EC2 Partners Privacy Notice

September 2019

About EC2 Partners and the lawful basis upon which it processes Personal Data

EC2 Partners was set up in 2019 to offer growing companies and ambitious entrepreneurs patient capital and strategic support. We have created a fund to support a range of growing companies – early stage, growth stage and quoted – across every region and sector of the economy.

It is in our legitimate interests to identify and contact suitable businesses that may benefit from investment by EC2 Partners and to continue to develop a relationship with them until such time as EC2 Partners may make an investment. Thereafter, it remains our legitimate interest to effectively manage the performance of our portfolio of investments including undertaking appropriate risk management, exercising our legal rights and fulfilling contractual and regulatory obligations.

We believe growing businesses deserve the best possible support. That’s why we’ve built up a network that provides access to expertise, guidance and knowledge, whatever the sector or situation. It is in our legitimate interest to research the market to find those talented individuals best suited to join our network, and in their legitimate interest to have the opportunity to help nurture these growing companies.

Outside of our legitimate interest and any contractual agreements with you governing the processing of personal data, we shall obtain consent where practicable and proportionate in relation
to the largely business‐centric data that we process.

About this Privacy Notice

When we say ‘we’ or ‘us’ or ‘EC2’, we mean EC2 Partners Ltd, registered address 20-22 Wenlock Road, London, England, N1 7GU. If you would like to get in contact with us, you will find appropriate contact details below.

“You” or “your” refers to you and any authorised person acting
on your behalf. This may include but is not limited to your professional advisers. Whilst EC2 primarily processes information related to businesses, this notice covers information we may hold on you and individuals connected to your business, such as a director, officer or employee of the business; partners or members of a
partnership; any beneficial owner, controlling person or trustee; advisers or agents related to your business and any other person(s) with whom you have a relationship that is relevant to your engagement with EC2. It also refers to any individual who is an
existing or prospective member of our Talent Network.

This privacy notice explains what information we collect, how the information is used, if it will be shared with others and the controls we’ll put in place to keep the information secure. The notice should be read alongside any other written agreement or related contracts between EC2 and you in relation to its investment activity (including but not limited to any non‐disclosure or confidentiality agreement, investment or subscription and shareholders’ agreement and/or any contract or engagement letter for the supply of goods or services). This notice continues to apply even after your engagement with us ends subject to the terms of any other written agreement between you and EC2.

It is your responsibility to ensure any relevant individuals are made aware of this notice and the rights and information it contains, prior to sharing any relevant information with us, or permitting (or reasonably expecting) us to obtain the information from an alternative source. If you, or anyone else on your behalf, has provided or provides information on an individual connected to your business to EC2, the responsibility to ensure that you or they have the authority or approval to do so remains with you.

The information we collect relating to you and individuals connected to your business and the key purpose for which that information will be used

EC2 will collect your information and information relating to individuals connected to your business, in line with relevant regulations and applicable law. It could be collected from a range of sources and may relate to our investment portfolio; proposed new investments (some of which you and/or EC2 may subsequently decide not to progress); or any previous investments. We may also collect information about you and individuals connected to your business when you or they interact with us, e.g. via a telephone call or email; visit our website or other digital channels; visit one of our offices; or ask about our investment activity at events; or via your affiliated intermediaries such as banks, corporate finance firms and other advisers. The information may come directly from you or individual(s) connected to your business such as other employees, professional advisers, and/or other related firms. We may supplement this information from publicly available sources, professional data service providers and other appropriate third parties.

The key purpose for collecting personal data and the type of information we may collect could include:

Information relating to you and individuals connected to your business that you provide to us, or which others provided to us on your behalf

  • for the purposes of contacting you or individuals connected to your business in relation to a proposed new investment or monitoring any of our portfolio of investments ‐ name, job title, business contact details including email address and mobile phone number

  • for the purposes of investment due diligence, monitoring and reporting – financial information (salary and benefits including shares/other incentive schemes, pension information and tax information) and strategic/operational business information (e.g. current and future business strategies or financial records that may contain personal data about you or those connected to your business)

  • for the purposes of fraud detection, anti‐money laundering (KYC) and other regulatory requirements – name, photo ID, address, date of birth, telephone number and nationality.

  • for the purposes of investment risk management – EC2 will request the following information of certain individuals: sickness and disciplinary record, and any relevant information in relation to personal solvency, disqualifications and criminal convictions

  • for the purposes of market/investment analysis, marketing and service improvement – opinions and responses to market research such as online and telephone surveys, case studies and speeches

  • for the purposes of recruitment and benefiting from our Talent
    Network – your career history including CV, skills, specialisms, employment/opportunity interests, publicly available employment information and news, career highlights, employment references and financial information including remuneration

  • for the purposes of system access, data security and managing your preferences – login credentials for any online or telephone applications used to engage with us, and any personal preferences you select within those

  • other information about you and individuals connected to your business that you’ve provided to us by filling in forms or by communicating with us, whether face‐to‐face, by telephone, email, online, or otherwise

Information we collect or generate about you and individuals connected to your business

  • for the purposes of our investment activity – investment proposals and supporting papers containing analysis and appropriate due diligence surrounding the suitability of a potential new or follow on investment and monitoring any of our portfolio of investments. This may include analysis about you and individuals connected to your business including: past, current and future performance assessments; drivers and motivations for obtaining investment; ongoing details regarding share ownership and financial remuneration; and information that may be obtained from third parties (e.g. references)

  • for the purposes of identifying investment risk and deal origination – trading information and risk rating information specific to your business and its key personnel in relation to identifying new opportunities, considering a potential new investment and our portfolio of existing investments

  • for the purposes of customer relationship management including marketing, business development and event management – information regarding email/mailing preferences, event and meeting attendance, areas of business interest, records of correspondence with you and individuals connected to your business via post/telephone/email/online and cookie/preference tracking information following engagement with us online or through other digital channels

  • for the purposes of joining and benefiting from our Talent Network– independent opinions and references, supplementary public career information, information from subscribed services such as Linkedin, and relevant financial information

  • for the purposes of past, current and future investment analysis and ongoing service improvement – data aggregated into data warehouse and similar technologies to enable us to effectively analyse, report and where appropriate conduct predictive analytics in relation to investment performance

  • for the purposes of compliance, fraud prevention, physical security, other legal and regulatory obligations and pursuing our mutual legitimate interests and legal rights – records of correspondence and other communication between you and your professional advisers and EC2, including email, instant messages, voicemail and records captured through other digital channels. Additionally, we will collect individual information for the purposes of maintaining an
    insider list in compliance with Market Abuse Regulation (596/2014) in respect of our investment activity in regulated markets

  • for the purposes of security, fire safety and crime prevention – CCTV, sign in/out and digital door entry records at any of our offices or scheduled events

How we make decisions about investing in your business

We undertake due diligence and use our experience to help decide whether investing in your business is right for us. We do not use automated decision support systems.

Using your data for marketing and market research

We may use your information and information relating to individuals connected to your business to provide information about EC2’s investment activity and products or services from our partners and other relevant third parties. We may send marketing messages by post, email, telephone, text or secure messages and our other digital channels.

If you or individuals connected to your business wish to change how marketing messages are sent or wish to stop receiving these, please update your preferences or contact us using the details below. It may take us a short period of time to update our systems and records to reflect requests to stop receiving marketing messages, during which time you and individuals connected to your business may continue to receive marketing messages. Even if you tell us not to send marketing messages, we’ll continue to use contact details to provide important information, such as details regarding our investment in your business or opportunities through our network.

We may use your information and information relating to individuals connected to your business for market research and to identify trends. Market research or public relations agencies acting on our behalf may get in touch with you or individuals connected to your business by post, telephone, email or other methods of communication to invite you or them to take part in research. If you don’t have a contractual requirement to participate, and you prefer not to take part, please contact us to request that you or the details of any individual connected to your business which you have provided be removed.

Who we might share information with

We may share your information and information relating to individuals connected to your business with others where lawful to do so where we (subject to the terms of any confidentiality agreement in place governing such information):

  • need to in order to successfully provide the services we’ve agreed to provide you (e.g. investment related activity)

  • have a legal or regulatory duty to do so (e.g. preventing fraud and other financial crime, for regulatory reporting including internal and external audit, asserting or defending our legal rights and interests)

  • have a legitimate business reason for doing so (e.g. to manage risk, verify identity, enable another company or individual to provide you with services you have requested, assess your suitability for investment by EC2, or in order to monitor our investment)

  • have asked you and/or if appropriate the individuals connected to your business for your permission to share it, and you (or they) have agreed

We may also share your information and information relating to individuals connected to your business (subject to the terms of any confidentiality obligations in place governing such information) with:

  • other EC2 Group companies (which does not include our portfolio of investments) and any sub‐contractors, agents or service providers who work for us or provide services to us or other EC2 Group companies to the extent reasonable and necessary to do so

  • authorised agents, professional advisers and sub‐contractors acting for you, your business, or individuals connected to your business

  • authorised agents and professional advisers that provide due diligence and corporate transaction services on our behalf, which may include but are not limited to legal advisers, tax advisers, financial advisers and specialist sector/industry experts

  • other financial institutions, lenders and holders of security over any property or assets over which we may have a charge, tax authorities, trade associations, credit reference agencies, payment service providers and debt recovery agents

  • our existing portfolio companies or a prospective new investment but only to the extent of providing your contact details or those of individuals connected with your business where they may be relevant (e.g. network or inter‐portfolio business development activities)

  • our KYC provider who’ll also use it to verify your identity

  • anybody else that we’ve been instructed to share your information with by you, or anybody else who provides instructions or operates any of your investment services on your behalf

  • we may share our knowledge and expertise through aggregated and anonymised data with industry bodies and other interested parties both in the UK and abroad, such as government organisations, to facilitate industry analysis and policy formulation

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third‐party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

How long we’ll keep information

Our general retention policy is to keep information for a minimum of seven years although we will keep information for as long as is necessary to fulfil the purposes we collected it for and to comply with our legal and regulatory requirements, therefore we will often extend the seven‐year period should we anticipate the need to re‐engage with you for similar services as we continue to monitor your business through our customer relationship management and deal flow activities.

We may retain records relating to you and individuals connected to your business for legitimate reasons, for example preventing fraud and financial crime, complying with regulatory requirements, protecting our legal rights and interests, or dealing with complaints.

Where information has been shared with third parties in relation to our investment activity with you or those connected to your business, those third parties may use different retention schedules to ours in line with their own terms, conditions and associated policies.

Transferring information overseas

Your information and information relating to individuals connected to your business may be transferred within the European Economic Area (EEA). In certain limited circumstances information
may be transferred outside of this area, for example this may include your instruction, or instruction from your professional advisers,to transact with services providers, trade bodies, corporate finance providers and other agents outside of the EEA. Where it is in our own legitimate interests to transfer personal data outside the EEA, we will apply or seek a similar level of protection commensurate with the sensitivity of the personal data.

Rights of Individuals

You and individuals connected to your business have a number of rights in relation to the information that we hold about them. These rights include:

  • the right to access information we hold about them and to obtain information about how we process it

  • in some circumstances, the right to restrict, object to or with draw their consent to our processing of their information, which they can do at any time. We may continue to process their information if we continue to have a legitimate reason for doing so

  • in some circumstances, the right to receive certain information they have provided to us in an electronic format and/or request that we transmit it to a third party

  • the right to request that we rectify their information if it’s inaccurate or incomplete

  • in some circumstances, the right to request that we erase their information. We may continue to retain their information if we continue to have a legitimate reason for doing so

You and individuals connected to your business can exercise their rights by contacting us using the details set out in the ‘Who to contact for more information” section on page 7. Individuals also have
a right to lodge a complaint to the UK Information Commissioner’s Office. Further information can be obtained by visiting www.ico.org.uk.

Regulatory requirements such as fraud prevention and anti‐money laundering

In order to comply with our legal, regulatory and compliance requirements, we may need to share your data or that of individuals connected to your business with the Financial Conduct Authority,
National Crime Agency or other such regulatory bodies and any of our third‐party providers in respect of providing KYC or compliance and regulatory consultancy services to EC2. This data may include but is not limited to name, address, date of birth, contact details, financial and employment information used to verify your identity and detect evidence of possible fraudulent activity. This processing is typically a contractual requirement and remains a legitimate interest to protect our business and comply with relevant laws and regulations.

How we keep your information secure

We use a range of technical and organisational measures to keep information safe and secure which may include encryption and other forms of security. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.

What we need from you

You are responsible for making sure the information you give us, information which is provided by individuals connected to your business, or information which is otherwise provided on your behalf is accurate and it is your responsibility to inform us to update your records.

Who to contact for more information

Due to the limited nature, volume and sensitivity of personal data that EC2 process, we are not required to employ a formal Data Protection Officer.

You or individuals connected to your business can obtain further information on anything stated in this Privacy Notice, or can exercise your rights under this notice, by writing to:

Compliance Officer (Data Privacy)
EC2 Partners Ltd
20-22 Wenlock Road,
London,
England,
N1 7GU

This Privacy Notice may be updated from time to time and the most recent version can be found at
https://www.ec2partners.co.uk/privacy-policy.php