Privacy Notice

Gravis – Privacy Notice

Background

Gravis Capital Management Ltd and Gravis Advisory Ltd or any third-party service provider or consultant appointed by Gravis to act on its behalf (together "Gravis" “we”, “us” or “our”) are committed to protecting your personal data and are required, by Data Protection Legislation (as defined below), to provide individuals with certain information about how we use your personal information. This privacy notice (“Privacy Notice”) explains what information we collect from you or you provide to us, how we use it and with whom we share that information. The Privacy Notice also sets out your rights and who you can contact for more information. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

In this Privacy Notice:

• your information is sometimes called “personal data”;

• we may sometimes collectively refer to handling, collecting, protecting and storing your personal data as “processing” such personal data;
• the term “Data Protection Legislation” means the DPA 2018 and the UK GDPR. The DPA 2018 sets out the framework for data protection law in the UK. It updates and replaces the Data Protection Act 1998 and came into effect on 25 May 2018. It was amended on 01 January 2021 by regulations under the European Union (Withdrawal) Act 2018, to reflect the UK’s status outside the EU. The UK GDPR is the UK General Data Protection Regulation. It is a UK law which came into effect on 01 January 2021. It sets out the key principles, rights and obligations for most processing of personal data in the UK, except for law enforcement and intelligence agencies. It is based on the EU GDPR (General Data Protection Regulation (EU) 2016/679) which applied in the UK before that date, with some changes to make it work more effectively in a UK context.

This Privacy Notice is directed to individuals whose personal data we handle in the course of carrying on our commercial activities. These individuals could be:

• representatives, agents or appointees of our fund clients or prospective clients;
• individuals who invest in funds which we manage;

• an employee, director, officer or representative of another organisation with which we have a business relationship;
• users of our website;
• individuals who submit job applications to Gravis; or
• representatives of another organisation with which we have a business relationship, ("you" or "your").

For the purposes of Data Protection Legislation, Gravis is a controller of personal data.

1. What information we collect about you

We may collect, record and use information about you in physical and electronic form and will hold, use and otherwise process the data in accordance with Data Protection Legislation and as set out in this Privacy Notice.

The personal data we collect, record and process may include:

Information you provide to us

This is likely to be determined by the nature of our relationship with you but may include:

• information obtained from identification documentation (including your name, date of birth, contact details, nationality and national identity numbers (where applicable));
• your professional title and occupation;
• financial information and evidence of ownership of financial assets;
• personal identifiers such as national insurance number or IP address;

• information which we or our service providers need to conduct ‘know your client’ checks such as details relating to your passport and credit history; and
• other information you provide in the course of your dealings with us or which we require to provide you with services;
• if you are applying for a job at Gravis your date of birth, personal characteristics such as gender, your right to work, visa status educational and professional qualifications and previous employment history and any other personal data you disclose during your application.

In certain circumstances, we also collect and process what are known as ‘special categories’ of personal data (as defined by Data Protection Legislation). Money laundering, sanctions, financial crime and fraud prevention checks sometimes result in Gravis obtaining information about actual or alleged criminal convictions and offences.

Information we collect

This will include information that we generate about you during our relationship with you and may include internal files which we produce as a record of our relationship with our clients or prospective clients and any personal data you provide during correspondence with us which we may need for our business purposes or to comply with our legal obligations.

Information we obtain from other sources

In certain circumstances we process personal data provided from other sources including:

• information from publicly available sources, including third party agencies such as credit reference agencies; fraud prevention agencies; law enforcement agencies; public databases, registers and records such as Companies House and the FCA Register; and other publicly accessible sources;
• information obtained from independent financial advisors, other professional advisers, product providers, event organisers, other agents and/or representatives, industry databases and other business intelligence tools we use;

• information about you provided to us by recruiters; and
• information obtained from sanctions checking and background screening providers.

You are not obliged to provide us with your personal data where it is requested but we may be unable to proceed with your business relationship with Gravis if you do not do so.

2. How we use your information

Our primary purpose in collecting your personal information is to enable us to carry out our investment management business.

Additionally, we use your information for the following specific purposes:

• to facilitate our clients' and investors' use of our services including onboarding clients or investors, communicating with clients or investors to provide services or information and to manage and strengthen our client and investor relationships;
• to contact prospective clients and investors;
• to maintain our records;
• to recruit people to work at Gravis;
• in order to carry out anti-money laundering checks and related actions which are necessary to comply with legal obligations, in relation to, the prevention of fraud, money laundering, terrorist financing, bribery, corruption, tax evasion and to prevent the provision of financial and other services to persons who may be subject to economic or trade sanctions, on an on-going basis;
• to send you electronic marketing communications, in relation to which you can at any time unsubscribe by following the instructions contained in each marketing communication; and
• if it is necessary to use it for another reason and that reason is compatible with the primary purpose.

3. Legal grounds for using your personal information

Data Protection Legislation permits us to process your personal data in the way that we do because the processing is:

• necessary for the purposes of the legitimate interests that we pursue, which are to undertake activities necessary and ancillary to the carrying on of an investment management business and the purposes described above;
• necessary for the performance of a contract with you (if you are acting as an individual); or
• necessary in order to comply with a legal obligation to which we are subject.

To the extent that we process any special categories of data relating to you for any of the purposes outlined above, we will do so because either: (i) you have given us your explicit consent to process that personal data; (ii) you have made the data manifestly public; or (iii) the processing is necessary for the establishment, exercise or defence of legal claims.

Where such processing is being carried out on the basis that it is necessary to pursue our legitimate interests, such legitimate interests do not override your interests, fundamental rights or freedoms.

4. Providing your information to third parties

The following categories of recipients may receive your personal information and process it for the purpose outlined in this Privacy Notice:

• third parties such as auditors, regulatory authorities and technology providers, agents, contractors, service providers or related companies if this is necessary for the operation of Gravis’ business or any other related purposes;
• with a depository, stock exchange, clearing or settlement system, counterparties, dealers and others where disclosure of your personal data is reasonably intended for the purpose of effecting, managing or reporting transactions or establishing a relationship with a view to such transactions;
• any regulatory, supervisory or governmental authorities to the extent we are required by law to do so (including, without limitation, in order to comply with tax reporting requirements and disclosures to regulators, auditors or public authorities); or
• if we sell any part of our business or our assets, in which case we may need to disclose your personal data to the prospective buyer for due diligence purposes.

Where we share information with third parties we will ensure we do so in compliance with Data Protection Legislation.

Gravis does not provide information to third parties for their own marketing purposes.

5. Transferring data outside of the EEA

Personal data may be transferred outside of the EEA to other third countries and international organisations. We will ensure that any such transfer is subject to appropriate safeguards in accordance with Data Protection Legislation.

This may be done in the following ways:

• the country to which we send your personal data is subject to an EC adequacy decision as offering an adequate level of protection for Personal Data;
• the recipient might have signed up to a contract based on "model contractual clauses" approved by the European Commission, obliging it to protect your personal data;
• where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme; or
• in other circumstances the law may permit us to otherwise transfer your personal data outside the EEA.

6. Automated processing

Gravis does not carry out automated decision-making or profiling.

7. Your rights

At any time, you have the right:

• to be informed about the collection and use of your personal data;

• to request access to or a copy of any personal data which we hold about you;
• to rectification of your personal data, if you consider that it is inaccurate;
• to ask us to delete your personal data (“the right to be forgotten”), if you consider that there is no good reason for us to continue to process it;
• to withdraw consent to our processing of your personal data (to the extent such processing is based on previously obtained consent);
• to restrict processing of your personal data;

• to data portability (request the transfer of your personal information to another party) in certain circumstances;
• to object to your personal data being processed in certain circumstances; and
• not to be subject to a decision based on automated processing, including profiling.

Any request for access to or a copy of your personal data must be in writing and we will endeavour to respond within a reasonable period and in any event within one month in compliance with Data Protection Legislation. We will comply with our legal obligations as regards your rights as a data subject.

We will correct any incorrect or incomplete information and will stop processing your personal data, or erase it, where there is no legal reason for us to continue to hold or use that information.

We aim to ensure that the information we hold about you is accurate at all times. To assist us in ensuring that your information is up to date, do let us know if any of your personal details change.

8. How long we keep your information

We will only keep the information we collect about you for as long as is necessary to carry out the purpose (as further described above) for which it was collected, including for the purpose of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

9. How we protect your information

We ensure there are appropriate technical, physical, electronic and administrative safeguards in place to protect your personal details from unauthorised access.

10. Changes to Privacy Notice

This Privacy Notice may be amended from time to time without notice, in which case we will place an updated version on this page. Regularly reviewing this page ensures that you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.

11. Complaints

Questions, comments and requests regarding this Privacy Notice are welcomed and should be addressed to:

The Compliance Officer

Gravis Capital Management Ltd

24 Savile Row

London

W1S 2ES

Email: [email protected]

You may also use these contact details if you wish to make a complaint to us relating to your privacy.

If you have any concerns about our use of your information, you also have the right to make a complaint to your local supervisory authority. In the UK, the Information Commissioner’s Office (“ICO”) is the supervisory authority for data protection issues. Further information can be found at www.ico.org.uk.