ARCH awarded ‘East African Fund Manager of the year’ at SuperReturn Africa Read more

GDPR

ARCH Emerging Markets Partners Limited ("ARCH") offers a transparent approach to this process, offering past, current and prospective clients serenity on this matter.

As a Private Equity firm, here are some examples which will fall under GDPR:

  • Phone Numbers
  • Name
  • Email address
  • Work address
  • Home address
  • Geographical location/s
  • Passport details
  • Banking account details
  • IP address
  • Mobile ID number
  • Cookie strings

GDPR sets out six conditions for lawful processing. Personal data can only and must only be processed if we can rely on one of the following six reasons:

Consent:
You have given clear and unambiguous consent for us to process your personal data for a specific purpose.

Contract:
You have expressly agreed in writing that the processing is necessary as a result which stems from the agreement of a written contract.

Legal obligation:
Under government regulation, processing is necessary for you to comply with the law, which does not include contractual obligations as above.

Vital interests:
The processing of data is essential to protect your life.

Public task:
The processing of data is essential for us to perform a task in the public interest.

Legitimate interests:
The processing of your data has a legitimate interest for us or the legitimate interests of a a third party and there is good reason to protect your personal data which overrides those legitimate interests.

Sensitive Personal Data

Under the new GDPR, special categories of data may only be processed lawfully if one of above conditions are met which is set out in Article 9(2) of the GDPR.

Sensitive personal data may include, but is not limited to:

  • Ethnic origin
  • Race
  • Sexual orientation
  • Religion
  • Union memberships
  • Health

The six principles​ - Article 5 GDPR

1. Lawfulness, fairness and transparency
This principle entails that it must be clear why personal data is being collected and how it will be used. ARCH will provide you with details about what data we will hold or will be holding and how it will be processed and why it is being processed.

2. Purpose limitations​
Personal data can only be obtained for specified, explicit and legitimate purposes. ARCH will not use your personal data for a purpose to which you have not consented or which has not been made clear to you.

3. Data minimisation
ARCH will not collect more personal data than is strictly necessary for the purpose which has been agreed.

4. Accuracy
Personal data which ARCH collects will be accurate and kept up to date where necessary. We will make it clear to clients that individuals must be able to update their personal data if it is wrong or out of date.

5. Storage limitations
ARCH Emerging Markets Partners Limited will not keep personal data for longer than is necessary.

6. Integrity and confidentiality
ARCH are solely responsible for the security of personal data which we collect and store. The steps we will take to ensure this will be proportionate to the risks of data breach and how we will protect personal data from negligent or misuse.