Gravis Capital Management Ltd and Gravis Advisory Ltd
Gravis Capital Management Ltd, together with Gravis Advisory Ltd (“Gravis", "we", "us" or "our") are committed to protecting the privacy of individuals whose data they process ("you" or "your").
1. Important Information and who we are
Gravis is committed to protecting the privacy of individuals whose data it processes on its own behalf as a controller and/or Gravis as a processor of the funds that it manages and/or advises ("Funds").
In addition, it outlines your data protection rights under the EU data protection regime introduced by the General Data Protection Regulation (Regulation 2016/679) (the “GDPR").
Please contact Gravis Capital Management Ltd or Gravis Advisory Ltd (as appropriate), both of 24 Savile Row, London, W1S 2ES if have any queries in relation to the processing of your personal data under this policy.
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the Compliance Officer at the above address.
Gravis may from time to time update this policy. Please refer back to this page regularly to see any changes or updates to this policy.
2. What Personal Data do we collect and why do we process it?
Information provided by you includes contact details (such as name, email address, address, telephone number, place of work, job title), your date of birth, copies of passport, driving licences and utility bills.
Your personal data may be processed by Gravis (or any of their affiliates, employees, agents, delegates or sub-contractors) for the following purposes:
• to carry out anti-money laundering checks and other actions in an attempt to detect, prevent, investigate and prosecute fraud and crime, which Gravis considers necessary for compliance with Gravis and/or the Funds' legal obligations, for the performance of a task being carried out in the public interest and/ or to pursue Gravis and/or the Funds' legitimate interests (including for the
prevention of fraud, money laundering, sanctions, terrorist financing, bribery, corruption and tax evasion);
• to send you electronic marketing communication, in relation to which you can at any time unsubscribe by following the instructions contained in each marketing communication.
• to send you updates on the performance of the Funds, newsletters, invitations to events and other communications which it will do (a) on the basis of its legitimate interests if you are an investor in the Funds; or (b) with your consent;
If Gravis consider it necessary to obtain your consent in relation to the use of your personal data (such as for sending emails to individuals that have not invested in the Funds), we will contact you to request this consent. In such circumstances, we will provide you with full details of the personal data that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. If you decide to provide your consent, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processes based on consent before its withdrawal. To withdraw your consent, please contact us at 24 Savile Row, London, W1S 2ES. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Where such processing is being carried out on the basis that it is necessary to pursue Gravis and/or the Funds' legitimate interests, such legitimate interests do not override your interests, fundamental rights or freedoms.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
3. Disclosures of your Personal Data
We will not disclose personal information we hold about you to any third party except as set out below.
We may disclose your personal data to other members of our group, to the boards of the Funds, to third parties who are providing services to us and/or the Funds, including IT or other third party service providers.
We may also disclose personal data we hold to third parties if we are permitted by law to disclose your personal data to that third party or are under a legal obligation to disclose your personal data to that third party.
4. International Transfers
We may need to transfer your personal data outside the EEA where our service providers are based in Guernsey. Any transfer of your data will be carried out in
accordance with the law to safeguard your privacy rights and give you remedies in the unlikely event of a security breach.
Please contact us if you want further information on the specific mechanism used when transferring your personal data out of the EEA.
5. Data Security
Gravis has put in place measures to ensure the security of the personal data it collects and stores about you. It will use its reasonable endeavours to protect your personal data from unauthorised disclosure and/or access, including through the use of network and database security measures, but it cannot guarantee the security of any data it collects and stores.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
6. Your Legal Rights
In certain circumstances, by law you have the right to:
• Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another party.
• Withdraw your consent. If we are processing your personal data on the basis of your consent, you have the right to withdraw such consent at any time. Withdrawing your consent will not affect the lawfulness of processes based on consent before its withdrawal. To withdraw your consent or to opt out of receiving marketing communication, please contact us at 24 Savile Row, W1S 2ES or following the unsubscribe instructions included in electronic marketing communication. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
7. Further Information
If you have any queries about this policy or your personal data, or you wish to submit an access request or raise a complaint about the way your personal data has been handled, please do so in writing and address this to the Compliance Officer at Gravis Capital Management Ltd, 24 Savile Row, London, W1S 2ES.