Privacy Policy

1. Who We Are

Enigma Venture Partners LLP is an independent financial and business practice.

For the purposes of applicable data protection law, EVP acts as a data controller in relation to the personal data described in this policy.

2. Scope of This Policy

This policy applies to personal data we process:

• through our website;
• when you contact us or correspond with us;
• in connection with enquiries, discussions and potential engagements;
• in the course of providing services;
• in connection with professional, business or institutional relationships.

3. Personal Data We Collect

Depending on the context, we may process:

• identity information (such as name and title);
• contact information (such as email address, telephone number and business address);
• professional information (such as role, organisation and relationship to us);
• communications (such as correspondence and enquiry details);
• technical information (such as IP address, browser type, device information and website usage data);
• compliance-related information, where required for legal, regulatory or risk management purposes.

We only collect personal data that is relevant and limited to what is necessary for the purposes for which it is processed.

4. How We Collect Data

We may collect personal data:

• directly from you;
• from your organisation or representatives;
• from publicly available sources (such as company websites and professional networks);
• from third parties where appropriate in a business or professional context;
• through our website, systems and associated technologies.

5. How We Use Personal Data

We use personal data for purposes including:

• responding to enquiries and communications;
• assessing and progressing potential engagements;
• providing services and managing client relationships;
• carrying out financial analysis, planning or advisory work;
• internal administration, record-keeping and business management;
• compliance with legal, regulatory and professional obligations (including risk, AML and conflict-related considerations where applicable);
• protecting our business, systems and legal interests;
• improving our website and communications.

6. Lawful Basis for Processing

We process personal data on one or more of the following bases:

Where we rely on legitimate interests, we consider the impact on individuals and ensure that such processing is proportionate and appropriate.

7. Marketing and Communications

EVP does not engage in unsolicited or volume-based marketing.

Communications are typically limited to professional interactions or relevant business contact.

Where consent is required under applicable law (including the Privacy and Electronic Communications Regulations), it will be obtained.

You may request that we stop communications at any time by contacting us.

8. Cookies and Website Use

Our website may use cookies and similar technologies for functionality, performance, security and analytical purposes.

Where required, consent will be obtained before placing non-essential cookies on your device.

Further details are set out in our Cookie Policy.

9. Disclosure of Personal Data

We may share personal data with:

• professional advisers (including legal, accounting and compliance advisers);
• technology and hosting providers;
• business support service providers;
• financial institutions or administrative providers where relevant;
• regulators, courts, law enforcement authorities or government bodies where required;
• relevant counterparties or stakeholders where necessary in connection with an engagement.

We require third-party service providers to process personal data only on appropriate instructions and subject to confidentiality and security obligations.

We do not sell personal data.

10. International Transfers

Personal data may be transferred to, or processed in, jurisdictions outside the United Kingdom or European Economic Area.

Where this occurs, we ensure appropriate safeguards are in place, which may include:

• adequacy regulations or adequacy decisions;
• standard contractual clauses or the UK International Data Transfer Agreement (or equivalent mechanisms);
• other lawful safeguards recognised under applicable data protection law.

11. Data Retention

Personal data is retained only for as long as necessary for the purposes for which it is processed, including to satisfy legal, regulatory, contractual and business requirements.

In determining retention periods, we consider:

• the nature and sensitivity of the data;
• the purpose of processing;
• applicable legal or regulatory requirements;
• the need to establish, exercise or defend legal claims.

12. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse or disclosure.

Access to personal data is limited to those who have a legitimate need to know.

13. Your Rights

Subject to applicable law, you may have rights to:

• access your personal data;
• request correction of inaccurate or incomplete data;
• request deletion of your personal data;
• request restriction of processing;
• object to processing, including processing based on legitimate interests;
• withdraw consent where processing is based on consent;
• request portability of data, where applicable.

Requests may be made by contacting us. We will respond in accordance with applicable legal requirements.

14. Complaints

If you have concerns about how your personal data is handled, please contact us in the first instance.

You also have the right to lodge a complaint with a supervisory authority.

In the United Kingdom, this is the Information Commissioner’s Office (ICO).

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, regulation or our practices.

The current version will always be available on our website.

16. Contact

For any questions regarding this Privacy Policy or our handling of personal data, please contact: