Hayfin Capital Management LLP and Hayfin Emerald Management LLP (“we”, “our”, “us”) are committed to protecting and respecting your privacy. We are a limited liability partnership established in the United Kingdom with a registered office at 65 Davies Street, London, W1K 5JL. Hayfin Capital Management LLP and Hayfin Emerald Management LLP, together with their subsidiaries and affiliates, comprise the “Hayfin Group”.
This policy sets out the basis on which we will process any personal data or usage information we collect from you, or that you provide to us, in connection with your use of our website at www.hayfin.com (the “Website”), when you engage with the Hayfin Group at events or share your data with our personnel in the context of pursuing business, or when you have applied for a job with us. Please read this policy carefully so that you understand your rights in relation to your personal data, and how we will collect, use and process your personal data. If you do not agree with this Privacy Policy in general or any part of it, you should not access the Website or submit any personal data to us.
This Privacy Policy has been divided into four sections.
Part 1 describes the personal data we collect, and how we use it, when you are a visitor on our Website.
Part 2 describes the personal data we collect, and how we use it, when you apply for a job with us.
Part 3 describes the personal data we collect, and how we use it, when we are required to conduct Know Your Client checks on clients and prospective clients.
Part 4 applies generally in respect of all of our processing of personal data.
PART 1 – OUR WEBSITE
Data Controller
If you are in the UK or the EU, then for the purposes of data protection laws, Hayfin Capital Management LLP or Hayfin Emerald Management LLP (as applicable) is the controller of your personal data collected and used in the context of you visiting our Website (as described in this Part 1).
The type of information we, or our third parties’, collect
Technical usage information. When you visit our Website, the third party vendor which hosts our website automatically collects the IP address of the device you are using, e.g. computer, mobile phone or other access device.
Information you give us. You may also provide the Hayfin Group with information by contacting us via email, telephone or by signing up for our newsletters or alerts when you engage with Hayfin Group personnel.
Purpose and legal basis for processing
As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our Website and to provide useful content, we will use your information to:
- communicate with you;
- improve and optimise the Website;
- enforce our Website terms and conditions; and
- if you have opted in to marketing, communicate with you about products, services, promotions, events and other news and information we think will be of interest to you.
PART 2 – APPLYING FOR A JOB WITH HAYFIN
Data Controller
If you apply for a job with a member of the Hayfin Group within the UK or the EU, the company you apply to is, for the purposes of data protection laws, the controller of your personal data. For the purpose of this Part 2, we refer to the member of the Hayfin Group as the Employing Entity.
The type of information we collect
Information you give us. When you apply for a job with the Hayfin Group the Employing Entity will ask you to provide a CV. Your CV will likely include personal data such as your name, contact details, education and previous experience. During the application process (including at any interview), the Employing Entity may ask you further questions about this information and/ or request additional information such as proof of identity, proof of your qualifications, a criminal records declaration and names and contact details for referees.
Where permitted by local law, you have the option of providing certain sensitive personal data with your consent, such as, race or ethnic origin, or whether you have a disability, for the purposes of equal opportunities monitoring. If you decide not to provide this data, your application will not be prejudiced.
Information from third parties.
Background Screening Checks. The Employing Entity will receive information from third parties in connection with your application, such as data provided by referees, recruiters and organisations that provide background checks (this will include right to work and credit and criminal reference checks, to the extent permitted by applicable law).
The Hayfin Group uses the services of outside agencies to perform background checks in order to research and verify the information that you have provided in relation to your job application. Prior to any background checks being undertaken, you will be contacted to inform you of the agency performing the relevant checks. This is an essential step for the Hayfin Group as part of its due diligence evaluation of all potential employees and it is within the Employing Entity’s legitimate interests to process your personal data for the purpose of conducting and assessing the outcome of such background checks to evaluate trustworthiness, fitness and propriety, integrity and reliability. The information obtained through these background checks may be used to make employment decisions.
Assessments. The Employing Entity may ask you to complete an occupational personality profile questionnaire. The Hayfin Group uses third parties to perform such tests on its behalf and the third party will share the outcome of the test with the Employing Entity. If an Employing Entity asks you to complete one of these tests, you will be sent a link to the test. When you receive these details, please review the privacy policy of the test provider as they will be processing your personal data.
Purpose and legal basis for processing
The Employing Entity processes personal data to assess your suitability for the role you have applied for. The Employing Entity is therefore processing this personal data with a view to entering into a contract with you. Where background screening or assessments are undertaken, automatic reports are generated which will form part of the Employing Entity’s assessment. You may request that such reports are assessed manually.
The Employing Entity processes any sensitive personal data you provide for equal opportunities monitoring for the purpose of carrying out specific obligations as an employer.
The Employing Entity will use your information to:
- communicate with you about the recruitment process;
- progress your application, including conducting background checks and determining the validity of the information you have provided;
- to fulfil its legal and regulatory obligations as an employer/ potential employer; and
- in respect of certain special categories of data (for example, data relating to your health) such as to comply with legal obligations or exercise specific rights in the field of employment law.
How do we share your personal data?
Please see How do we share your personal data? below.
The Employing Entity also, when processing personal data for job applications, will share your personal data with:
- background check providers to verify the information that you provided as part of your application;
- recruitment agents through whom you have made your application;
- referees (as provided by you) to identify you so they can provide a reference; and
- our assessment providers for the purpose of providing occupational personality profile evaluations.
Your rights
In addition to Your Rights described below, where you have given information to an Employing Entity for the purpose of processing in relation to entering into an employment contract, you have the right to request that the Employing Entity transfer this data to you or another organisation. If you wish for the Employing Entity to transfer the personal data to another party, please ensure you detail that party and note that the Employing Entity can only do so where it is technically feasible. The Employing Entity is not responsible for the security of the personal data or its processing once received by the third party.
The Employing Entity may not be able to provide you with certain personal data following a portability request if providing it would interfere with another individual’s rights (e.g. where providing the personal data it holds about you would reveal information about another person) or where another exemption applies.
PART 3 – CLIENT AND PROSPECTIVE CLIENT CHECKS
Data Controller
If you are a customer, or prospective customer, of a member of the Hayfin Group within the UK or EU, the company you are onboarding/ onboarded with is, for the purposes of data protection laws, the controller of your personal data. For the purpose of this Part 3, we refer to the member of the Hayfin Group as the Onboarding Entity.
The type of information we collect and our purpose and legal basis for processing
Hayfin collects a variety of information about its clients and client contacts as part of our new client onboarding process. This may be referred to as ‘Know Your Client’ checks and, where required by law, we will also undertake anti-money laundering checks. When conducting these checks, Hayfin will collect:
- In the case of Corporate customers, Hayfin may collect the following personal data: a list of directors; a list of individuals who own or control over 10% of its shares or voting rights; names of individuals who exercise control over the management of the company and, in each case, Hayfin will take reasonable steps to verify the identity of such individuals (as further described below).
- In the case of Individual customers or where verification of individuals related to a Corporate customer is required, Hayfin may collect the following personal data:
- documentary evidence of personal identity (one item);
-
- current signed passport;
- current photocard driving licence (full or provisional); or
- national identity card (including an identity card issued by the Electoral Office of Northern Ireland).
- documentary evidence of address (one item);
-
- recent utility bill (within the last three months);
- local authority council tax bill (current);
- current photocard driving licence (if not provided above) or current (old style) driving licence;
- current bank statement with current address; and
- most recent original mortgage statement from a recognised lender.
If we are entering into a contract with you directly, then it is necessary for the purpose of that contract, that we verify your identity. In other cases, it may be in our legitimate interests, as a provider of services to your employer, that we verify your identity as a key contact or director.
It is further incumbent on Hayfin to meet its legal obligations to undertake appropriate due diligence so as to identify and assess the risks of money laundering and terrorist financing.
PART 4 – GENERAL PROVISIONS
Data Controller
For the purpose of this Part 4, “we”, “our” and “us” refers to the relevant data controller of your personal data, as identified in Parts 1, 2 or 3 accordingly.
How do we share your personal data and where it is stored?
Sharing with Third Parties. We do not sell, rent or lease your personal information to others except as described in this Privacy Policy. We share your information with third parties (outside the Hayfin Group) to the extent they provide us with services which involves the processing of data. These categories of recipients include:
In the UK and European Economic Area:
- our Website host which collects the IP address of the device used to access the Website;
- cloud storage providers to store the personal data you provide and for disaster recovery services; and
- IT Services providers that provide us with SaaS services, such as our customer relationship management information, and other software; and
In the United States of America:
- analytics and search engine providers that assist us in the improvement and optimisation of the Website.
We only share personal data with third parties outside of the UK and the European Economic Area in accordance with applicable data protection laws, for example pursuant to an applicable “adequacy decision” or pursuant to standard contractual clauses in the form approved by the relevant data protection supervisory authority.
Sharing with Hayfin Affiliates. The Hayfin Group is a group of global companies. All of your personal data will be accessible from, and may be transferred to, affiliates within the Group located in the UK, France, Germany, Luxembourg, Spain, Israel and the USA. This transfer is limited solely to the extent it is necessary due to the centralization of certain administrative and processing services.
We take all necessary security and legal precautions to ensure the safety and integrity of personal data that is transferred within the Hayfin Group. Where a transfer of personal data within the Hayfin Group involves a transfer of personal data outside the UK or the European Economic Area, we take appropriate measures as required by EU and UK data protection laws in respect of such transfer, for example pursuant to an applicable “adequacy decision” or pursuant to standard contractual clauses in the form approved by the relevant data protection supervisory authority.
Sharing with Law Enforcement. We will share your information with law enforcement agencies, public authorities or other organisations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
- comply with a legal obligation, process or request;
- enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
- detect, prevent or otherwise address security, fraud or technical issues; or
- protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
Sharing data for business purposes. We will also disclose your information to third parties:
- in the event that we sell any business or assets, in which case we will disclose your data to the prospective buyer of such business or assets; or
- if we or substantially all of our assets are acquired by a third party, in which case information held by us about our users will be one of the transferred assets.
How long do we store your personal data?
How long we hold your personal data for will vary. The retention period will be determined by various criteria including:
- our internal policies that dictate the period for which we hold personal data; and
- legal obligations – laws or regulation may set a minimum period for which we have to store your personal data.
Your rights
Under data protection law, you have certain rights with respect to the data we process about you. The rights available to you depend on our reason for processing your information and may be limited in certain circumstances, for example, where fulfilling your request would adversely affect other individuals, where there are overriding public interest reasons or where we are required by law to retain your personal data. We will aim to respond to any such request within one month of the request being received.
Your right of access. You have the right to ask us to access the personal data we hold about you and be provided with certain information about how we use your personal data and who we share it with.
Your right to rectification. You have the right to ask us to correct your personal data where it is inaccurate or incomplete and we will endeavour to do so without undue delay.
Your right to erasure. In certain circumstances, you have the right to ask us to delete the personal data we hold about you:
- where you believe that it is no longer necessary for us to hold your personal data (for example, if you decide that you no longer wish to submit a job application to us);
- where we are processing your personal data on the basis of legitimate interests and you object to such processing and we cannot demonstrate an overriding legitimate ground for the processing; or
- where you believe the personal data we hold about you is being unlawfully processed by us.
Your right to restrict processing. In certain circumstances, you have the right to ask us to restrict (stop any active) processing of your personal data. You may choose to restrict processing:
- while we are considering: (i) a challenge you have made to the accuracy of your data; or (ii) an objection you have made to the use of your data;
- where we want to erase your personal data, as the processing is unlawful, but you want us to continue to store it; or
- where we no longer need your personal data for the purposes of our processing but you require us to retain the data for the establishment, exercise or defence of legal claims; or
Your right to withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Compliance Officer. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances
To exercise any of these rights above, please contact our Compliance Officer, Lara Dressler at compliance@hayfin.com. In addition, you have the right to complain to the Information Commissioner’s Office or other applicable data protection supervisory authority.
Objection to Marketing
At any time you have the right to object to our processing of data about you in order to send you marketing materials. If you object, please contact us at IR@hayfin.com and we will stop processing the data for that purpose.
The security of your personal data
Unfortunately, the transmission of information via the internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through the Website or over email; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organisational measures to safeguard your personal data against loss, theft and unauthorised use, access or modification.
We will, from time to time, host links to and from the websites of our affiliates or third parties. If you follow a link to any of these websites, these websites will have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to those websites.
Cookie Policy
https://www.hayfin.com/cookie-policy
Complaints
In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at compliance@hayfin.com and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the Information Commissioner’s Office or the data protection supervisory authority in the country in which you live or work where you think we have infringed data protection laws.
Changes
Any changes we will make to this policy in the future will be posted on this page. Please check back frequently to see any updates or changes to this policy.
Contact
Questions, comments and requests regarding this policy are welcomed and should be addressed to compliance@hayfin.com.