The General Data Protection Regulation (“GDPR”) applies to the collection, processing and storage of personal data undertaken by organizations within the European Economic Area (EEA), as well as to firms outside the EEA that handle personal data relating to the offering of services to individuals in the EEA.
The GDPR has two key purposes: (a) to set guidelines for the collection, processing and protection of personal data and (b) to give individuals certain rights in relation to their personal data (such as to access and correct it and object to further processing).
This GDPR Disclosure is intended to ensure that clients, prospective clients or similar contacts or, where a client, prospective client or other similar contact is not an individual, the client’s, prospective client’s or similar contact’s individual directors, officers, employees and/or owners (“you”, or “your”) are aware of the categories of your personal data Broad Run Investment Management, LLC (the “firm”, “we”, “us” or “our”) may collect, how we collect it, what we use it for and with whom we share it in accordance with the GDPR. Where the client, prospective client or similar contact is not an individual please provide a copy of this GDPR Disclosure to those individual directors, officers, employees and/or owners whose personal data we may process.
“Personal data” means any information relating to you, but does not include data where you can no longer be identified from it such as anonymized aggregated data.
We will be a data controller in respect of your relationship with us as a prospective client or similar contact.
A data controller is responsible for deciding how to hold and use personal data about you. We may process
your personal data ourselves or through others acting as data processors on our behalf.
We may provide supplemental privacy notices on specific occasions when we are collecting or processing
personal data about you so that you are fully aware of how and why we are using your personal data. These
supplemental notices should be read together with this GDPR Disclosure.
Your personal data
Personal data held by us or on our behalf may include, but is not necessarily limited to, your name, residential address, place of business, email address, other contact details, corporate contact information, signature, nationality, country of residence, place of birth, date of birth, tax identification, tax jurisdiction, employment and job history, education details, regulatory status, credit history, correspondence records, passport number, bank account details, certain financial information contained within KYC documents, source of funds and details relating to your investment activity or preferences.
Why we may use your personal data
The purposes for which we may collect, store and use personal data about you and our ‘lawful basis’ for processing such data are set out in the table below. The law specifies certain ‘lawful bases’ for which we are allowed to use your personal data.
Lawful basis for processing
To undertake pre-investment steps including but not limited to:
- determining your eligibility to invest
- required due diligence; and
- ascertaining your investment preferences
In order to take steps prior to the contract between you and us, compliance with applicable legal obligations and our legitimate interests in establishing your referred investment strategies.
To undertake business development and marketing activities in relation to making suggestions and recommendations to you about products or services that may be of interest to you. This may include direct electronic marketing.
Our legitimate interests in promoting our products and services and growing our business.
We only send direct electronic marketing where individuals have consented to this or as otherwise permitted by the law. Individuals can opt-out of receiving such messages at any time by using the opt-out mechanisms that may be available in those messages or by contacting us at
broadrun@broadrunllc.com.
To undertake business development and marketing activities in relation to making suggestions and recommendations to you about products or services that may be of interest to you. This may include direct electronic marketing.
Our legitimate interests in promoting our products and services and growing our business.
We only send direct electronic marketing where individuals have consented to this or as otherwise permitted by the law. Individuals can opt-out of receiving such messages at any time by using the opt-out mechanisms that may be available in those messages or by contacting us at
broadrun@broadrunllc.com.
To facilitate the opening of an account, the management and administration of an account on an ongoing basis as considered necessary or appropriate for the performance of your contract with us.
The performance of your contract with us.
To report tax related information to tax authorities. Compliance with applicable legal obligations.
Compliance with applicable legal obligations.
To disclose information to other third parties such as service providers, legal advisors, auditors and technology providers and regulatory authorities to comply with any legal obligation imposed on us or in order to pursue our legitimate business interests.
Compliance with applicable legal obligations.
Our legitimate interests in conducting our business in a proper manner.
Our legitimate interests in conducting our business in a proper manner.
In addition to the uses above, please note that we may also process your information where we are required by law to do so or if we reasonably believe that it is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.
Special categories of personal data
There are more limited bases for processing special category personal data. This is personal data which reveals or contains racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life and sexual orientation.
We do not intend to actively collect special category data about you. While we will use reasonable efforts to limit our holding of such data, please be aware that we may hold such data incidentally. For example, where:
- you volunteer special category data to us or one of our processors, such as if you send us an email containing special category data;
- documents gathered for legal / regulatory purposes contain special category data, such as a due diligence search from public sources which includes special category data.
What if you do not provide the personal data requested?
Unless and until you make a decision to invest or otherwise engage in a business transaction with us or invest in one of our investment products (at which point we will send you a copy of any relevant privacy notice) you are not required to provide us with any information.
In the event that you have made a decision to invest or otherwise engage in a business transaction with us or invest in one of our investment products then, in some circumstances, if you do not provide us with certain information when requested, we may be limited or restricted in our ability to deal with you and may in some cases be prevented from complying with our legal obligations. Where we require your personal information to comply with anti-money laundering or other legal requirements, failure to provide this information means we may not be able to accept you or retain you as a client.
Change of purpose
We will only use your personal data for the purposes for which we collected it (as identified above in the ‘Purpose’ column), unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
How do we collect this information?
We typically collect personal data about you when you provide information to us or others acting on our behalf when communicating or transacting with us in writing, electronically, or by phone. For instance, when you request product documentation, forms or literature from us or otherwise correspond with us.
In addition, we may receive personal information about you from third parties, such as:
- public sources or information vendors;
- introducers, distributors or other intermediaries who market or provide services to you.
With whom will we share your information?
We may share your personal data with a third party where this is required by law, where it is necessary to perform our contract with you, or where we have another legitimate interest in doing so.
We may need to share your personal data with:
- introducers, distributors or other intermediaries who market or provide services to you;
- professional advisers including lawyers, bankers, auditors and insurers to the extent such information is relevant to their performance of their services;
- regulators;
- tax authorities;
- trading counterparties;
- cloud service providers; and
- any of our service providers where such information is relevant to their performance of such services.
We may share your personal data with third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal data with a regulator or to otherwise comply with applicable law or judicial process or if we reasonably believe that disclosure is necessary to protection our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.
The data protection measures we take
Any transmission of your personal data by us or our duly authorized affiliates and/or delegates outside the EEA shall be in accordance with the conditions in the GDPR.
We and our duly authorized affiliates and/or delegates shall apply appropriate information security measures designed to protect data in our/our affiliates and/or delegates' possession from unauthorized access by third parties or any form of computer corruption.
We shall notify you of any personal data breach affecting you that is likely to result in a high risk to your interests, fundamental rights or freedoms.
Our retention of your personal data
We will retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements and our legitimate interests in maintaining such personal information in our records. This will normally include any period during which we are dealing or expect to deal with you and what we consider to be a suitable period thereafter for our internal recordkeeping purposes. In doing this we will have regard to the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Generally, we will keep information relevant to our dealings with you for 7 years following the last date of activity.
In some circumstances your personal data may be anonymized so that it can no longer be associated with you, in which case it is no longer personal data.
Once we no longer require your personal data for the purposes for which it was collected, we will securely destroy your personal data in accordance with applicable laws and regulations.
Accuracy of information
It is important that the personal data we hold about you is accurate and current. Please let us know if your personal data which we hold changes during your relationship with us.
Your rights in relation to your information
You have rights as an individual which you can exercise in relation to the information we hold about you under certain circumstances. These rights are to:
- request access to your personal data (commonly known as a “data subject access request”) and request certain information in relation to its processing;
- request rectification of your personal data;
- request the erasure of your personal data;
- request the restriction of processing of your personal data;
- object to the processing of your personal data;
- request the transfer of your personal data to another party.
If you want to exercise one of these rights please contact Bryan H. Adkins, CCO at
badkins@broadrunllc.com.
You also have the right to make a complaint at any time to a supervisory authority for data protection issues.
FeesYou will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact Bryan H. Adkins, CCO at
badkins@broadrunllc.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless we now have an alternative legal basis for doing so.
************
If you have additional questions about this GDPR Disclosure, you may contact us at the office phone number below or via email to Bryan H. Adkins, CCO at
badkins@broadrunllc.com.
Broad Run Investment Management, LLC
1530 Wilson Boulevard | Suite 530 | Arlington, Virginia 22209
O: (703) 260‐1260 | F: (703) 574-4312 | www.broadrunllc.com