WHITFORD MANAGEMENT PRIVACY NOTICE

Thank you for visiting the website (the “Site”) of Whitford Management LLC (“Whitford Management”, “we” or “us”). Whitford Management takes its obligations under data protection laws seriously and is committed to ensuring your privacy. This Privacy Notice will inform you about the types of personal information that we collect about you and how we share, use and protect your information. It also explains the rights you have in relation to that information. Your visit to the Site is subject to this Privacy Notice, which may be updated by us at any time.

Table of Contents

  1. Important Information
  2. How We Obtain Personal Information
  3. How We Use Personal Data
  4. Categories of Personal Information We Collect
  5. Sharing Personal Information
  6. International Transfers of Personal Information
  7. Security of Personal Information
  8. Retention of Personal Information
  9. Consent Under Canadian Privacy Laws
  10. Your Rights if You Are Located in The United Kingdom, European Economic Area and Equivalent Data Protection Regimes
  11. Our Contact Information

Important Information

We are a private investment firm based in New York City. Whitford Management is responsible for this Privacy Notice and, to the extent relevant to applicable data protection law, is the controller of your personal information. This means that we are responsible for deciding how to hold and use the personal information that we process about you.

How We Obtain Personal Information

Personal information means any information that can identify a living individual either directly or indirectly. It does not include data where the identity has been removed (anonymous data). Most of the personal information we process is provided to us directly by you via the following means:

  • Email
  • Phone
  • The Site

If you provide information to us about any person other than yourself, your employees, counterparties, your advisers, or your suppliers, you must ensure that they understand how their information will be used, and you have their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.

How We Use Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • To perform the contract that we may enter or have entered into with you.
  • To carry out our obligations and enforce our rights arising from any contracts with you, including for billing and collection or employment purposes.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.

Categories of Personal Information We Collect

The types of personal information we collect (for non-employees) consists of the following:

  • Full name
  • Business email address
  • Business office address
  • Employer details (name, address)

The types of information we process (for employees and potential employees) consists of the following:

  • Full name
  • Date of birth
  • Nationality
  • U.S. Social Security Numbers
  • Home address
  • Telephone number
  • Email address
  • Employment status
  • Occupation
  • Education level
  • Employer details (name, address)

Sharing Personal Information

We may disclose your personal information to our third-party service providers who provide administrative or professional assistance such as hosting and backend infrastructure, storage, security, telecommunications, professional advisors, regulators and auditors and other services to support us in our overall day-to-day business operations.

International Transfers of Personal Information

We may, from time to time, transfer your data originating in the United Kingdom, the European Economic Area or Canada to other countries such as the United States, such as to a service provider with servers outside those countries or areas. When this happens, we will ensure that the information is protected as described in this Privacy Notice and that the appropriate safeguards are in place.

Security of Personal Information

We have put in place appropriate measures to protect the security of your personal information. Third parties will only process your personal information where they have agreed to treat the personal information confidentially and to keep it secure. We have put in place appropriate security measures designed to prevent your personal information from being subject to a data security breach, accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Furthermore, we limit access to your personal information to those employees and other third parties who have a business need to access it.

Retention of Personal Information

We will only retain personal information for as long as we have a legitimate basis for doing so, including for the purposes of satisfying any legal, regulatory, commercial, accounting, reporting or internal business requirements.

Consent Under Canadian Privacy Laws

For individuals located in Canada, we will not collect, use, or disclose your personal information without your prior consent which may be expressed or implied either in writing, verbally or through any electronic means. Occasionally, your consent may be implied by your actions. For example, you provide us with your personal information to apply for a job or to use our services. We will only process your personal information in a reasonable manner and consistent with the purposes for which the personal information was given.

Unless we are authorised or required by law, we will not collect, use, or disclose your personal information without your consent. You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice.

Your Rights If You Are Located in The United Kingdom, European Economic Area and Equivalent Data Protection Regimes

For individuals located in the United Kingdom, the European Economic Area or jurisdictions with equivalent data protection laws, we must process your personal information according to the following:

  • in a lawful, fair, and in a transparent way;
  • collected only for valid purposes that are clearly explained and not used in any way that is incompatible with those identified purposes;
  • relevant and limited to the purposes that we informed you about;
  • accurate, appropriate, and kept up to date;
  • retained only as long as necessary for the purposes that we have informed you about; and
  • kept securely.

Under certain circumstances, you have rights under data protection laws in relation to your personal information that we are processing about you (if it has not been aggregated and anonymized). Specifically, you have the following rights:

  • Right of access to your personal information. You may ask us for copies of your personal information.
  • Right to rectification of the personal information that we hold about you. You have the right to request that we rectify personal information that you think is inaccurate. You also have the right to ask us to complete information that you think is incomplete.
  • Right to erasure of your personal information. You have the right to request that we erase your personal information in certain circumstances.
  • Right to restriction of processing of your personal information. You have the right to request that we restrict the processing of your personal information in certain circumstances.
  • Right to object to processing of your personal information. You have the right to object to us processing your personal information in certain circumstances.
  • Right to data portability of your personal information to you or to a third party. You have the right to request that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
  • Withdraw consent to us to continue processing your data where we are relying on consent as the lawful basis to process your personal information. This will not, however, affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we will not be able to provide certain services to you and we will advise you if this is the case at the time you withdraw your consent.

You are not required to pay any fee for exercising your rights. However, we can charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive, or otherwise as permitted by applicable data protection laws. Alternatively, we could refuse to comply with your request in these circumstances. If you make a request, we will respond to you in accordance with applicable data protection laws. You have the right to make a complaint to the relevant data protection authority. The relevant data protection authority in the United Kingdom is the Information Commissioner’s Office (ICO), and you can contact the ICO by calling +44 303 123 1113. For details on the relevant protection authority for other EU countries, see here. We would, however, appreciate the opportunity to discuss any concerns before you approach any data protection authority.

Our Contact Information

If you have any questions or concerns about this Privacy Notice, please contact us at info@whitfordmgmt.com.