Global Privacy Policy

Topics

This Global Privacy Policy (“Privacy Policy”) is divided into the following sections:

 

Introduction

Northleaf Capital Partners is committed to respecting your privacy.

This Privacy Policy explains how we at the Northleaf Capital Partners group of companies (“Northleaf”, “we”, “us” or “our”) collect, use and disclose the personal information relating to natural persons that we receive when you visit this website, use our services, or communicate with us, through our websites, investor portals, mobile apps, electronic communications and in paper forms (the “Communications”), as a client or prospective client, business partner or general contact (together the “Corporate Contacts”).

Northleaf is an independent employee-owned global private markets investor. Northleaf is made up of different legal entities (each of which we refer to as an “Affiliate”).

When Northleaf processes your personal information it is responsible as ‘controller’ of that personal information for the purposes of applicable data protection laws including, where relevant, the EU General Data Protection Regulation (“GDPR”)

Please read this Privacy Policy carefully. By using and/or accessing our Communications, you acknowledge the information practices and other terms set forth in this Privacy Policy. This Privacy Policy does not apply to our employee personal data or candidate recruiting practices. Please refer to other privacy policies pertaining to those activities.

 

Contact Us

If you have any questions about our Privacy Policy or your information, or to exercise any of your rights as described in this Privacy Policy or under data protection laws, you can contact us as follows:

Northleaf Capital Partners
79 Wellington Street West 

6th Floor, Box 120
Toronto, ON  M5K 1N9
Canada

Attn: Compliance Department

By email: contact@northleafcapital.com

 

Data Protection Principles

Northleaf adheres to the following principles when processing your personal information as data controller:

  1. Lawfulness, fairness and transparency: data must be processed lawfully, fairly and in a transparent manner.
  2. Purpose limitation: data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  3. Data minimisation: data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  4. Accuracy: data must be accurate and, where necessary, kept up to date.
  5. Storage limitation: data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal information are processed.
  6. Integrity and confidentiality: data must be processed in a manner that ensures appropriate security of the personal information, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage by using appropriate technical or organisational measures.

 

Personal Information We Collect and What We Do with Your Personal Information

Information you give us

You may provide us with information through the website or mobile app, by email, over the phone or otherwise communicate or be in contact with us in your capacity as a Corporate Contact, when you:

  • request additional information about our business or ask us to contact you; and
  • do business with us, for example, by investing in or alongside us, accepting investments from us or otherwise working with us to complete and/or manage investments.

We do not generally seek to collect sensitive personal information through our website or as part of our business transactions. Sensitive personal information is information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; health or sex life, sexual orientation; genetic or biometric information. If we do collect sensitive personal information, we will ask for your explicit consent to our proposed use of that information at the time of collection.

Information we collect from you - Aggregated Data

We may collect, use and share “Aggregated Data” such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

Children

This website is not intended for or directed at children under the age of 18 years and we do not knowingly collect information relating to children under this age.

How we use your personal information

As a data controller, Northleaf will only use your personal information if we have a legal basis for doing so. The personal data that we collect, the purpose for which we use and process your information and the legal basis on which we carry out each type of processing is explained in the table below.

Category of personal data

Purposes for which we will process the information

Legal basis for the processing

Contact Information
I
ncluding first and last name, telephone number, fax number, address, email address, signature and any other identifier that permits Northleaf to make contact with you.
To communicate with, pay funds to, keep records for, contract with, and provide services to investors (including prospective investors, herein referred collectively as “Investor” or “Investors”).
To send you information regarding changes to our policies, other terms and other administrative information.
Legitimate interest 
Legal compliance 
Performance of contract
Consent (where applicable)*
Employment Information 
Including title/role, institution/company, location, compensation, work history, education, qualification/training and if the individual is registered under local securities laws.
To perform background screening of Investors, investment partners, and employees to comply with our anti-money laundering, “Know Your Client” (“KYC”) and other related internal policies and procedures.
To identify and assess the suitability of Investors.
Legitimate interest 
Legal compliance 
Performance of contract
Consent (where applicable)*
Account/Financial Information
Including Contact Information, date of birth, bank account information, wire transfer information, expense details, beneficiary designation, Investor commitments, ledgers, positions, balances, percentages of fund, credit information, social insurance number (or similar), insider status, financial information and history, and tax information.
To do business with you, for example, in respect of reviewing, structuring, completing and managing investments.
To identify and assess the suitability of Investors.
To perform background screening of Investors, investment partners, and employees to comply with our anti-money laundering, KYC and other related internal policies and procedures.
To administer accounts and keep transaction records.
Legitimate interest 
Legal compliance 
Performance of contract
Consent (where applicable)*
Identification Information
Including certain Contact Information, photo, log-ins, dial-ins, and codes.
To carry out our obligations arising from any contracts entered into with you.
To enforce any contracts entered into with you.
To provide you with information and materials that you request from us.
To update you on our products and services and anything else that we believe may be of interest to our Corporate Contacts.
To invite you to come to an event or presentation which may be of interest to you.
To secure physical and digital access control, electronic communications, and electronic asset management.
Legitimate interest 
Performance of contract
Consent (where applicable)*
If you would prefer not to receive any direct marketing communications from us, you can opt-out at any time by clicking unsubscribe or contacting us at  unsubscribe@northleafcapital.com
 
Government Identification Information
Including social insurance number (or similar), taxpayer identification number, date of birth, driver’s license, passport, other official government identification and numbers, legal work status and KYC details
To identify and assess the suitability of Investors.
To perform background screening of Investors, investment partners, and employees to comply with our anti-money laundering, KYC and other related internal policies and procedures.
To meet relevant regulatory requirements.
To comply with tax requirements.
To accept/process funds from, pay funds to, keep records for, contract with and provide services to Investors, vendors and employees.
Legal compliance 
Performance of contract
Consent (where applicable)*
Cookies, Analytics and Related Technologies
To administer our website including troubleshooting, data analysis, testing, research, statistical and survey purposes.
To improve our website to ensure that content is presented in the most effective manner for you and your computer, mobile device or other item of hardware through which you access the website.
To keep our website safe and secure.
Legitimate interest 
Legal compliance 
Consent (where applicable)*

*Generally, in respect of Northleaf’s establishment in the United Kingdom (and any future establishments in the European Union), we do not rely on consent as a legal basis for processing the personal data of Corporate Contacts although we may need your consent before sending direct marketing communications to you via email and we require your consent to use cookies which are not strictly necessary (for further details please see the Cookies section below). The inclusion of consent in the table above relates to Northleaf’s establishments outside the United Kingdom and European Union where consent may be relied upon in accordance with applicable local data protection legislation. Where you provide consent, you can withdraw your consent at any time and free of charge, but without affecting the lawfulness of processing based on consent before its withdrawal. In some cases, withdrawing your consent will limit or remove our ability to do business with you. You can update your details or change your privacy preferences by contacting us as provided in the Contact Us section above.

Northleaf will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you in a timely manner and we will explain the legal basis which allows us to do so.

 

Disclosure of Your Personal Data to Third Parties

Northleaf will not sell, rent, lease or otherwise share your personal information other than as outlined in this Privacy Policy or without obtaining your consent beforehand.

We will share your personal information with our Affiliates and advisers as necessary to carry out the purposes for which the information was supplied or collected (i.e., to manage transactions, investments and funds).

Personal information will also be shared with our third-party service providers and business partners who assist with the running of the website and the operation of our business including hosting providers and CRM solution providers. Our third-party service providers and business partners are subject to security and confidentiality obligations and are only permitted to process your personal information for specified purposes and in accordance with our instructions.

In addition, Northleaf may disclose information about you:

  • to our professional advisers including lawyers, auditors and insurers;
  • in the event that we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets;
  • if all or substantially all of Northleaf’s (or one of its Affiliate’s) assets are acquired by a third party, in which case personal information held by it about its Corporate Contacts will be one of the transferred assets;
  • if we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation;
  • if necessary to protect the vital interests of a person; and
  • to enforce or apply our contracts or to establish, exercise or defend the rights of Northleaf, its staff or other related persons.

 

International Transfers

It may be necessary for us to transfer your personal information outside of the country in which it was collected or your jurisdiction of residence when transferring it to our Affiliates and our service providers and business partners located in other countries. Also, we exchange personal information between our offices in Canada, the USA, UK and Australia.

The European Commission has decided that Canada provides adequate levels of data protection. Therefore, we rely on this adequacy decision in ensuring that the  transfer  of personal data from the European Economic Area (“EEA”) to Canada is compliant with EU data protection laws.

Where personal information is transferred from the EEA to and stored in a country not determined by the European Commission as providing adequate levels of protection for personal information (such as the USA and Australia), we take steps to ensure such transfers are in accordance with the GDPR and provide appropriate safeguards to protect your personal information, including entering into standard contractual clauses approved by the European Commission, obliging recipients to protect your personal information.

Where personal information is transferred from a country outside the EEA to another country (such as from Canada to the USA), we also take steps to provide appropriate safeguards to protect your personal information.

If you want further information on the specific mechanism used by us when transferring your personal information internationally, please contact us using the details set out above.

 

Security of Your Personal Data

We use appropriate technical and organisational security measures to protect personal information both online and offline from unauthorised use, loss, alteration or destruction. We use physical and procedural security measures to protect information from the point of collection to the point of destruction.

Where data processing is carried out on our behalf by a third party, we take steps to ensure that appropriate security measures are in place to prevent unauthorised disclosure of personal information.

Despite these precautions, however, Northleaf cannot guarantee the security of information transmitted over the Internet or that unauthorised persons will not obtain access to personal information. In the event of a data breach, Northleaf has put in place procedures to deal with any suspected breach and will notify you and any applicable regulator of a breach where required to do so.

If you have any questions about security on our website or within our business operations, you can contact us as provided in Contact Us above.

 

How Long We Keep Your Personal Data

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy, subject to your right, under certain circumstances, to have certain of your personal information erased (see Your Rights below), unless a longer period is permitted or required under applicable law or is needed to resolve disputes, where there is a prospect of litigation or to protect our legal rights.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

 

Your Rights

Access To and Updating Your Personal Data

You have the right to access information which we hold about you (“data subject access request”).

In those circumstances where the GDPR applies to us, you may also have the right to receive personal information which you have provided to us in a structured and commonly used format so that it can be transferred to another data controller (“data portability”). The right to data portability only applies where your personal data is processed by us with your consent or for the performance of a contract and when processing is carried out by automated means.

We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate. Please keep us informed if your personal information changes during your relationship with us.

Right to Object

Direct marketing

You have the right to object at any time to our processing of your personal information for direct marketing purposes.

Where we process your information based on our legitimate interests

In those circumstances where the GDPR applies to us, you also have the right to object, on grounds relating to your particular situation, at any time to processing of your personal information which is based on our legitimate interests. Where you object on this ground, we shall no longer process your personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Your Other Rights

You also have the following rights under data protection laws to request that we rectify your personal information which is inaccurate or incomplete.

In certain circumstances, you have the right to:

  • in those circumstances where the GDPR applies to us, request the erasure of your personal information: this enables you to ask us to delete or remove personal data where there is no good reason for us to continuing to process it (“right to be forgotten”);
  • restrict the processing of your personal information.

Please note that the above rights are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply.

For example, we may refuse a request for erasure of personal information where the processing is necessary to comply with a legal obligation or necessary for the establishment, exercise or defence of legal claims. We may refuse to comply with a request for restriction if the request is manifestly unfounded or excessive.

 

Exercising Your Rights

You can exercise any of your rights as described in this Privacy Policy and under data protection laws by contacting us as provided in Contact Us above.

Save as described in this Privacy Policy or provided under data protection laws, there is no charge for the exercise of your legal rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or (b) refuse to act on the request.

Where we have reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity.

 

Cookies

In order to improve the website, we may use small files commonly known as “cookies”. A cookie is a small amount of data which often includes a unique identifier that is sent to your computer or mobile phone (your “device”) from the website and is stored on your device’s browser or hard drive.

By continuing to browse the website, you are agreeing to our use of cookies.

If you do not want us to use cookies when you use the website, you can set your internet browser not to accept cookies. However, if you block cookies some of the features on the website may not function as a result.

You can find more information about how to manage cookies for all the commonly used internet browsers by visiting www.allaboutcookies.org. This website will also explain how you can delete cookies which are already stored on your device.

We ask for your consent to place cookies on your device, except where these are essential for us to provide you with a service that you have requested.

We currently set the following cookies:

Cookie

Purpose

has_js
Track if you have javascript enabled to provide basic site functionality such as search and filtering results on the Professionals (Team) page

Cookies from third parties

We currently use the following third-party cookies:

Third Party Cookies

Cookie Name(s)

Purpose

Link

Google Analytics
 
These cookies provide us with a visitor count and an understanding of how visitors move around and use the website. We can then use this information to improve navigability and the website generally – please see further details below.
FIS
Session cookie - dxSession






ASP.Net session cookie - ASP.NET_SessionID



Remember Me cookie - DXToken:
This cookie is essential for the website to operate. It is set for all users to maintain session state information. This cookie is deleted when the user closes their browser. 

This cookie is essential for the website to operate. It is set for all users to maintain the state of pages between requests. 

This cookie is deleted when the user closes their browser. This cookie is required for the "Remember me" option upon logging into the website. It is set only for users who have selected this option. This cookie is saved to the user's computer until the "Remember me" option is disabled.

Google Analytics

We only use “Google Analytics” on the website. This cookie provides us with a visitor count and an understanding of how visitors move around and use the website. We can then use this information to improve navigability and the website generally. The cookies we use on the website will not collect personally identifiable information about you and, unless otherwise stated, we will not disclose information stored in cookies that we place on your device to third parties.

We are obliged by Google Analytics to state the following:

The website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the website. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of the website. By using the website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

FIS

FIS (formerly known as SunGard) collects, stores and uses information about your visits to the website and about your computer, tablet, mobile or other device through which you access the website. The information tracked is when and how many times a user has accessed a page or attachment, along with the ability to filter the type of device used (mobile, tablet, desktop) to facilitate running audit reports.

How We Respond to Do Not Track Signals

The website does respond to browser Do Not Track signals.

 

Links

The website may, from time to time, contain links to and from the websites of our business partners, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and Northleaf does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.

 

Complaints

If you have any questions or concerns regarding our Privacy Policy or practices, please contact us as provided in Contact Us above.

If you are located in the EEA, you also have the right to complain to the relevant supervisory authority in the EEA. In the UK, this is the Information Commissioner’s Office (https://ico.org.uk/).

We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

 

Changes to Our Privacy Policy

Northleaf reserves the right to change this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

 

 

Updated and Effective as of May 27, 2019