Acuris (Trading as Mergermarket Ltd) Privacy Notice
1. ABOUT US
1.1 This is the privacy notice for the Acuris Group, a group of companies owned by Mergermarket Limited. Mergermarket Limited is incorporated in England, with company number 05048084, of 10 Queen Street Place, London, EC4R 1BE and registered with the Information Commissioner’s Office under number: Z4836264.
Any reference in this privacy notice to us, we, or our, is a reference to the Acuris Group. If you would like to know more about the Acuris Group, please visit our website at: www.acuris.com.
1.2 We provide a range of research and reporting products relating to fixed income, transactions & infrastructure, equities, compliance, KYC and due diligence, as well as hosting events on areas of interest to such sectors (any such services, our Services). A list of our products (Products) is set out in the table below.
Debtwire, Xtract Research, Creditflux, Mergermarket, Unquote, AVCJ, Activist Monitor, Inframation, Wealth Monitor, Hedge Fund Law Report, Anti-Corruption Report, Cybersecurity Law Report, C6, Capital Profile, Deal Reporter, Parr, TIM, Acuris Research, Perfect Information
1.3 Due to its specific nature, the processing activities carried out by C6 Limited are set out in a separate privacy notice which is accessible at https://www.c6-intelligence.com/
2 ABOUT THIS NOTICE
2.1 This notice explains what personal data we collect in connection with the provision of our Services, why we need that data, and how we use it.
2.2 As part of our Services, we will share personal data with third parties (for more details on this have a look at section 5 below). This notice only deals with our use of personal data. Any parties with whom we share personal data (other than our processors) are not bound by this privacy notice. This notice should make it clear exactly when and to whom data may be transferred – but if you have any questions feel free to send us an email at: DPO@acuris.com.
2.3 Our website provides links to other websites (not run by an Acuris Group company), which are beyond our control. We encourage you to read the privacy statements on the other websites you visit.
2.4 We might need to change this privacy notice from time to time. We will publish our privacy notice on our website (available at www.acuris.com or any other website run by us to promote the Products listed above) and we’ll do our best to update you directly if we think the changes might materially affect you. Please do keep an eye on our notice before giving us any personal data.
3 ABOUT THE DATA WE HOLD
3.1 Visitors to Our Websites
Cookies are small data files that websites store on your electronic device. so that the website can store data and will enable us to collect information, which is likely to include data from which you can be identified.
For further details, including the duration that we retain data for, please see our Cookie Notice https://www.acuris.com/cookie-notice.
Our lawful basis for using cookies to collect and process usage data is that it is necessary to protect our legitimate interest of promoting our business.
The Acuris Group has a team which identifies people who are likely to find our events or Products useful for their jobs. Our team will look for and source business contact details and information about an individual’s job role both online (on publically available resources and business websites), through networking activities and may also collect details from event attendees, newsletter subscribers and subscribers of our Products.
Our team will use those business contact details to send event invites and emails about relevant industry news. We always include an unsubscribe link at the bottom of any such email which we send, so that you can let us know if you do not wish to receive any further marketing emails.
Our lawful basis for using personal data in this way is that it is necessary to protect our legitimate interest of promoting our business.
If you sign up to an event:
(a) We will collect the details required to deliver our contractual obligations, such as payment, accommodation and attendee details. We will only process such details as necessary to enable us to perform the contract between you and us.
(b) We will publish an attendance list (including your name and company name) which will be available to other attendees and event sponsors. We will provide you with the name of any event sponsors to which we are transferring any data about you. We will provide you with the name of any sponsors of the event once they are confirmed. We consider the processing to be necessary to protect our legitimate interest of running an effective event. We will not share your details with the venue or other third parties for marketing purposes unless you provide your consent.
(c) We will also request and if you provide it, collect, information about your relevant interests and preferences. We will use this information to help us make decisions about the kind of events and any services or products you might be interested in hearing about from us and will use this information for marketing purposes (as set out in section 3.2 above).
If you are speaking at one of our events:
- We will use the details you provide us with to contact you in connection with the event and, if relevant, process any payment or facilitate any obligations or rights set out in agreement between you and us. Any such processing will be carried out on the basis that it is necessary to facilitate the contract between you and us. We will retain details of transactions for a between you and us in accordance with our retention policy (a link to which is included at the bottom of this section 3). We will only use the retained information to comply with regulatory requirements or in the event of a dispute between you and us – which processing would be carried out on the basis that it is necessary to protect our legitimate interest of protecting our business.
- We will publicise the bio that you provide, on the basis that such processing is necessary to achieve our legitimate aim of running a successful event and we will retain both the bio and details relating to the talk you give after the event for our internal records as well as for marketing purposes for future events.
- We will also use the information you provide us with for marketing purposes (as set out in section 3.2 above).
3.4 Subscription Services
We will use personal data that we collect from clients (which may include details of our clients’ staff) who have subscribed to receive our Services, in the following ways:
(a) To fulfil the contract: which includes setting you up as a client, providing you with updates relating to our Products and processing your user ID, password and contact details and any payments to be made. Any such use will be on the basis that the processing is necessary to perform the contract between you and us.
When you terminate your subscription, we will keep full records about your subscription for two years in case you want to reactive your account.
We will also retain details of transactions for a period of up to 6 years for our internal records. Any further use of the retained information will only be to comply with regulatory requirements or in the event of a dispute between the recipient and us – which processing would be carried out on the basis that it is necessary to protect our legitimate interest of protecting our business.
- We use automated tools to monitor website access using your account details, to identify and manage potential security issues and to keep your account safe. Any such usage data shall be processed to the extent necessary for our legitimate interest of ensuring our Products are secure. We will retain usage data for a period of up to 6 years for our internal records. Any further use of the retained information will only be to comply with regulatory requirements or in the event of a dispute between you and us – which processing would be carried out on the basis that it is necessary to protect our legitimate interest of protecting our business.
- We may also use corporate contact details for marketing purposes (as set out in section 3.2 above).
3.5 Information Databases - news
Our internal Acuris team of journalists will collect, use and store data relating to third parties (such as directors, shareholders, PSCs and their advisors). They will do this to draft reports, profiles, articles and blogs which are then published for the benefit of our subscribers (who may be based outside the EEA) or included in the newsletters which we circulate or blogs which we post. Typically, our subscribers for this type of service include private banks, banking and finance and professional services firms, such as law firms, tax advisors, accountancies and consultancy firms.
Our lawful basis for such processing is that it is necessary to protect our legitimate interest, which is to provide journalistic services in the public interest.
Any such processing will take into consideration the relevant codes of conduct, including the BBC Editorial Guidelines, the Ofcom Broadcasting Code and the Editors’ Code of Practice.
We work hard to maintain the quality of that information and amend information if we believe it to be incorrect or no longer relevant.
3.6 High Net Worth Individuals Profiles
We collect, use and store in our searchable database, data relating to high net worth individuals which we provide to our subscribers (some of which may be based outside the EEA). Typically, our subscribers for this Product include private banks, professional services firms, such as law firms, tax advisors, accountancies and consultancy firms, as well as luxury retail and service companies such as private jet charter firms or jewellers.
We will only transfer such data outside the EEA if it is to a territory which the European Commission has found to have adequate safeguards in place or if we have implemented appropriate safeguards.
The data that we collect and include in a report is likely to include:
- Name and contact details
- Date of birth
- Number of children
- Civil status (married/single/divorced/widowed)
- Links to social media accounts (such as LinkedIn, Xing, Twitter, Facebook) and information publicly available on such pages Names of other family members and relatives (excluding minors)
- Education and details of former and current job positions
- Details of companies and/or entities with which the Third Party may be associated, or in which they may hold a directorship or have a shareholding;
- Details of wealth accumulated through liquidity events (selling equity in businesses), potential liquidity events, emoluments and assets (if publicly available)
- Information in news articles such as interests and/or other biographical information
- Details of corporate advisors
- Interests and hobbies
We do not envisage that we will collect any special categories of data - that is data relating to an individual’s race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data; or data relating to criminal offences, for the purpose of such services. We have implemented safeguards to minimise the risk that such data is collected indirectly.
Our internal researchers will source such data from publically available sources which is likely to include public registries such as Companies House as well as business websites and other online resources.
Our lawful basis for such processing is that it is necessary to protect our legitimate interest of providing an efficient and effective wealth profiling service to our subscribers. In order to ensure that the rights and fundamental freedoms of those individuals profiled are protected, provided we have the correct contact details, we will try to notify them upon obtaining their data from a third-party source.
We retain profiles on High Net Worth Individuals for no longer than 35 years, subject to the rights of the relevant data subjects.
3.7 Job Applicants
If you contact us about a job, we will use the information you provide us with to assess your suitability for the role and progress your application. Data we will require includes contact details, your curriculum vitae, your previous experience, education and answers to questions relevant to the role you have applied for. Our HR team and the hiring manager for the role will have access to this data.
We will also ask about equal opportunities data. We use this data to produce and monitor equal opportunities statistics for legal reasons. There is no obligation to provide this data and it will not affect your application if it is not provided. This data will not be made available to any staff outside of our HR team, including hiring managers.
We will only share your data with contracted third parties if it is necessary for the recruitment process, and will notify you at the time. We will never sell your data or use it for marketing purposes. If we need to securely process the data in another country, we will let you know before the transfer happens.
If your application is not successful, unless you ask us to retain your data for other opportunities in the future, we will store your details for six months to help with any questions, before securely deleting or anonymising the data.
If your application is successful, we will need to complete employment checks for legal reasons, to verify your right to work in the country and to verify your previous employment references.
We will only process such data to the extent required to achieve our legitimate interest of maintaining a workforce for our business
3.8 A copy of our retention policy in respect of all of the personal data we hold can be accessed here.
4. OUR SECURITY PROCEDURES
Security of personal data is very important to us. Our business operates under the ISO 27001 International Security Standard. We use a wide range of organisational, technical, physical and operational controls, which are assessed for effectiveness on a regular basis.
5. WILL WE DISCLOSE PERSONAL DATA TO ANYONE ELSE?
- We will disclose any personal data that we hold to our employees and third parties who are contracted to help us provide our Services (some of whom may be based outside the EEA). Any such third parties will be acting as processors on our behalf and will be contractually bound only to use the data in accordance with our instructions and to implement adequate security measures. The data will only be transferred in these circumstances if appropriate safeguards are implemented between us and the processor.
- We may share personal data with third parties (which will also be acting as controllers in respect of that personal data) in the following circumstances:
- If we are under a legal duty to do so or if it is required to enforce or apply our contracts or to protect the operation of our website, or the rights, property or safety of us or others.
- If we sell, transfer or merge parts of our business or our assets. If a change happens to our business, then the new owners will only be entitled to use personal data in accordance with the provisions set out in this privacy notice.
- Between companies within the Acuris Group (provided that in each case such use is restricted to the provisions set out in this privacy notice). Some of those entities may be based in or have offices outside the EEA. Any such transfers shall be subject to appropriate safeguards and the receiving entities shall be bound by the provisions set out in this privacy notice. For more details about the Acuris Group: www.acuris.com.
- This section is intended to set out generally the circumstances in which we will transfer personal data to other people. Please have a look at section 3 above which deals with additional transfers relevant to certain types of data only.
6. RIGHTS OF DATA SUBJECTS
Individuals have certain rights under the applicable data protection legislation in respect of the personal data which we hold relating to them. This includes:
- Right to be informed: the right to be informed about what personal data we collect and store about you and how it’s used.
- Right of access: the right to request a copy of the personal data held.
- Right of rectification: the right to require us to correct any personal data held about you which is inaccurate or incomplete.
- Right to be forgotten: in certain circumstances, the right to have the personal data held about you erased from our records.
- Right to restriction of processing: the right to request us to restrict the processing carried out in respect of personal data relating to you. You might want to do this, for instance, if you think the data held by us is inaccurate and you would like to restrict processing until the data has been reviewed and updated if necessary.
- Right of portability: in certain circumstances, the right to have the personal data held by us about you transferred to another organisation, to the extent it was provided in a structured, commonly used and machine-readable format.
- Right to object: the right to object where processing is carried out, including for direct marketing purposes.
- Right to object to automated processing: the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects (or other similar significant effects) on you.
7. COMPLAINTS OR QUERIES
7.1 If you wish to exercise any of your rights set out in section 6 above or contact us about any another matter, please contact our Data Protection Officer at:
- Call us on +44 (0)20 3741 1000
- Send an email to Data.Subject.Request@acuris.com
- Send a letter to Data Protection Officer, 10 Queen St Place, London, EC4R 1BE, UK.
- When we receive a request, we will try to verify your identity and the request, before responding to you within 28 days.
- Given the nature of the Services we provide, in certain situations, we may be able to rely on certain exemptions under the General Data Protection Regulation and the Data Protection Act 2018. These exemptions may enable us to resist the disclosure of information, erasure requests and rectification requests in certain circumstances, and exempt us from some notification obligations.
- We will confirm to you in writing to acknowledge receipt of any request we receive relating to your rights as a Data Subject, and we will let you know if we have complied with your request. If having, carried out an assessment, we believe we have an overriding reason for resisting your request, we will let you know why we have reached that conclusion.
- We will retain details of your request for two years, for quality assurance purposes, and may retain request relating to marketing preferences or restricted use for a longer period to ensure that we can comply with your request and to help if you have any further questions about the matter. Any such processing will be limited to the extent strictly necessary to achieve our legitimate interest of providing a robust and secure data management procedure.
- Please let us know if you are not happy about how we are handling your data. We will do our best to resolve the matter, but if you have further concerns it is your right to make a complaint to our Data Protection Officer (firstname.lastname@example.org) or the UK Information Commissioner’s Office at https://www.ico.org.uk/.
This privacy notice was drafted with brevity and clarity in mind. If you would like more details, please let us know.
This notice was last updated 27 June 2018.