The following privacy notice provides information for the purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) about how Senda Infraestructure Partners (“Senda”, “we”, “our” or “us”) processes and protects personal data that we may collect about our prospective, existing and former business contacts, and individuals related to them (referred to here as “you” or “your”). The terms “controller”, “processor”, “data subject”, “personal data”, “process”, “processes”, and “processing” used in this privacy notice have the meanings given to them in the GDPR.

For the purposes of the GDPR, Senda is a data ‘controller’ in respect of your personal data. We are responsible for ensuring that we hold and use your personal data in compliance with GDPR. 

We may process the following personal data relating to you: (a) Information that you give us: This is information about you that you provide to Senda by filling in forms on our website (b) Information that we collect or generate: This is information that may be collected from your use of our website or your correspondence with us, including website usage data, email exchange, telephone conversations or other electronic communications with our employees and other staff members, which our information technology systems may record details of for the purposes of entering into a contract with you. (c) Information that we obtain from third parties or other sources: This is information that we may receive from our third party who (for instance) conduct due diligence such as background checks on our behalf.

We may process your personal data for the purposes identified below: (a) to undertake our due diligence and on-boarding reference checks in relation to our business processes; (b) to carry out verification, KYC, terrorist financing, sanctions, and anti-money laundering checks; (c) to conduct risk assessments; (d) to comply with requests from regulatory, governmental, tax and law enforcement authorities; (e) protect the interests of our business against fraud, breach of confidence, theft of proprietary materials, and other financial or business crimes (to the extent that this is not required of us by law); (f) to perform the contract we are about to enter into or have entered into with you or to facilitate the continuation or termination of the contractual relationship we have with you; (g) to send updates, information and notices or otherwise correspond with you; (h) to address or investigate any complaints, claims, proceedings or disputes; (i) where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; (j) to carry out general business administration, including risk monitoring; (k) to assist with compliance with our internal policies and processes; (l) to safeguard our reputation and integrity; and (m) to comply with our legal obligations.

When we process your personal data, we do so by relying on a number of lawful bases under GDPR, depending on the nature and purposes of processing carried out.

These include: 

In the pursuit of our legitimate interest in accordance with GDPR, in relation to achieving the various purposes set out above. We only rely on these interests where we have concluded that, on balance, our processing does not prejudice your privacy, interests, fundamental rights or freedoms in a way that would override our legitimate interest in pursuing those purposes. 

Where we process personal data in order to comply with specific legal obligations, we rely on the legal basis of compliance with legal obligations to which we are subject as a controller, in accordance with GDPR. 

Where a contract we are seeking to enter into or have entered into with you requires us to process your personal data in order for such contract to be performed, we may rely on the lawful basis of legitimate interest, or for the performance of such contract under GDPR. 

In respect of any processing of sensitive personal data falling within ‘special category’ personal data under GDPR, such processing will be necessary for reasons of substantial public interest, for the purposes of prevention of fraud, and suspicion of terrorist financing or money laundering. 

We may from time to time review your personal data held in our systems – including the contents of and other information related to your email and other communications with us – for compliance and business protection purposes. This may include reviews for the purposes of disclosure of personal data relevant to litigation and/or reviews of records relevant to internal or external regulatory or criminal investigations. To the extent permitted by applicable data protection law these reviews will be conducted in a reasonable and proportionate way and approved at an appropriate level of management. They may ultimately involve the disclosure of your personal data to governmental agencies and litigation counterparties as described below. Generally, we do not rely on consent as a legal basis for processing your personal data. We do not currently carry out third party direct marketing, but if we were to do so, we would obtain your consent before sending third party direct marketing communications to you. You have the right to withdraw consent to marketing at any time by contacting us (see “Contacting us” below). You can also contact us if you are uncertain as to Senda need for personal data that we request from you.

We may share your personal data with the following parties, where reasonably necessary and in accordance with applicable data protection law for the purposes described above: (a) our associates, co-investors, joint venture partners, fellow members of committees, consortia or syndicates, related parties; (b) third party service providers who (each as our processors) conduct KYC and other related due diligence checks, or otherwise hold or process your personal data on our behalf, under strict conditions of confidentiality and security; (c) your colleagues within the organisation that you represent; (d) Senda’s legal or other professional advisers (including consultants and marketing companies used by Senda) for the purpose of obtaining legal advice; or (e) to the extent required by law, in exceptional circumstances: (i) to competent regulatory, prosecuting and other governmental agencies, or litigation counterparties, in any country or territory; and (ii) other organisations and agencies, where we are required to disclose your personal data. Some of these persons will process your personal data in accordance with our instructions and others will themselves be responsible for their use of your personal data. We will never sell your personal data and in all cases, Senda will ensure that your personal data is only disclosed for the purposes set out above and in compliance with applicable data protection law. 

We process your personal data only for the specified purposes as described above and in accordance with the GDPR. You can control all of our sources and processing of your personal data (see “Your rights in relation to your personal data” below). However, where you chose to withhold or restrict such personal data processing for the purposes set out above, it may impact our ability to contract with and/or provide our services to you. 

Your personal data may be transferred to countries outside the EEA to third party service providers. These countries may not have similarly strict data protection and privacy laws, and will include those countries in which our service providers operate. In those cases, where we transfer your personal data outside the EEA to our third party service providers, we will ensure that our arrangements with them are governed by appropriate safeguards or data transfer agreements, designed to ensure that your personal data is protected as required under applicable data protection law (including, where appropriate, under an agreement on terms approved for this purpose by the European Commission). 

We intend to keep your personal data accurate and up to date. We delete or anonymise the information that we hold about you when it is no longer required by us for our legitimate business purposes, to perform our contractual obligations or, where longer, such period as is required or permitted by law or regulatory obligations which apply to us. 

We will generally: (a) retain personal data about you throughout the life cycle of any agreement or contract you have with us; and (b) retain some personal data after your relationship with us ends. As a general principle, we do not retain your personal data for longer than we need it. 

We will usually delete your personal data (at the latest) after you cease to have a contractual relationship with us and there is no longer any legal/regulatory requirement, or business purpose, for retaining your personal data. Automated decisions-making techniques (including profiling).

We do not currently use any processing systems which make decisions and produce legal effects for you, or which may otherwise significantly affect you, based solely on automated processing of your personal data. Senda will not use such automated decision-making processing systems unless it has considered the proposed processing system in a particular case and concluded in writing that it meets the requirements of the GDPR and other applicable data protection laws. 

The GDPR and other applicable laws provide you (as the data subject) with a number of legal rights in relation your personal data. 

These rights include: (a) a right of access to the personal data that we hold about you, and to some related information, under data protection law; (b) the right to request any incomplete or inaccurate personal data to be corrected; (c) the right to object to our processing of your personal data; (d) the right to require us to delete your personal data in some limited circumstances; (e) the right to object to our processing of some or all of your personal data on grounds relating to your particular situation which are based on legitimate interests, at any time (and require such personal data to be deleted). If you object, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for such processing which override your interests, rights and freedoms or where it is necessary for the establishment, exercise or defence of legal claims; and (f) a “data portability” right to require us to transfer your personal data to you or to a new service provider in a structured, commonly used and machine-readable format. If you wish to exercise any of the rights referred to above, please contact us using the details set out under “Contacting Us” below. 

When exercising any of these rights, we may request specific information from you to prove your identity to our satisfaction so that we can safeguard your personal data from unauthorized access by someone impersonating you. 

You also have the right, at any time, to lodge a complaint about our processing of your personal data with the relevant body regulating data protection in your country (details are available here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm).

If you would like further information on the collection, use, disclosure, transfer or processing of your personal data, or to exercise of any of the rights listed above, please address questions, comments and requests to https://sendapartners.com/contact.

You can find out more about your rights by contacting an EU data regulator or by visiting their website. 

Any changes we make to this privacy notice in the future will be posted to our website (https://www.sendapartners.com/).