EVERCORE GDPR PRIVACY NOTICE

 
Evercore respects your privacy and is committed to protecting your personal information. This privacy notice will inform you as to how we look after your personal information and tells you about your privacy rights and how the law protects you.

This privacy notice is provided in a layered format so you can click the arrows to reveal further detail. Please also use the following table contents to click through to the specific areas set out below. Alternatively, you can download a pdf version of the full privacy notice here.

  1. IMPORTANT INFORMATION
  2. DATA PROTECTION PRINCIPLES
  3. PERSONAL INFORMATION WE HOLD ABOUT YOU, PURPOSES AND LAWFUL BASIS FOR PROCESSING
    • Visitors to this website
    • Visitors to Evercore’s offices
    • Our business contacts
    • Our suppliers and professional advisers
    • Parties with whom we conduct business (including clients, counterparties and potential clients and counterparties)
    • Our investors
  4. DATA SHARING
  5. DATA SECURITY
  6. DATA RETENTION
  7. YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION

1. IMPORTANT INFORMATION

Evercore respects your privacy and is committed to protecting your personal information.

This privacy notice describes how we collect and use personal information about you during and after your relationship with us, in accordance with the General Data Protection Regulation (GDPR).

It applies to Evercore’s business contacts, suppliers and professional advisors, parties with whom Evercore conducts business (including clients, counterparties and potential clients and counterparties) and investors and any associated individuals. This website is not intended for children and we do not knowingly collect data relating to children.

The Evercore Group is made up of different legal entities, details of which can be found in the exhibits to Evercore Inc.’s latest 10-K filing at: http://investors.evercore.com/phoenix.zhtml?c=66653&p=irol-investorkit. This privacy notice is issued on behalf of the Evercore Group so when we mention “Evercore”, “we”, “us” or “our” in this privacy notice, we are referring to the relevant company in the Evercore Group responsible for processing your data.

Evercore Inc. is responsible for this website. For the purposes of the GDPR, and for European Union (EU) subjects to whom GDPR applies, the Evercore company that you have dealings with is the controller of your personal information. This means that we are responsible for deciding how we hold and use personal information about you. We are required under the GDPR to notify you of the information contained in this privacy notice.

We have appointed a Data Protection Committee which is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the Data Protection Committee by email at dataprotectioneurope@evercore.com or using the contact details for your region set out below.

You have the right to make a complaint at any time to the relevant data protection authority (for details of which please click below). We would, however, appreciate the chance to deal with your concerns before you approach the data protection authority, so please contact us in the first instance.

  • If you have dealings with Evercore Group in the United Kingdom, please click here for further details.

    Evercore Partners International LLP (for advisory/investment banking business) or International Strategy & Investment (UK) Limited (for research/sales business) is the controller of your personal information and so responsible for this privacy notice.

    You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

    You can contact Evercore’s Data Protection Committee from the United Kingdom as follows:

    • By post at 15 Stanhope Gate, London, W1K 1LN and communications should be marked for the attention of the Data Protection Committee
    • By telephone on 00 44 207 653 6000
  • If you have dealings with Evercore Group in Germany, please click here for further details.

    Evercore GmbH is the controller of your personal information and so responsible for this privacy notice.

    You have the right to make a complaint at any time to Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, Gustav-Stresemann-Ring 1, 65189 Wiesbaden ,the German supervisory authority for data protection issues (https://www.bfdi.bund.de). We would, however, appreciate the chance to deal with your concerns before you approach the BfDI so please contact us in the first instance.

    You can contact Evercore’s Data Protection Officer in Germany as follows:

    • By post at Simmons & Simmons LLP, RA Sascha Kuhn, Kö-Bogen, Königsallee 2a, 40212 Düsseldorf
    • By telephone on 49 211 470 5379
    • By email on sascha.kuhn@simmons-simmons.com
  • If you have dealings with Evercore Group in Spain, please click here for further details.

    Evercore Partners International LLP is the controller of your personal information and so responsible for this privacy notice.

    You have the right to make a complaint at any time to the Spanish Data Protection Agency (Agencia Española de Protección de Datos (AEPD)), the Spanish supervisory authority for data protection issues (http://www.agpd.es). We would, however, appreciate the chance to deal with your concerns before you approach the AEPD so please contact us in the first instance.

    You can contact Evercore’s Data Protection Committee from Spain as follows:

    • By post at Paseo de la Castellana 36-38, Madrid, Spain and communications should be marked for the attention of the Data Protection Committee
    • By telephone on 00 34 91 119 0584

This notice applies to Evercore’s business contacts, suppliers and professional advisors, parties with whom Evercore conducts business (including clients, counterparties and potential clients and counterparties) and investors and any associated individuals. This notice does not form part of any contract of services. We may update this notice at any time.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

We reserve the right to update this privacy notice at any time. We may also notify you in other ways from time to time about the processing of your personal information.

2. DATA PROTECTION PRINCIPLES

We will comply with applicable data protection law. This says that the personal information we hold about you must be:

  1. used lawfully, fairly and in a transparent way;
  2. collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
  3. relevant to the purposes we have told you about and limited only to those purposes;
  4. accurate and to the extent appropriate, kept up to date;
  5. kept only as long as necessary for the purposes we have told you about; and
  6. kept securely.

3. PERSONAL INFORMATION WE HOLD ABOUT YOU, PURPOSES AND LAWFUL BASIS FOR PROCESSING

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

There are more sensitive types of personal data which require a higher level of protection, known as ‘special categories’ of personal data under the GDPR. We do not collect any ‘special categories’ of personal data about you except for information about religious beliefs in the context of dietary requirements and, where applicable, health information in the event that we have to give you first aid on site for events and meetings that you voluntarily provide to us. Nor do we collect any information about criminal convictions and offences unless revealed by due diligence conducted to comply with a legal obligation or given to us in connection with our role, or potential role, as financial adviser in connection with a transaction, in order to comply with a legal obligation.

Please click on the relevant section to see the categories of personal information about you that we collect, store, and use, and the purposes of processing. The legal basis for collecting, using and storing personal information about the categories of individuals below is that such processing is necessary for our legitimate interests in running and promoting our business.

  • Visitors to Evercore’s website

    When you visit our website the server will record your IP address together with the date, time and duration of your visit. An IP address is an assigned number, similar to a telephone number, which allows your computer to communicate over the Internet. In addition to your IP address the following technical information will also be collected: your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, information about your visit including the full Uniform Resource Locators (URL), clickstream to, through and from the website (including date and time), pages viewed, download errors, page interaction information (such as scrolling clicks) and methods used to browse away from the website.

    You are not required to provide any personal information to access public areas of our website.

  • Visitors to Evercore’s offices

    When you visit our offices in Europe, we collect the following personal information about you for the following purposes:

    1. images (but not sound or facial recognition) of you in public areas from CCTV footage in line with our legitimate interests (security of the building);
    2. your location while at Evercore’s offices through access key card monitoring and in order to comply with legal obligations (financial services regulations);
    3. contact information by completion of the visitor guest list in line with our legitimate interests (security of the building);
    4. if applicable, health information by completion of the first aid accident book in order to comply with legal obligations (health and safety); and
    5. names and dietary preferences for catering purposes in meetings in line with our legitimate interests (respecting visitors’ needs).
  • Our business contacts

    If you have had contact with Evercore, for example through emailing us or meeting a representative of Evercore, we collect, use and store limited amounts of personal information relating to you, such as your name, job title, employer organisation and contact details. We also use publicly available information about you or information you have provided us with to add to Evercore’s contact database.

    We will collect and store this personal information for the purposes of:

    1. maintaining a record of contacts;
    2. providing periodic business updates as described below;
    3. organising meetings between you and your Evercore representatives; and
    4. sending you periodic updates about Evercore’s business, activities and opportunities, in particular, by email and post; you can opt out of receiving updates at any by asking your Evercore business contact to remove you from updates.

    We will share the personal information we hold about business contacts with:

    1. companies which process personal information on Evercore’s behalf;
    2. professional advisors, such as accountants, lawyers or other consultants;
    3. other companies in the Evercore Group, including in the United States;
    4. Evercore’s auditors; and
    5. applicable regulators and other governmental agencies anywhere in the world.
  • Our suppliers and professional advisers

    If you are an individual associated with a supplier to Evercore, or with one of our professional advisers, we will collect, use and store limited amounts of personal information relating to you, including your name, job title, qualifications, employer or parent organisation and contact details.

    We will collect, use and store this personal information for the purposes of administering and maintaining records of services or advice we have received, and commissioning further services.

    The personal information we hold about individuals associated with our suppliers and professional advisers will be shared with:

    1. companies which process personal information on Evercore’s behalf;
    2. professional advisors, such as accountants, lawyers or other consultants;
    3. other companies in the Evercore Group, including in the United States;
    4. Evercore’s auditors; and
    5. applicable regulators and other governmental agencies anywhere in the world.
  • Parties with whom we conduct business (including clients, counterparties and potential clients and counterparties)

    If you are involved in a transaction or potential transaction that Evercore advises on, we collect, use and store personal information relating to you. To the extent appropriate, this includes your business and personal contact details, interesting/marketing preferences, professional opinions and judgements, visual images and photographs required for business purposes, log-in details for user accounts, information relating to your financial status and dealings, nationality information (including copies of identity documents, such as a passport), references provided by third parties, and results of other due diligence carried out.

    We collect, process and store this personal information for the purposes of:

    1. conducting “know-your customer” and other due diligence pursuant to applicable anti-money laundering and anti-corruption laws and regulations and Evercore’s related policies and procedures;
    2. assessing your suitability as our client, including by verifying your identity;
    3. advising on potential transactions and transactions;
    4. administering any transaction that we enter into;
    5. providing a range of financial services;
    6. statistical analysis and market research;
    7. maintaining records of investments;
    8. billing and invoicing purposes;
    9. complying with our regulatory and legal obligations, including assessing and managing risk;
    10. identifying and preventing fraud and other unlawful activity;
    11. safeguarding our legal rights and interests;
    12. seeking and receiving advice from our professional advisors, including accountants, lawyers and other consultants;
    13. organising and holding meetings and events; and
    14. sending you periodic updates about Evercore’s business, activities and opportunities, in particular, by email and post; you can opt out of receiving updates at any time by asking your Evercore contact to remove you from such updates.

    The personal information we collect, use and store about individuals associated with our clients, counterparties and potential clients and counterparties with whom we conduct business may be shared with:

    1. companies which process personal information on Client’s behalf;
    2. credit reference agencies;
    3. financial intermediaries;
    4. professional advisors, such as accountants, lawyers or other consultants;
    5. other persons who have an interest or involvement in, or who are considering an interest or involvement in, a transaction upon which Evercore is advising, including co-investors, other providers of finance and investors in Evercore;
    6. other companies in the Evercore group in the United States;
    7. Evercore’s auditors; and
    8. applicable regulators and other governmental agencies anywhere in the world.

    As discussed above, our legal basis for collecting, using and storing personal information about you is that such processing is necessary for our legitimate interests in running our business, in particular by advising on potential transactions. If we advise on a potential transaction that you consider entering into, it will also be necessary for us to process your personal information for the purpose of performing in connection with the relevant contract and to comply with our regulatory and legal obligations.

  • Our investors

    We collect, use and store personal information about our investors for the purposes of:

    1. complying with our regulatory and legal obligations;
    2. communicating with investors (including the mailing, in physical or electronic format, of Annual Reports, AGM or EGM notices or proxy cards, or communications in relation to other corporate actions);
    3. facilitating the payment of dividends; and
    4. sending you periodic updates about Evercore’s business, activities and opportunities, in particular, by email and post; you can opt out of receiving updates at any time by asking your Evercore contact to remove you from such updates.

    We share the personal information we hold about our investors with:

    1. companies which process personal information on Evercore’s behalf;
    2. professional advisors, such as accountants, lawyers, proxy advisers or other consultants;
    3. other companies in the Evercore group in the United States;
    4. Evercore’s auditors; and
    5. applicable regulators and other governmental agencies anywhere in the world.

    As discussed above, our legal basis for collecting and storing personal information about our investors is that such processing is necessary for our legitimate interests in running and operating our business, and ensuring effective communications with investors.

  • Lawful basis for using your personal information

    We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances (each a lawful basis):

    1. where we need to perform the contract we are about to enter into or have entered into with you;
    2. where it is necessary for our legitimate interests (as further explained above) and your interests and fundamental rights do not override those interests; or
    3. where we need to comply with a legal or regulatory obligation.

    Generally, we do not rely on consent as a legal basis for processing your personal data.

  • If you fail to provide personal information

    If you do not provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as advising on a particular transaction), or we may be prevented from complying with our legal obligations (such as to perform client due diligence).
  • Change of purpose

    We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

    Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

4. DATA SHARING

We share your personal information with third parties only as necessary, including third-party service providers and other entities in the Evercore Group.

We require third parties to respect the security of your personal information and to treat it in accordance with the law.

We transfer your personal information outside the European Economic Area and when we do, you can expect a similar degree of protection in respect of your personal information.

  • Why do we share your personal information with third parties?

    We will share your personal information with third parties where required by law, where it is necessary to administer our relationship with you or where we have another legitimate interest in doing so. “Third parties” includes third-party service providers (including contractors) and other entities within the Evercore group worldwide.
  • Which third-party service providers use your personal information?

    The following activities are carried out by the following categories of third-party service providers in the following locations:

    1. Telephone and video conferencing, including in the United States;
    2. Recording telephone calls and emails for compliance purposes, including in the United States and Canada;
    3. Contact database management;
    4. Hosting and/or participating in client data rooms by various providers, potentially including in the United States;
    5. Marketing communications, including by Evercore Group in the United States;
    6. Research services client management, including in the United States;
    7. Communication, including in the United States; and
    8. Meeting catering purposes.
  • How secure is your personal information with third-party service providers and other entities in our group?

    All our third-party service providers and other companies in the Evercore Group are required to take appropriate security measures to protect your personal information in line with the GDPR. Except where needed for their own direct relationship with you, we do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
  • When do we share your personal information with other entities in the Evercore group?

    We will share your personal information with other companies in the Evercore Group for internal administrative purposes.
  • When do we share your personal information with any other third parties?

    We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. If needed to comply with law and regulations, we will also need to share your personal information with a regulator, governmental agency or otherwise.
  • Transferring your personal information outside Europe

    We share your personal data within the Evercore Group. This will involve transferring your data outside the European Economic Area (EEA).

    Many of our third-party service providers are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA.

    Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

    1. We will transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
    2. We use specific contracts approved by the European Commission which give personal information the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
    3. Where we use third-party service providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

    Please contact us if you would like further information on the specific mechanism used by us when transferring your personal data out of the EEA.

5. DATA SECURITY

We have put in place appropriate measures to protect the security of your personal information.

Third parties will only process your personal information where they have agreed to treat the personal information confidentially and to keep it secure.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to access it. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

6. DATA RETENTION

How long will you use my information for?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a business contact, supplier, professional advisor, counterparty with whom Evercore conducts business (including client) or an investor of Evercore we will retain and securely destroy your personal information in accordance with our data retention policy.

7. YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

Your rights in connection with your personal information

Under certain circumstances, under the GDPR you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us.

No fee usually required

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Your right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.