LP Analyst, L.P. (the “Firm”) has adopted this Data Privacy Notice (the “Privacy Notice”) to establish practices, requirements and responsibilities for the protection of the personal data, non-personal data, and other confidential information as defined below that is collected, received and stored in connection with use of this website and any other online platform the firm manages as part of its services (together, the “Sites”).
This Privacy Notice is structured to be in full compliance with the European Union’s General Data Protection Regulation (EU) 2016/679 (“GDPR”) and Firm is committed to processing all data in accordance with its responsibilities under Article 5 of the GDPR.
- Relevant Parties
This Privacy Notice applies to clients, prospective clients and users of Sites where Firm gathers and retains Personal Data in the context of services offered (each a “Party” and together the “Parties”).
- Collected Data
Firm is a business-to-business provider of private asset analytics and consulting services (the “Services”). Firm does not collect sensitive personal data, meaning any information relating to an identified or identifiable natural person such as an social identification number (e.g., Social Security number) or factors specific to the physical, physiological, genetic, mental, economic, cultural or other social identifiers of that natural person (e.g., racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation) (collectively, the “Personal Data”). Firm does not collect or store any non-public personal information about its clients, prospective clients, and users of Sites (e.g., health care, credit card, personally identifiable information).
Firm only collects a basic level of public information on client and prospective client investment team professionals as well as other users of Sites, which includes:
- First and last name
- Professional email address
- Professional phone numbers
- Employer name
- Job title
- Office location
Any confidential information Firm collects as it relates to client and prospective client investments including, but not limited to, private asset fund financial statements, reports, client capital account statements, client cash flows, and fund terms (the “Confidential Information”) is addressed in separate notices and agreements with such clients and prospective clients.
- Data Collection Methods
Firm only collects the data mentioned in Section 3 that is provided directly by Sites. Firm does not gather or retain data sourced indirectly.
Firm will not disclose personally identifiable information except in accordance with this Privacy Notice and relates policies and procedures, as permitted or required by law, or as authorized in writing by the owner of said information. Further, Firm will never sell personally identifiable information.
With respect to personally identifiable information, Firm strives to:
- Ensure the security and confidentiality of the information;
- Protect against anticipated threats and hazards to the security and integrity of the information; and
- Protect against unauthorized access to, or improper use of, the information.
- Usage of Data
Firm only uses collected data for the purposes of its Services for which clients and prospective clients engage Firm. Any collected data from Sites is not shared with affiliates or other related parties.
- Data Storage and Handling
Collected data stored on Microsoft Azure, a cloud-based system, includes Microsoft features and Firm takes full advantage of all features Microsoft offers in connection to data security.
The proper handling of both Confidential Information and Personal Data is critical to Firm’s integrity. Firm’s reputation is a vital asset and even the appearance of the misuse of Confidential Information or Personal Data should be avoided as violations may be damaging to both the reputation and financial position of Firm. Any misuse of Confidential Information and/or Personal Data that violates federal and state laws and other legal and regulatory requirements must be avoided and Firm personnel should not access such information unless specifically required to do so to complete job functions. This includes, but is not limited to, accessing Sites audit logs, fund manager portals, fund documents and client portfolio summaries.
- Data Protection Rights
Parties are entitled to the following:
- Right to Access– You have the right to request Firm for copies of your personal data; however, a small fee may be charged for this service.
- Right to Rectification – You have the right to request that Firm correct any information you believe is inaccurate. You also have the right to request Firm complete information you believe is incomplete.
- Right to Erasure – You have the right to request that Firm erase your personal data, under certain conditions.
- Right to Restrict Processing – You have the right to request that Firm restrict the processing of your personal data, under certain conditions.
- Right to Object to Processing – You have the right to object to Firm’s processing of your personal data, under certain conditions.
- Right to Data Portability – You have the right to request that Firm transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- Data Retention
Firm may retain records of all communications with Parties, but will only retain collected Confidential Information as it relates to the Services during periods under which there is an active business relationship with a client or prospective client.
- Cookies – Usage and Management
Parties can access and set their browser settings to not accept cookies as well as to remove previously accepted cookies. This action will not impact any function on Sites or Firm’s Services.
- Notice and Policy Changes
Firm keeps this Privacy Notice and any related policies and procedures under regular review. This Privacy Notice was last updated on June 18, 2021.
- Data Requests
If Parties make a request to Firm regarding Personal Data collected on Sites, Firm has one month to respond such Party. To exercise its data request rights, Parties may contact Firm at:
- Email: email@example.com
- Phone: (214) 814-0850
- Contacting Appropriate Authorities
Should Parties wish to report a complaint or feel that Firm has not addressed its concerns in a satisfactory manner, such Party may contact the appropriate authorities (e.g., Information Commissioner’s Office (ICO)).
- GDPR Principal Compliance
Firm requires that Personal Data be processed in accordance with Article 5 of the GDPR which establishes the following guidelines:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.