Privacy Policy

How we collect, use, and protect your data

Last updated: 24 June 2025

1. Data Controller

GP Stakes ("we", "us", "our") operates the website at platform.gp-stakes.com. We are the data controller responsible for your personal data. We operate from the United Kingdom.

Contact: [email protected]

2. What Data We Collect

Account Data

When you register, we collect your email address, name, company affiliation, and password (stored securely hashed).

Professional Directory Data

Our directory contains professional information about individuals in the private markets industry, including names, job titles, company affiliations, locations, and career histories. This information is sourced from publicly available sources, commercial data providers, and user-submitted data.

Usage Data

We collect information about how you interact with our platform, including pages visited and features used.

3. Lawful Bases for Processing

We process personal data under the following lawful bases:

  • Consent (Article 6(1)(a)) — for account registration and optional communications.
  • Legitimate Interest (Article 6(1)(f)) — for our professional directory. See below for our justification.
  • Contract (Article 6(1)(b)) — for providing paid services to subscribers.

4. Legitimate Interest Justification

Our professional directory serves the legitimate interests of market transparency, career development, and industry benchmarking in the private markets sector. We have conducted a Legitimate Interest Assessment and determined that:

  • The data is limited to professional (not private) information
  • There is a reasonable expectation that professional data may appear in industry directories
  • We provide easy mechanisms to object, request correction, or request removal
  • The processing supports industry transparency and professional networking

5. Data Sources

Professional directory information is obtained from:

  • Publicly available professional information (company websites, regulatory filings, press releases)
  • Commercial data providers
  • User-submitted data and profile updates

6. Data Sharing

We do not sell personal data. We share data only with:

  • Stripe — our payment processor, for subscription billing
  • Email service provider — for transactional emails (account verification, notifications)

7. Data Retention

  • Account data is retained while your account is active, plus 2 years after account closure.
  • Directory data is refreshed periodically and will be deleted upon a valid removal request.
  • Usage data is retained for up to 12 months for analytics purposes.

8. Your Rights

Under GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your personal data
  • Restriction — request that we limit how we process your data
  • Portability — receive your data in a structured, commonly used format
  • Objection — object to processing based on legitimate interest

9. How to Exercise Your Rights

You can exercise your data rights by:

We will respond to all requests within 30 days.

10. Cookies

We use essential cookies only for authentication (session/JWT token). We do not currently use analytics or tracking cookies. See our Cookie Policy for details.

11. International Transfers

Your data is processed on servers located within the EU/EEA. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place.

12. Updates to This Policy

We may update this privacy policy from time to time. The date of the latest revision is shown at the top of this page. We encourage you to review this policy periodically.

13. Supervisory Authority

If you are not satisfied with our response to your data rights request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection.

Website: ico.org.uk