GDPR Policy.

The General Data Protection Regulation (GDPR) is part of the EU data protection reform package through which the European Commission aims to strengthen the rights of individuals in the digital age and simplify the rules for businesses in the EU, contributing to the creation of a Digital Single Market.

On this page you’ll find answers to commonly asked questions, relevant documentation, links to useful external resources, and contact details should you need additional information on the GDPR.

What is the GDPR?

The EU General Data Protection Regulation (GDPR), the "Regulation," replaced the EU Data Protection Directive 95/46/EC and is applicable in all EU and EEA Member States as of 25 May 2018.

The GDPR significantly changes the EU data protection regulatory landscape, setting stricter requirements, reaching more companies, and imposing potentially higher penalties. For example, companies must:

  • Implement programmatic measures to ensure and actively demonstrate compliance

  • Implement appropriate technical and organizational measures to protect the rights of individuals when designing a processing system and processing data

  • Conduct data protection impact assessments of high risk processing activities

  • Implement privacy by design and by default

  • Implement data breach notification

How is EQX complying with the GDPR?

EQX Investor Capital LLC and its affiliates (together, “EQX”) is committed to the protection of personal data we collect and process, with rigorous policies, controls, and compliance oversight to ensure that data is held and used appropriately. Data processing activities that involve data about individuals in the EU are reviewed, including applications and databases, policies, processes, and procedures to ensure that employees, partners, and vendors process personal data in compliance with GDPR requirements.

Does Brexit change the position for the GDPR in the UK?

As a result of Brexit the UK is no longer part of the European Union and implemented a legal mechanism that largely follows the GDPR. The UK Data Protection Bill provides the equivalent legal mechanism that meets GDPR standards and reflects the UK’s commitment to high data protection standards post-Brexit. For more information, refer to the Information Commissioner’s Office website at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/.

I am a client outside the EU; am I affected?

The GDPR’s territorial scope of application is wider and may apply to organizations that are not based in the EU but offer goods or services to individuals in the EU and/or monitor the behavior of individuals in the EU. EQX reviewed all of its data processing activities involving individuals in the EU to determine if the broader territorial scope applies. EQX took the necessary actions, which included updating Terms of Use, to reflect the changes required by the GDPR.

Can I see your data privacy policies?

You can see our current policies by visiting our website. Please see the Privacy Policy [insert hyperlink] and Privacy Notice [insert hyperlink] for relevant privacy notices and other information.