rights under data protection law. This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

 

Inform us of changes to your personal information

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes.

16. Changes to this notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates.

If you have any questions about this privacy notice, please contact us via e-mail at GDPRenquiries@greshamhouse.com or via phone at +44 (0)20 3837 6270.

For Gresham House Ireland, you can contact us at dpc@greshamhouse.ie.

17. Data Protection Group

1. UK Business

A Data Protection Group (“DPG“) is appointed within Gresham House in order to ensure that (as a Data Controller), is compliant with all aspects of the applicable data protection laws and regulations.  The DPG is also responsible for managing data queries received from clients, individuals, and other group entities.

The DPG consists of representative members from the Senior Management Team and Legal and Compliance teams.  All GDPR / Data Protection queries are co-ordinated by them, utilising Compliance and Legal personnel as required. A group email address (GDPRenquiries@greshamhouse.com) is the main point of contact for the DPG.

The Compliance team is responsible for the review and update of the policy in accordance with relevant regulations; in the event of any issues, please communicate these to the DPG in the first instance.

2. Gresham House Ireland

Our Data Protection Co-ordinator oversees how we collect, use, share and protect your information to ensure your rights are fulfilled. You may contact our Data Protection Co-ordinator at dpc@greshamhouse.ie or by writing to:

Data Protection Co-ordinator,
42 Fitzwilliam Place,
Dublin 2,
D02 P234,
Ireland