Data Privacy Statement
Cornerstone Partners is committed to protecting personal data. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection
“Cornerstone Partners” (and “we”, “us”, or “our”) refers to Greenwood Partners LLP (the limited partnership registered in England under registration no. OC414259 and with its registration address at The Retreat 406 Roding Lane South Woodford Green Essex IG8 8EY) and such other Cornerstone Partners subsidiaries (including CP Nominee Limited) that: (1) is a contracting party for the purposes of providing or receiving services, (2) you have a role or relationship with. Each company in the Cornerstone Partners group is a separate legal entity and a separate controller for personal data.
In the event any translation of this global privacy statement is prepared, the English version of this privacy statement shall prevail in case of conflicts between the different language versions.
Personal data is any information relating to an identified or identifiable living person. When “you” or “your” are used in this statement, we are referring to the relevant individual who is the subject of the personal data. Cornerstone Partners processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
When collecting and using personal data, we intend to be transparent about why and how we process personal data.
We have an architecture of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure. Access to your personal data within Cornerstone Partners will be limited to those partners or authorised representatives who have a need to know the information for the purposes described in this global privacy statement, which may include personnel in the Investment, People and Talent, IT, Legal and Compliance, Finance and Accounting, and Operations teams. All partners and authorised representatives of Cornerstone Partners will generally have access to your business contact information (e.g. name, position, telephone number and e-mail address).
The categories of personal data are set out below:
- Personal details—Name, preferred pronoun, all types of contact details such as e-mail, phone numbers, physical address, gender, date of birth, age, place of birth as well as national identification number, passport number, social security number, insurance information, marital/civil partnership status, domestic partners, dependents, emergency contact information.
- Sensitive details—We may also collect certain types of sensitive information when permitted by local law or with your consent, such as health/medical information (including disability status and dietary requirements/allergies in the framework of the events we organize/sponsor, trade union membership information, religion, race or ethnicity, minority flag, and (where authorized by law) information on criminal convictions and offences. We may collect this information for specific purposes, such as health/medical information in order to accommodate a disability or illness and to provide benefits; background checks; and diversity-related personal data (such as race or ethnicity) in order to comply with legal obligations and internal policies relating to diversity and anti-discrimination.
- Documentation required for immigration—We may collect passport data, citizenship or residency details as well as work permits (physical and/or electronic copy) to comply with immigration guidance
- Position—Description of current position, job title, employer, location
- System & application access data—Where you are provided with access to Cornerstone Partners’ systems, we may collect information required to access such Cornerstone Partners’ systems and applications such as System ID, LAN ID, e-mail account, instant messaging account, mainframe ID, system passwords, access logs, activity logs, and electronic content produced using our systems.
Personal data held by us may be transferred to:
- Third party organisations that provide applications/functionality, data processing or IT services to us
We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.
- Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation
Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, for instance to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation, responding to legal process such as subpoenas, pursuing legal rights and remedies, defending litigation and managing any internal complaints or claims, conducting investigations and complying with internal policies and procedures, protecting, enforcing or defending the legal rights, privacy, safety, or property of Cornerstone Partners.
Sources of the Data
- Provided by you
- Public authorities
- Your employer
- Social media
- Previous employers
- Background check providers
- Educational institutions.
Please note this is not an exhaustive list
We are generally controllers for the personal data we process, however, we may provide some services, such as payroll services, as a processor (in which case our client is the controller). If you have any questions about this privacy statement or how and why we process personal data, please contact us at:
Data Protection Officer,
The Retreat 406 Roding Lane
South Woodford Green
Under guidance from the Data Protection Act 2018 which incorporates the EU General Data Privacy Regulation, you have rights to find out how we store your information. These include the right to:
- Be informed as to how your data is being used
- Access personal data (You have the right to request for your personal data to be amended or rectified where it is inaccurate (for example, if you change your name or address) and to have incomplete personal data completed. To update personal data submitted to us, you may email us at email@example.com or, where appropriate, contact us via the relevant website registration page or directly amend the personal details held on relevant websites or applications with which you registered. When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make updates as appropriate based on your updated information.)
- Have incorrect data updated
- Have data erased (You have the right to obtain deletion of your personal data in the following cases: the personal data are no longer necessary in relation to the purposes for which they were collected and processed; our legal grounds for processing is consent, you withdraw consent and we have no other lawful basis for the processing; our legal grounds for processing is that the processing is necessary for legitimate interests pursued by us or a third party, you object to our processing and we do not have overriding legitimate grounds; you object to our processing for direct marketing purposes; your personal data have been unlawfully processed; or your personal data must be erased to comply with a legal obligation to which we are subject. To request deletion of your personal data, please email us at firstname.lastname@example.org)
- Stop or restrict the processing of your data (You have the right to obtain deletion of your personal data in the following cases: the personal data are no longer necessary in relation to the purposes for which they were collected and processed; our legal grounds for processing is consent, you withdraw consent and we have no other lawful basis for the processing; our legal grounds for processing is that the processing is necessary for legitimate interests pursued by us or a third party, you object to our processing and we do not have overriding legitimate grounds; you object to our processing for direct marketing purposes; your personal data have been unlawfully processed; or your personal data must be erased to comply with a legal obligation to which we are subject. To request deletion of your personal data, please email us at email@example.com)
- Data portability (allows individuals to obtain and reuse their personal data for their own purposes across different services allowing you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. Doing this enables you to take advantage of applications and services that can use this data to find you a better deal or help understand your spending habits.)
- Object to how your data is processed in certain circumstances.
Where we process personal data based on consent, individuals have a right to withdraw consent at any time. We do not generally process personal data based on consent (as we can usually rely on another legal basis). Where we rely on your consent for our processing of your personal data, to withdraw your consent please email us at firstname.lastname@example.org or, to stop receiving an email from a marketing list, please click on the unsubscribe link in the relevant email.
You can also write to us to ask for a copy of the information we hold about you and we aim to fulfil this request as soon as possible and within one month at most. In the event of a delay due to multiple or complex requests, it will take a further 2 months to provide this. Nevertheless, we will notify you within 1 month of your request and why there is a delay. This is in line with government guidance.
Where Information Can Be Withheld
To comply with applicable law especially relating to the prevention, detection or investigation of a crime
We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details to email@example.com We will look into and respond to any complaints we receive.
You also have the right to lodge a complaint with the supervisory authority in your country of residence, place of work or the country in which an alleged infringement of data protection law has occurred within the EU. The Information Commissioner’s Office (“ICO”) is the UK data protection regulator/supervisory authority. For further information on your rights and how to complain to the ICO, please refer to the ICO website
We recognise that transparency is an ongoing responsibility so we will keep this privacy statement under regular review.
Visitors To Our Websites
We receive personal data, such as name, title, company address, email address, and telephone and fax numbers from website visitors; for example, when a person registers updates from us.
Visitors are also able to send an email to us through the website. Their messages will contain the user’s screen name and email address, as well as any additional information the user may wish to include in the message.
We ask that you do not provide special categories of personal data (such as political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and, criminal records) to us when using our website.
Use Of Personal Data
When you provide personal data to us, we may use it for any of the purposes described in this privacy statement or as stated at the point of collection (or as obvious from the context of collection), including:
- where you submit your contact details, unless we are asked not to, we may contact you with information about Cornerstone Partners business, services and events, and other information which may be of interest to you. Should visitors subsequently choose to unsubscribe from mailing lists or any registrations, we will provide instructions on the appropriate webpage, in our communication to the individual, or the individual may contact us by email to firstname.lastname@example.org
- to administer and manage our website, including to confirm and authenticate your identity and prevent unauthorised access to restricted areas of the site or premium content;
- to communicate with you in order to distribute requested materials or ask for further information;
- to personalise and enrich your browsing experience by displaying content that is more likely to be relevant and of interest to you;
- to sort and analyse user data (such as determining how many users from the same organisation have subscribed to or are using our websites);
- to determine the company, organisation, institution, or agency that you work for or with which you are otherwise associated;
- to develop our businesses and services, including aggregating data for website analytics and improvements;
- aggregating data to conduct benchmarking and data analysis including, for example, regarding usage of our websites;
- to conduct quality and risk management reviews;
- to understand how people use the features and functions of our websites in order to improve the user experience;
- to monitor and enforce compliance with our terms, including acceptable use policies; and
- any other purposes for which you provided the information to Cornerstone Partners (such as to subscribe you to the updates you request).
Our websites do not collect or compile personally identifying information for sale to non-Cornerstone Partners parties for their marketing purposes. If there is an instance where your personal data may be shared with a party that is not a member of the Cornerstone Partners group, you will be asked for their consent beforehand.
Third party links
Personal data collected via our websites will be retained by us for as long as it is necessary (e.g. for as long as we have a relationship with the relevant individual)
We collect personal data concerning our own personnel (partners, staff and contractors) as part of the administration, management and promotion of our business activities.