Privacy Policy
General Data Protection Regulation
Asper Investment Management Limited Privacy Policy Statement
Introduction Asper Investment Management Limited (“Asper”) respects the privacy of every individual whose personal information it handles. We are committed to respecting and protecting personal data and will process personal data provided to Asper only in accordance with applicable data protection and privacy laws. Personal data includes information relating to natural persons who can be identified or who are identifiable, directly from the information in question or who can be indirectly identified from that information in combination with other information. The main objective of this Privacy Policy Statement (“Statement”) is to provide a clear indication of how Asper collects, stores and uses personal data. When this Statement mentions “company”, “we”, “us”, “our” all of those terms refer to Asper Investment Management Limited (company number: 10075247) with registered offices located at Halkin, 68 King William Street, London, EC4N 7HR. This Statement is not an exhaustive description of how we process the personal information of natural persons. If you have any questions about this Statement, or our privacy related practices, please contact us at: gdpr@asper‐im.com. This Statement has been approved by the Board of Asper. Data protection laws Asper Investment Management processes data in line with UK laws and regulations; more specifically the General Data Protection Regulation. This regulation became effective on 25 May 2018. How do we collect personal information? We will collect information from you when you interact with us in person, in writing, by telephone and by email. For example, when you are an actual or potential investor or an actual or potential business partner, advisor, consultant or supplier. If you email us your CV, or if you have a meeting with a representative of Asper and provide us with your business card, or if you visit our office where your image is recorded by the building’s CCTV systems operated for security purposes. We may also receive information from other sources, such as third parties who collect personal information from you and pass it on to us. For example, where we conduct verification or antimoney laundering checks as part of our AML policies and procedures. What types of personal information do we collect? Personal information that we hold about you (including through our website) may include names, work addresses, email addresses, contact numbers, job title, employer organisation. Information required to verify your identity, for example passports, identification documents and proof of home address for anti‐money laundering and Know Your Customer, references, background and other similar checks, or any other personal information that you provide to us. Asper will take all reasonable steps to keep your personal information accurate and, where necessary, up‐to‐date. Please notify us at: gdpr@asper‐im.com if you believe that any of the information Asper holds about you is incorrect. Grounds for processing To process your data lawfully we will use your information on one or more of the following grounds:
- you are a party to a contract and processing your personal data is necessary for the performance of contract;
- it is in our legitimate interests to do so and where such interests are not overridden by your privacy interests;
- it is required for our or our funds’ compliance with legal and regulatory obligations, including our FCA duties to our clients, or where disclosures are requested by authorities, regulators or governmental bodies;
- we have obtained your consent where one of the above grounds cannot reasonably be relied upon.
Your personal data will not be sold to third parties, marketing agencies or processed in an unlawful manner. If we seek to use your personal data for a purpose beyond that for which it was originally collected, we will seek your consent or look to rely on another valid legal ground to process your personal information in accordance with applicable law. How do we use your personal information We will use your personal information, and may share your personal data with other third parties
acting on our behalf (as detailed below) in respect of:
- maintaining contact records and providing business updates;
- communicating with you about and sending invitations for presentations, events and meetings with representatives of Asper;
- communicating with you about potential business or career opportunities;
- obtaining professional services from our third parties, including consultants, auditors, accountants and lawyers;
- complying with anti‐money laundering and Know Your Customer, references, background and other checks;
- compliance with our regulatory and legal obligations, including fiduciary duties and FCA obligations to clients, or requests for disclsosures from a court, regulatory or governmental body;
- conducting due diligence with regard to potential or actual investment opportunities;
- improving marketing materials;
- evaluating potential candidates for future recruitment and assessing your application if you have applied for a job with us;
- responding to your enquiries and resolving your complaints.
Who might we provide your personal information to? There are circumstances where we may be compelled or wish to disclose your personal information to third parties. This will only take place in accordance with applicable law and on the basis of one or more of the lawful grounds for processing (detailed above). This may include sharing your personal information with companies who process personal information on our behalf, such asthird party outsourced service providers to facilitate the provision of our services, providers of cloud hosting solutions and professional advisers, such as lawyers, fund administrators, accountants or other consultants and group entities. Asper will ensure that, where a third party is used for specific reasons, the service provider has agreed to protect and maintain the security and confidentiality of the information that Asper shares with them. Sensitive or special category personal data Certain types of data require extra safeguards, in particular information about children, the “special categories” of personal data including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sexual orientation, genetics, and biometrics, and criminal offences (including allegations and sentencing). We generally do not need this information so please do not send it to us. Retention and deletion Asper will retain personal information for a period that will vary depending on the purposes that it was collected for, as well as the requirements of any applicable law or regulation. Destruction of data will be carried out in accordance with Asper’s data retention policy. Where the retention schedule requires destruction instead of archival, the following shall apply:
- Paper records will be shredded by a provider who grants documented evidence of its destruction in the form of a certificate or video evidence.
- Electronic records shall be deleted from live systems but may be retained on back‐ups in
line with the back‐up retention schedule. - Physical equipment capable of storing data shall be disposed of either by (i) physical
destruction (crushing) or (ii) by government certified levels of electronic shredding. All electronic shredding shall come with a certificate of destruction.
Limitations on the transfer of personal data The GDPR restricts data transfers to countries outside the UK in order to ensure that the level of data protection afforded to individuals by the GDPR is not undermined. Equivalent requirements apply in the EU. Asper individuals transfer personal data originating in one country across borders when they transmit or send that data to a different country or view/access it in a different country. If Asper individuals need to transfer data outside of the UK or, if operating from an EU
establishment, outside the EU,1 please speak to the GDPR Project Team in advance. Measures put in place to safeguard your personal data We have put in place several technical and organisational measures aimed at protecting the confidentiality, the integrity and the availability of your personal data:
- All the endpoints of the company are protected with antivirus and firewalls.
- Encryption technology is in use to protect the integrity of the personal data we process. Encryption prevents data from being easily accessible and recoverable in the event of theft or computer misuse.
- A password policy is currently in place to ensure that the data stored on our systems is only accessible to authorised personnel. The passwords are changed on a regular basis.
- We regularly make backups of our data to ensure that it is readily available in the event of technical problems or disaster recovery.
- We restrict access to personal information to those employees and third parties who need to know that information for the purposes set out in this Statement.
While Asper takes appropriate technical and organistaional measures to safeguard the personal information that you provide, no transmission over the internet can ever be guaranteed secure and Asper cannot guarantee its security by this method of transmission. Your rights Under data protection laws you have certain rights, including the right to: access, rectify, withdraw consent, erase, restrict, transport and object to the processing of your personal information. You also have a right to lodge a complaint with the Information Commissioner’s Office (see further details below) if you believe your information is not being processed in accordance with the law. Should you wish to exercise any your rights, please contact: gdpr@asper‐im.com. We will do our best to respond within 30 days, but if it is going to take longer we will contact you to ask for further time. Privacy and the internet Asper’s website www.asper‐im.com uses cookies. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owner of the site. The main objective of cookies is to provide us with data that we can use to improve our website in order to provide you with a better service. Google Analytics is in use to collect information about how visitors use our website. Please see Asper’s Cookie Policy at www.asper‐im.com for further details. When using our website without adjusting your web browser to block them, you are consenting to these types of cookies being stored on your device. Additional information If you have any questions with regards to this privacy policy, the way your data is handled or if you would like to exercise any of your rights under the General Data Protection Regulation, please contact gdpr@asper‐im.com or in writing to: Debbie Hudgell Kuhler, Asper Investment Management, Halkin, 68 King William Street, London, EC4N 7HR. The Information Commissioner’s Office and Autoriteit Persoonsgegevens (Dutch Data Protection Authority) If you would like to learn more about the General Data Protection Regulation, you can visit: UK: the ICO’s website following this link: https://ico.org.uk/. You can also find an overview of the GDPR following this link: https://ico.org.uk/for‐organisations/data‐protectionreform/overview‐of‐the‐gdpr/ Netherlands: the Autoriteit Persoonsgegevens’ website following this link: https://autoriteitpersoonsgegevens.nl/en Notification of changes This Statement is dated June 2021. We may amend this Statement from time to time without notice. An amended Statement will be posted and available on our website. We may change the Statement for a number of reasons, including changes in law, market practice or our treatment of your personal information.
1 Please note that this includes transfer of personal data from an EU establishment to the UK.
Who we are
Our website address is: https://asper-im.com.
What personal data we collect and why we collect it
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact forms
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
Who we share your data with
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Your contact information
Additional information
How we protect your data
What data breach procedures we have in place
What third parties we receive data from
What automated decision making and/or profiling we do with user data
Industry regulatory disclosure requirements
Introduction Asper Investment Management Limited (“Asper”) respects the privacy of every individual whose personal information it handles. We are committed to respecting and protecting personal data and will process personal data provided to Asper only in accordance with applicable data protection and privacy laws. Personal data includes information relating to natural persons who can be identified or who are identifiable, directly from the information in question or who can be indirectly identified from that information in combination with other information. The main objective of this Privacy Policy Statement (“Statement”) is to provide a clear indication of how Asper collects, stores and uses personal data. When this Statement mentions “company”, “we”, “us”, “our” all of those terms refer to Asper Investment Management Limited (company number: 10075247) with registered offices located at 24/25 The Shard, 32 London Bridge Street, London SE1 9SG. This Statement is not an exhaustive description of how we process the personal information of natural persons. If you have any questions about this Statement, or our privacy related practices, please contact us at: gdpr@asper-im.com. This Statement has been approved by the Board of Asper. Data protection laws Asper Investment Management processes data in line with UK laws and regulations; more specifically the General Data Protection Regulation. This regulation became effective on 25 May 2018. How do we collect personal information? We will collect information from you when you interact with us in person, in writing, by telephone and by email. For example, when you are an actual or potential investor or an actual or potential business partner, advisor, consultant or supplier. If you email us your CV, or if you have a meeting with a representative of Asper and provide us with your business card, or if you visit our office where your image is recorded by the building’s CCTV systems operated for security purposes. We may also receive information from other sources, such as third parties who collect personal information from you and pass it on to us. For example, where we conduct verification or antimoney laundering checks as part of our AML policies and procedures. What types of personal information do we collect? Personal information that we hold about you (including through our website) may include names, work addresses, email addresses, contact numbers, job title, employer organisation. Information required to verify your identity, for example passports, identification documents and proof of home address for anti-money laundering and Know Your Customer, references, background and other similar checks, or any other personal information that you provide to us. Asper will take all reasonable steps to keep your personal information accurate and, where necessary, up-to-date. Please notify us at: gdpr@asper-im.com if you believe that any of the information Asper holds about you is incorrect. Grounds for processing To process your data lawfully we will use your information on one or more of the following grounds:
- you are a party to a contract and processing your personal data is necessary for the performance of contract;
- it is in our legitimate interests to do so and where such interests are not overridden by your privacy interests;
- it is required for our or our funds’ compliance with legal and regulatory obligations, including our FCA duties to our clients, or where disclosures are requested by authorities, regulators or governmental bodies;
- we have obtained your consent where one of the above grounds cannot reasonably be relied upon.
Your personal data will not be sold to third parties, marketing agencies or processed in an unlawful manner. If we seek to use your personal data for a purpose beyond that for which it was originally collected, we will seek your consent or look to rely on another valid legal ground to process your personal information in accordance with applicable law. How do we use your personal information We will use your personal information, and may share your personal data with other third parties acting on our behalf (as detailed below) in respect of:
- maintaining contact records and providing business updates;
- communicating with you about and sending invitations for presentations, events and meetings with representatives of Asper;
- communicating with you about potential business or career opportunities;
- obtaining professional services from our third parties, including consultants, auditors, accountants and lawyers;
- complying with anti-money laundering and Know Your Customer, references, background and other checks;
- compliance with our regulatory and legal obligations, including fiduciary duties and FCA obligations to clients, or requests for disclsosures from a court, regulatory or governmental body;
- conducting due diligence with regard to potential or actual investment opportunities;
- improving marketing materials;
- evaluating potential candidates for future recruitment and assessing your application if you have applied for a job with us;
- responding to your enquiries and resolving your complaints.
Who might we provide your personal information to? There are circumstances where we may be compelled or wish to disclose your personal information to third parties. This will only take place in accordance with applicable law and on the basis of one or more of the lawful grounds for processing (detailed above). This may include sharing your personal information with companies who process personal information on our behalf, such as third party outsourced service providers to facilitate the provision of our services, providers of cloud hosting solutions and professional advisers, such as lawyers, fund administrators, accountants or other consultants and group entities. Asper will ensure that, where a third party is used for specific reasons, the service provider has agreed to protect and maintain the security and confidentiality of the information that Asper shares with them. Sensitive or special category personal data Certain types of data require extra safeguards, in particular information about children, the “special categories” of personal data including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sexual orientation, genetics, and biometrics, and criminal offences (including allegations and sentencing). We generally do not need this information so please do not send it to us. Retention and deletion Asper will retain personal information for a period that will vary depending on the purposes that it was collected for, as well as the requirements of any applicable law or regulation. Destruction of data will be carried out in accordance with Asper’s data retention policy. Where the retention schedule requires destruction instead of archival, the following shall apply:
- Paper records will be shredded by a provider who grants documented evidence of its destruction in the form of a certificate or video evidence.
- Electronic records shall be deleted from live systems but may be retained on back-ups in line with the back-up retention schedule.
- Physical equipment capable of storing data shall be disposed of either by (i) physical destruction (crushing) or (ii) by government certified levels of electronic shredding. All electronic shredding shall come with a certificate of destruction.
Third parties and overseas transfers When your personal data needs to be transferred to an overseas country that is not part of the EEA (European Economic Area) we will always ensure that there are adequate levels of protection and a similar legislation with regards to data protection; each country might have different laws and regulations with regards to data protection. Overseas transfers outside the EEA will only be possible when we have the appropriate safeguards in place. Measures put in place to safeguard your personal data We have put in place several technical and organisational measures aimed at protecting the confidentiality, the integrity and the availability of your personal data:
- All the endpoints of the company are protected with antivirus and firewalls.
- Encryption technology is in use to protect the integrity of the personal data we process. Encryption prevents data from being easily accessible and recoverable in the event of theft or computer misuse.
- A password policy is currently in place to ensure that the data stored on our systems is only accessible to authorised personnel. The passwords are changed on a regular basis.
- We regularly make backups of our data to ensure that it is readily available in the event of technical problems or disaster recovery.
- We restrict access to personal information to those employees and third parties who need to know that information for the purposes set out in this Statement.
While Asper takes appropriate technical and organistaional measures to safeguard the personal information that you provide, no transmission over the internet can ever be guaranteed secure and Asper cannot guarantee its security by this method of transmission. Your rights Under data protection laws you have certain rights, including the right to: access, rectify, withdraw consent, erase, restrict, transport and object to the processing of your personal information. You also have a right to lodge a complaint with the Information Commissioner’s Office (see further details below) if you believe your information is not being processed in accordance with the law. Should you wish to exercise any your rights, please contact: gdpr@asper-im.com. We will do our best to respond within 30 days, but if it is going to take longer we will contact you to ask for further time. Privacy and the internet Asper’s website www.asper-im.com uses cookies. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owner of the site. The main objective of cookies is to provide us with data that we can use to improve our website in order to provide you with a better service. Google Analytics is in use to collect information about how visitors use our website. Please see Asper’s Cookie Policy at www.asper-im.com for further details. When using our website without adjusting your web browser to block them, you are consenting to these types of cookies being stored on your device. Additional information If you have any questions with regards to this privacy policy, the way your data is handled or if you would like to exercise any of your rights under the General Data Protection Regulation, please contact gdpr@asper-im.com or in writing to Debbie Hudgell Kuhler, Asper Investment Management Limited, 24/25 The Shard, 32 London Bridge Street, London SE1 9SG. The Information Commissioner’s Office If you would like to learn more about the General Data Protection Regulation, you can visit the ICO’s website following this link: https://ico.org.uk/. You can also find an overview of the GDPR following this link: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-thegdpr/ In addition to all the information provided in this Privacy Policy Statement, you can also find more in-depth information with regards to the rights you have under the General Data Protection Regulation following this link: https://ico.org.uk/for-organisations/guide-to-the-general-dataprotection-regulation-gdpr/individual-rights/ Notification of changes This Statement is dated July 2018. We may amend this Statement from time to time without notice. An amended Statement will be posted and available on our website. We may change the Statement for a number of reasons, including changes in law, market practice or our treatment of your personal information. Privacy Policy Statement: v.3 January 2019 — 24/25 The Shard
32 London Bridge Street
London
SE1 9SG
Registered in England no: 10075247 Registered office as above, VAT no: 243080339
Authorised and regulated by the Financial Conduct Authority