Privacy Policy

Last updated October 18, 2019

This Privacy Policy explains what we do with your personal data. It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations. This Privacy Policy applies to the personal data of: (i) prospective and current investors; (ii) applicants for positions within Ardenton; (iii) individuals who are, or were previously, employed or otherwise engaged by Ardenton; (iv) providers of services to Ardenton; (v) users of Ardenton’s website; (vi) individuals associated with organizations involved with Ardenton’s mergers and acquisitions-related activities; (vii) and other people whose personal data we may process.

For the purpose of applicable data protection legislation (including, without limitation, the Personal Information Protection and Electronic Documents Act (Canada) and the General Data Protection Regulation (Regulation (EU) 2016/679) (the "GDPR")), the company responsible for the personal data you provide to us is Ardenton Capital Corporation.  In certain circumstances, the following local entities may also be responsible for personal data:

  • Ardenton Capital (Canada) Inc., a company incorporated pursuant to the laws of the Province of British Columbia, Canada;
  • Ardenton Capital (USA), Inc., a company incorporated pursuant to the laws of the State of Delaware;
  • Ardenton Capital Investments Limited, a company incorporated pursuant to the laws of the United Kingdom; and
  • Ardenton Financial Inc., a company incorporated pursuant to the laws of the Province of British Columbia, Canada.

(Ardenton Capital Corporation and the above local entities are collectively referred to as "Ardenton", "we", "us" or "our"). 

Personal data” has the meaning given in the GDPR and includes any information relating to an identifiable individual.

In this Privacy Policy, we discuss the following items:

  • how we collect personal data;
  • what personal data we collect;
  • for what purposes we collect personal data;
  • personal data we disclose to others;
  • how we store and transfer personal data internationally;
  • how we keep personal data secure;
  • how long we keep personal data;
  • your legal rights with respect to your personal data;
  • links to other websites;
  • use of cookies and Google Analytics;
  • updates to our Privacy Policy; and
  • contacting us.

1. How we collect personal data

(i)  Investors

We are required to collect certain personal data from prospective and current investors in Ardenton securities to comply with our legal and/or regulatory requirements.  We will collect this personal data through, without limitation, subscription materials, “Know-Your-Client” materials, and anti money laundering materials, as well as direct requests for personal data from our representatives by phone, email or other means.  Investors may provide us with personal data for the purposes of managing their investments in Ardenton securities.  We may retain personal data from prospective, current and former investors, and we will delete such personal data from our systems after it is no longer necessary for legitimate business purposes and we are no longer required to retain such personal data to comply with our legal and/or regulatory requirements.

(ii)  Employees/Contractors

We may collect personal data from job applicants when they submit application materials through our human resources portal, as well as through direct requests for personal data from our representatives by phone, email or other means.  We may retain personal data from job applicants after the posting to which the individual applied has expired.  We will delete such personal data from our systems after a reasonable period of time.

We will collect, use and disclose personal data as reasonably necessary in the course of establishing, managing and ending employment and contracting relationships.  This information may be collected directly in the course of the relationship through direct observation or activity monitoring, as well as indirectly through other individuals or sources providing references, reports, and evaluations.

(iii)  Transactional Activities

As part of our due diligence procedures with respect to mergers and acquisitions-related activities, we may request personal data with respect to individuals associated with such organizations.  Such requests for personal data may be made by our representatives by phone, email or other means.  We may retain personal data collected as part of our due diligence procedures with respect to mergers and acquisitions-related activities, and we will delete such personal data from our systems after a reasonable period of time.

(iv)  Portfolio Companies

We may collect personal data from individuals connected with our portfolio companies.  Such requests for personal data may be made by our representatives by phone, email or other means.  We may retain personal information collected from individuals connected with our portfolio companies and will delete such personal data from our systems after a reasonable period of time has elapsed after we have ceased to have an ongoing business relationship with such portfolio companies.

(v)  Website Users

Our website uses: (i) cookies, which are small pieces of information related to your interaction with the website; and (ii) Google Analytics, a web analytics service provided by Google, Inc. (“Google”).  Our use of cookies and Google Analytics is discussed in further detail later in this Privacy Policy.

2. What personal data we collect

(i)  Investors

In connection with your prospective or current investment in Ardenton securities, we may collect and retain personal data from individuals including, without limitation, the following:

  • your name;
  • job title;
  • occupation;
  • residential and/or business address;
  • residential and/or business phone number;
  • email address;
  • tax identification number;
  • social services number;
  • marital status;
  • date of birth;
  • dependents;
  • household assets, income range;
  • existing investment portfolio composition;
  • investment risk tolerance;
  • investment objectives;
  • insider/PEP status;
  • identification documents; and
  • any other information which you provide to us.

(ii)  Employees/Contractors

In connection with a job inquiry or application, we may collect and retain personal data from individuals including, without limitation, the following:

  • your name;
  • job title;
  • occupation;
  • address;
  • phone number;
  • email address;
  • place of birth;
  • date of birth;
  • height;
  • weight;
  • gender;
  • eye colour;
  • hair colour;
  • citizenship;
  • student numbers for industry organizations;
  • regulatory history;
  • civil disclosures;
  • ownership of securities or derivatives;
  • financial and credit history;
  • tax identification number;
  • social services number;
  • education history;
  • employment history;
  • professional designations;
  • criminal record;
  • results of personality and cognitive assessments; and
  • any other information about your background and qualifications.

(iii)  Transactional Activities

In connection with our mergers and acquisitions-related activities, and in order to determine “partner fit” of key individuals within target organizations, we may collect and retain personal data from individuals including, without limitation, the following:

  • your name;
  • job title;
  • occupation;
  • address;
  • phone number;
  • email address;
  • tax identification number;
  • education history;
  • employment history;
  • professional designations;
  • criminal record;
  • credit history;
  • results of personality and cognitive assessments; and
  • any other information about your background and qualifications that we determine is required to complete our due diligence activities.

(iv)  Portfolio Companies

In connection with our ongoing investment in, and management of, our portfolio companies, we may collect and retain personal data from individuals including, without limitation, the following:

  • your name;
  • job title;
  • occupation;
  • address;
  • phone number;
  • email address;
  • tax identification number;
  • education history;
  • employment history;
  • professional designations;
  • criminal record;
  • credit history;
  • results of personality and cognitive assessments; and
  • any other information about your background and qualifications.

(v)  Website Users

To the extent that you access our website we will also collect certain data from you, as described below. 

3. For what purposes we use personal data

(i)  Contractual Obligations (Employees and Contractors)

We process your personal data because it is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, such as a contract of employment or other services engagement with us.  In this respect, we use your personal data for the following:

  • administering job applications and, where relevant, offering you a role with us;
  • carrying out due diligence checks on you, whether during the application process for a role with us or during your engagement with us, including by checking references in relation to your education and your employment history;
  • once you are employed or otherwise similarly engaged with us in any capacity, for the performance of the contract of employment or other agreement between you and us;
  • managing human resources processes such as recruitment, payroll, administration of benefits, performance management, and training and development;
  • to pay you and to administer benefits (including RRSP matching, pensions, and equity incentive programs) in connection with your employment or other engagement with us;
  • monitoring your attendance and your performance in your work, including periodic performance appraisals;
  • managing a safe environment and ensuring fitness for work;
  • for disciplinary purposes, including conducting investigations where appropriate;
  • for other administrative purposes, for example to update you about changes to your terms and conditions of employment or engagement, or changes to your RRSP, pension, equity incentive program or other arrangements;
  • for internal record-keeping, including the management of staff feedback or complaints and incident reporting; and
  • for any other reason or purpose set out in your employment or other contract with us.

(ii)  Legitimate Interests (Fundraising, Investment and Management activities)

We process your personal data because it is necessary for our (or sometimes a third party’s) legitimate interests.  Our “legitimate interests” include, without limitation, our interests in: (i) financing our operations and acquisition activities; (ii) acquiring portfolio companies that fit with our culture; (iii) assisting with the operations of such portfolio companies upon acquisition; and (iv) any and all activities ancillary to such purposes.  In this respect, we use your personal data for the following:

  • managing and administering your holdings in Ardenton securities and engaging in our operations;
  • storing your details (and updating them when necessary) on records of your holdings of Ardenton securities; 
  • contacting you in relation to your holdings of Ardenton securities;
  • where you are a current or former holder of Ardenton securities, contacting you by email or telephone to promote Ardenton securities or send you literature relating to Ardenton;
  • keeping records of conversations and correspondence;
  • storing (and updating when necessary) details, either ourselves or at another service provider, so that we can contact individuals in relation to our agreements with service providers;
  • obtaining support and services from the service providers;
  • facilitating our invoicing processes; and
  • to conduct voluntary surveys in order to manage and measure our performance and define our future strategy and goals

(iii)  Legal and Regulatory Obligations

We process your personal data for our compliance with our legal and regulatory obligations notably those in connect with employment, securities law, corporate law, tax law, and accounting.  In this respect, we use and disclose your personal data for the following:

  • to meet our legal and regulatory obligations, including, without limitation, compliance with applicable securities laws, corporate laws, tax laws and employment laws;
  • for tax purposes, including transferring personal data to applicable taxation authorities
  • for accounting purposes, including transferring personal data to our auditors and other financial services providers;
  • to carry out anti-money laundering and "Know-Your-Client" checks in accordance with our legal and regulatory obligations;
  • for the prevention and detection of crime, and in order to assist with investigations (including criminal investigations) carried out by law enforcement and other competent authorities.

(iv)  Special Categories of Personal Data

We may process special categories of personal data (such as data concerning health, criminal convictions and credit history).  In this respect, we may use your personal data for the following:

  • personal data with respect to any criminal convictions or offences committed by you, for example when conducting criminal background checks or where it is necessary to record or report an allegation to law enforcement or other competent authorities;
  • personal data with respect to your credit history;
  • categories of personal data which are relevant to investigating complaints made by you or others, for example concerning discrimination, bullying or harassment.

We will process special categories of personal data for lawful purposes only, including because:

  • you have given us your explicit consent to do so, in circumstances where consent is appropriate;
  • it is necessary to protect your or another person’s vital interests, for example, where you have a life-threatening accident or illness in the workplace and we have to process your personal data to ensure you receive appropriate medical attention;
  • it is necessary for some function of the public interest, including the safeguarding or children or vulnerable people, or as part of a process designed to protect others from malpractice, incompetence or unfitness in a role (or to establish the truth of any such allegations); or
  • it is necessary for the establish, exercise or defence of legal claims, such as where any person has brought a claim or serious complaint against us or you.

If you are a former employee or contractor of Ardenton, we will continue to process your personal data for a reasonable period following the end of your employment or engagement for our legitimate business, legal, and/or regulatory compliance purposes and/or for the establishment or defence of a legal claim.  Further, in some instances, we may process your personal data to perform our obligations under contract between us (for example, with respect to the payment of any outstanding amounts due to you after your termination date).  We only carry our such processing where we have concluded that our processing does not prejudice you or your privacy in a way that would override our legitimate interests in pursuing those purposes.  Your personal data will be retained and deleted in accordance with our retention policies and procedures, as further discussed below.

4. Personal data we disclose to others

We may share your personal data with our affiliates and subsidiaries, as well as with service providers who perform services on our behalf based on our instructions.  We do not authorize service providers to use or disclose the information except as necessary to perform services on our behalf or to comply with legal or regulatory requirements.  Personal data transferred to affiliates, subsidiaries or service providers in other jurisdictions may be subject to access by authorities pursuant to the laws of those jurisdictions.  In all cases, Ardenton will endeavour to ensure that all sharing of personal information with affiliates, subsidiaries and service providers is governed by a formal written agreement under which such counterparty has agreed to commit to protecting the privacy of any such personal data that is received from Ardenton.

We also may disclose information about you (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities, regulators and/or other government entities and/or other competent authorities based on a lawful disclosure request, or (iii) when we believe disclosure is necessary or appropriate to prevent harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity. We reserve the right to transfer Personal Data we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, spin-off, dissolution or liquidation). 

In addition, we may share anonymous / aggregated information with third parties, such as service providers, in order to facilitate our business operations.

5. How we store and transfer personal data internationally

We may transfer the personal data we collect about you to recipients in countries other than the country in which the information originally was collected.  This includes transfers outside of the United Kingdom (in the event it is no longer a member of the European Union) and the European Economic Area (the “EEA”) (i.e., the Member States of the European Union, together with Norway, Iceland and Liechtenstein).  Those countries may not have the same data protection laws as the country in which you initially provided the information.  Where we transfer personal data outside of the UK or the EEA to other members of the Ardenton group or our service providers, we will ensure that our arrangements with them are governed by data transfer agreements, designed to ensure that your personal data is protected (including, where appropriate, under an agreement on terms approved for this purpose by the European Commission).

6. How we keep personal data secure

We are committed to taking all reasonable and appropriate steps to protect the personal data that we (or third parties on our behalf) hold from misuse, loss, or unauthorised access. We do this by having in place a range of contractual standards (relating to, amongst other matters, appropriate technical and organisational measures) in agreements with our service providers. These include measures to deal with any suspected data breach. If you suspect any misuse or loss of or unauthorised access to your personal data, please let us know immediately. Details of how to contact us can be found below.

7. How long we keep personal data

We, our subsidiaries or our service providers on our behalf, will ordinarily process your data throughout the course of our interactions and will then generally retain it for an appropriate period afterwards. We intend to keep your personal data accurate and up-to-date.  We will delete the information that we hold about you when we no longer need it.  The precise length of time will depend on the type of data, our legitimate business needs and other legal or regulatory rules that may require us to retain it for certain minimum periods. In other instances, there may be legal, regulatory or risk-management reasons for retaining data, including where certain data might be relevant to any potential litigation (bearing in mind relevant limitation periods).

In determining the appropriate retention period for different types of personal data, we consider the amount, nature and sensitivity of the personal data in question, the potential risk of harm from unauthorised use or disclosure of that personal data, the purposes for which we need to process it and whether we can achieve those purposes by other means (in addition to ensuring that we comply with our legal, regulatory and risk-management obligations, as described above).

8. Your legal rights with respect to your personal data

You have, inter alia, the following rights under the GDPR and other applicable privacy laws:

(i)  Right to access your personal data

You have the right to obtain confirmation from us as to whether or not personal data concerning you is being processes, and, where that is the case, access to the personal data.

(ii)  Right to rectification of incorrect personal data

If you find that personal data that we process about you is inaccurate, you have the right to have us correct such personal data.

(iii)  Right to erasure of personal data (the “right to be forgotten”)

Under certain circumstances, such as if personal data has been unlawfully processed or is no longer necessary in relation to the purpose for which we collected the personal data, you have the right to request and obtain erasure of your personal data from us.

(iv)  Right to restriction of processing

Under certain circumstances, such as if you question the accuracy of your personal data or you have objected to our legitimate purpose to process your personal data, you have the right to request that we restrict processing of your personal data.

(v)  Right to object to processing

Under certain circumstances, such as if you question our legitimate interest to process your personal data, you have the right to object, on grounds relating to your particular situation, to such processing.

(vi)  Right to data portability

If your personal data is processed by automatic means for the fulfilment of our contractual relationship, you have the right to request that we provide you with your personal data on a machine-readable format as well as the right to request its transmission to another data controller.

(vii)  Right related to automatic decision-making

With respect to automatic decision-making, where applicable, you have the right to obtain human intervention, to express your point of view and to obtain an explanation of the decision reached after such activity and to contest such decision.

(viii)  Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with your data protection supervisory authority.  The appropriate supervisory authority may be different, depending on the jurisdiction you are in.  The UK regulator for data protection is the Information Commissioner and its contact details are as follows:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Email: casework@ico.org.uk

If you wish to exercise any of your rights, or if you have concerns about how your personal data is being handled, please contact us first as set out below.  We will attempt to respond to requests with respect to your rights or concerns above within one month of receipt of your request, but our response may take longer where the request is more complex.  In addition, in some circumstances, we may charge a reasonable fee which we shall determine based on the administrative costs incurred by us to provide the information or communication or taking the action requested by you.  We will communicate to you in advance the fee that will be charged in such circumstances.

9. Links to other websites

Our website may provide links to other websites for your convenience and information.  These websites may operate independently from us.  Linked websites may have their own privacy notices or policies, which we strongly suggest you review.  To the extent any linked websites are not owned or controlled by us, we are not responsible for their content, use, or privacy policies.

10. Use of cookies and Google Analytics

Our website may use cookies for detecting what kind of device you have in order to present content in the best way, and for other purposes.  You can refuse the use of cookies by selecting the appropriate settings in your browser.  However, if you do this, you may lose some useful functionality. 

Our website uses Google Analytics.  Google Analytics uses cookies to help the website operators analyze how users use our website. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. By using our website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

11. Updates to our Privacy Policy

This Privacy Policy may be updated periodically and without prior notice to you to reflect changes to our personal data practices.  We will post the updated version on our website and indicate at the top of the notice when it was most recently updated.

12. Contacting us

If you would like to exercise any of your rights, or learn more about your rights, please contact Ardenton’s Chief Privacy Officer at privacy@ardenton.com.  You may also write to:

2400 – 1021 West Hastings Street
Vancouver, British Columbia, Canada
V6E 0C3