North Rock Capital Management UK - ONLINE Privacy Policy

Last Revised: August 2023

 

North Rock Capital Management (UK) LLP (“the Firm”) and LH NR UK Ltd (collectively, “we,” “us” or “our”) are committed to safeguarding your privacy rights and ensuring that your individually identifiable information (“Personal Data”) is protected. This Privacy Policy (the “Policy”) explains our use of your Personal Data when you visit our website (the “Site”) and/or interact with us. It applies to job applicants, other candidates for employment or consultancy, former employees, professional contacts, visitors to our website or offices and prospective members of the Firm.

The Policy also explains your rights and options around how we use your Personal Data. We may amend this Policy from time-to-time without prior notification to intended recipients.

We are the controller of your Personal Data and our contact details are set out at the end of the Policy.

Please ensure that you provide a copy of this Privacy Policy to any third parties whose Personal Data you provide to us.

1. INFORMATION WE COLLECT ABOUT YOU

We collect various types of information when you visit our website, submit an application for employment, are considered for potential recruitment by the Firm or one of its parent group entities, or communicate with us in any way including pursuant to you (or any entity you represent) engaging in any commercial dealings with us.

Information we may collect and the means of collection may include:

• Applicants, recruitment and staff: we will collect Personal Data directly from you during your application / recruitment process, as well as periodically thereafter. This may include your CV and any information voluntarily disclosed by you. The Firm may also collect Personal Data about you from third parties, such as recruitment agencies, referees, background-check providers, disclosure and barring services, assessment platformproviders, any LinkedIn account that is maintained by you, and from other publicly available sources.

 

• Visitors to our website: we collect data including browser type, IP address, date and time of visit, and various cookies. Please see the Terms of Use for more information.

 

• General communications with us: we collect your contact details including name, title, e-mail address, telephone number and other information you voluntarily provide if you contact us by email, telephone or other means of electronic or personal communication. Personal Data included in any correspondence is also collected when communicating via letter.

 

• Any documents you send to us: we will record any Personal Data included in documents that you send to us, including application forms for potential employment or other contractual engagements. This may include special categories of Personal Data, such as sensitive data or criminal records data.

 

• Electronic communications, including telephone communications with recorded staff: we archive all written electronic communications received and sent by our staff, and record the telephone lines of certain of our staff, for regulatory purposes. Your communications and conversations with such staff through corporate recorded systems will also be recorded.

 

• Use of the Guest WiFi services: we collect information from the users of our guest WiFi at our London offices (48-49 Pall Mall, St James’s London SWY 5JG).

 

• CCTV images: we operate CCTV at our London offices (48-49 Pall Mall, St James’s London SWY 5JG).

Personal Data which may be collected, depending upon the nature of your relationship and means of communication with us, could include:

• Contact information, including name, email address, and residential address;

• personal information such as date of birth and marital status;

• employment and education history (including internal and external employment history, references and organizational data such as department, work location, job title and seniority);

• unique identifiers such as national insurance/social security number, tax details, IP address and information relating to that IP address;

• passport details;

• financial information, including bank account details and credit history;

• test results; and

• other categories of  Personal Data, which may include Special Categories of Personla Data such as details of your political affiliations or beliefs, details about your immediate family members, your ethnicity, your religious beliefs and sexual orientation, health information, and details about actual or alleged criminal convictions and offences.

If you provide Personal Data on behalf of another person, it is your responsibility to notify that individual that you have provided their information to us and direct them to this notice. You are not obliged to provide information when it is requested by us, but this may affect our ability to consider you for employment or otherwise initiate or continue dealings with you or your firm, see below. In particular, if you apply for a role with the Firm and fail to provide certain Personal Data when requested which is necessary for the Firm to comply with its legal or contractual obligations, or pursuant to the Firm’s legitimate interests to manage its business appropriately, the Firm will not be able to consider the application and/or process the application successfully.

1. How Information is Used

Your Personal Data will be used by us for the following purposes:

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

 

​

​

​

​

​

​

​

​

 

 

 

 

Please note that you have a right to object to processing of your Personal Data where that processing is carried out for our legitimate interests or for direct marketing. However, please note that the Firm may not be able to fulfil this request in all instances.

​

1. Information We Disclose

We may share your Personal Data with selected third-party business partners, affiliates, associates or subcontractors in order to achieve the purposes described in HOW INFORMATION IS USED, above.

This may include sharing your information with (i) other entities in the North Rock Capital Management and Lighthouse Investment Partners group; (ii) financial institutions, pension plan institutions, insurance companies, consultant and professional advisors (including law firms); (iii) compliance solution providers, including electronic communications and trade surveillance platforms; (iv) other service providers such as, payroll administrators, benefits providers, background check vendors, assessment platform providers, and administrators and information technology systems providers involved in the provision of services to the Firm and/or its personnel; (v) independent public accountants and auditors, authorized representatives of internal control functions such as, audit, legal and/or corporate security; or (vi) financial services regulators, local tax authorities and any governmental or administrative body where the Firm determines that it is necessary or desirable in order to comply with applicable laws, court orders, or government regulations or to protect the rights or property of the Firm or any of its employees.

We also reserve the right to share your Personal Data with a third party that is looking to acquire, or does acquire, all or part of the assets of the Firm, or that succeeds the Firm in carrying on all or a part of the Firm or services provided to or by it whether by merger, acquisition, re-organization, outsourcing, insourcing or otherwise.

1. NON-UK PROCESSING AND International Transfers

The global nature of our business means that we may contract with service providers, or otherwise transfer your information to recipients, outside of the UK. This may include a recipient located in a country which may not be subject to the same data protection laws as companies based in the UK. In these circumstances, we will take steps to make sure the Personal Data is provided an adequate level of protection, and will implement appropriate safeguards.

The Firm ensures its data processors provide sufficient safeguards for all Personal Data processed, regardless of each provider’s location. Where we transfer Personal Data outside of the UK, we will ensure that the Personal Data is transferred to a recipient:

• established in a country which has been deemed to have adequate data protection laws by the UK (an adequacy decision);

• with which we have entered Standard Contractual Clauses (SCCs), as relevant, which oblige the recipient to protect your Personal Data per the principles of UK GDPR;

• from which we have sought assurances from the recipient that they have Binding Corporate Rules (BCRs) in place; or

• in relation to which we can rely on a derogation for the transfer (e.g., where the transfer is necessary for the defence of legal claims, or otherwise obtain consent).

The Firm has entered into SCCs for transfers of Personal Data to its affiliates outside of the UK.

For further information in relation to these safeguards, please contact us using the contact details below.

1. Retention of Your Information

We retain Personal Data as long as it is necessary and relevant for us. We determine the retention period based upon the longest of the following:

• as long as the Personal Data is necessary for the relevant services and activities that we undertake with you, or period set out in any relevant agreement that you enter with us;

• the length of time required or is otherwise reasonable to meet our legal and regulatory obligations; or

• any period in which investigations or litigation may arise in respect of our relationship with you.

In particular, further to the Firm’s recruitment process, where an application is unsuccessful your Personal Data will be securely destroyed 12 months after the end of the application / recruitment process, unless you request otherwise.

Where an application is successful, the Personal Data gathered during the recruitment / application process will be transferred to your personnel file and retained during the course of your relationship with the Firm. The periods for which your Personal Data will be held in these circumstances will be provided to you in a separate data protection notice.

1. Your Rights

You have certain rights in relation to your Personal Data, including the right to:

• request access to Personal Data we hold about you;

• the correction of your Personal Data when incorrect, out of date or incomplete;

• request that we erase your Personal Data;

• object to us using / holding your Personal Data if we have no legitimate reason to do so;

• request that we restrict the processing of your Personal Data – i.e., we would need to secure and retain the data for your benefit but not otherwise use it; 

• withdraw your consent at any time; and

• the portability of Personal Data – i.e., ask for a copy of your Personal Data to be provided to you, or a third party, in a digital format.

We will respond to your request in writing, or orally if requested, as soon as practicable and in any event not more than within one month after receipt of your request. In exceptional cases, we may extend this period by two months, and we will tell you why. We may request proof of identification to verify your request. These rights are not absolute, they do not always apply, and exemptions may be applicable and we may request additional information to better understand your request. For more details in relation to your rights, including how to exercise them, please contact us using the contact details below.

You also have the right to lodge a complaint about the processing of your Personal Data with the data protection authority – in the UK, this is the Information Commissioner’s Office (ICO) whose website is available at https://ico.org.uk.

1. Consequences of not Providing Personal Data

Where we require your Personal Data necessary for a legal or contractual requirement, failure to provide this information means we may not be able to provide the requested services to you, enter a business relationship with you (or your firm) or to consider you for prospective employment. We will tell you upon request whether it is a statutory or contractual requirement to give us the information and the consequences of not providing the information.

1. Other Important Information

Changes to the Policy

We may change this Privacy Policy from time to time by posting a new version of the policy on our Site. We will notify you of any material changes via e-mail or through a notification on our Site. Any changes to the Privacy Policy will become effective immediately after being posted.

1. CONTACT DETAILS

All enquiries, requests or concerns regarding this Notice or relating to the processing of your Personal Data, including any requests detailed in Section 6, above, should be sent to the Chief Compliance Officer, UK by email: oliver.robinson@northrockllc.com or by post: 2nd Floor, 48-49 Pall Mall, St James’s, London, SW1Y 5JG.