1.1 Who we are
We are iCON Infrastructure LLP (“iCON”, “we”, “us”), a limited liability partnership incorporated and registered in England and Wales with company number OC364705 and registered office at 5th Floor, 15 Golden Square, London, W1F 9JG.
iCON is registered as a data controller (as defined under European Data Protection Regulation (Regulation (EU) 2016/679) with the UK Information Commissioner’s Office (“ICO”) and our registration number is Z3441590.
- What personal data we may collect from you;
- How we will use, store and protect your personal data;
- With whom we may share personal data; and
- Your rights under relevant data protection laws.
2 Lawful basis for processing
Under data protection laws, we must have a legal basis in order to process your personal data. The legal bases on which we may process your data are:
- Legitimate interest: in order to carry on and promote iCON’s infrastructure advisory business and related activities;
- Consent: where you have consented for us to process your personal data for one or more specific reasons;
- Performance of a contract: in order to perform a contract that iCON may have with you; and
- Legal obligation: where processing of the data is required by law. For example, to carry out ‘know your client’ checks required by our regulator, the Financial Conduct Authority, or similar requirements in respect of any of our subsidiaries.
3 What data we may collect from you
We may collect and process the following personal data:
- Your name, email address, telephone number(s), organisation, role and information related to our business relationship with you;
- For clients and commercial counterparties, the personal data of its representatives and staff, including the data set out above as well as date of birth, gender, financial information, visual images (such as copies of passports) and data contained in identity documentation;
- Cookie data (please see our Cookies Policy for further information);
- Technical data such as internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website; and
- Where permitted by law or to fulfil our regulatory requirements, we may process information about criminal convictions or offences and alleged offences for specific and limited activities and purposes, such as to perform checks to prevent and detect crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions. It may involve investigating and gathering intelligence on suspected financial crimes, fraud and threats and sharing data between banks and with law enforcement and regulatory bodies.
4 How we collect information from you
We collect your personal data in a number of ways:
- As you browse the iCON website certain information is collected automatically using cookies, server logs and other similar technologies. Please see our Cookies Policy on our website for further information;
- During the communications between us, such as via email, telephone, correspondence or in meetings;
- Any personal information you provide to us or one of our subsidiaries during your relationship with us as a client or commercial counterparty of us or one of our subsidiaries; and
- From third parties/public sources:
- Any personal data shared with us by our investments and prospective investments;
- Technical data may be obtained from the following parties:
(a) Our website management provider;
(b) Data analytics providers, such as Google Analytics; and
(c) Investor reporting applications, such as Intralinks.
- Identity and contact data from publicly availably sources such as internet searches, Companies House, Financial Conduct Authority, OpenCorporates, 192.com and Infogreffe or from subscription services such as Thomson Reuters, Dun & Bradstreet or ratings agencies (and including updates of such searches from time to time).
- In compliance with the United States of America Children’s Online Privacy Protection Act (COPPA), effective April 21, 2000, iCON does not require/request information from children under 13 years old that could reveal any information that could personally identify them. If, however, a child chooses to provide us with PII, through an e-mail, web form or other means, it will only be used to respond to the writer’s question(s) or request(s). The information will not be retained, used for another purpose, or shared with third parties.
5 How we use your personal data
We may use your personal data for the following purposes:
- To contact you to discuss any iCON services and to respond to any queries you have raised;
- To store your contact details in our Client Relationship Management databases;
- Where you are a client or commercial counterparty of iCON or one of our subsidiaries:
- To provide the relevant services;
- To carry out necessary anti-money laundering and anti-fraud checks, including any periodic updates of the same;
- To enable us or our subsidiaries to conduct day-to-day business activities with you; and
- To carry out general investor relations activities and communications.
- To personalise your experience on the iCON website; and
- As we believe to be necessary or appropriate:
- In order to comply with a legal obligation. This applies where the processing is necessary for us to comply with the law;
- To protect our legitimate rights, privacy, property or safety, and/or those of a third party and your rights do not override those interests.
We or our group companies may contact you about our services where we are legally entitled to do so and it is our legitimate interests to provide such information to you. In some cases, we may obtain your consent for such marketing communications.
If you do not wish to be contacted in this way, you can tell us by contacting us at [email protected]. We will process your request to be opted-out of such marketing communications within 30 days of receipt.
Where you opt out of receiving these marketing communications, we may still process your personal data for other required purposes, as specified in section 5 above.
7 Third party links
The iCON website may contain links to and from other applications, plug-ins and websites of other networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that they (and any services that may be accessible through them) have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these apps, websites or services. Please check these policies before you submit any personal data to these websites or use such services.
8 Retention of your data
We will not retain your personal data for longer than is necessary for the purposes for which the personal data is processed. This means that your data will only be retained for as long as it is still required to provide you with services or is necessary for legal (including regulatory) reasons. When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention periods. Using these criteria, we regularly review the personal data which we hold and the purposes for which it is held and processed.
When we determine that personal data can no longer be retained or where you request us to delete your data in accordance with your right to do so (please see section 12 below for more information), we ensure that this data is securely deleted or destroyed.
For more details about our retention periods, please contact us at [email protected].
9 Accuracy of your data
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
10 Security of your data
We seek to ensure that we have appropriate organisational and technical security measures to protect your personal data. These measures include ensuring our internal IT systems are suitably secure and implementing procedures to deal with any suspected data breach.
In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required, will notify you and any applicable authority of such a breach.
11 Transfer of your data
11.1 Transfers within our group
We may share your data with other companies and branches within the iCON group, including our:
- Branches based in Germany and France;
- Our subsidiary general partner entities currently based in Guernsey; and
- Our Canadian subsidiary and its US branch, iCON Infrastructure North America, Inc.
11.2 Transfers to third parties
There may be circumstances in which we may also need to share your personal data with certain third parties, including third parties located outside of the UK and the European Economic Area (EEA).
The third parties to which we may transfer your personal data include:
- Suppliers. We employ other companies and individuals to perform functions on our behalf, including our software suppliers, data hosting providers, data analytics providers, and anti-money laundering tools;
- Fund administrators and other service providers who assist us or our subsidiaries with the performance of services related to the investment funds which iCON advises and meeting business operational needs;
- Banks who assist us or our subsidiaries by acting as depositories for client funds;
- Other professional advisors such as accountants, lawyers, consultants and other business advisors engaged by us or our subsidiaries; and
- Other third parties where required under law or applicable regulation, or in connection with legal or regulatory proceedings.
The security of your data is important to us and iCON will, therefore, only transfer your data to such third parties if:
- The third party has agreed to comply with iCON’s instructions, required data security standards, policies, and procedures and put adequate security measures in place;
- The transfer complies with any applicable cross border transfer restrictions and suitable safeguards have been put in place; and
- A written contract containing suitable obligations and protections has been entered into between the parties.
As mentioned above, iCON will only transfer your data where suitable safeguards have been put in place. These safeguards are intended to ensure a similar degree of protection is afforded to your data wherever it may be transferred and include:
- Only transferring your personal data to countries which have been deemed to provide an adequate level of protection for personal data by the European Commission; and
- Where your data will be transferred by iCON outside of the UK or EEA, entering into specific contractual terms which have been approved by the ICO and which give personal data the same protection as within the UK.
We may also share your personal information with a purchaser or potential purchaser of businesses connected with iCON or its subsidiaries and in some circumstances, we may have to disclose your personal information by law, either because our regulator, the courts or other law enforcement agency has asked us for it, or to enforce our legal rights.
For more information on the safeguards used by iCON when transfers of personal data to third parties, please contact us at [email protected].
12 Your rights
You have certain rights in relation to the personal data iCON process and hold about you. These include:
- Right to rectification: you have the right to require iCON to correct any inaccuracies in your data.
- Right to erasure: you have the right to require iCON to delete your data, subject to certain legal requirements.
- Right to restriction of processing: you have the right to require iCON to restrict the way in which iCON processes your personal data. You may wish to restrict processing if, for example:
- You contest the accuracy of the data and wish to have it corrected;
- You object to processing but iCON is required to retain the data for reasons of public interest; or
- If you would prefer restriction to erasure.
- Right to data portability: you have the right to obtain from iCON easily and securely the personal data we hold on you for any purpose you see fit.
- Right to object to processing: you have the right to require iCON to stop processing your personal data should you wish the data to be retained but no longer processed.
- Right of access you have the right to request access to personal data that iCON may process about you.
- Right to withdraw consent: you have the right at any time to withdraw consent allowing iCON to process your personal data.
If you would like to exercise any of the above rights, please contact iCON at [email protected]. We will respond to requests made by you within one month.
You should also be aware that you have the right to raise any concerns in relation to how iCON processes your personal data to the ICO (www.ico.org.uk).
iCON Infrastructure LLP
15 Golden Square,
Email address: [email protected]
Telephone number: +44 20 7292 9661
Last updated: 28 March 2023