iCON Infrastructure LLP

Privacy Policy

Introduction

1.1 Who we are

This website is brought to you by iCON Infrastructure LLP (“iCON”, “we”, “us”), a limited liability partnership incorporated and registered in England and Wales with company number OC364705 and registered office at 1st Floor, Pollen House, 10-12 Cork Street, London, W1S 3NP.

1.2 Purpose of this Privacy Policy

We take your privacy very seriously. As such, we ask that you read this Privacy Policy carefully as it contains important information about:

(a) what personal data we may collect from you;
(b) how we will use, store and protect your personal data;
(c) with whom we may share personal data; and
(d) your rights under relevant data protection laws.

It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements the other notices and is not intended to override them.

2. Lawful basis for processing

Under data protection laws, we must have a legal basis in order to process your personal data. The legal bases on which we may process your data are:

  • Legitimate interest: in order to carry on and promote iCON’s infrastructure advisory business and related activities.
  • Consent: where you have consented for us to process your personal data for one or more specific reasons.
  • Performance of a contract: in order to perform a contract that iCON may have with you.
  • Legal obligation: where processing of the data is required by law. For example, to carry out ‘know your client’ checks required by our regulator, the Financial Conduct Authority, or similar requirements in respect of any of our subsidiaries.

3. What data we may collect from you

We may collect and process the following personal data:

  • your name, email address, telephone number(s), organisation, role and information related to our business relationship with you;
  • for clients and commercial counterparties, the personal data of its representatives and staff, including the data set out above as well as date of birth, gender, financial information and data contained in identity documentation;
  • cookie data (please see our Cookies Policy for further information); and
  • technical data such as internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

4. How we collect information from you

We collect your personal data in a number of ways:

  • as you browse the iCON website certain information is collected automatically using cookies, server logs and other similar technologies. Please see our Cookies Policy for further information;
  • during the communications between us, such as via email, telephone, correspondence or in meetings;
  • any personal information you provide to us or one of our subsidiaries during your relationship with us as a client or commercial counterparty of us or one of our subsidiaries; and
  • from third parties/public sources:
    • any personal data shared with us by our investments and prospective investments;
    • technical data may be obtained from the following parties:
      (a) our website management provider
      (b) data analytics providers, such as Google Analytics, and
      (c) investor reporting applications, such as Intralinks;
    • identity and contact data from publicly availably sources such as internet searches, Companies House, Financial Conduct Authority, OpenCorporates, 192.com and Infogreffe or from subscription services such as Thomson Reuters, Dun & Bradstreet or ratings agencies (and including updates of such searches from time to time).

5. How we use your personal data

We may use your personal data for the following purposes:

  • to contact you to discuss any iCON services and to respond to any queries you have raised;
  • to store your contact details in our Client Relationship Management databases;
  • where you are a client or commercial counterparty of iCON or one of our subsidiaries:
    (a) to provide the relevant services,
    (b) to carry out necessary anti-money laundering and anti-fraud checks, including any periodic updates of the same,
    (c) to enable us or our subsidiaries to conduct day-to-day business activities with you, and
    (d) to carry out general investor relations activities and communications;
  • to personalise your experience on the iCON website; and
  • as we believe to be necessary or appropriate:
    • in order to comply with a legal obligation. This applies where the processing is necessary for us to comply with the law,
    • to enforce or apply this Privacy Policy, and
    • to protect our legitimate rights, privacy, property or safety, and/or those of a third party and your rights do not override those interests.

6. Marketing

We or our group companies contact you about our services where we are legally entitled to do so and it is in legitimate interests to provide such information to you. In some cases, we may obtain your consent for such marketing communications.

If you do not wish to be contacted in this way, you can tell us by contacting us at privacy@iconinfrastructure.com. We will process your request to be opted-out of such marketing communications within 30 days of receipt.

Where you opt out of receiving these marketing communications, we may still process your personal data for other required purposes, as specified in section 5 above.

7. Third party links

The iCON website may contain links to and from other applications, plug-ins and websites of other networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that they (and any services that may be accessible through them) have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these apps, websites or services. Please check these policies before you submit any personal data to these websites or use such services.

8. Retention of your data

We will not retain your personal data for longer than is necessary for the purposes for which the personal data is processed. This means that your data will only be retained for as long as it is still required to provide you with services or is necessary for legal (including regulatory) reasons. When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention periods. Using these criteria, we regularly review the personal data which we hold and the purposes for which it is held and processed.

When we determine that personal data can no longer be retained (or where you request us to delete your data in accordance with your right to do so (please see section 12 below for more information)), we ensure that this data is securely deleted or destroyed.

For more details about our retention periods, please contact us at privacy@iconinfrastructure.com.

9. Accuracy of your data

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

10. Security of your data

We seek to ensure that we have appropriate organisational and technical security measures to protect your personal data. These measures include ensuring our internal IT systems are suitably secure and implementing procedures to deal with any suspected data breach. All company desktops have relevant antivirus and endpoint protection installed. IT penetration testing is carried out regularly to test and mitigate the risk of intruders accessing the firm’s IT systems. We have a dedicated, external IT team who monitor and upgrade our IT systems.

In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required, will notify you and any applicable authority of such a breach.

11. Transfer of your data

Transfers within our group

We may share your data with other companies and branches within the iCON group, including our:

  • branch based in Düsseldorf, Germany;
  • our subsidiary general partner entities currently based in Guernsey; and
  • our Canadian subsidiary, iCON Infrastructure Canada, Inc.

Transfers to third parties

There may be circumstances in which we may also need to share your personal data with certain third parties, including third parties located outside of the UK and the European Economic Area (EEA).

The third parties to which we may transfer your personal data include:

  • Suppliers. We employ other companies and individuals to perform functions on our behalf, including our software suppliers, data hosting providers, data analytics providers, and anti-money laundering tools;
  • Fund administrators and other service providers who assist us or our subsidiaries with the performance of services related to the investment funds which iCON advises and meeting business operational needs;
  • Banks who assist us or our subsidiaries by acting as depositories for client funds;
  • Other professional advisors such as accountants, lawyers, consultants and other business advisors engaged by us or our subsidiaries; and
  • Other third parties where required under law or applicable regulation, or in connection with legal or regulatory proceedings.

The security of your data is important to us and iCON will, therefore, only transfer your data to such third parties if:

  • the third party has agreed to comply with iCON’s instructions, required data security standards, policies, and procedures and put adequate security measures in place;
  • the transfer complies with any applicable cross border transfer restrictions and suitable safeguards have been put in place; and
  • a written contract containing suitable obligations and protections has been entered into between the parties.

As mentioned above, iCON will only transfer your data where suitable safeguards have been put in place. These safeguards are intended to ensure a similar degree of protection is afforded to your data wherever it may be transferred and include:

  • only transferring your personal data to countries which have been deemed to provide an adequate level of protection for personal data by the European Commission;
  • where your data will be transferred by iCON outside of the EEA, entering into specific contractual terms which have been approved by the European Commission and which give personal data the same protection as within the EEA; or
  • where your data will be transferred to the US, ensuring that the third party to which we are transferring your data is part of the Privacy Shield.

We may also share your personal information with a purchaser or potential purchaser businesses connected with iCON or its subsidiaries and in some circumstances, we may have to disclose your personal information by law, either because our regulator, the courts or other law enforcement agency has asked us for it, or to enforce our legal rights.

For more information on the safeguards used by iCON when transfers of personal data to third parties, please contact us at privacy@iconinfrastructure.com.

12. Your rights

You have certain rights in relation to the personal data iCON process and hold about you. These include:

  • Right to rectification: you have the right to require iCON to correct any inaccuracies in your data.
  • Right to erasure: you have the right to require iCON to delete your data, subject to certain legal requirements.
  • Right to restriction of processing: you have the right to require iCON to restrict the way in which iCON processes your personal data. You may wish to restrict processing if, for example:
    • You contest the accuracy of the data and wish to have it corrected;
    • You object to processing but iCON is required to retain the data for reasons of public interest; or
    • If you would prefer restriction to erasure.
  • Right to data portability: you have the right to obtain from iCON easily and securely the personal data we hold on you for any purpose you see fit.
  • Right to object to processing: you have the right to require iCON to stop processing your personal data should you wish the data to be retained but no longer processed.
  • Right of access: you have the right to request access to personal data that iCON may process about you.
  • Right to withdraw consent: you have the right at any time to withdraw consent allowing iCON to process your personal data.

If you would like to exercise any of the above rights, please contact iCON at privacy@iconinfrastructure.com. We will respond to requests made by you within one month.

13. Amendments to this Privacy Policy

No changes to this Privacy Policy are valid or have any effect unless agreed by iCON in writing. iCON reserves the right to vary this Privacy Policy from time to time. Our updated terms will be displayed on the iCON website. It is your responsibility to check this Privacy Policy from time to time to verify such variations.

14. Questions in relation to this Privacy Policy

You should also be aware that you have the right to raise any concerns in relation to how iCON processes your personal data to the Information Commissioner’s Office (ICO).

iCON has appointed a data privacy lead (DPL) who is responsible for dealing with any such concerns, in addition to overseeing questions in relation to this Privacy Policy and handling requests in relation the exercise of your legal rights. If you have any concerns, questions, or requests, please contact the DPL using the details set out below.

iCON Infrastructure LLP
1st Floor Pollen House
10-12 Cork Street
London
W1S 3NP

Email address: privacy@iconinfrastructure.com
Telephone number: +44 20 7292 9670

Last updated 14 June 2018