Privacy and cookie policy

Privacy Policy

Letterone Investment Holdings S.A. and Letterone Holdings S.A. and their affiliated companies (together, “LetterOne”, “we”, “our” or “us”) are committed to protecting and respecting your privacy. This Privacy Policy (the “Policy”) applies to personal data that we collect regarding individuals who visit our website and otherwise interact with us. It also explains who we are and how we collect, use, disclose, share and protect the personal data that we process and how you can exercise your privacy rights. 

We are subject to laws that govern the privacy of the information we may collect. This Policy contains information on our use of your personal data as a data controller, in accordance with relevant laws and regulations, including, where applicable, the EU General Data Protection Regulation (2016/679) (“EU GDPR”), the EU GDPR as it forms part of the laws of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (the “UK GDPR”), the DIFC Data Protection Law, DIFC Law No. 5 of 2020 and the ADGM Data Protection Regulations 2021, all as amended and restated from time to time.

Please read the following carefully to understand our practices regarding your personal data and how we will treat it. Please note that the rights discussed in certain sections of this Policy may be subject to exemptions or other limitations under applicable law. You may use the contact details provided below to contact us if you have any questions concerning this Policy.

What personal data we collect and how

Depending on how you interact with us, including whether you are a business partner, supplier or service provider, job applicant or general website visitor, we may collect personal data from or about you. When we use the term “personal data”, we mean information that can help us directly or indirectly identify you. 

The categories of personal data which we may collect include:

• identifiers and similar information such as name, address, date of birth, email address, national insurance or other social security number, driver’s licence number, passport details, online identifiers or other similar identifiers; 
• commercial information, including records of products or services invested in, obtained, provided or considered, or other commercial histories or tendencies;
• financial information, such as credit card details, bank account details or wire instructions; 
• internet or other electronic network activity information, including interactions with our website or use of certain online tools, IP address, operating system or browser type; 
• professional or employment-related information, including experience, occupation, compensation, employer and title; 
• certain information that may qualify as “special category” or sensitive data under certain data protection laws, such as information on trade union membership or criminal records data (if you are for example a job applicant, for the purposes of background checks; and
• audio, electronic, visual, or similar information.

We may collect this information, from other third-party sources, and automatically from your use of our website. 

We may collect personal data through a range of means. These may include sources such as: (i) directly from you, where you interact with us via our website or otherwise, for example where you sent us a job application or fill in relevant forms and questionnaires); (ii) third-party sources, such as service providers (for example financial advisory firms, consultants, legal professionals) and other third parties; or (iii) publicly available sources, where we receive personal data through a publicly available source such as a website or publicly-available registry, including bankruptcy registers, sanctions screening databases, tax authorities, governmental agencies and departments, and regulatory authorities, and other sources such as credit reporting agencies or sources designed to detect and prevent fraud.

We may collect information about you automatically through your use of our website, for example your IP address, operating system and browser type, and how you navigate our website, for the purposes of system administration and to help improve our website. We may collect information about you by using cookies, tracking pixels and other technologies (collectively, “Cookies”). Please see further details in the Cookies section of this Policy. 

How we use your personal data and on what basis

Depending on how you interact with us, we may use your information for the following purposes:

• enabling or effecting commercial transactions;
• performing our contractual and legal obligations, including providing updates on our performance, providing tax reporting and other operational matters;
• communicating with you;
• where permitted by applicable law, providing you with marketing or promotional materials;
• detecting security incidents and protecting against malicious, deceptive, fraudulent, or illegal activity, including preventing fraud and conducting “Know Your Client,” anti-money laundering, terrorist financing, and conflict checks;
• administering and improving our website; and 
• internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.

We process personal data in circumstances where the processing relates to a legitimate interest and where that processing is necessary for the relevant purpose and not inconsistent with the interests, rights or freedoms of a relevant individual. Our legitimate interests include carrying out any and all functions necessary to enable us and to carry out investment activities and related functions. We may also process personal data where necessary to comply with legal obligations. Depending on the circumstances, we may also need to process your personal data for the performance of a contract to which you are a party, or related pre-contractual steps; or with your consent.

We may need to process certain personal data in order to be able to perform business operations or to comply with contractual requirements. If you choose not to provide us with the necessary personal data, we may not be able to meet our obligations or deliver the services or products requested. This may lead to cancellation of contracts; if this is the case, we will endeavour to contact you to discuss this.

We may from time to time process personal data for the purposes of marketing and advertising. Under certain data protection laws, an individual who does not wish their personal data to be processed for such purposes may request an opt out from such processing by contacting us at the contact details below.

Disclosure of your information

We may share personal data with certain third parties for the purposes set out above, including as follows:

• with our service providers, including professional service providers such as accountants, financial advisors and legal professionals;
• with our counterparties, in the context of the everyday operation of our business;
• as part of a transaction, with third parties that require the personal data to execute the contemplated transaction; 
• with regulators, legal and tax authorities;
• responding to a court order, subpoena or legal investigations; 
• providing you with information about additional services or products that may be of interest to you;
• in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganisation, dissolution, or liquidation); and 
• with any other person with your consent to the disclosure.

Transfers of personal data outside certain jurisdictions

Our activities are such that it may be necessary for personal data to be transferred and/or processed outside the European Economic Area (“EEA”), the United Kingdom (“UK”), the Dubai International Financial Centre (“DIFC”) or the Abu Dhabi Global Market (“ADGM”). The countries to which your personal data may be transferred may not afford the same protections as the country your personal data is transferred from. Nonetheless, we will seek to ensure appropriate safeguards are in place so that a similar degree of protection is afforded to your personal data, including by transferring personal data in the following circumstances:

• To persons and undertakings in countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, the relevant Secretary of State in the UK or another relevant regulatory authority, as applicable.
• To persons and undertakings to whom the transfer of such personal data is made pursuant to a contract that is compliant with the model contracts or standard contractual clauses for the transfer of personal data to third countries from time to time approved by the European Commission, the relevant Secretary of State in the UK or another relevant regulatory authority, as applicable, and as supplemented where and if required.
• To persons and undertakings based in the United States if they are part of the EU-U.S. Data Privacy Framework which requires them to provide similar protection to personal data shared between the EEA and the United States, as well as between the UK and the United States pursuant to the Data Protection (Adequacy) (United States of America) Regulations 2023 for the UK Extension to the EU-U.S. Data Privacy Framework (the UK-US Data Bridge). 
• On one of the conditions allowed under applicable data protection laws, such as consent.

Further information on specific mechanisms utilised by LetterOne for transferring personal data outside the EEA, the UK, DIFC or ADGM and the countries to which such transfer may be made (which may include, but are not limited to the United States) may be obtained upon request via the contact details set out below.

Data Security and Retention 

We take reasonable steps to use physical, organisational, technical and administrative safeguards to protect personal data from unauthorised access and use. Given the nature of information security, there is no guarantee that such safeguards will always be successful.

We will retain personal data for as long as necessary to fulfil the purposes for which it has been collected. This will include any period of retention required to satisfy any applicable legal, taxation, accounting or reporting requirement. In determining the appropriate retention period for any personal data, we will endeavour to take into account relevant criteria such as the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of the data, the purpose for which the relevant data is being processed, the extent to which the purposes for which the relevant data is being processed can be achieved by other means and any applicable legal requirements. 

Further, in some circumstances, we may anonymise personal data for research or statistical purposes, in which case such information will no longer be linked to an individual and will not constitute personal data and may be retained and utilised indefinitely without further notice.

Your rights

You have the right to ask us not to process your personal data, in certain circumstances. You also have rights to request us to review the information held by us about you and to require us to update and correct your personal data, to provide you with details and copy of the information held by us about you and under certain circumstances you may have rights to request us to provide your details to others (known as portability rights), to obtain a restriction on processing of your personal data, the right to require erasure of your data and, where applicable, the right to withdraw your consent to the processing of your personal data at any time. The lawfulness of any processing based on consent prior to that withdrawal will not be affected by the subsequent withdrawal of such consent. 

You also have a right to lodge a complaint about the processing of your personal data with a data protection authority. We particularly appreciate it when you make your question, problem or complaint known to us in the first instance, via the contact details set out below. 

If you wish to lodge an external complaint, however, you may file one with any of the following data protection authorities, depending on the location: 

• The Information Commissioner’s Office (“ICO”) is the UK supervisory authority for data protection issues. You can contact the ICO:

• • by Telephone: 0303 123 1113 or 01625 545 745
  • or in writing to: Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • or via their website: https://ico.org.uk/ 

• The Commissioner of Data Protection is the DIFC (Dubai) supervisory authority for data protection issues. You can contact the Commissioner: 

• • In writing to: Commissioner of Data Protection, Level 14, The Gate, DIFC, P.O Box 74777, Dubai, UAE
  • Or via email to commissioner@dp.difc.ae 

• The Commissioner of Data Protection is the ADGM (Abu Dhabi) supervisory authority for data protection issues. You can contact the Commissioner: 

• • In writing to: ADGM commissioner of Data Protection, ADGM Authorities Building, ADGM Square, AL Maryah Island, Abu Dhabi UAE
  • Or via email to data.protection@adgm.com

• The National Commission for Data Protection (“CNPD”) is the Luxembourg supervisory authority for data protection issues. You can contact the CNPD:

• • by Telephone: (+352) 26 10 60 -1
  • or in writing to: National Commission for Data Protection (CNPD), 15, Boulevard du Jazz, L-4370 Belvaux or via their website: https://cnpd.public.lu/en.html 

Cookies

Cookies are small text files that are stored in your computer’s memory and hard drive, in your mobile device or tablet when you visit certain web pages. They are used to enable websites to function or to provide information to the owners of a website, or other third parties which receive data obtained from that website. 

Currently, our website uses:

• Strictly necessary cookies – these are essential in order to enable you to move around the website and use its features. Without these cookies, certain functionality on the site cannot be provided to you.
• Performance cookies – these cookies collect information about how visitors use a website, such as which pages you visit. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how the website work.
• Functionality cookies – these cookies allow the website to remember choices you make and provide enhanced, more personal features.

Changes to this Policy

Any changes we may make to this Policy will be posted on this website, and we may notify you by updating it with a “Last Updated” date at the top. The most current version of this Policy will be available on our website.

Contact us

If you have any questions, comments or requests regarding this Policy, please contact us at Compliance@letterone.com.

To exercise your data rights with LetterOne, please contact the following: 

Ratul Sood
Group Compliance Director
Email: rsood@letterone.com
Phone: +44 (0) 7762 02 5310

Ivie Igbinosun
Compliance Manager
Email: iigbinosun@letterone.com
Phone: +44 (0) 739 323 1291