GDPR | Privacy Policy

GDPR Statement

The General Data Protection Regulation (GDPR), creates consistent data protection rules across Europe. Brookstreet Equity Partners welcomes the implementation of GDPR and is complying with it.

GDPR Privacy Policy

Our GDPR Privacy Policy is regularly updated and disclosed below. 

Individual Data Rights

Our GDPR compliance policy has been developed taking into account your right to access to, revision of, limitation of and deletion of user data. As described in Chapter III of GDPR regulations your rights are the following:

1. Right to be informed (Articles 12-14)

2. Right of access (Article 15)

3. Right of rectification (Article 16)

4. Right of erasure (Article 17)

5. Right to restrict (Article 18)

6. Right to data portability (Article 20)

7. Right to object (Article 21)

8. Rights related to automated decision making and profiling (Article 22)

Individuals can exercise their rights by contacting us and we must respond to your requests without undue delay and at latest within 1 month, with a limited right for us to extend this period for up to 3 months (Article 12(3)). If we do not intend to comply with your request we must state the reason why. Individuals may be asked to provide information to confirm your identity in order to exercise your rights. These rights apply across the EU, regardless of where the data is processed and where the company is established.

You may learn more about GDPR through the European Commission’s page under Data Protection:

 https://ec.europa.eu/info/law/law-topic/data-protection_en

Scope of Business

Brookstreet does not seek consent for use of data in the normal course of its business as required by the UK law and Financial Conduct Authority (FCA) for compliance. Business data is stored to dedicated folders in our GDPR compliant servers. All data is collected and stored by the administration andGDPR-qualified third parties and access is restricted to unauthorised personnel. Data is utilised as required by the UK Law and the Financial Conduct Authority (FCA) or other Government entities. 

Personal Information

Personal information is utilised only as a primary business function. For this reason the information processed may include name, contact details, family details, financial details, employment details, and goods and services. This information may be about customers and clients. The information may be shared with business associates and professional advisers, agents, service providers and partners in the course of our business with GDPR-qualified third parties and access is restricted to unauthorised personnel. Data is utilised as required by the UK Llaw and the Financial Conduct Authority (FCA).

Sensitive Data

We do not keep or process any data considered as “sensitive” under the GDPR referring to personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Responsibility of the Controller

We have taken all the appropriate measures that ensure and demonstrate that we comply with GDPR. Electronic data are stored through services provided by GDPR compliant servers, which ensure the protection of your personal data and complies with the GDPR. Physical data are stored in securely and with restricted access to unauthorised personnel. We have performed exhaustive GDPR Vendor Due Diligence to relevant counter parties. All data is collected and stored by the administration and AIFM-related, GDPR-qualified third parties and access is restricted to unauthorised personnel. Data is utilised as required by the UK law and the Financial Conduct Authority (FCA).

Social Media Data

Our website points to social media ecosystems that include LinkedIn and Twitter profiles and pages. Any individual data shared with these sites, such as customer IDs shared using “like” or “follow”, are bound by the terms of agreement of each respective social media platform. 

HR Data

HR data are stored to dedicated folders in our GDPR compliant servers. Data collected and stored for this purpose typically derives upon Human Resources, including full time, pastime, volunteer or individual advisors, affiliated with the company. All data is collected and stored by the administration and GDPR-qualified third parties and access is restricted to unauthorised personnel. Data is utilised as required by the UK Law and the Financial Conduct Authority (FCA).

Company Data

Company data are stored in our GDPR compliant servers. Data collected and stored for this purpose typically derives upon origination, investment or portfolio management activities as required by the law and FCA regulation/compliance. All data is collected and stored by the administration and GDPR-qualified third parties and access is restricted to unauthorised personnel. Data is utilised as required by the UK Law and the Financial Conduct Authority (FCA).

Undertaking Research

Personal information is also processed in order to undertake research. For this reason the information processed may include name, contact details, family details, lifestyle and social circumstances, financial details, goods and services. This information is about survey respondents. All data is collected and stored by the administration and GDPR-qualified third parties and access is restricted to unauthorised personnel. Data is utilised as required by the UK Law and the Financial Conduct Authority (FCA).

CCTV for Crime Prevention

CCTV maybe used for maintaining the security of property and our premises and for preventing and investigating crime, it may also be used to monitor staff when carrying out work duties. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, security organisations and persons making an enquiry. Data is utilised as required by the UK Law and the financial conduct authority (FCA).

Individual’s Data Storage

Individual’s data may be stored in our CRM. Data collected and stored for this purpose typically derives from conference and event registrations, projects, business card exchange and related activities. All data is collected and stored within our company and in GDPR compliant servers with restrictive access to unauthorised personnel. Data is erased upon request. All data is collected and stored by the administration and GDPR-qualified third parties and access is restricted to unauthorised personnel. Data is utilised as required by the UK Law and the Financial Conduct Authority (FCA).

Uses of Individual’s Data

Individual’s data are used for the course of business and are processed lawfully. Your data may be transferred for processing to another entity, if and only the entity is compliant with GDPR. All data is collected and stored by the administration and AIFM-related, GDPR-qualified third parties and access is restricted to unauthorised personnel. Data is utilised as required by the UK Law and the Financial Conduct Authority (FCA).

Unethical uses of Individual’s Data

Please note that we will never:

a. Harvest or scrape individual’s data from online resources

b. Purchase and use individual’s data from unverified sources

c. Sell individual’s data to third parties

Data breach notification

We commit to notify any data breaches to supervisory authorities and affected individuals without undue delay, and where feasible, not later than 72 hours after having become aware of it. We will report to you and the authorities: a) nature of the breach, b) approximate number of people affected, c) describe the likely consequences of the breach, d) the measures taken to reduce further to those affected.

Data Protection Officer

Our data protection officer and Risk Manager changes over time.

Finding out About Your Data

Data is utilised as required by the law and regulator. If you would like to learn what personal data we store relating to you, please contact our Data Protection Officer. We will contact you to confirm your identity prior any information.

Revising your Data

If you would like to revise or update your personal data, unless required by the law or regulator, please send your updated information to our Data Protection Officer. We will contact you to confirm your identity prior to updating or revising any information.

Deleting your Data

Data is utilised as required by the law and regulator.  If you wish to delete your data, unless required by the law or regulator, please contact us with a specific request at our Data Protection Officer.

Storage Term

We store and use individual’s data indefinitely, unless requested or required by the law or regulator.

Data Accuracy

We take all measures to ensure that your personal data stored is accurate and relevant to the purpose for which it has been provided. 

Company Identification

All data is collected and stored by

Brookstreet Equity Partners LLP

with registered address as

42 Berkeley Square, Mayfair, London W1J 5AW, UK

Data protection authority

Brookstreet is registered with the UK's data protection authority, The Information Commissioner’s Office (ICO). Please refer to the European Commission Data Protection Authorities website (http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm) in case of updates.

The Information Commissioner’s Office

Water Lane, Wycliffe House

Wilmslow – Cheshire SK9 5AF

Tel: +44 1625 545 745

Email: international.team@icoorg.uk

Website: https://ico.org.uk