Burford Capital Logo Light Burford Capital Logo Dark

Privacy policy - UK/EU

To allow us to provide and offer our products and services to you and to accept investors, we collect and use information and disclose information to third parties. We understand your privacy and security concerns regarding this information.

Burford is firmly committed to protecting your privacy and the confidentiality of your Personal Information. To notify you about our practices, we have developed this Privacy Policy, in furtherance of our obligations under the EU General Data Protection Regulation (the “GDPR”), and any applicable laws, regulations and secondary legislation in England and Wales and in Guernsey relating to the processing of Personal Information and the privacy of electronic communications as amended, replaced or updated from time to time, including the UK General Data Protection Regulation (the “UK GDPR”), the Data Protection Act 2018, the Data Protection (Bailiwick of Guernsey) Law, 2017,any other applicable law relating to the processing, privacy and/or use of Personal Information in the European Union (together with the GDPR, the “Data Protection Laws”). Burford Capital Limited is the data controller responsible for your Personal Data processed via the Site. Please be aware that the Burford company contracted to provide services to you will be the data controller responsible for Personal Data processed in respect of those services. This notice applies to all such companies.

For the purposes of this Privacy Policy, “Burford” means Burford Capital Limited (“BCL”) and its controlled affiliates.

Any personally identifiable information collected from or in respect of you as a user of this website (the “Site”), as an investor in Burford or a person affiliated with such investor, or in the course of any proceedings (as the case may be), is considered Personal Information (“Personal Information” or “Personal Data”) and will be treated in accordance with this Privacy Policy.

Burford is not required to appoint a Data Protection Officer under the Data Protection Laws. Please contact our privacy team [email protected] if you have any queries on data protection or comments on this policy.

Collection, use and disclosure of personal information

Burford is committed to protecting the privacy of persons in respect of whom Personal Information is received.

We may collect and use the following types of Personal Data:

  • your name and contact information, including email address, telephone number, address, and company details;

  • information to check and verify your identity, e.g., date of birth, copies of IDs, proof of address;
    your gender, if you choose to give this to us;

  • location data, if you choose to give this to us;

  • financial information, including account details, national insurance number, tax details, billing information, transaction and payment card information;

  • your professional online presence, e.g., LinkedIn profile and information on Companies House (and equivalent company registries);

  • information from accounts you link to us;

  • information to enable us to undertake credit or other financial checks including source of funds; and

  • information about how you use our website, IT, communication and other systems.

We collect and use this Personal Data to provide services to or for you. If you do not provide Personal Data we ask for, it may delay or prevent us from providing our services.

Site Users

The information gathered by Burford from this Site falls into two categories:

  1. information voluntarily supplied by visitors to our Site (see “Information Voluntarily Provided by You” below); and

  2. tracking information gathered automatically as visitors navigate through our Site (see “Cookies” below).

Investors & their affiliates

Burford mainly gathers Personal Information concerning investors in Burford and persons affiliated with them through the following sources:

  • Subscription forms, investor questionnaires and other information provided by the investor (including identification and verification documentation) in person, by telephone (which may be recorded), electronically or by any other means. This information includes identifiers such as names, addresses, nationalities, tax identification numbers, financial and investment qualifications, and may include special category data such as information regarding criminal convictions (see “Information Voluntarily Provided by You” below).

  • Transactions, including account balances, investments, distributions, payments and withdrawals (see “Information Voluntarily Provided by You” below).

Other data subjects

Burford also gathers information on other data subjects as may be required for Burford’s work. This information is mainly gathered from Burford’s clients and, where information on data subjects is available, third parties.

You must ensure that you have the authority under the applicable Data Protection Laws to share any Personal Information with us for the purpose of the services we are providing to you.

We may also collect Personal Information from credit reference agencies and available public databases or data sources, such as news outlets and other media sources, websites, government registries, due diligence providers, credit reference agencies, financial institutions, advisors and consultants, and international sanctions lists.

Information voluntarily provided by you

When using this Site, providing information as an investor or an affiliate thereof in Burford, or in the course of any proceedings, you may choose to provide us with information to help us serve your needs or to request information or materials. This information could include your name, company name, address, phone numbers, and e-mail addresses. Any Personal Information that you provide will be used only for the purpose indicated on the Site or in this policy. The Personal Information we collect is to enable us to contract with potential customers, engage with and accept investors, and to comply with relevant legal obligations. In some cases, we may use Personal Information for our legitimate interests (such as contacting you with information about other services and products that are offered by Burford that we think may be of interest to you), or those of third parties, provided that a data subject’s interests and fundamental rights do not override those interests.

You may at your discretion refuse to communicate Personal Information to Burford or object to some processing of your Personal Information. There are, however, situations where Burford can refuse to comply with such a request — for example, where it is subject to a legal or contractual obligation to process the data. In this case, Burford may reject your registration or subscription or withhold payments/distributions until such time as the requisite data has been provided.

If you do not wish to be contacted by us for direct marketing purposes, please see the section titled “Contact Information” below.

How and why we use your personal data

We will ensure that Personal Information is processed lawfully, fairly, and transparently, without adversely affecting an individual’s rights. We will only process Personal Information if at least one of the following bases applies:

  1. the relevant data subject has given consent to the processing of their Personal Data for one or more specific purposes;

  2. processing is necessary for the performance of a contract to which the relevant data subject is a party or in order to take steps at the request of that data subject prior to entering into a contract;

  3. processing is necessary for compliance with a legal obligation to which we are subject;

  4. processing is necessary to protect the vital interests of the relevant data subject or of another natural person;

  5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or

  6. processing is necessary for the purposes of the legitimate interests pursued by us or by a third party except where such interests are overridden by fundamental rights and freedoms of the data subject which require protection of Personal Data, in particular where the data subject is a child.

A legitimate interest is when we have or a third party has a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests against your own. You can obtain details of this assessment by contacting us (see “Contact Information” below).

The table below explains what we use Personal Data for and why.

What we use your Personal Data for

Our reasons

Providing our services

To perform our contract with you or to take steps at your request before entering into a contract

For our legitimate interests or those of a third party, i.e., to assist our clients to recover assets and enforce judgments

Preventing and detecting fraud

For our legitimate interests or those of a third party, i.e., to minimise fraud that could be damaging for you and/or us

Conducting checks to identify our customers and verify their identity

Screening for financial and other sanctions or embargoes, anti-money laundering, anti-tax evasion, anti-bribery and corruption, and prevention of modern slavery

Other activities necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g., under health and safety law or rules issued by our professional regulator

To comply with our legal and regulatory obligations

Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies

To comply with our legal and regulatory obligations

Gathering evidence and information to assist our clients in relation to the services they have instructed us on

For our legitimate interests or those of a third party, i.e., to ensure we can deliver our services and to serve the needs of a client including ensuring recovery of sums owed

Ensuring business policies are adhered to, e.g., policies covering security and internet use

For our legitimate interests or those of a third party, i.e., to make sure we are following our own internal procedures so we can deliver the best service to you

Operational reasons, such as improving efficiency, training and quality control

For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service to you at the best price

Ensuring the confidentiality of commercially sensitive information

For our legitimate interests or those of a third party, i.e., to protect trade secrets and other commercially valuable information

To comply with our legal and regulatory obligations

Statistical analysis to help us manage our business, e.g., in relation to our financial performance, customer base, product range or other efficiency measures

For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service to you at the best price

Preventing unauthorised access and modifications to systems

For our legitimate interests or those of a third party, i.e., to prevent and detect criminal activity that could be damaging for you and/or us

To comply with our legal and regulatory obligations

Updating and enhancing customer records

To perform our contract with you or to take steps at your request before entering into a contract

To comply with our legal and regulatory obligations

For our legitimate interests or those of a third party, e.g., making sure that we can keep in touch with our customers about existing orders and new products

Statutory returns

To comply with our legal and regulatory obligations

Ensuring safe working practices, staff administration and assessments

To comply with our legal and regulatory obligations

For our legitimate interests or those of a third party, e.g., to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you

Marketing our services to:

  • existing and former customers;

     

  • third parties who have previously expressed an interest in our services; and

     

  • third parties with whom we have had no previous dealings.

     

For our legitimate interests or those of a third party, i.e., to promote our business to existing and former customers

Credit reference checks via external credit reference agencies

For our legitimate interests or those of a third party, i.e., to ensure our customers are likely to be able to pay for our products and services

External audits and quality checks, e.g., for accreditation and the audit of our accounts

For our legitimate interests or a those of a third party, i.e., to maintain our accreditations so we can demonstrate we operate at the highest standards

To comply with our legal and regulatory obligations

Certain Personal Data we collect is treated as a special category to which additional protections apply under the Data Protection Laws:

  • Personal Data revealing racial or ethnic origin; or

  • health information.

Where we process such special categories of Personal Data, we will also ensure we are permitted to do so under the Data Protection Laws, i.e., that:

  • we have your explicit consent;

  • the processing is necessary to protect you (or someone else’s) vital interests where you are physically or legally incapable of giving consent;

  • there is an exemption under an applicable law; or

  • the processing is necessary to establish, exercise or defend legal claims.

Burford does not base any decision on automated processing of Personal Information.

Cookie

This Site uses cookies. Cookies are pieces of information stored by your web browser on behalf of a website.

The information that may be maintained by a cookie is used by Burford solely to help us manage the Site and our business (e.g., by helping us analyse traffic to our web site and offer repeat visitors to our site easier access to downloadable content). We discuss below the strict limitations we place on any use of Personal Information.

You can block or limit the use of cookies, but if you continue using our site without disabling cookies we will assume that you are happy to receive them for the purposes described in this policy.

For more information about cookies and instructions on how to adjust your browser settings to accept, delete or reject cookies, please visit https://www.allaboutcookies.org/.

Discussion forum and chat room use

If you participate in a Burford discussion forum or chat room, you should be aware that the information you provide there will be made available to Burford employees and other users of the service. Also, please recognise that the individual forums and chat rooms may have additional rules and conditions. Each participant (including any Burford employee or representative)’s opinion on a forum or chat room is his or her own and should not be considered as reflecting the opinion of Burford.

Disclosure or use of personal information

We feel very strongly about privacy and confidentiality and we will not exchange or sell or otherwise distribute your Personal Information without your consent outside of Burford, except in accordance with your instructions, or if it is already in the public domain, or it has been received independently from a third party whom we reasonably believed was permitted to supply such information to us, or as identified in this privacy policy.

In the normal course of our business, information may be shared within Burford entities and may be used both for research and statistical purposes and crime prevention. We may also use it to ensure we present the Site content effectively to you, to provide information on services that may be of interest to you, to facilitate transactions with you as an investor (e.g. dividends) and notify you of any changes to our services. It may also be used to provide our clients with information about products and services that we believe could be of interest, by post, by telephone, e-mail, or other means. By giving us your Personal Information, you agree to this arrangement. We will do what we reasonably can to keep your data secure.

Agents and Service Providers. We sometimes contract with other companies and individuals to perform functions or services on our behalf, such as hosting this Site, performing administration services in respect of Burford, sending e-mail messages, making phone calls on our behalf, or otherwise gathering and processing Personal Information as may be required for Burford’s legitimate interests including in respect of any proceedings. They may have access to Personal Information, such as addresses, needed to perform their functions, but are restricted from using it for purposes other than providing services for Burford and will be subject to specific contractual requirements in relation to the processing of such Personal Information.

Business Transfers. As we continue to develop our business, we might sell or buy assets or businesses. In such transactions, user information generally is one of the transferred business assets. Also, if either a Burford entity itself or substantially all of a Burford’s entity’s assets were acquired, your Personal Information may be one of the transferred assets.

Burford may preserve and has the right to disclose without your prior permission any information about you or your use of this Site, your investment, or any proceedings if Burford has a good faith belief that such action is necessary to: (a) protect and defend the rights, property or safety of Burford, employees, other investors (or their affiliates) in Burford, other users of this Site, or the public; (b) enforce the terms and conditions that apply to investment in Burford, the use of this Site or the advancement of any proceedings; or (c) respond to claims that any content violates the rights of third-parties. We may also disclose information as we deem necessary to satisfy any applicable law, regulation, legal process or governmental request.

Transferring your Personal Data out of the UK and the EEA

Countries outside the European Economic Area (EEA) and the UK have differing data protection laws, some of which may provide lower levels of protection of privacy.

If you are UK resident or EEA resident, it may sometimes be necessary for us to share your Personal Data to countries outside the UK or the EEA as appropriate. In those cases, we will comply with applicable Data Protection Laws designed to ensure the privacy of your Personal Data.

We may transfer your data to our group companies in Guernsey, the USA, Germany, Ireland, Luxembourg, the Netherlands, Australia, Cayman Islands, Hong Kong, and Singapore.

Under the Data Protection Laws, we can only transfer your Personal Data to a country outside the UK/EEA (a “Third Country”) where:

  • in the case of transfers subject to UK data protection law, the UK government has decided the Third Country ensures an adequate level of protection of Personal Data (known as an “adequacy regulation”) further to Article 45 of the UK GDPR;

  • in the case of transfers subject to EEA Data Protection laws, the European Commission has decided that the Third Country ensures an adequate level of protection of Personal Data (known as an “adequacy decision”) further to Article 45 of the EU GDPR. In addition, EEA Data Protection Laws provide that transfers of Personal Data from the EEA to the UK are lawful under an interim arrangement (UK interim bridge), pending a longer-term adequacy decision;

  • there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you; or

  • a specific exception applies under relevant data protection law.

Where we transfer your Personal Data outside the UK, we do so on the basis of an adequacy regulation or by implementing appropriate safeguards, for example legally-approved standard data protection clauses (in accordance with Article 46(2) of the UK GDPR). In the event we cannot or choose not to continue to rely on either of those mechanisms at any time we will not transfer your Personal Data outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by UK data protection law.

Any changes to the destinations to which we send Personal Data or in the transfer mechanisms we use to transfer Personal Data internationally will be notified to you in accordance with the section on ‘Policy Updates’ below.

For further information about such transfers and the safeguards we employ, including to obtain a copy of the standard data protection clauses, please contact us (see “Contact Information” below).

Personal Information may be transferred to any country, including countries outside the EEA, for any of the above purposes, including for systems administration. Where required to do so by law or where it considers appropriate, Burford will implement contracts which seek to ensure that any such recipient of Personal Information is contractually bound to provide an adequate level of protection in respect of the Personal Information transferred to it.

External links

Burford includes links to other websites whose privacy policies we do not control. Once you leave the Site, the use of any information you provide is governed by the privacy policy of the operator of the site you are visiting. That policy may differ from ours. If you cannot find the privacy policy of any of these sites via a link from the site homepage, you should contact that site directly for more information.

Throughout the website we may link to other websites owned and operated by certain trusted third parties. Those other third-party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other third-party websites, please consult their privacy policies as appropriate.

Keeping your data secure

We have appropriate security measures to prevent Personal Data from being accidentally lost, used or accessed unlawfully. We limit access to your Personal Data to those who have a genuine business need to access it. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Personal Information collected may be processed and stored anywhere in the world by Burford and its technology service providers. By providing information to Burford, you are consenting to the transfer of the information into or through any jurisdiction for processing in accordance with this Privacy Policy. We endeavour to maintain appropriate safeguards appropriate to the sensitivity of the Personal Information we collect, use, and maintain. However, as effective as our security measures may be, no security system is impenetrable. We cannot guarantee the security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet or otherwise. Burford is not engaged in personal transactions, and you should not supply sensitive personal information to us, such as social security or government identification numbers or banking or credit information, unless specifically required as part of our investor onboarding process or otherwise.

How long your Personal Data will be kept

We will not keep your Personal Data for longer than we need it for the purpose for which it is used.

Different retention periods apply to different types of Personal Data. Further details on this are available on request. Following the end of the relevant retention period, we will delete or anonymise your Personal Data.

We only keep your Personal Information for as long as necessary to use it as described above, and/or for as long as we have your permission to keep it. In any event, we will conduct a review, as necessary, to ascertain whether we need to keep your Personal Information. Your Personal Information will be deleted if we no longer need it.

Disclosing your information

We may disclose your personal information to:

  • third parties we use to help deliver our services to you, such as payment service providers;
    other third parties we use to help run our business, such as website hosts;

  • professional advisers, such as lawyers, bankers and insurers;

  • law enforcement agencies, courts, tribunals and regulatory bodies, to comply with our legal and regulatory obligations; or

  • other parties in connection with a significant corporate transaction or restructuring including a merger, acquisition, asset sale or in the event of our insolvency – information will be anonymised but this may not always be possible, however, the recipient will be bound by confidentiality obligations.

We only allow those organisations to handle your Personal Data if we are satisfied they have the appropriate measures to protect your Personal Data. We also impose contractual obligations on them to ensure they can only use your Personal Data to provide services to you. We may disclose your information in the following situations:

  • if we want to sell our business, or one or more of our companies, to potential buyers , ;
    to other businesses in our group;

  • if we have a legal obligation to do so, or in order to protect other people’s property, safety or rights; and

  • we can exchange information with others to protect against fraud or credit risks.

We may contract with third parties to supply services to you on our behalf. These may include payment processing, administration and registrar services, search engine facilities, advertising and marketing. In some cases, the third parties may require access to some or all of your data. If you have any questions, please contact [email protected].

Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the Data Protection Laws.

Information related to employment

The Site may provide an opportunity to submit your curriculum vitae or an application form to us or apply for a position through the Site. If you submit information for such purposes, we will use (which may include transferring) the Personal Information you provide to evaluate your qualifications and contact you regarding any positions at Burford in which we believe you may be interested.

Minors

You must be at least 18 years old and possess the legal authority to form legally binding contracts under applicable law to use this Site and the services provided on it. Burford does not knowingly collect Personal Information from those under the age of 18 nor are our services directed in any way towards minors. In an instance where such information was collected, it would be purely accidental and unintentional. Burford encourages parents to discuss the internet with their children and monitor Personal Information that a child may provide via the internet.

Given the nature of our website, we do not expect to collect Personal Data of anyone under 18 years of age. If you are aware that any Personal Data of anyone under 18 years of age has been shared with our website, please let us know so that we can delete that data.

Marketing

We may use your Personal Data to send you updates (by email, text message, telephone, post) about our services, including exclusive offers, promotions or new services. We have a legitimate interest in using your Personal Data for marketing purposes (see above “how and why we use your Personal Data”). This means we do not usually need your consent to send you marketing information. However, where consent is needed, we will ask for this separately and clearly.

You have the right to opt out of receiving marketing information at any time. You can do this by ticking the relevant boxes on our forms, or by contacting us at any time at [email protected].

We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are any changes in the law, regulation, or the structure of our business.

For more information on your rights to object at any time to your Personal Data being used for marketing purposes, see “your rights” below.

Your rights

Under the Data Protection Laws in certain circumstances you have the right to:

  • request access to your Personal Data, i.e. obtain a copy of your Personal Data;

  • request correction of any inaccurate or incomplete Personal Data that we hold about you;

  • request deletion of your Personal Data held by us at no cost to you, if:

    • the Personal Data is no longer necessary for the purposes in which it was originally processed;

    • we are relying on consent as our lawful basis for holding your Personal Data, and you choose to withdraw that consent;

    • the Personal Data is processed for direct marketing purposes, and you object to that processing; or

    • we have processed the Personal Data unlawfully;

     

  • request that your Personal Data be transferred to a third party (data portability), including the right to receive your Personal Data in a structured, commonly used and machine readable format;

  • be informed of what data processing is taking place, requiring us when we collect Personal Data to provide you with privacy information within a reasonable time frame of no more than one month;

  • restrict the processing of Personal Data, if:

    • you contest the accuracy of your Personal Data;

    • the Personal Data has been unlawfully processed; or

    • we no longer need the Personal Data, but you require us to keep it in order to establish, exercise or defend a legal claim;

     

  • object to processing of your Personal Data at any time, including where your Personal Data is used for direct marketing purposes— although we may demonstrate that we have an adequate ground to process your Personal Data which will outweigh your rights and freedoms; or

  • complain to a supervisory authority (and avail of certain rights of appeal in connection therewith). However, before making such a complaint, we would like you to contact us so that we have an opportunity to try and address the complaint. Please see ‘Contact information’ below.

     

To enforce any of the foregoing rights or if you have any other questions about our site or this Privacy Policy, please contact us. When contacting us please:

  • provide enough information to identify yourself (i.e. your full name, address and any reference number you have been given) and any additional identity information we may reasonably request from you; and

  • let us know what right you want to exercise and the information to which your request relates.

Policy updates

We may update this Privacy Policy from time to time. When we do so, changes in our Privacy Policy will be effective immediately. We recommend that you check this Privacy Policy on a regular basis.

 

Effective date: January 1, 2023

Contact us

You can contact us by post, email or telephone if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint. Our contact details are shown below:

Oak House
Hirzel Street
St Peter Port
Guernsey
GY1 2NP

+44 20 3530 2000

envelopeSend an email

Alternatively, you can direct your questions to the Burford company with whom you have contracted to provide you with specific services.

Opting out

If, when using this Site or as an investor (or affiliate thereof), you have previously furnished us with Personal Information but now do not want to receive further direct marketing communications, please let us know using the contact above. Opting out of receiving further communications does not affect the lawfulness of processing your Personal Information for other reasons and/or based on other grounds where this is permitted under applicable law.