Data controller: CAPBASE Limited (trading as BankersBase) (the Company), 124-128 City Road, London EC1V 2NX
EU representative: ePrivacy, Burchardstraße 14, 20095 Hamburg, Germany (https://www.eprivacy.eu/en/consulting/eu-representative); email: info@eprivacy.eu
1. Introduction
This notice is provided pursuant to the Company’s obligations under the UK’s retained EU law version of EU General Data Protection Regulation 2016/679 (UK GDPR) and in line with the Data Protection Act 2018 (DPA).
It addresses the processing by the Company of personal data of anyone who registers an interest in the Company’s proposed offering by creating a profile (Registrants).
The Company is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
It is anticipated that the Company will develop its offering in the coming months with a view to developing a range of functionality, products and/or services. In that context, the Company may communicate with your further and update this privacy notice as appropriate. You will be notified accordingly.
2. What information does the Company collect?
The Company collects and processes of the following personal data: name, title, age bracket, job title/seniority, area of work (e.g. capital markets (debt/equity), M&A, structured/leveraged finance etc.), funds, asset management, issuer etc.) and email.
3. Where does the Company collect the information from?
The Company collects this information when you provide it to us via the website or if you otherwise contact the Company and provide your personal details for the purpose of creating a profile.
4. Why does the Company process personal data?
We process personal data for the following purposes.
· To understand and respond to your interest in our website and/or offering.
· To understand the professional profiles and demographics of those who have expressed an interest in our offering.
· To improve and develop our website and/or offering.
· To protect our rights, interests and/or property (including our IP).
5. What are the lawful bases for processing personal data?
Under UK GDPR, the lawful bases we rely on for processing your personal data are as follows.
Contractual necessity
The processing is necessary for the performance of a current or anticipated contract with you in relation to the proposed offering.
Legal obligations
This processing is necessary so that we can comply with our legal obligations.
We may be obliged by law or for security reasons to disclose personal data to a government or law enforcement agency, a competent court, or a regulatory body in response to a lawful request pursuant to a court order, subpoena, warrant, or similar legal mechanism having equivalent effect and authority.
Public interest
Data may also be processed in support of our efforts to operate compliantly and in a manner that protects our, and our Registrants’, reputation in the market and preserves public trust and confidence in us and them and in the industries and professions in which we and they operate.
Legitimate interests
This processing is necessary in connection with the Company’s legitimate interests or those of a third party.
This basis includes processing of personal data in connection with the development of our full website and/or the related offering of functionality, products and services and/or communicating with you about such matters.
In all such regards, the processing may also help us to avoid or mitigate legal liability.
Where the Company relies on legitimate interests as a reason for processing data, it has considered whether those interests are overridden by your interests or your fundamental rights and freedoms which require protection of personal data and has concluded that they are not.
Consent
The processing is carried out pursuant to your express consent.
We will rarely rely on this basis. It may be relevant to Registrants in some circumstances. If we do seek your consent, we will do so clearly and transparently. We will ensure the process by which we obtain it means your consent is freely given, specific, informed and unambiguous. If you give your consent and later change your mind, you are allowed to withdraw or modify your consent at any time by emailing us at [insert email address].
6. Where does the Company store the personal data and who has access to the personal data?
Data is stored in our database of Registrants in our IT system (including the Company's email system and drives) which are stored on servers located in the US. At this time, the personal data is accessible only by our senior management team (comprising the CEO and CTO).
Usually, the Company will only share your data with third parties where it is necessary for logistical or operational purposes (such as IT service providers) or to take legal or related advice or action.
The Company may also share your data with third parties in the context of a sale of, or securing investment in, some or all of its business. In those circumstances the data will be subject to confidentiality arrangements.
The Company may also share your data with the appropriate authorities to report suspected offences or with other third parties for the purposes of enforcing its legal rights.
The Company will not otherwise share your data with third parties.
7. International transfers
The Company only transfers personal data to countries outside the UK or the EEA if the Company is satisfied it will be protected in line with the requirements of UK GDPR and GDPR (as applicable). The most common bases for satisfying those criteria are that the data protection laws in place in the relevant territory have been assessed as providing an adequate level of protection for personal data (such as transfers made under the EU-US Data Privacy Framework and the corresponding UK-US data bridge) or, where there is no such assessment, that appropriate safeguards have been implemented. Examples of such safeguards include the execution by the Company and any of its group companies of binding corporate rules or the entry by the Company and transferee into approved standard data protection clauses.
Personal data will be stored on servers located in the US. The Company confirms that the importer of that personal data operates only as a processor of the personal data (as a provider of cloud computing services) and that the importer has self-certified pursuant to the EU-US Data Privacy Framework and meets the requirements of the UK-US data bridge.
8. How does the Company protect data?
The Company takes the security of personal data seriously. We employ appropriate organisational and technical security measures designed to protect your data from loss or misuse. Security and access restrictions are applied according to the personal data and the purposes of the processing.
Where the Company engages third parties to process personal data on its behalf (such as IT service providers), they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
9. For how long does the Company keep data?
We will only keep personal data for as long as reasonably necessary in relation to the purposes described in this Privacy Notice. We will retain personal data provided by Registrants for the duration of the relationship and for a reasonable period after that relationship ends.
To determine the appropriate retention period for your personal data, the Company will particularly consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of the data, the purposes for which it processes the data and whether it can achieve those purposes through other means, as well as applicable legal requirements.
10. Your rights
As a data subject, you have a number of rights. Subject to the provisions of UK GDPR, you can do any of the following.
· Access and obtain a copy of your data on request
· Require the Company to change incorrect or incomplete data
· Require the Company to delete your personal data – for example, where the data is no longer necessary for the identified purposes of processing
· Require the Company to temporarily cease further processing of your data – for example, if you want us to establish its accuracy or the reason for processing it
· Object to the processing of your data where the Company is relying on its legitimate interests as the lawful basis for processing
If you would like to exercise any of these rights, please contact us at compliance@bankersbase.com.
11. How to complain
If you are not satisfied with any response to a request by you to exercise your rights (as above) or if you believe that the Company has not complied with your data protection rights, you can make a complaint to us at compliance@bankersbase.com.
If your complaint is not properly handled, you may also complain to the Information Commissioner’s Office.
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
The Company is registered with the ICO under reference: ZC098759
12. What if you do not provide personal data?
If you wish to register your interest, we require your personal data. However, you are under no obligation to register your interest.
13. Automated decision-making
We do not take decisions relating to any person covered by this notice based on automated decision-making.
If this position changes such that we start to use automated decision-making with legal or similarly significant effects on you, we will inform you in advance. If such automated decision-making is not authorised by legislation or not necessary for the performance of or entering into a contract with us, we will ask for your consent.
You can express your opinion or contest any decision that is based solely on automated processing, as well as request a manual decision-making process instead by contacting us using the contact details provided.
Date: 2026-04-27