1. Introduction

This privacy notice outlines how we, Independent Research Forum Ltd (“IRF”), the Data Controller, collect and use your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your privacy rights. Please read this notice carefully so that you understand your rights in relation to your personal data, and how we will collect, use and process your personal data. IRF operates in London, with expanding links with professional investors throughout the US, Europe and Asia. Our primary purpose is to facilitate mutually beneficial relationships between professional investors and independent research providers (“IRPs”). For the purpose of this notice, IRF is a limited company incorporated in England and Wales (registered number 10152530) with registered address at Suite 5, 4th Floor, 3 Universal Square Devonshire Street North Manchester M12 6JH England. If you have any queries in relation to this notice, or need more information, please do not hesitate to contact us at: Office Manager Independent Research Forum Ltd 30 Moorgate London EC2R 6DA Or email us at: compliance@independentresearchforum.com

2. Information about your Personal Data

This Privacy Notice relates to personal data about you, and your interaction with our services. “Personal Data” is information that identifies you or can be used to identify you, directly or indirectly, alone or together with other information. This includes things such as your full name, email address, phone number, certain cookie and network identifiers, passport details and utility bills. IRF collects, uses, discloses and processes Personal Data as outlined in this Privacy Notice.

3. Personal Data we collect

Some of the Personal Data we collect about you is obtained directly from you when you enter it via our website or write to us. However, we may also obtain Personal Data from the businesses we contract with and anyone who acts on your behalf, as well as information obtained by conducting our own research, information gathered from publicly available sources, and from service providers we have engaged to carry out specific data processing activities, such as our “compliance umbrella” services.

We collect the following types of personal data:

• Identity information, including personal details such as your full name, date of birth, email address, postal address and contact details where necessary;
• Information about the business you work for or represent;
• Log-in information for our “Providers” section on our website;
• Information about your business, business partners, beneficial owners or directors;
• Details of our interactions with you, including written/electronic communication about services and products you use, logs of telephone calls with you and us, notes from meetings, records of any agreements, transactions which contain your name and any identifiers that we hold;
• Investor profile and transaction information;
• Asset class, geographical coverage and strategy information;
• Account information, including bank account details (where relevant);
• KYC and other information we are required to collect to meet our regulatory obligations.

4. How do we use your Personal Data and our lawful basis for processing

We use Personal Data to contact you in relation to services and information you may be interested in knowing about.

We collect and use Personal Data relating to you if you visit our website, utilise our services, make enquiries or send other communications, apply for jobs at IRF, subscribe to The Cut, register for one of our events, when you respond to communications by us, or when we reasonably believe that given the nature of your business role you would be interested in receiving information about our services. Your relationship with us will determine the purpose for which we use particular information about you and the applicable lawful basis under data protection legislation. We may be required by law to collect certain information (“Legal Obligation”), require it in order to perform a contract, or prior to entering into a contract with you(“Contract”), or use it for our or a third party’s legitimate business interests where these do not override your rights or interest (“Legitimate Interests”). Where we contact you in connection with our services, we may do so by email, via LinkedIn or using messaging tools such as through Bloomberg. We may collect and use your information in the following ways:

• To manage an account you have with us and update the records we hold about you from time to time (lawful basis: Contract);
• To enable access to our products and services and to operate and improve those products and services (lawful basis: Contract and Legitimate Interests);
• To offer you the opportunity to use our services (lawful basis: legitimate interests)
• To effectively respond to your queries (lawful basis: Contract and Legitimate Interests);
• KYC and anti-money laundering checks; this includes identity verification, investor profile and transaction information (lawful basis: Legal Obligation);
• Any other processing for which you have given your consent, for example surveys (lawful basis: Consent);
• To circulate our fortnightly publication, The Cut (lawful basis: Legitimate Interests),
• Advertising and marketing, including to provide information about our events (lawful basis: Legitimate Interests or, where required by law, Consent) and
• Regulatory, legal and audit purposes (lawful basis: Legal Obligation and Legitimate Interests).

5. Who has access to your Personal Data?

• Your Personal Data will be processed by employees of IRF for the purposes outlined in this notice. We may also share your details with third parties, including:
• IT service providers, including Dropbox, Bloomberg IB and MailChimp who we use to process and store information;
• Messels Compliance Service who provide a “compliance umbrella” service to assist us in fulfilling our obligation to you;
• Sub-contractors we may use in technical, payment and delivery services;
• Third-party service providers who perform functions on our behalf under contract, support our systems, operations and/or processes;
• Credit reference agencies and other background check providers;
• Tax, audit or other authorities, when we believe in good faith that the law or other regulation requires us to share this information, for example where processes and systems are being compliance assessed; and
• Law enforcement or other regulatory bodies who can legally request access to information about you for the prevention and detection of crime, the apprehension or prosecution of offenders, and the assessment or collection of tax.

6. Consent

Where we need your consent to hold your information we will ask you to confirm your consent in writing and we will inform you why we are collecting the information, how we will use it, how long we keep it for, who else will have access to it and what your rights are as a data subject. Where we do rely on consent you have the right to change your mind and withdraw that consent at any time by writing to us. If you withdraw your consent we will cease using any personal information obtained and processed under that consent unless we have some other legal obligation to continue to use it. Please note that withdrawing consent will not affect the lawfulness of our processing prior to consent being withdrawn. To withdraw consent, please contact us at compliance@independentresearchforum.com

7. Information security and international transfer of data

IRF is committed to being transparent and taking all reasonable and appropriate steps to keeping your personal information secure and to protect it from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures. It may be necessary to transfer your data to suppliers/service providers where we rely on storage, system and administrative support from outside the United Kingdom or the European Economic Area therefore the processing of your data may involve a transfer of data to countries outside of the United Kingdom. We take all reasonable steps to ensure that your personal data is processed securely. We will only transfer personal information outside the United Kingdom where it is compliant with applicable data protection legislation and the means of transfer provides adequate safeguards in relation to your personal information.

8. Data retention

We will retain your Personal Data for as long as you have a relationship with us or as otherwise necessary to provide you the services. We will also retain your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Where we no longer need to process your Personal Data for the purposes set out in this Privacy Notice, we will delete your Personal Data from our systems.

9. Your rights

To exercise your privacy rights please send your request in writing. We may be required to verify your identity for security purposes. Your rights are outlined below:

• The right to access information we hold about you, why we have that information, who has access to the information and where we obtained the information from.
• The right to correct and update the information we hold about you. If the data we hold about you is out of date, incomplete or incorrect you can inform us and your data will be updated.
• The right to have your information erased. If you feel we should no longer be using your data you can request that we erase the data that we hold. Upon receiving a request for erasure we will confirm whether it has been deleted or a reason why it cannot be deleted (for example because we have a legal obligation to keep the information or we need it for a legitimate business interest).
• The right to object to processing of your data. You may request that we stop processing information about you. Upon receiving your request we will contact you and let you know if we are able to comply or if we have legitimate grounds to continue to process your data. Even after you exercise your right to object, we may continue to hold your data to comply with your other rights or bring or defend legal claims.
• The right to data portability. You have the right to request that we transfer your data to another controller.
• The right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data:
  (a) if you want us to establish the data’s accuracy;
  (b) where our use of the data is unlawful but you do not want us to erase it;
  (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
  (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
• The right to withdraw consent at any time where we are relying on consent to process your personal data.
• We will comply with your request where it is feasible to do so, within 30 days of receiving your request. There are no fees or charges for the first request. However additional requests for the same data may be subject to an administrative fee of £25 per request. To exercise your rights please do so by writing to: Office Manager, Independent Research Forum Ltd, 30 Moorgate, London, EC2R 6DA Or email us at: compliance@independentresearchforum.com

10. Use of cookies

We use cookies to collect information about your browsing activities over time following your use of our services. They allow us to recognise and count the number of users and to see how users move around our website when they are using it. This helps us to improve the services we provide to you and the way the website works. We do not use any third party cookies on our website.

11. Complaints process

At IRF we aim to ensure all information collected about you is done so fairly and lawfully, whilst implementing robust measures to keep your information secure. If you are not satisfied with the information provided in this notice, please contact us in the first instance so we can resolve your queries or provide you with any additional information required. Alternatively it is your right to contact your local Data Protection Authority and lodge a complaint. In the UK the Data Protection Authority is the Information Commissioner. For more information please visit the Information Commissioner’s office at www.ico.org.uk/concerns or call them on 0303 123 1113, or write to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

12. Changes

Any changes we make to this notice in the future will be posted on this page. Please check back to see any updates or changes to this notice