Personal data means any information about a person from which that individual can be identified. Anonymous data, where the person cannot be identified, does not count as personal data.

Sensitive Personal Data – There are more sensitive types of personal data which require a higher level of protection known as ‘special category data’. These include details about your race or ethnicity, trade union membership, religious or philosophical beliefs, sex life, sexual orientation, political opinions, information about your health and genetic and biometric data. We do not collect any ‘special category data’ about you, except for limited health data to assist in the control of infectious diseases (such as the virus Covid-19) that you voluntarily provide to us. We may also collect information about criminal convictions when it is revealed by due diligence that we conduct to comply with our legal or regulatory obligations.

We will only use your personal data when the law allows us to. Usually, we will use your personal data in the following circumstances (each a lawful basis):

• where we need to perform the contract we are about to enter into or have entered into with you;
• where it is necessary for our legitimate interests (as further explained in the relevant section applicable to you above) and your interests and fundamental rights do not override those interests; or
• where we need to comply with a legal or regulatory obligation.

Generally, we do not rely on consent as a legal basis for processing your personal data.

If you do not provide certain information when requested, we may not be able to perform a contract we have entered into with you (such as advising on a particular transaction), or may be prevented from complying with our legal obligations (such as to perform client due diligence).

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so. We may also process your personal data without your knowledge or consent where this is required or permitted by law.

Please click on the relevant section below to see the categories of personal data about you that we collect, store, and use, the purposes of processing and our lawful basis for doing so.

Visitors to Eisler’s website
You are not required to provide any personal data to access public areas of our website. However, when you visit our website, the server may record your IP address and the date, time and duration of your visit.

An IP address is an assigned number, similar to a telephone number, which allows your computer to communicate over the Internet and is considered personal data under GDPR. This processing is required to allow the website to load and function, which is in our legitimate interests in providing the website to our potential and actual clients, investors counterparties and business contacts.

Visitors to Eisler’s offices
When you visit our offices, we may collect personal data about you that is necessary for the visit to proceed securely and safely. This may include CCTV footage of you in public areas at the entrance, reception and public areas in the office, your location within the office through access key card monitoring, contact information, a record of the visit and dietary preferences to provide catering in meetings.

We may also collect some limited health information to assist in the control of infectious diseases, such as the virus Covid-19 and if an incident occurs in the office, through completion of the first aid accident book. This health data is collected to comply with our legal obligations under health and safety and employment law.

The CCTV footage and access key cards are required for our legitimate interest in the security of the building and complying with out regulatory obligations. The contact information and dietary preferences are processed in line with our legitimate interests of respecting visitors’ needs and facilitating the visit.

We may share the personal data we hold about visitors with companies which process personal data on the Eisler Group’s written instructions.

Eisler’s business contacts
If you have been in contact with a representative of the Eisler Group, for example through emails, phone calls or an in-person meeting, we may collect, use and store limited amounts of personal data relating to you, such as your name, job title, employer organisation, marketing preferences and contact details, as well as any other personal data which is included in the communications.

We may collect and store this personal data for the purposes organising meetings and facilitating contact between you and your Eisler Group representatives, as well as of maintaining a record of our business contacts and, if appropriate, sending you periodic updates about Eisler Group’s business, activities and opportunities by email. You can opt out of receiving updates at any time by contacting us at [email protected], by asking your Eisler Group business contact, or by clicking the “Unsubscribe” link in any such email that you receive.

The legal basis for collecting, using and storing this personal data is that such processing is necessary for our legitimate interests in running and promoting our business.

We may, from time to time, share the personal data we hold about business contacts with companies which process personal data on Eisler’s behalf, professional advisors, such as accountants, lawyers, or other consultants, other companies in the Eisler Group, Eisler’s auditors, as well as applicable regulators and other governmental agencies anywhere in the world.

Eisler’s business clients & counterparties
When you are involved in a potential or actual transaction that Eisler advises on, we will collect, use and store personal data relating to you. To the extent appropriate, this may include your business and personal contact details, professional opinions and judgements, marketing preferences, visual images and photographs required for business purposes, log-in details for user accounts, information relating to your financial status and dealings, nationality information (including copies of identity documents, such as a passport), references provided by third parties, and results of other due diligence carried out.

We use this personal data for the purposes of conducting “know-your customer” and other due diligence pursuant to applicable anti-money laundering and anti-corruption laws and regulations and assessing your suitability as our client, including by verifying your identity. This is necessary to comply with our regulatory and legal obligations, including assessing and managing risk and preventing fraud.

We also require it to advise on potential and actual transactions, provide our financial services and carry out statistical analysis and market research. The administration of these transactions also requires that we use the personal data to maintain records of investments, organise and hold meetings/events, communicating with our professional advisors, including accountants, lawyers and other consultants; and carry out billing and invoicing.

We may also use the personal data to send you periodic updates about Eisler’s business, activities and opportunities via email. You can opt out of receiving updates at any time by contacting us [email protected], by asking your Eisler Group business contact, or by clicking the “Unsubscribe” link in any such email that you receive.

Our legal basis for collecting, using and storing personal data about you is that such processing is necessary for our legitimate interests in running our business, in particular by advising on potential transactions and complying with our legal obligations as under financial regulations. If we advise on a potential transaction that you consider entering into, it may also be necessary for us to process your personal data for the purpose of performing in connection with the relevant contract and to comply with our regulatory and legal obligations.

The personal data we collect, use and store about individuals associated with our clients, counterparties and potential clients and counterparties with whom we conduct business may be shared with companies which process personal data on Eisler’s behalf, professional advisors, such as accountants, lawyers, or other consultants, financial intermediaries, other persons who have an interest or involvement in, or who are considering an interest or involvement in, a transaction upon which Eisler Group is advising, including co-investors, other providers of finance and investors in Eisler Group, other companies in the Eisler Group, Eisler’s auditors and applicable regulators and other governmental agencies anywhere in the world.

Eisler’s vendors and professional advisers
If you are an individual associated with a vendor to the Eisler Group or with one of our professional advisers, we will collect, use and store limited amounts of personal data relating to you, including your name, job title, qualifications, employer or parent organisation and contact details.

We will collect, use and store this personal data for the purposes of administering and maintaining records of services or advice we have received, and commissioning further services. Our legal basis for collecting, using and storing this data that you provide to us is that such processing is necessary for our legitimate interests in running and promoting our business.

The personal data we hold about individuals associated with our suppliers and professional advisers may be shared with companies which process personal data on Eisler’s behalf, professional advisors, such as accountants, lawyers, or other consultants, other companies in the Eisler Group, Eisler’s auditors and applicable regulators and other governmental agencies anywhere in the world.

Eisler’s investors
When you are an investor with Eisler we may collect, use and store personal data relating to you in order to allow you to invest with us. To the extent appropriate, this includes your business and personal contact details, marketing preferences, information relating to your financial status and dealings, nationality information (including copies of identity documents, such as a passport), references provided by third parties, and results of other due diligence carried out, including in relation to criminal convictions.

We collect, use and store personal data about our investors for the purposes of complying with our regulatory and legal obligations, facilitating the payment of dividends and communicating with investors.

We may also use the personal data to send you periodic updates about Eisler’s business, activities and opportunities via email. You can opt out of receiving updates at any time by contacting us [email protected], by asking your Eisler Group business contact, or by clicking the “Unsubscribe” link in any such email that you receive.

Our legal basis for collecting and storing personal data about our investors is that such processing is necessary for our legitimate interests in running and operating our business and ensuring effective communications with investors.

The personal data we hold about investors may be shared with companies which process personal data on Eisler’s behalf, professional advisors, such as accountants, lawyers or other consultants, other companies in the Eisler Group, Eisler’s auditors and applicable regulators and other governmental agencies anywhere in the world.

Candidates for Staff Positions
Eisler may collect personal data about candidates through the application and recruitment process, either directly from candidates or sometimes from third parties (such as recruitment agencies, former employers or credit reference agencies). Recruitment agencies which collect and use your personal data, including for the purpose of introducing you as a candidate to Eisler, act as the controller of your personal data for that purpose and so are subject to a separate privacy notice provided by the agencies to you.

The personal data we require in order to progress your application as a candidate may include personal contact details such as name, title, addresses, telephone numbers, and personal email addresses, date of birth, gender, current salary, compensation history annual leave, pension and benefits information, current notice period and other employment records from previous roles, start date & location of employment; recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process) and visual images and photographs provided for business purposes.

Usually, we will use your personal data to take steps prior to entering into a contract with you (for example your employment contract, consultancy contract or partnership agreement), where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and where we need to comply with a legal or regulatory obligation.

If you are successful in your application, we will only transfer personal data to your employment record if it is relevant to your ongoing working relationship with Eisler. If you are unsuccessful in your application, we may securely destroy your application details but will, from time to time, keep on file your name, any additional identifiers required to distinguish candidates of the same name and the position for which you applied for future recruitment purposes unless you specifically request that this should not be the case.

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a candidate of Eisler we will not keep any personal data about you for any longer than is necessary for the purposes for which the personal data is processed or for which we are legally required or recommended to retain a copy and may securely destroy it after this point.

Eisler Group will share your personal data with third parties only where required by law, where it is necessary to administer our relationship with you or where we have another legitimate interest in doing so.

Third parties may include both internal and external third parties. Internal third parties may be entities such as, other companies in the Eisler Group acting as controllers or processors for internal administrative purposes (on the lawful basis of our legitimate interests). This may involve cross-border transfers including transfers outside of the UK/EEA.

External third parties may include:

• Service providers acting as processors on Eisler’s written instructions based both inside and outside the UK/EEA who provide IT and system administration services.
• Professional advisers acting as processors on Eisler’s written instructions or controllers responsible for their handling of personal data including lawyers, bankers, auditors and insurers based both inside and outside the UK/EEA who provide consultancy, banking, legal, insurance and accounting services.
• Tax authorities, regulators and other authorities acting as processors on Eisler’s written instructions or controllers responsible for their handling of personal data who require reporting of processing activities in certain circumstances.
• Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

We will work with all third parties to ensure that they respect the security of your personal data and to treat it in accordance with the law. Except where needed for their own direct relationship with you, we do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

International Transfer

We share your personal data within the Eisler Group, which may include transfer to the USA, the Cayman Islands and any other jurisdiction where an Eisler Group entity is established.

Some of our third-party service providers are based outside the UK/EEA so their processing of your personal data may involve a transfer of data outside the UK/EEA.

Whenever we transfer your personal data out of the UK/EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

• We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
• We use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
• Any data transfer mechanism approved by the European Commission or the UK authorities as appropriate, such as an equivalent to the Privacy Shield or updated Model Contracts approved by the EU Commission or the UK government.

Please contact us if you would like further information on the specific mechanism used by us when transferring your personal data out of the UK/EEA.

Eisler have put in place appropriate measures to protect the security of your personal data and prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to access it. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. Third parties will only process your personal data where they have agreed to treat the personal data confidentially and to keep it secure.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Eisler may only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. To decide on the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a business contact, supplier, professional advisor, counterparty with whom Eisler conducts business (including clients) or an investor of Eisler we may retain and securely destroy your personal data in accordance with our data retention policy.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Under certain circumstances, under the GDPR you have the right to

• Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
• Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal data to another party.

If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact us.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee or refuse to comply with the request, if it is clearly unfounded or excessive.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.