Latest update: September 13, 2018
In summary, Quercus collects very little information about individuals with whom we come in contact and then we do very little with it. Our main purpose for collecting and using such information is to negotiate and enter into agreements with those individuals who wish to enter into such agreements and those individuals who provide services for our business and maintaining relations with those individuals and the companies they represent.
Quercus Investment Partners Ltd.
11 Albermarle Street
London W1S 4HH
For purposes of simplicity, we use “Individual” and “you” interchangeably to mean the natural person about whom Quercus collects and processes personal data. We call “personal data” “Information.” We use “Quercus”, “we” and Controller interchangeably to mean Quercus Investment Partners, Ltd.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Information, including security measures. Throughout this Policy we use Controller and Quercus interchangeably.
A small amount of data stored in an Individual’s digital device that is often used at websites on the Worldwide Web to give and receive information about that Individual to the owner and/or manager of that site. You can adjust your own Cookie settings in your digital device and on the sites that deploy Cookies on your digital devices.
This term is the definition used in GDPR, which is the natural person to whom the Personal Data (in this Policy, “Information”) refers. This is the definition of “Individual,” which we use in this Policy.
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
This term means each natural person who visits a Quercus website and/or from whom Quercus obtains Information.
In this policy Quercus uses the term “Information” to mean what is called “Personal Data” in the GDPR, which is any information that directly, indirectly, or in connection with other information allows for the identification or identifiability of a natural person.
This term means Quercus Investment Partners Ltd., which is the parent to Quercus Investment Partners srl and an advisor to Quercus Assets Selection S.C.A. Quercus is the Controller regarding Information.
This term means the various corporate entities: (a) in which Quercus has a direct or indirect equity interest; or (b) with whom Quercus has a contractual relationship by which Quercus provides or is provided investment advice as to the business of certain investment funds, projects and corporate entities involved in such projects, but excluding Service Providers. This term does not imply that these entities necessarily operate in conjunction with each other or as a single entity.
The natural or legal person, public authority, agency or other body which processes Personal Data (in this Policy the “Information”) on behalf of the Controller, as described in this Policy. In all cases, Quercus is the Controller.
This term means corporate entities or individuals that provide services to Quercus or propose to provide such services, including, for example, third party accountants, auditors, lawyers, investment bankers, project managers, engineers, IT service providers and other consultants.
Information collected automatically through Quercus (or third-party services used by Quercus), which can include: the IP addresses or domain names of the digital device(s) utilized by Individual, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed on any Quercus website with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the IT environment of the Individual. Usage Data usually resides in the “Systems Logs” of Quercus. However, Quercus does not collect any Usage Data, except for traffic numbers (number of visitors).
3. Who We Are: Owner and Data Controller
Under applicable regulations of the European Union, entities that collect and use information from individuals are called “Controllers” or “Processors.” A Controller decides on the information it collects and how it uses such information and a Processor “processes” the information on behalf of the Controller. Controllers and Processors are subject to slightly different regulations.
In some situations, an entity can be both a Controller and a Processor. For example, our UK entity, Quercus, collects information on its own, but then it sends some of it to its Italian subsidiary and corporate entities that advise and manage certain funds in other jurisdictions. In those situations, the Quercus would be the Controller and the other entities would be the Processors. Therefore, when each of these entities collects information, it becomes the Controller for that information; when it sends it to one or both of the other entities, each of those entities could become a Processor. However, many such entities collect such information under the direction of Quercus, in which case Quercus would be the Controller.
Each of these entities may also send information to a Service Provider. As we explain below, each of them is subject to confidentiality obligations as to the information collected.
4. The Individuals Who Provide Us with Information
We collect contact information from individuals with whom we come in contact in the normal course of our business of raising and managing funds, making and managing investments, seeking advice thereon, complying with applicable regulations and obtaining the services of third parties for such matters as office support, transportation, information technology and the like. As noted in the “Definitions” section above, these natural persons are called “Individuals” throughout this Policy.
For example, such Individuals might be: potential, current and past investors; potential, current and past partners, managers or staff in our investment projects; individuals who might be involved in the decisions on and/or management of such projects (e.g., regulatory officials), candidates for employment or other engagement by one of our entities.
5. Types of Information Collected
General Contact Information
Quercus collects information that it considers necessary or appropriate to fulfill its business objectives. In general, the minimum amount collected would be what one would expect to find on a business card: name, title, company name, email address, office and mobile number and business street address (with city and country). Sometimes the information is only name and email address. In some instances, an individual might give us his or her personal contact information such as personal email address and phone numbers. Quercus might also receive other information freely given, such as birthdates and anniversaries of other significant events. In some instances, this information is available via social media platforms and access is provided to such information when, for example, a member of the Quercus team “links” or otherwise connects with such individuals during the use of such social media platforms. Such information may include gender and other personal information.
Quercus may also obtain from individuals additional information that is needed for our business. For example, Service Providers will usually have to provide financial information, such as bank and payment information (e.g., wire transfer instructions), credit or debit card information and, possibly, information necessary for a credit check. Similarly, investors might provide financial information for purposes of making their investments or receiving contractually mandated payments from Quercus. This may also be true of potential investors. Quercus may be required by law to request and obtain additional financial or other sensitive information due to requirements such as financial regulations. The above types of information might also be obtained from potential project partners and those involved in such projects or related decision-making. In all such cases, it is likely that Quercus will obtain tax identification information, too.
Quercus might also end up collecting additional “digital” information as a result of your interaction by phone, email or SMS or their equivalents. For example, phones often display “Caller ID” and SMS systems will reveal your username for that system. Headers in email may also provide such information. In addition, websites might also collect what is called the “IP address” of visitors to such websites. In general, Quercus does not actively use such digital information—“active” meaning that it is not purposely collected but only incidental to other form of communications.
Quercus might also obtain information that is publicly available, e.g., through profiles or other posts on social networks. It is natural that individuals in decision-making positions might seek information from such posts when they are considering a candidate for a position as an employee or Service Provider or in relation to a past, present or future project.
Unlike many websites, Quercus websites do not include advertisements or information from third parties. Therefore, we do not collect that type of Usage Data, nor do third parties. However, like many other websites, the Quercus websites respond to Cookies, which means that Quercus may collect your IP address. Other analytics might also collect similar data, which is explained below under “Analytics.”
Information Individuals Provide
You and other individuals might provide Quercus with information from you or from third parties. You confirm that the information you provide is truthful and accurate. If you provide information about third parties to Quercus (or through Quercus to others) you are responsible for any third-party information that you share through or through Quercus and confirm that you have the consent necessary to provide the Quercus.
6. Processing the Information
Methods of Processing
The applicable regulation of the European Union defines “processing” as follows:
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Put simply, for Quercus, it means storing, organizing and using the Information and in all cases for its business as described in the first paragraph of this Policy.
Quercus processes the information using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In some cases, the Information may be accessible to certain individuals involved in these processes, including individuals inside of Quercus involved in business development, investments, project identification, evaluation and management and operations such as administration, sales, marketing, legal, accounting and system administration. Quercus Service Providers for some services such as technical service providers, mail carriers, hosting providers, IT companies, communications, accountants, lawyers, consultants, appraisers, investment bankers and others. The updated list of these parties may be requested from the Owner at any time, although the identities of some of the Service Provider might not be available due to confidentiality obligations.
The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
Legal Basis of Processing
According to the applicable regulations of the European Union, Quercus may collect and process the Information only with a “legal basis,” which can be any number of the following:
- The relevant individuals have given their affirmative consent for one or more specific purposes;
- Provision of the Information is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
- Processing is necessary for compliance with a legal obligation to which Quercus is subject;
- Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in Quercus;
- Processing is necessary for the purposes of the legitimate interests pursued by Quercus or by a third party.
In any case, Quercus will gladly help to clarify the specific legal basis that applies to the processing.
Location of Processing
Quercus uses the Information in its operating offices (currently the United Kingdom, Italy and Belgium). With reference to some individuals, Information may be processed in countries where projects—or possible projects—are located. When Quercus uses third parties to process Information (e.g., hosting providers), The Information is processed at the Owner’s operating offices and in any other places where the parties involved in the processing are located. This may result in Information being transferred to a country or countries other than the country of residence of the particular individual.
You can find out more by checking the relevant sections of this policy or contact Quercus (the contact information is set forth at the beginning of this policy). You can also learn more about transfers of Information to a country outside of the European Union or to international organizations governed by public international law or set up by two or more countries (such as the UN)
7. Additional Details on Collecting and Processing Information
As noted above, Quercus collects and processes Information for its business of forming and managing its funds and their projects. Below we set out more detail.
The Purposes of Processing
Below we specify how Information is Collected and Processed
The Types of Collection and Processing
Information is collected and/or processed as follows:
Contact by the Individual
When you email Quercus (or use some other method of contacting Quercus), naturally, we will collect that Information. We will use it only to keep in touch with you regarding the specific purposes of the communications—such as reaching agreement on you becoming an investor, or engaging you as a Service Provider and so forth. If Quercus and you enter into a written agreement, then we will use that Information to fulfill the obligations under that agreement. For example, once you have become an investor, we will send you periodic communications regarding Quercus, its projects, plans and so forth.
Information collected: email address, name and whatever information you provide in that email (e.g., your signature block might include your phone number, title, company name and/or address).
Quercus does not circulate a newsletter. In the future, it might do so. However, you will be asked to sign up for the newsletter—that is, to give your consent to receiving the newsletter. You will have no obligation to do so. Your consent will be used only to provide you the newsletter and only for as long as you wish to receive it.
When investors make their investments or provide information to receive payments from Quercus, they provide Information beyond name and email address. To ensure greater security, Quercus shares only the information necessary to execute the transaction with the financial intermediaries handling the transaction. You might receive communications such as notices of clearance of a payment and other such notices. Quercus will also provide you with financial information for your accounting and fiscal purposes.
Hosting and Backend Infrastructure
Quercus stores Information on either its servers or servers provided by a data center or Service Provider. Some of these Service Providers use servers that are geographically distributed, which makes it difficult to determine every location where Information is stored. Each Service Provider enters into a written agreement with Quercus and each such Service Provider is subject to confidentiality and security obligations.
Interaction with Social Networks
As noted above, it may be that individuals within, or Service Providers to, some part of the Quercus Group may obtain Information from Social Networks. This Information is used only for the purposes of fulfilling business obligations, such as interviewing potential candidates or evaluating past, present or future projects.
Managing Contacts and Sending Messages
Quercus uses a “contact management system” to send information to Individuals, typically periodic financial reports that are required by contract or in the period of discussions of a possible contractual relationship.
Quercus can analyze certain anonymized information as to website traffic (number of visitors) within certain parameters (e.g., time and duration of visit). For example, Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google may utilize the Information to track and examine the use of Quercus, to prepare reports on its activities and share them with other Google services. Quercus does not control Google Analytics.
System logs and Maintenance
For operation and maintenance purposes, Quercus and certain Service Providers may collect files that record interaction with Quercus (System logs) or use other Information (such as the IP Address), for example, to maintain (including upgrading or otherwise altering) its systems, network, software and equipment.
Communications within the Quercus Group
Some of the other entities may collect Information in the normal course of their businesses, or Quercus may provide Information to one or more of such entities for those entities to conduct their business. For example, each fund engages its own Depositary and Paying Agent, responsible for communications with investors. Each Quercus Group entity might engage its own Service Providers. Quercus sometimes serves as the Controller and Processor for such Information and therefore shares Information with other entities in the Quercus Family Group.
Quercus can use Information for legal purposes in judicial systems where Quercus is defending its interests or in the stages leading to possible legal action. You understand and acknowledge that you are aware that Quercus may be required to comply with requests by government authorities for the release of Information.
8. How Long Quercus Keeps the Information
Quercus will keep Information for as long as required by the purpose of the original collection. For example, Information collected and processed for the performance of a contract will continue for as long as any part of that contract remains in effect. Information might be maintained for a longer period if there is a reason to do so, such as potential litigation or for records regarding, for example, distributions made by one of our funds. Legal obligations or regulatory compliance may require Information to be retained for a longer period. In addition, Quercus might seek your consent to retain Information for a longer period.
Once the retention period expires for particular Information Quercus will delete that Information. This will mean that your rights under the European Union regulations will also expire. Those rights are described in more detail below.
9. The Rights of Individuals as to the Information Quercus Collects and Processes
If we have Information on you, then you have rights to do the following, which in general will require Quercus to respond to your requests. Additional details are provided below this section, Your Rights.
- Withdraw your consent at any time. If you have provided affirmative consent you can withdraw consent you have given to Quercus.
- Object to processing. You can object to the processing by Quercus of your Information if the processing is carried out on a legal basis other than consent (with some exceptions described below).
- Access Information about You. You have the right to learn Quercus is processing Information about you and obtain a copy of it.
- Verify and seek Corrections. You can verify the Information and request that it be updated or corrected.
- Restrict Processing. Under certain circumstances, you can restrict processing by Quercus in which case Quercus can only store it.
- Have Information Deleted or Otherwise Removed. Under certain circumstances, you can have Quercus “erase” your Information.
- Receive a Copy of the Information and Have it Transferred. Under certain circumstances, at your request Quercus will provide you with a copy of the Information in a “structured, commonly used and machine-readable format” and, if technically feasible, have it transmitted to another controller without any impediment.
- Object to Direct Marketing Processing. At any time, without explanation, you can object to direct marketing processing. Quercus does not engage in direct marketing.
- Lodge a Complaint with a Government Authority. Members states of the European Union have data protection authorities. You can lodge a complaint with them at any time.
Please note that exercising rights of removal, etc., might not be possible if the basis of collecting and processing the Information derives from an agreement Quercus may have with you (or a company with which you are involved).
How to Exercise These Rights
Any requests to exercise your rights should be sent to Quercus at the contact information at the start of this Policy. Quercus is obligated by law to respond in a prompt manner to your request—in no event longer than thirty days.
Other types of Cookies or third parties that install Cookies
When you arrive on a Quercus website, you may bring with you Cookies installed at other websites you have visited. Quercus does not control these Cookies.
How to provide or withdraw consent to the installation of Cookies
In certain countries, initiatives have started to control tracking preferences of advertisers, such as EDAA (EU), the Network Advertising Initiative (US) and the Digital Advertising Alliance (US), DAAC (Canada), DDAI (Japan). Such initiatives allow you to select their tracking preferences for most of the advertising tools. We recommend that you make use of these resources in addition to the information provided in this document.
11. Information Not Contained in This Policy
You may request additional details concerning the collection or processing of the Information at any time by contacting Quercus using the contact information at the beginning of this Policy.
12. How “Do Not Track” Requests Are Handled
Quercus does not support “Do Not Track” requests. To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.
Quercus reserves the right to make changes to this Policy at any time by giving you notice, usually on the website and this page. We urge you to check this page on a frequent basis. The date at the top of this Policy will indicate the most recent modification to the Policy. Should the changes affect processing activities performed on the basis of your affirmative consent, Quercus shall obtain new consent, where required.
This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).