PRIVACY POLICY

Last updated: December 2024

1. Introduction

Elbrus Capital Partners LLP ("we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website elbruscapital.co.uk or use our services.

This policy is compliant with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the requirements of the Financial Conduct Authority (FCA) for regulated financial services firms.

2. Data Controller

The data controller responsible for your personal data is:

3. Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Information You Provide

• Identity Data: Full name, title, date of birth, nationality, and identification documents
• Contact Data: Email address, telephone number, and postal address
• Financial Data: Bank account details, investment history, source of funds, and net worth information
• Professional Data: Employment status, occupation, and employer details
• Communication Data: Correspondence with us, including emails, letters, and records of telephone conversations

3.2 Information Collected Automatically

• Technical Data: IP address, browser type and version, time zone setting, operating system, and platform
• Usage Data: Information about how you use our website and services
• Cookie Data: See our Cookie Policy for more details

3.3 Information from Third Parties

• Credit reference agencies
• Identity verification services
• Fraud prevention agencies
• Publicly available sources and registers

4. Legal Basis for Processing

We process your personal data on the following legal bases:

4.1 Contractual Necessity

Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract. This includes providing our investment management and advisory services.

4.2 Legal Obligation

Processing is necessary for compliance with our legal obligations, including:

• Anti-money laundering (AML) and counter-terrorism financing requirements
• FCA regulatory requirements and reporting obligations
• Tax reporting obligations
• Record-keeping requirements under financial services regulations

4.3 Legitimate Interests

Processing is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests. This includes:

• Marketing our services to existing clients
• Improving our website and services
• Protecting our business and legal interests

4.4 Consent

Where you have given consent for specific processing activities, such as receiving marketing communications. You may withdraw consent at any time.

5. How We Use Your Personal Data

We use your personal data for the following purposes:

• To provide investment management, advisory, and related financial services
• To process and manage your account and investments
• To conduct client due diligence and verify your identity
• To comply with legal and regulatory obligations
• To communicate with you about our services and your investments
• To respond to your enquiries and requests
• To improve our website, products, and services
• To send marketing communications (with your consent where required)
• To detect and prevent fraud and financial crime

6. Data Sharing and Disclosure

We may share your personal data with:

• Regulatory Bodies: The FCA, HMRC, and other regulatory authorities as required by law
• Service Providers: Third parties who provide services on our behalf, including custodians, fund administrators, IT providers, and professional advisers
• Financial Institutions: Banks and other financial institutions in connection with your investments
• Legal and Professional Advisers: Lawyers, accountants, and auditors
• Fraud Prevention Agencies: For identity verification and fraud prevention purposes

All third parties are required to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.

7. International Transfers

We may transfer your personal data outside the UK where necessary to provide our services. When we do so, we ensure appropriate safeguards are in place, such as:

• Transfers to countries with an adequate level of data protection as determined by the UK government
• Standard contractual clauses approved by the UK Information Commissioner's Office
• Other legally recognised transfer mechanisms

8. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including:

Data Category	Retention Period
Client records and transaction data	Minimum 5 years after the end of the client relationship (as required by FCA rules)
AML/KYC documentation	5 years after the end of the business relationship
Marketing consent records	Until consent is withdrawn plus 2 years
Website enquiries	2 years unless a client relationship is established
Complaints records	5 years from the date of the complaint

We may retain data for longer periods where required by law or for regulatory purposes.

9. Your Rights

Under UK data protection law, you have the following rights:

9.1 Right of Access

You have the right to request a copy of the personal data we hold about you (commonly known as a "data subject access request").

9.2 Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data we hold about you.

9.3 Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, although this right is not absolute and may be subject to legal and regulatory requirements.

9.4 Right to Restriction

You have the right to request restriction of processing of your personal data in certain circumstances.

9.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format in certain circumstances.

9.6 Right to Object

You have the right to object to processing of your personal data in certain circumstances, including for direct marketing purposes.

9.7 Rights Related to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.

To exercise any of these rights, please contact us using the details provided in Section 2. We will respond to your request within one month of receipt.

10. Data Security

We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of personal data in transit and at rest
• Access controls and authentication measures
• Regular security assessments and testing
• Staff training on data protection and security
• Incident response and breach notification procedures

11. FCA Regulatory Requirements

As an FCA-authorised firm, we are required to collect and retain certain personal data to comply with regulatory requirements, including:

• Know Your Customer (KYC): We must verify your identity and understand your financial circumstances before providing investment services
• Suitability Assessments: We assess whether our services and investment recommendations are suitable for you
• Record Keeping: We maintain records of our services and communications as required by FCA rules
• Regulatory Reporting: We may be required to report certain information to the FCA and other regulatory bodies

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

13. Complaints

If you have any concerns about our use of your personal data, please contact us first. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

14. Contact Us

For any questions about this Privacy Policy or our data protection practices, please contact: