Privacy Policy

This Privacy Policy explains how Estes Capital Ltd ("Estes Capital", "we", "us", or "our") collects, uses, discloses, and protects personal data when you visit our website at estes-us.com, contact us, or engage with us in connection with our investment activities. We are committed to protecting your privacy and handling your personal data in an open and transparent manner.

Estes Capital Ltd is registered in England and Wales (Company No. 14872930) and is authorised and regulated by the Financial Conduct Authority (FCA Firm Reference Number 987432). Our registered office is at 12 Finsbury Square, 3rd Floor, London, EC2A 1AR, United Kingdom.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and, where applicable, the EU General Data Protection Regulation (EU GDPR).

1. Data Controller

Estes Capital Ltd is the data controller for personal data processed in connection with this website and our investment activities. If you have questions about this Privacy Policy or your personal data, you can contact our Data Protection Officer at:

Data Protection Officer
Estes Capital Ltd
12 Finsbury Square, 3rd Floor
London, EC2A 1AR
United Kingdom
Email: privacy@estes-us.com
Telephone: +44 (0)20 7123 4567

2. Personal Data We Collect

We collect personal data in the following circumstances:

2.1 Website Visitors

When you visit our website, we may collect the following information automatically:

• IP address and approximate geographic location
• Browser type and version
• Operating system
• Pages visited and time spent on each page
• Referring website or search term
• Date and time of your visit
• Cookie identifiers (see our Cookie Policy for full details)

2.2 Founder and Investor Enquiries

When you contact us by email, telephone, or through our pitch submission process, we may collect:

• Your name, job title, and company name
• Contact details including email address and telephone number
• Information contained in your correspondence, pitch deck, or business plan
• Financial information relevant to an investment or LP relationship
• Due diligence information, including identity verification data required for regulatory compliance

2.3 Portfolio Company Founders and Representatives

In connection with our investments, we process personal data about the founders, directors, and key employees of our portfolio companies, including:

• Identity information (name, date of birth, nationality)
• Contact details
• Professional background and experience
• Financial interests and shareholding information
• Information required for regulatory "fit and proper" assessments

3. Lawful Basis for Processing

We rely on the following lawful bases to process your personal data:

• Legitimate interests: Processing necessary for the purposes of our legitimate interests as a venture capital fund manager, including evaluating investment opportunities, managing portfolio companies, and operating our business, where these interests are not overridden by your rights.
• Contractual necessity: Processing necessary for the performance of a contract to which you are a party, or to take pre-contractual steps at your request.
• Legal obligation: Processing necessary to comply with our legal and regulatory obligations, including AML/KYC requirements, FCA regulatory requirements, and tax obligations.
• Consent: Where we have obtained your specific, informed consent, such as for marketing communications or the setting of non-essential cookies.

4. How We Use Your Personal Data

We use the personal data we collect for the following purposes:

• Evaluating investment opportunities submitted to us
• Conducting due diligence on companies and individuals in connection with potential investments
• Managing our existing portfolio company investments
• Communicating with founders, investors, and business contacts
• Complying with our regulatory obligations under FCA rules and AML legislation
• Operating and improving our website
• Sending our insights publications and thought leadership content to individuals who have opted in
• Responding to enquiries and providing information about our investment activities
• Detecting and preventing fraud, money laundering, and other illegal activities

5. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

• Co-investors and investment syndicate members: In connection with co-investment transactions, we may share relevant information about founders and companies with prospective co-investors, subject to appropriate confidentiality arrangements.
• Professional advisers: Including lawyers, accountants, auditors, and compliance consultants who provide services to us on a confidential basis.
• Technology service providers: Including providers of CRM systems, email services, website analytics, and document management services, subject to data processing agreements.
• Regulatory authorities: Including the FCA, HMRC, and law enforcement authorities where we are required or permitted to disclose information by law.
• Buyers of our business: In the event of a merger, acquisition, or sale of all or part of our business, subject to appropriate confidentiality protections.

We do not sell or rent your personal data to third parties for marketing purposes.

6. International Data Transfers

Some of our service providers and business partners are located outside the United Kingdom and the European Economic Area. Where we transfer personal data internationally, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses approved by the UK Information Commissioner's Office or the European Commission, adequacy decisions, or other appropriate transfer mechanisms.

7. Data Retention

We retain personal data for as long as necessary for the purposes for which it was collected, subject to the following general principles:

• Website analytics data is retained for 26 months from collection
• Pitch submissions and due diligence files for unsuccessful investment opportunities are retained for 3 years
• Portfolio company records and investor records are retained for the duration of the investment relationship and for 7 years thereafter
• AML/KYC records are retained for 5 years from the end of the business relationship, as required by the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017
• Financial records are retained for 7 years from the end of the relevant financial year, as required by HMRC

8. Your Rights

You have the following rights in relation to your personal data:

• Right of access: You have the right to request a copy of the personal data we hold about you.
• Right to rectification: You have the right to request that we correct inaccurate or incomplete personal data.
• Right to erasure: In certain circumstances, you have the right to request that we delete your personal data.
• Right to restrict processing: In certain circumstances, you have the right to request that we restrict the processing of your personal data.
• Right to data portability: Where processing is based on consent or contract, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
• Right to object: You have the right to object to processing based on legitimate interests, and to processing for direct marketing purposes.
• Rights related to automated decision-making: You have the right not to be subject to solely automated decisions that produce legal or similarly significant effects.

To exercise any of these rights, please contact our Data Protection Officer at privacy@estes-us.com. We will respond to your request within one month. In some circumstances, we may be unable to fulfil your request, in which case we will explain why.

9. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO). You can contact the ICO at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

We would, however, appreciate the opportunity to address your concerns directly before you contact the ICO. Please contact us at privacy@estes-us.com in the first instance.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting the personal data we collect. Material changes will be communicated by posting a prominent notice on our website.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Estes Capital Ltd
Data Protection Officer
12 Finsbury Square, 3rd Floor
London, EC2A 1AR
United Kingdom
Email: privacy@estes-us.com
Telephone: +44 (0)20 7123 4567

12. Automated Decision-Making and Profiling

Estes Capital does not make decisions about individuals based solely on automated processing, including profiling, that produce legal or similarly significant effects. Where we use automated tools to assist in due diligence or compliance screening (such as automated name screening against sanctions lists), these tools are used to support human decision-making rather than to replace it. Any decision with material consequences for an individual is made by a human reviewer who considers the automated output alongside all other relevant information.

If you have questions about any automated processing that may affect you, please contact our Data Protection Officer at privacy@estes-us.com.

13. Children's Privacy

Our Site and services are not directed at children under the age of 18. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at privacy@estes-us.com and we will take steps to delete such information from our systems.

14. Security of Your Personal Data

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

• Encryption of data in transit using TLS 1.2 or higher
• Encryption of sensitive personal data at rest
• Access controls limiting data access to personnel with a legitimate need
• Regular security assessments and penetration testing
• Employee training on data protection and information security
• Incident response procedures for managing data breaches
• Contractual security obligations imposed on all data processors

Despite these measures, no internet transmission or electronic storage is completely secure. We cannot guarantee the absolute security of your personal data. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately at privacy@estes-us.com.

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach, and will notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.

15. Special Category Data

We do not routinely collect or process special category personal data (which includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning an individual's sex life or sexual orientation). Where such data is provided to us voluntarily or is required for regulatory compliance purposes, we process it only with your explicit consent or where we are required or permitted to do so by applicable law, and we implement enhanced safeguards to protect it.

16. Data Minimisation and Accuracy

We collect only the personal data that is necessary for the specific purposes described in this Privacy Policy. We take reasonable steps to ensure that the personal data we hold is accurate and, where necessary, kept up to date. If you are aware that personal data we hold about you is inaccurate or out of date, please contact us so that we can correct it.

17. UK and EU Data Protection Frameworks

This Privacy Policy is designed to comply with both the UK GDPR and the EU GDPR, as well as the UK Data Protection Act 2018. Where there is any conflict or inconsistency between the requirements of these frameworks, we will apply the more stringent standard. For residents of EU member states, your supervisory authority is the data protection authority in your country of residence. For residents of the United Kingdom, your supervisory authority is the Information Commissioner's Office.

18. Legitimate Interests Assessment

Where we process your personal data on the basis of legitimate interests, we have conducted a legitimate interests assessment (LIA) to ensure that our interests are not overridden by your fundamental rights and freedoms. The key legitimate interests we rely on are: managing and developing our venture capital investment activities; maintaining relationships with founders, co-investors, and business contacts; and operating our website and communications effectively. If you would like more information about any legitimate interests assessment we have carried out, please contact our Data Protection Officer.