Hayfin Capital Management LLP and Hayfin Emerald Management LLP (“we”, “our”, “us”) are committed to protecting and respecting your privacy. We are a limited liability partnership established in the United Kingdom with a registered office at 1 Eagle Place, London SW1Y 6AF. Hayfin Capital Management LLP and Hayfin Emerald Management LLP, together with their subsidiaries and affiliates, comprise the “Hayfin Group”.
Part 1 describes the personal data we collect, and how we use it, when you are a visitor on our Website.
Part 2 describes the personal data we collect, and how we use it, when you apply for a job with us.
Part 3 describes the personal data we collect, and how we use it, when we are required to conduct Know Your Client checks on clients and prospective clients.
Part 4 applies generally in respect of all of our processing of personal data.
PART 1 – OUR WEBSITE
If you are in the EU, then for the purposes of the General Data Protection Regulation, Hayfin Capital Management LLP or Hayfin Emerald Management LLP (as applicable) is the controller of your personal data collected and used in the context of you visiting our Website (as described in this Part 1).
The type of information we, or our third parties’, collect
Technical usage information. When you visit our Website, the third party vendor which hosts our website automatically collects the IP address of the device you are using, e.g. computer, mobile phone or other access device.
Information you give us. You may also provide the Hayfin Group with information by contacting us via email, telephone or by signing up for our newsletters or alerts when you engage with Hayfin Group personnel.
Purpose and legal basis for processing
As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our Website and to provide useful content, we will use your information to:
- communicate with you;
- enforce our Website terms and conditions;
- if you have opted in to marketing, communicate with you about products, services, promotions, events and other news and information we think will be of interest to you.
PART 2 – APPLYING FOR A JOB WITH HAYFIN
If you apply for a job with a member of the Hayfin Group within the EU, the company you apply to is, for the purposes of the General Data Protection Regulation, the controller of your personal data. For the purpose of this Part 2, we refer to the member of the Hayfin Group as the Employing Entity.
The type of information we collect
Information you give us. When you apply for a job with the Hayfin Group the Employing Entity will ask you to provide a CV. Your CV will likely include personal data such as your name, contact details, education and previous experience. During the application process, the Employing Entity may ask you further questions about this information and/ or request additional information such as proof of identity, proof of your qualifications, a criminal records declaration and names and contact details for referees.
Where permitted by local law, you have the option of providing certain sensitive personal data with your consent, such as, race or ethnic origin, or whether you have a disability, for the purposes of equal opportunities monitoring. If you decide not to provide this data, your application will not be prejudiced.
Information from third parties.
Background Screening Checks. The Employing Entity will receive information from third parties in connection with your application, such as data provided by referees, recruiters and organisations that provide background checks (this will include right to work and credit and criminal reference checks, to the extent permitted by applicable law).
Purpose and legal basis for processing
The Employing Entity processes personal data to assess your suitability for the role you have applied for. The Employing Entity is therefore processing this personal data with a view to entering into a contract with you. Where background screening or assessments are undertaken, automatic reports are generated which will form part of the Employing Entity’s assessment. You may request that such reports are assessed manually.
The Employing Entity processes any sensitive personal data you provide for equal opportunities monitoring for the purpose of carrying out specific obligations as an employer.
The Employing Entity will use your information to:
- communicate with you;
- progress your application, including conducting background checks and determining the validity of the information you have provided; and
- to fulfil its legal and regulatory obligations as an employer/ potential employer.
How do we share your personal data?
Please see How do we share your personal data? below.
The Employing Entity also, when processing personal data for job applications, will share your personal data with:
- background check providers to verify the information that you provided as part of your application;
- recruitment agents through whom you have made your application;
- referees (as provided by you) to identify you so they can provide a reference; and
- our assessment providers for the purpose of providing occupational personality profile evaluations.
In addition to Your Rights described below, where you have given information to an Employing Entity for the purpose of processing in relation to entering into an employment contract, you have the right to request that the Employing Entity transfer this data to you or another organisation. If you wish for the Employing Entity to transfer the personal data to another party, please ensure you detail that party and note that the Employing Entity can only do so where it is technically feasible. The Employing Entity is not responsible for the security of the personal data or its processing once received by the third party.
The Employing Entity may not be able to provide you with certain personal data following a portability request if providing it would interfere with another individual’s rights (e.g. where providing the personal data it holds about you would reveal information about another person) or where another exemption applies.
PART 3 – CLIENT AND PROSPECTIVE CLIENT CHECKS
If you are a customer, or prospective customer, of a member of the Hayfin Group within the EU, the company you are onboarding/ onboarded with is, for the purposes of the General Data Protection Regulation, the controller of your personal data. For the purpose of this Part 3, we refer to the member of the Hayfin Group as the Onboarding Entity.
The type of information we collect and our purpose and legal basis for processing
Hayfin collects a variety of information about its clients and client contacts as part of our new client onboarding process. This may be referred to as ‘Know Your Client’ checks and, where required by law, we will also undertake anti-money laundering checks. When conducting these checks, Hayfin will collect:
- In the case of Corporate customers, Hayfin may collect the following personal data: a list of directors; a list of individuals who own or control over 10% of its shares or voting rights; names of individuals who exercise control over the management of the company and, in each case, Hayfin will take reasonable steps to verify the identity of such individuals (as further described below).
- In the case of Individual customers or where verification of individuals related to a Corporate customer is required, Hayfin may collect the following personal data:
- documentary evidence of personal identity (one item);
- current signed passport;
- current photocard driving licence (full or provisional); or
- national identity card (including an identity card issued by the Electoral Office of Northern Ireland).
- documentary evidence of address (one item);
- recent utility bill (within the last three months);
- local authority council tax bill (current);
- current photocard driving licence (if not provided above) or current (old style) driving licence;
- current bank statement with current address; and
- most recent original mortgage statement from a recognised lender.
If we are entering into a contract with you directly, then it is necessary for the purpose of that contract, that we verify your identity. In other cases, it may be in our legitimate interests, as a provider of services to your employer, that we verify your identity as a key contact or director.
PART 4 – GENERAL PROVISIONS
For the purpose of this Part 3, “we”, “our” and “us” refers to the relevant data controller of your personal data, as identified in Part 1 and/ or Part 2 accordingly.
How do we share your personal data and where it is stored?
In the European Economic Area:
- our Website host which collects the IP address of the device used to access the Website;
- cloud storage providers to store the personal data you provide and for disaster recovery services; and
- IT Services providers that provide us with SaaS services, such as our customer relationship management information, and other software; and
In the United States of America:
- analytics and search engine providers that assist us in the improvement and optimisation of the Website.
We only share personal data with third parties outside of the European Economic Area, if the third party:
- complies with the US Department of Commerce’s EU-US Privacy Shield and has certified that it will adhere to the EU-US Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. For more information about the EU-US Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield
- has entered into standard data protection clauses adopted pursuant to European Commission Decisions 2004/915/EC and 2010/87/EU.
Sharing with Hayfin Affiliates. The Hayfin Group is a group of global companies. All of your personal data will be accessible from, and may be transferred to, affiliates within the Group located in the UK, France, Germany, Luxembourg, Spain, Israel and the USA. This transfer is limited solely to the extent it is necessary due to the centralization of certain administrative and processing services.
We take all necessary security and legal precautions to ensure the safety and integrity of personal data that is transferred within the Hayfin Group. Where a transfer of personal data within the Hayfin Group involves a transfer of personal data outside the European Economic Area, we take appropriate measures as required by the GDPR in respect of such transfer:
- For transfers to Israel, we rely on the fact that Israel has been recognised as providing an adequate level of data protection by the European Commission;
- For transfers to the USA, we have entered into standard data protection clauses adopted pursuant to European Commission Decisions 2004/915/EC and 2010/87/EU.
Sharing with Law Enforcement. We will share your information with law enforcement agencies, public authorities or other organisations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
- comply with a legal obligation, process or request;
- enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
- detect, prevent or otherwise address security, fraud or technical issues; or
- protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
Sharing data for business purposes. We will also disclose your information to third parties:
- in the event that we sell any business or assets, in which case we will disclose your data to the prospective buyer of such business or assets; or
- if we or substantially all of our assets are acquired by a third party, in which case information held by us about our users will be one of the transferred assets.
How long do we store your personal data?
How long we hold your personal data for will vary. The retention period will be determined by various criteria including:
- our internal policies that dictate the period for which we hold personal data; and
- legal obligations – laws or regulation may set a minimum period for which we have to store your personal data.
Under data protection law, you have certain rights with respect to the data we process about you. The rights available to you depend on our reason for processing your information and may be limited in certain circumstances, for example, where fulfilling your request would adversely affect other individuals, where there are overriding public interest reasons or where we are required by law to retain your personal data.
Your right of access. You have the right to ask us to access the personal data we hold about you and be provided with certain information about how we use your personal data and who we share it with.
Your right to rectification. You have the right to ask us to correct your personal data where it is inaccurate or incomplete and we will endeavour to do so without undue delay.
Your right to erasure. In certain circumstances, you have the right to ask us to delete the personal data we hold about you:
- where you believe that it is no longer necessary for us to hold your personal data (for example, if you decide that you no longer wish to submit a job application to us);
- where we are processing your personal data on the basis of legitimate interests and you object to such processing and we cannot demonstrate an overriding legitimate ground for the processing; or
- where you believe the personal data we hold about you is being unlawfully processed by us.
Your right to restrict processing. In certain circumstances, you have the right to ask us to restrict (stop any active) processing of your personal data. You may choose to restrict processing:
- while we are considering: (i) a challenge you have made to the accuracy of your data; or (ii) an objection you have made to the use of your data;
- where we want to erase your personal data, as the processing is unlawful, but you want us to continue to store it; or
- where we no longer need your personal data for the purposes of our processing but you require us to retain the data for the establishment, exercise or defence of legal claims; or
To exercise any of these rights above, please contact our Compliance Officer, David Rushford at firstname.lastname@example.org. In addition, you have the right to complain to the Information Commissioner’s Office or other applicable data protection supervisory authority.
Objection to Marketing
At any time you have the right to object to our processing of data about you in order to send you marketing materials. If you object, please contact us at IR@hayfin.com and we will stop processing the data for that purpose.
The security of your personal data
Unfortunately, the transmission of information via the internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through the Website or over email; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organisational measures to safeguard your personal data against loss, theft and unauthorised use, access or modification.
We will, from time to time, host links to and from the websites of our affiliates or third parties. If you follow a link to any of these websites, these websites will have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to those websites.
In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at email@example.com and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the Information Commissioner’s Office or the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.
Any changes we will make to this policy in the future will be posted on this page. Please check back frequently to see any updates or changes to this policy.
Questions, comments and requests regarding this policy are welcomed and should be addressed to firstname.lastname@example.org.