Privacy
Capula Investment Management LLP and/or any of its affiliates (together and/or separately, as the context may require, “Capula” or “we” or “us”) may collect and process certain personal data about you (i.e. information that identifies you).
This privacy notice sets out the basis on which personal data about you will be processed by Capula. If you are dealing with Capula (i) in a capacity of an officer, employee, director, contractor, agent or principal of (a) a past or prospective client of Capula or investor in a fund managed by Capula, (b) a counterparty of Capula or a fund managed by Capula; or (c) a service provider; (ii) as a director of any of Capula fund; or (iii) as an individual interested in a career at Capula, please take the time to read and understand this privacy notice.
Capula is (i) a data controller in respect of your personal data for the purposes of data protection laws, such as the Gramm-Leach-Bliley Act, the California Consumer Privacy Act, the European Union General Data Protection Regulation, the General Data Protection Regulation as it forms part of the domestic law of the United Kingdom, the Data Protection Act 2018, the Data Protection Act (As Revised) of the Cayman Islands, the Act on Protection of Personal Information in Japan, the Personal Data Protection Act 2012 of Singapore and (ii) a data user for the purposes of the Personal Data (Privacy) Ordinance of Hong Kong. As a data controller, Capula determine the means for, and the manner in which, we process your personal data; and we are responsible for ensuring that we use your personal data in compliance with data protection law.
Personal Data that We Collect About You
Capula may collect and process some or all of the following categories of personal data about you which you provide to us by filling in forms or by communicating with us, whether face-to-face, by phone, in writing or by e-mail or which we otherwise collect in the course of our interactions.
Information that you may provide to us:
-
- Your personal details – your full name, gender, date of birth, nationality, occupation and your signature;
- Your contact details – email address, place of work, telephone number, current and/or previous work and/or home address;
- Identification documents – passport, national identity card, driving licence, copy of your visa, photograph and government-issued personal identifiers such as National Insurance Number or social security number;
- Education and qualification details – your current and past job positions, employment history, previous employer references, conduct history (civil and criminal), education and certifications;
- Financial information – bank account details, personal account dealing information, utility bills, bank statements or mortgage statements;
- Investment information – source of funds, investment experience and objectives, risk tolerance, representation required under the applicable law or regulations;
- Other personal information that you provide to us, including health information, marital status, personal details relating to your immediate family members;
Information we collect or generate about you:
-
- Personal data that we collect through your use of our web-site or email system;
- Personal data disclosed by you in the course of telephone conversations where such conversations are required to be recorded for regulatory compliance reasons;
- Information obtained in the course of our business activities;
- Search results of the UK Financial Conduct Authority records, recruitment and screening agencies and social media searches;
- Information obtained as part of due diligence, know-your-customer and related process; and
- Technical information collected via our web-site about the services you use and how you use them.
Some of the above information (such as biometric data, civil and criminal conduct history, health information, political affiliations) is categorised as sensitive personal data. As with any personal data, we will only collect and process sensitive information where we have a legal basis for such collection and processing, including where required or permitted under applicable law or where we have your consent (where we are legally required to do so).
You are not required to supply any of the personal data that we request. However, failure to supply any of the personal data that we request may result in our being unable to provide services to you or your company, discuss any business opportunities with you or deal with other matters.
Uses of Your Personal Data
The categories of your personal data described above may be stored and processed by us for the following purposes:
-
- To meet our legal obligations owed to you and to perform our obligations and exercise our rights under our contract with you, or the relevant counterparty, if different;
- To conduct KYC and background screening checks to verify information provided by you for due diligence purposes or in order to confirm your suitability for any future recruitment, appointment as a service provider or admission as a preferred counterparty;
- To comply with legal, regulatory or self-regulatory practices and industry standards or procedures which relate to our business;
- To contact you about services and products we offer;
- To allow you secure access to our web-site and to prevent any potential disruption or cyberattack;
- For statistical monitoring of our web-site trafficking, intended to understand your needs and interest; or
- For the management and administration of our business.
Capula is entitled to process your personal data in these ways for the following reasons:
-
- To discharge our legal and regulatory obligations;
- To perform our obligations and exercise our rights in connection with a contract between us, or with a relevant counterparty;
- For the legitimate business interests of Capula, such as:
- Allowing us to effectively and efficiently administer and manage the operation of our business;
- To establish, exercise or defend our legal rights or for the purpose of legal proceedings;
- Maintaining compliance with all legal and regulatory obligations, industry standards, internal policies and procedures and preventing fraud; or
- In respect of any processing of sensitive personal data falling within special categories, if there is a legislative justification for its processing.
Disclosure of Your Information to Third Parties
We may share the categories of your personal data described above within the Capula group for the purposes of: (i) management and administration of our business, (ii) complying with the functions that each of the entities may perform, (iii) regional or global investor relations or HR activities (iv) assessing compliance with applicable laws, rules and regulations, internal policies and procedures across our business and (v) enabling adequate communication with you.
Capula may from time to time, in connection with the purposes described in the previous section, disclose the categories of your personal data described above to third parties outside of the Capula group, including (i) third parties that process your personal data on our behalf; (ii) professional advisers such as law firms, auditors, and accountancy firms, (iii) recruitment consultants, travel agents, payments, technology and communication service providers, (iv) counterparties and (v) courts and regulatory, tax and governmental authorities. These persons may be permitted to disclose further your personal data to other parties, but only to the extent necessary to perform the services or functions for which they have contracted with Capula to provide.
Capula will ensure that your personal data is accessed by the Capula group’s staff and third parties on a need-to-know basis and subject to general legal requirements, general confidentiality and/or other arrangements.
You may request that we not disclose your personal data to parties that are not affiliated with Capula or that are not providing services on behalf of Capula. To exercise this right, please contact Capula using the contact information below.
Transfers of Personal Data
Your personal data may be transferred to and stored by persons outside of the European Economic Area (the “EEA”) or the United Kingdom, and in particular may be transferred to and stored by individuals operating outside of the EEA or the United Kingdom, for example, those who work for a non-UK Capula group entity or a non-EEA and/or non-UK third party.
Where personal data is transferred outside of the EEA, Capula will ensure that the transfer is subject to appropriate safeguards or is otherwise permitted under applicable law. For example, the country to which the personal data is transferred may be approved by the European Commission or the recipient may have agreed to the approved model contractual clauses that oblige them to protect the personal data. Similarly, where personal data is transferred outside the United Kingdom, Capula will ensure that the transfer is subject to appropriate safeguards or is otherwise permitted under applicable law. For example, in the context of personal data transferred outside the UK, the country to which the personal data is transferred may be approved by the UK Government or the recipient may have agreed to the approved model contractual clauses that oblige them to protect the personal data.
Protecting Your Personal Data
We are committed to safeguarding and protecting your personal data and we maintain appropriate security measures to protect your personal data from improper, unauthorised, unlawful or accidental disclosure, destruction, alteration, use, access, loss or damage. These measures include:
-
- Designating employees responsible for the security program;
- Identifying and assessing security risks;
- Developing policies for the storage, access, and transportation of personal data;
- Imposing disciplinary measures for violations of the security program, as appropriate;
- Limiting access by terminated employees;
- Overseeing the practices of third-party vendors;
- Restricting physical access to records;
- Monitoring and reviewing the scope and effectiveness of the security program; and
- Documenting steps taken in response to data security incidents.
Our computer system security standards include:
-
- Securing user credentials;
- Restricting access to personal data on a need-to-know basis;
- Encrypting the transmission and storage of personal data;
- Monitoring of security systems;
- Updating firewalls, security patches, anti-virus, and anti-malware software; and
- Training employees on the proper use of the computer security systems.
To protect your personal data, we permit access only by authorised employees who need access to that information in order to perform their jobs. Such staff members primarily include investor relations, legal, compliance, operations, product control, finance and administrative staff.
Retention of Personal Data
How long Capula holds personal data for will vary. The retention period will be determined by various criteria, including the purposes for which Capula is using it and legal obligations (as laws or regulations may set a minimum period for which Capula has to keep your personal data).
Your Rights
You have a number of legal rights in relation to the personal data that we hold about you. These rights include:
- The right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you;
- Where you have actively provided your consent for us to process your personal data, the right to withdraw your consent at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) for doing so;
- In some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us;
- The right to request that we rectify your personal data if it is inaccurate or incomplete;
- The right to request that we erase, or restrict our processing of, your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase, or restrict our processing of, your personal data but we are legally entitled to retain it or to refuse that request. Any such request could also result in us being unable to provide any services to you; and
- The right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by us.
Contacting us
If you would like further information on the collection, use, disclosure, transfer (including the protection given to your personal data when it is transferred) or processing of your personal data or the exercise of any of the rights listed above, please address questions, comments and requests to Capula at admin@capulaglobal.com or +44 20 7071 0900 (in London) or +1 203 542 2400 (in the U.S.). Additionally, you can find out more information about your rights (a) under the applicable EU data protection law, by contacting an EU data regulator in the relevant EEA country or (b) under the applicable UK data protection law, by contacting the UK’s Information Commissioner’s Office, or by searching their website at https://ico.org.uk/.
Updates to this Privacy Notice
We may change or update portions of this privacy notice to reflect changes in our practices and or applicable law and regulation. Please check this privacy notice from time to time so you are aware of any changes or updates. Where required under applicable data protection and privacy laws, we will notify you of any change or update portions of this privacy notice by individual message or by disclosing the changes to the data processing on a publicly available medium.
Version: August 2024.