1.1 Who we are
We are iCON Infrastructure LLP (“iCON”, “we”, “us”), a limited liability partnership incorporated and
registered in England and Wales with company number OC364705 and registered office at 15 Golden Square, London, W1F 9JG.
iCON is registered as a data controller (as defined under European Data Protection Regulation
(Regulation (EU) 2016/679) with the UK Information Commissioner’s Office (“ICO”) and our
registration number is Z3441590.
contains important information about:
(a) what personal data we may collect from you;
(b) how we will use, store and protect your personal data;
(c) with whom we may share personal data; and
(d) your rights under relevant data protection laws.
processing notice we may provide on specific occasions when we are collecting or processing
personal data about you so that you are fully aware of how and why we are using your data. This
2. Lawful basis for processing
Under data protection laws, we must have a legal basis in order to process your personal data. The
legal bases on which we may process your data are:
3. What data we may collect from you
We may collect and process the following personal data:
4. How we collect information from you
We collect your personal data in a number of ways:
o any personal data shared with us by our investments and prospective investments;
o technical data may be obtained from the following parties:
(a) our website management provider,
(b) data analytics providers, such as Google Analytics, and
(c) investor reporting applications, such as Intralinks;
o identity and contact data from publicly availably sources such as internet searches,
Companies House, Financial Conduct Authority, OpenCorporates, 192.com and
Infogreffe or from subscription services such as Thomson Reuters, Dun & Bradstreet
or ratings agencies (and including updates of such searches from time to time).
5. How we use your personal data
We may use your personal data for the following purposes:
a. to provide the relevant services,
b. to carry out necessary anti-money laundering and anti-fraud checks, including any
periodic updates of the same,
c. to enable us or our subsidiaries to conduct day-to-day business activities with you,
d. to carry out general investor relations activities and communications;
o in order to comply with a legal obligation. This applies where the processing is
necessary for us to comply with the law,
o to protect our legitimate rights, privacy, property or safety, and/or those of a third
party and your rights do not override those interests.
We or our group companies contact you about our services where we are legally entitled to do so
and it is in legitimate interests to provide such information to you. In some cases, we may obtain
your consent for such marketing communications.
If you do not wish to be contacted in this way, you can tell us by contacting us at
firstname.lastname@example.org. We will process your request to be opted-out of such marketing
communications within 30 days of receipt.
Where you opt out of receiving these marketing communications, we may still process your personal
data for other required purposes, as specified in section 5 above.
7. Third party links
The iCON website may contain links to and from other applications, plug-ins and websites of other
networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that
they (and any services that may be accessible through them) have their own privacy policies and that
we do not accept any responsibility or liability for these policies or for any personal data that may be
collected through these apps, websites or services. Please check these policies before you submit
any personal data to these websites or use such services.
8. Retention of your data
We will not retain your personal data for longer than is necessary for the purposes for which the
personal data is processed. This means that your data will only be retained for as long as it is still
required to provide you with services or is necessary for legal (including regulatory) reasons. When
calculating the appropriate retention period for your data, we consider the nature and sensitivity of
the data, the purposes for which we are processing the data, and any applicable statutory retention
periods. Using these criteria, we regularly review the personal data which we hold and the purposes
for which it is held and processed.
When we determine that personal data can no longer be retained (or where you request us to delete
your data in accordance with your right to do so (please see section 12 below for more information)),
we ensure that this data is securely deleted or destroyed.
For more details about our retention periods, please contact us at email@example.com.
9. Accuracy of your data
It is important that the personal data we hold about you is accurate and current. Please keep us
informed if your personal data changes during your relationship with us.
10. Security of your data
We seek to ensure that we have appropriate organisational and technical security measures to
protect your personal data. These measures include ensuring our internal IT systems are suitably
secure and implementing procedures to deal with any suspected data breach. All company desktops
have relevant antivirus and endpoint protection installed. IT penetration testing is carried out
regularly to test and mitigate the risk of intruders accessing the firm’s IT systems. We have a
dedicated, external IT team who monitor and upgrade our IT systems.
In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data
and, if required, will notify you and any applicable authority of such a breach.
11. Transfer of your data
Transfers within our group
We may share your data with other companies and branches within the iCON group, including our:
Transfers to third parties
There may be circumstances in which we may also need to share your personal data with certain
third parties, including third parties located outside of the UK and the European Economic Area (EEA).
The third parties to which we may transfer your personal data include:
The security of your data is important to us and iCON will, therefore, only transfer your data to such
third parties if:
As mentioned above, iCON will only transfer your data where suitable safeguards have been put in
place. These safeguards are intended to ensure a similar degree of protection is afforded to your
data wherever it may be transferred and include:
We may also share your personal information with a purchaser or potential purchaser businesses
connected with iCON or its subsidiaries and in some circumstances, we may have to disclose your
personal information by law, either because our regulator, the courts or other law enforcement
agency has asked us for it, or to enforce our legal rights.
For more information on the safeguards used by iCON when transfers of personal data to third
parties, please contact us at firstname.lastname@example.org.
12. Your rights
You have certain rights in relation to the personal data iCON process and hold about you. These
If you would like to exercise any of the above rights, please contact iCON at
email@example.com. We will respond to requests made by you within one month.
You should also be aware that you have the right to raise any concerns in relation to how iCON
processes your personal data to the ICO (www.ico.org.uk).
We would, however, appreciate the chance to deal with your concerns before you approach the ICO
so please contact us in the first instance. iCON has appointed a data privacy lead (DPL) who is
responsible for dealing with any such concerns, in addition to overseeing questions in relation to this
concerns, questions, or requests, please contact the DPL using the details set out below.
iCON Infrastructure LLP
15 Golden Square,
Email address: firstname.lastname@example.org
Telephone number: +44 20 7292 9670
Last updated 14 June 2019