1. Applicability of Privacy Policy

​

This is the Privacy Policy of Spencer House Partners LLP, a limited liability partnership incorporated in England and Wales with registered office address at 15 St. James's Place, London, SW1A 1NP and registered company number OC315704 ("us", "we" or "our").

​

This Privacy Policy applies to our processing of personal data in relation to the provision of any of our services, including:

• when you request information from us;

• when you engage our corporate finance advisory and other professional services;

• as a result of your relationship with one or more of our clients;

• where you apply for a job or work placement;

• when you visit our offices; and

• your use of our websites.

​​

This Privacy Policy explains how we collect, use and protect your personal data. Respecting and protecting your privacy and your personal data is very important to us.

​

Your personal data will be held by us in accordance with the data protection laws of the United Kingdom. For the purposes of data protection laws in the United Kingdom, the controller is Spencer House Partners LLP, registered with the Information Commissioner's Office with registration number Z9515723.

​

If you have any questions in relation to this Privacy Policy, please contact us at:

Address: Attn: Business Administrator, Spencer House Partners LLP, 15 St. James’s Place, London, SW1A 1NP

Telephone: +44 (0)20 7647 8529

Email: info@spencerhousepartners.com

​

Please read this Privacy Policy to understand how we will collect and use your personal data and the rights you have in relation to your personal data. This Privacy Policy was last updated on the date above and may vary from time to time so please check it regularly.

​

By visiting our website and using our products and services, you acknowledge the terms of this Privacy Policy and the use and disclosure of your personal data as set out in this Privacy Policy.

​

2. How we collect your personal data

​

• Corporate Clients (and associated individuals)

Where we need to process personal data to provide professional services, we ask our clients to provide the necessary information to the data subjects regarding its use.  Our clients may use relevant sections of this Privacy Policy or refer data subjects to this Privacy Policy statement if they consider it appropriate to do so.

Generally, we collect personal data from our clients or from third parties acting on the instructions of the relevant client.

The categories and range of personal data will vary from client to client and mandate to mandate. However, our policy is to collect only the personal data necessary for the particular work and we ask our clients to only share personal data where it is strictly needed for those purposes.

​

• Business contacts and suppliers

We collect certain limited personal data about our business contacts, both in the context of the provision of our professional services to corporate clients (and associated individuals) and contacts of our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors) and service providers (including professional advisors and individuals associated with our service providers). Personal data collected in this context is usually (but may not exclusively be) limited to name, employer name, contact title, phone, email and other business contact details.

​

• SHP website

When you use our online services or visit our website, we may collect the following information from you directly and/or automatically:

- information you provide to us if you contact us, for example to report a problem with our online services or raise a query or comment; and

- details of visits made to our website such as the volume of traffic received, logs (including, the internet protocol (IP) address and location of the device connecting to the online services and other identifiers about the device and the nature of the visit) and the resources accessed.

​​

• Careers and Recruitment

If you apply for a job or work placement you may need to provide information about your education, employment, nationality, racial background and state of health. Your application will constitute your express consent to our use of this information to assess your application and to allow us to carry out both recruitment analytics and any monitoring activities which may be required of us under applicable law as an employer. We may also carry out screening checks (including reference, background, directorship, financial probity, identity, eligibility to work, vocational suitability and criminal record checks) and consider you for other positions. We may disclose your personal data (including diversity and equal opportunities data) to academic institutions, recruiters, screening check providers, health service providers, professional and trade associations, law enforcement agencies, recruitment analytics and diversity research providers, referees and your current and previous employers. We may also collect your personal data from these parties in some circumstances. Without your personal data we may not be able to progress considering you for positions with us.

​

• Visitors to our offices

We have security measures in place in and around our office buildings, including building access controls.

Visitor logs – all our visitors are recorded in our diary systems.  As an FCA regulated firm we are required to keep records of all our business dealings including meetings for a minimum of 5 years.

​

3. WHY WE COLLECT your personal data

​

We use personal data for the following non-exhaustive list of purposes:

 

• Providing professional services

We provide a diverse range of professional services. Some of our services require us to process personal data in order to provide advice and deliverables. For example, when undertaking a due diligence review of an acquisition target on behalf of a client, we may obtain and review personal data of individuals employed at that acquisition target.

​

• Receiving services

We process personal data in relation to our suppliers, service providers and their staff as necessary to receive the services in question. For example, where a supplier is providing us with facilities management or other outsourced services, we will process personal data about those individuals that are providing services to us.

​

• Administering, managing and developing our businesses and services

We process personal data in order to run our business, including:

- managing our relationship with clients;

- developing our businesses and services (such as identifying client needs and improvements in service delivery);

- promoting our goods and services;

- maintaining our own accounts and records;

- maintaining and using IT systems;

- hosting or facilitating the hosting of events; and

- administering and managing our website and systems and applications.

​

• Security, quality and risk management activities

We have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threats. Personal data may be processed as part of the security monitoring that we undertake. For example, automated scans to identify harmful emails.

We monitor the services provided to clients for quality purposes, which may involve processing personal data stored on the relevant client file. We have policies and procedures in place to monitor the quality of our services and manage risks in relation to client engagements.

We collect and hold personal data as part of our client engagement and acceptance procedures. As part of those procedures we carry out searches using publicly available sources (such as internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organisations and check that there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputational issues). 

​

• Providing our clients with information about us and our range of services

We use client business contact details to provide those individuals with information that we think will be of interest about us and our services. For example, industry updates and insights, other services that may be relevant and invites to events and training.  

​

• Complying with any requirement of law, regulation or a professional body of which we are a member

As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We need to keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.

​

• Improving our services

We are continually looking for ways to help our clients and improve our business and services.  Where agreed with our clients, we may use information that we receive in the course of providing professional services for other lawful purposes, including analysis to better understand a particular issue, industry or sector, provide insights back to our clients, to improve our business, service delivery and offerings and to develop new technologies and offerings. To the extent that the information we receive in the course of providing professional services contains personal data, we will de-identify the data prior to using the information for these purposes.

​

4.  WHO DO WE SHARE YOUR DATA WITH?

​

We may share your personal data with the following categories of recipients:

​

• Related Entities

Your personal data will be used by us and may be disclosed to our affiliated companies, including LSH Partners Securities LLC.

​

• Regulatory bodies

We may disclose your personal data:

1. to regulators and law enforcement agencies (including those responsible for enforcing anti-money laundering legislations);

2. in response to an enquiry from a government agency;

3. to data protection regulatory authorities (including the UK Information Commissioner's Office);

4. to financial services regulatory authorities (including the UK Financial Conduct Authority); and

5. to other regulatory authorities with jurisdiction over our activities.

​

• Service providers

We may disclose your personal data to third party service providers who require access to such information for the purpose of providing specific services to us. These third parties will generally only be able to access your data in order to provide us with their services and will not be able to use it for their own purposes.

​

• Professional advisors and Auditors

We may disclose your personal data to professional advisors (such as legal advisors and accountants) or auditors for the purpose of providing professional services to us.

​

• Replacement providers

In the event that we sell or buy any business assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.

If SHP or substantially all of its assets are acquired by a third party, personal data held by us about our clients will be one of the transferred assets.

 

5. What are my rights?

You have various rights in relation to the data which we hold about you.

We have described these below.

To get in touch with us about any of these rights, please contact us at:

Address: Attn: Business Administrator, Spencer House Partners LLP, 15 St. James’s Place, London, SW1A 1NP

Telephone: +44 (0)20 7647 8529

Email: info@spencerhousepartners.com

​

We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.

​

The GDPR gives you the following rights in relation to your personal data:

​

• Right to object

This right enables you to object to us processing your personal data where we do so for one of the following reasons:

- because it is in our legitimate interests to do so (for further information please see section 10 below);

- to enable us to perform a task in the public interest or exercise official authority;

- to send you direct marketing materials; or

- for scientific, historical, research, or statistical purposes.

​

• Right to withdraw consent

Where we have obtained your consent to process your personal data for certain activities (for example, for marketing), you may withdraw this consent at any time and we will cease to use your data for that purpose unless we consider that there is an alternative legal basis to justify our continued processing of your data for this purpose, in which case we will inform you of this condition.

​

• Data Subject Access Requests

You may ask us for a copy of the information we hold about you at any time, and request us to modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost.  Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.

​

• Right to erasure

You have the right to request that we "erase" your personal data in certain circumstances. Normally, this right exists where: 

- The data are no longer necessary;

- You have withdrawn your consent to us using your data, and there is no other valid reason for us to continue;

- The data has been processed unlawfully;

- It is necessary for the data to be erased in order for us to comply with our obligations under law; or

- You object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.

​

We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so.

When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.

​

• Right to restrict processing

You have the right to request that we restrict our processing of your personal data in certain circumstances, for example if you dispute the accuracy of the personal data that we hold about you or you object to our processing of your personal data for our legitimate interests. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.

​

• Right to rectification

You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.

​

• Right of data portability

If you wish, you have the right to transfer your personal data between service providers. In effect, this means that you are able to transfer the details we hold on you to another third party. To allow you to do so, we will provide you with your data in a commonly used machine-readable format so that you can transfer the data. Alternatively, we may directly transfer the data for you.

​

• Right to complain

You have the right to lodge a complaint with our regulator, who is the Information Commissioner's Office in the UK. You can contact them in the following ways:

• Phone: 0303 123 1113

• Email: casework@ico.org.uk

• Live chat 

• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

 

6. Cookies

Cookies are small data files sent by a website to your computer that are stored on your hard drive when you visit certain online pages of our website.

Cookies allow the website to identify and interact with your computer (for example so we can remember your login details if you have opted to 'stay signed in'). We do not use cookies to retrieve information that was not originally sent by us to you in a cookie.

You can set your browser to accept or reject all cookies, or notify you when a cookie is sent. If you reject cookies or delete our cookies, you may still use our websites, but you may have reduced functionality and access to certain areas of our websites or your account.

Your continued use of our website is your acceptance of our continued use of cookies on our website.

 

7.  Security

We will take all reasonable precautions necessary to protect your personal data from misuse, interference and loss; and unauthorised access, modification or disclosure.

This includes, for example, the protection of passwords using industry standard encryption, measures to preserve system security and prevent unauthorised access and back-up systems to prevent accidental or malicious loss of data. We may use third party data storage providers to store personal data electronically. We take reasonable steps to ensure this information is held as securely as information stored on our own equipment.

Unfortunately, there is always risk involved in sending information through any channel over the internet. You send information over the internet entirely at your own risk. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the internet and we do not warrant the security of any information, including personal data, which you transmit to us over the internet.

 

8.  International transfers of data

The data that we collect from you will be transferred to, and stored at, destinations both within and outside the European Economic Area (EEA). As discussed above, we may disclose your personal data to our service providers, some of whom may be located outside of the EEA.

We want to make sure that your personal data is stored and transferred in a way which is secure. We will therefore only transfer data outside of the EEA where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data. For example, this could be:

• By way of a data transfer agreement with a third party, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws; or

• By transferring your data to an entity which has signed up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions; or

• By transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country's levels of data protection via its legislation; or

• Where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer your data to a benefits provider based outside the EEA); or

• Where you have explicitly consented to the data transfer.

Where we transfer your personal data outside the EEA and where the country or territory in question does not maintain adequate data protection standards, we will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy.

 

9. How long will we keep your personal data?

We will not keep your personal data for longer than is necessary for the purposes for which we have collected it, unless we believe that the law or other regulation requires us to keep it (for example, because of a request by a tax authority or in connection with any anticipated litigation) or if we require it to enforce our agreements.

​

In general, we will retain your personal data for as long as we provide services to you and, following that period, we will only retain your personal data for as long as is reasonably necessary in the circumstances.

​

When it is no longer necessary to retain your personal data, we will delete the personal data that we hold about you from our systems. While we will endeavour to permanently erase your personal data once it reaches the end of its retention period, some of your personal data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again.

 

10.  Legal CONDITIONS for USING your personal data

There are a number of different ways that we are lawfully able to process your personal data. We have set these out below.

​

• Where using your data is in our legitimate interests

We are allowed to use your personal data where it is in our interests to do so, and those interests aren't outweighed by any potential prejudice to you.

We believe that our use of your personal data is within a number of our legitimate interests, including but not limited to:

- To enable us to provide our corporate finance advisory and other professional services to our clients;

- To help us satisfy our legal obligations (for example, in relation to prevention of money laundering and anti-terrorism);

- To help us understand our clients better and provide better, more relevant services to them;

- To enable us to recruit and retain appropriate personnel; and

- To help us keep our systems and physical premises secure and prevent unauthorized access or cyber attacks.

​

We don't think that any of the activities set out in this privacy policy will prejudice you in any way. However, you do have the right to object to us processing your personal data on this basis. We have set out details regarding how you can go about doing this in section 5 above.  

​

• Where you give us your consent to use your personal data

We are allowed to use your data where you have specifically consented. In order for your consent to be valid:

- It has to be given freely, without us putting you under any type of pressure;

- You have to know what you are consenting to – so we'll make sure we give you enough information;

- You should only be asked to consent to one thing at a time – we therefore avoid "bundling" consents together so that you don't know exactly what you're agreeing to; and

- You need to take positive and affirmative action in giving us your consent – we're likely to provide a tick box for you to check so that this requirement is met in a clear and unambiguous fashion.

​

As part of our relationship with you (for example, via our engagement terms), we may ask you for specific consents to allow us to use your data in certain ways. If we require your consent, we will provide you with sufficient information so that you can decide whether or not you wish to consent.

You have the right to withdraw your consent at any time. We have set out details regarding how you can go about this in section 5 above.

​

• Where using your personal data is necessary for us to carry out our obligations under our contract with you

We are allowed to use your personal data when it is necessary to do so for the performance of our contract with you.

For example, we need to collect your contact details in order to be able to communicate with you and provide you with the professional services you have requested.

​

• Where processing is necessary for us to carry out our legal obligations

As well as our obligations to you under any contract, we also have other legal obligations that we need to comply with and we are allowed to use your personal data when we need to in order to comply with those other legal obligations.

For example, we are required to carry out anti-money laundering checks about our clients and we need to collect and use certain information about them in order to do so.