Europe and United Kingdom Privacy Notice
GREENHILL GROUP
PRIVACY NOTICE
1 About this notice
This notice (the “Privacy Notice”) provides information about how “Greenhill” gather and use personal information. We are committed to respecting the confidentiality of the personal information you supply to us and all data will be processed in accordance with applicable data privacy laws.
This notice only applies to individuals within the United Kingdom and the European Union.
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this Privacy Notice.
If you do not agree with our use of your personal data as set out in this Privacy Notice, you should not submit your personal information to us. However, if you do not wish to submit your personal information, or if you wish to exercise your rights to prevent us using your data, you should be aware that we may not be able to do business with you. For more information on this, please see sections 4.1 and 7.
2 About us
We are Greenhill & Co. International LLP (company number OC332045) registered at Berkeley Square House, London W1J 6BY, Greenhill Europe GmbH & Co. KG (company number HRA50593) registered at Neue Mainzer Strasse 52, D-60311 Frankfurt am Main, Germany and Greenhill & Co. Sweden AB (company number 556898-6730) registered at Biblioteksgatan 8, 111 46 Stockholm. For the purposes of data privacy legislation, we will be acting as ‘joint controllers’.
3 Contacting us
Should you have any questions or concerns about this Privacy Notice or the processing of personal data we hold about you, please contact us:
By email: |
4 Your rights
You have certain rights in relation to your personal data.
4.1 Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Object to processing of your personal information where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are processing it lawfully.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see above).
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party in a machine-readable, commonly used and structured format.
If you want to exercise any of these rights then please contact us using the details at section 3. The various rights are not absolute and each is subject to certain exceptions or qualifications. For example, if you wish to withdraw your consent or object to processing, we may need to discuss with you whether our use of your data needs to continue for other lawful purposes, such as fulfilment of a legal or contractual requirement.
We will respond to your request within one month of receipt of your request. In some cases we may not be able to fulfil your request to exercise the right before this date, and may need to request more time. Where we cannot provide a full response to you for any reason, we will let you know about this in our initial reply to your request.
4.2 Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
4.3 Fees
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). In some cases, we may charge a reasonable fee if your request for access is clearly unfounded or excessive, or if you request multiple copies of the information. Alternatively, we may refuse to comply with the request in such circumstances.
4.4 What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
4.5 Right to complain
If you wish to request further information about any of the above rights, or if you are unhappy with how we have handled your information, please contact us on the contact details contained in section 3.
If you are not satisfied with our response to your complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the supervisory authority of your choice. For example, if you live in the United Kingdom, this will be the Information Commissioner’s Office. You can contact them via https://ico.org.uk/global/contact-us/ or 0303 123 1113.
5 Information we collect
We collect your personal information from a variety of sources, as set out in this Privacy Notice. Where necessary we collect information directly from you or indirectly from third parties, and through your use of our website.
5.1 Information you provide to us
This section details the information we collect about you in the course of your interaction and correspondence with us and our representatives. We collect:
- basic personal details including your name and address (and proof of name and address), email address, telephone number, any other contact details you supply, social security and tax details, nationality, citizenship, tax residency, date of birth;
- banking details;
- information on your assets and/or income and/or financial dealings;
- records of electronic communications; and
- employment and education history (where you send us this information as part of a job application process).
5.2 Information we collect from other sources
We may receive information about you from our affiliates, third parties such as your employer or recruitment agencies and publicly available sources such as Companies House. We collect the following information from third parties:
- basic personal details including your name, address, email address, telephone number and other contact details;
- data received from background checks related to the job application process. This may include criminal record checks and credit history or bankruptcy checks as required for regulatory purposes;
- data received from due diligence activities (such as anti-money laundering, politically exposed persons and sanctions checks);
- fraud enquiries (for example, information from police reports); and
- employment and education history (where we are sent this information by an employment agent).
5.3 Information from your use of our website
We collect information about your use of our website and the devices you use. We collect information on:
- how often you access our website;
- the way in which you navigate around it;
- how long you spend on particular pages;
- the operating system, hardware, software versions, browser configuration, display size, browser configuration of the devices you use; and
- connection information such as IP addresses.
We also use cookies to log your behavioural information. For more information on our use of cookies, please refer to our cookie policy. In particular, please note that cookies may be held by our third party website provider.
6 How we use the information we collect
6.1 General uses of information
The information which we collect and what we use it for will depend on the nature of our business relationship with you. We use your information:
- to maintain our professional relationships with you;
- to complete due diligence requirements as part of our transaction services or to fulfil other contractual obligations to third parties to whom you have provided your information;
- for our internal business administration and record keeping purposes;
- for legal and regulatory compliance purposes, including as necessary to respond to governmental, regulatory or law enforcement agency requests; and
- for recruitment.
6.2 Information for marketing purposes
We use your information to identify products, services and events that we think may be of interest to you.
We will only send you marketing messages where it is allowed by law or you have consented to such contact.
You have the right to ask us not to not send you marketing messages by post, telephone or e-mail or any combination of these at any time. You can also let us know at any time that you wish to change your mind and to start receiving such messages.
You can do this:
- by replying directly to the marketing message; or
- at any time by contacting us (see section 3).
If you choose to unsubscribe, we will cease to send you such communications as mentioned above.
7 Our bases for collecting and using the information
We are entitled to use your personal data in the ways set out in this Privacy Notice on the following bases:
- we have legal obligations that we have to discharge;
- the use of your personal data is necessary for our legitimate interests in:
- fulfilling contractual obligations to third parties;
- collecting information for marketing purposes;
- communicating with you and maintaining our business relationships;
- you have consented to such use; and/or
- to establish, exercise or defend our legal rights for the purposes of legal proceedings.
If provision of your personal information is a legal or contractual requirement or a requirement necessary to enter into a contract with us, and you choose not to provide it, we may not be able to perform some of the tasks we need to in order to provide certain products or services to you.
If you do choose to provide your consent you can withdraw it at any time by contacting us (see section 3).
8 Sharing your information
We will not disclose your personal information to third parties except as detailed in this Privacy Notice. The following is a list of the types of third parties who we may share your personal information with:
- our affiliates;
- professional advisers, including accountants, auditors, compliance consultants, legal advisers and tax advisers;
- fraud prevention agencies;
- third party services providers and information technology providers, including providers of client relationship management systems, and information security providers;
- we may disclose to law enforcement agencies and regulators, government departments or competent authorities of the UK or of other countries any personal data (including tax status, identity or residency or other personal and payment information, documents or self-certifications) where we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation;
- if we are under a duty to disclose or share your information with HM Revenue & Customs (HMRC) or other tax authorities, who may transfer it to the government or the tax authorities in another country where you may be subject to tax; and
- if you have consented to any disclosure to a third party.
9 Where we store your information
We are a global business and so we may transfer, process and/or store your personal information outside of the United Kingdom and the European Economic Area (“EEA”).
Where we transfer your personal data to another country outside the UK and/or EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements. This may be done in one of the following ways:
- the country that we send the data to might be approved by the European Commission or UK Government (as applicable) as offering an adequate level of protection for personal data;
- the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission or UK Information Commissioner’s Office (as applicable), obliging them to protect your personal data;
- the recipient may have adhered to binding corporate rules (only for intragroup transfers); or
- in other circumstances the law may permit us to otherwise transfer your personal data outside Europe.
You can obtain more details of the protection given to your personal data when it is transferred outside the UK and/or EEA (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us as described in Section 3.
10 Keeping your information
We will keep your information only for as long as necessary depending on the purpose for which it was provided. Details of retention periods for different aspects of your personal information are available in our retention policy which you can request by contacting us (see section 3).
When determining the relevant retention periods, we will take into account factors including:
- legal obligations under applicable law to retain data for a certain period of time;
- statute of limitations under applicable law(s);
- (potential) disputes;
- our legitimate interests and
- guidelines issued by relevant supervisory authorities.
11 Security
We acknowledge that the information you provide may be confidential and will maintain the confidentiality of and protect your information in accordance with our normal procedures and all applicable laws. We employ appropriate technical and organisational security measures to help protect your personal data against loss and to guard against access by unauthorised persons. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
In addition, those employees, agents, contractors and other third parties who process your personal data will only do so on our instructions and they will be subject to a duty of confidentiality.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, for example by encrypting our outgoing email communications, we cannot guarantee the security of your data transmitted online. Any transmission is at your own risk. Once we have received your information, we will use procedures and security features to try to prevent unauthorised access.
12 Links to other websites
Links on our website may take you to third party sites over which we have no control. While such links are provided for your convenience, you should be aware that the information handling practices of the linked websites might not be the same as ours. You should review any privacy notices on those linked websites. We are not responsible for any linked websites.
13 Changes to our Privacy Notice
We reserve the right, at our discretion, to change, modify, add to, or remove portions from, our Privacy Notice. We will of course notify you of any changes where we are required to do so.