Privacy policy

This privacy notice explains how we, Tupelo Advisors Ltd. (referred to here as ‘Tupelo’), process personal data in our business as per the General Data Protection Regulation (GDPR) and other relevant data protection and privacy laws applicable to our business.

Your data protection rights

  • Access and rectification: you may request a copy of the information we process about you and ask us to rectify any incorrect data.

  • Erasure or restriction: in some circumstances, you may ask us to delete or restrict our processing of your data, but we cannot delete any data we are legally required to process.

  • Object to processing: in some circumstances, you may ask us to stop processing your data.

  • Data portability: in some circumstances, you may ask us to transfer your data to you or another organization.

  • Also, if you're unhappy about how we process your data, you have a right to complain to a national data authority. We hope, however, that you will contact us first so that we can try to resolve the matter for you in a satisfactory way.

Please get in touch with us if you have any questions about how we handle your data or want to exercise one of your rights. You are entitled to a reply within 30 days.

How we get your personal data

We typically process personal data on potential or existing customers, website visitors and vendors and collaboration partners.

We may process personal data when you:

  • Contact/communicate with us online (email, video calls, social media, etc.) or on the phone

  • Seek investment from us or our investment partners

  • Seek to make an investment with or alongside us

  • Deliver products/services to or enter into a collaboration with us

It is voluntary to provide us with personal data, but we cannot provide you with our services if you choose not to.

We do not rent, buy or sell personal data from or to others, use automated decisions or profiling in the processing of your personal data, or process any special category data as per the GDPR Article 9.

Purposeful, lawful basis and retention periods

We only process your personal data when we have a purpose and a lawful basis for doing so. Under the GDPR Article 6-1, the lawful bases we rely on are:

  • Your consent

  • We have a contractual obligation (contract)

  • We have a legal obligation

  • We have a legitimate interest

As a rule, we do not process personal data for longer than necessary to fulfill the purpose for processing. We will only retain data for as long as we are required to as per applicable legal obligations such as accounting, tax, labour laws or any other relevant rules and regulations.

Details on the processing of your personal data

This section describes when and how we process your data, for what purposes and our legal grounds to do so (lawful bases). We also specify the retention periods for the processing.

Communicating with us

Regardless of your relationship with us, as a potential or existing investor, portfolio company, vendor or other, we process your personal data whenever you communicate with us. This could be when you contact us through email, phone (call, text message) or social media. Depending on where and how you contact us, this may include your name, contact details, company affiliation and other information you choose to send to us. We use customer relationship management software (CRM) to manage personal data on potential and existing customers.

The purpose is to be able to respond to your inquiries and, on some occasions, to keep records in case of legal claims. The lawful basis is f), where our legitimate interest is to respond to your inquiries and, on some occasions, keep records in case of complaints or legal claims.

We typically keep this type of personal data for up to two years or six years if we have a legal obligation in accordance with accounting and bookkeeping rules.

Visiting our website

We want to process as little personal information as possible when you use our website. That's why we've chosen Fathom Analytics for our website analytics, which doesn't use cookies and complies with the GDPR, ePrivacy (including PECR), COPPA and CCPA. Using this privacy-friendly website analytics software, your IP address is only briefly processed, and we (running this website) have no way of identifying you. As per the CCPA, your personal information is de-identified. You can read more about this on Fathom Analytics' website.

The purpose of us using this software is to understand our website traffic in the most privacy-friendly way possible so that we can continually improve our website and business. The lawful basis as per the GDPR is "Article 6(1)(f); where our legitimate interests are to improve our website and business continually." As per the explanation, no personal data is stored over time.

We engage in due diligence with you

Ahead of making an investment in your company, we will enter into a formal due diligence process to better understand your business, it’s operations and people to inform whether we choose to make an investment offer and at what price. During this process, we are likely to collect personal information on yourself and your employees, often via review of existing employment contracts and, on occasion, conducting background checks on key members of your team.

The purpose of collecting this information is to fully understand the quality and financial obligations of your company and the risk of making an investment in it. The lawful basis is b) contract, as we require to fully understand the risks of an investment to the best of our capabilities to fulfil our obligations as investment managers. Where possible, and when you have the requisite facilities, we will keep all sensitive files stored within your own data room, and store or document any personally identifiable information in our files or storage systems.

We store personal data for as long as we have a formal business relationship and then for up to 6 years after, in accordance with our legal obligations for regulatory, accounting, tax and other business purposes.

When we work with third parties to conduct personnel diligence on our behalf, we ensure they have adequate protections in place to protect your personal data. Importantly, this privacy policy should be considered as being additive to and not replacing any obligations we will both have under non-disclosure arrangements signed at the outset of any due diligence process.

You choose to invest with us

Should you, as an investor, decide to invest in an opportunity alongside us, we will collect some information including your name, contact details, affiliation and your banking details. The purpose is to comply with our obligations under know-your-customer (KYC) and anti-money laundering (AML) regulations, to facilitate the collection and disbursement of investment proceeds, and communicate with you before, during and after our formal business relationship.

The lawful bases are b) contract, c) legal obligation related to regulatory, accounting, tax and other business laws we are required to abide by, and f) where our legitimate interests are to be able to communicate with you before, during and after our formal business relationship (described under the paragraph "You communicate with us" above).

We store personal data for as long as we have a formal business relationship and then for up to 6 years after, in accordance with our legal obligations for regulatory, accounting, tax and other business purposes.

You supply services to or collaborate with us

When you enter into an agreement with us either as a vendor, partner or data processor, we process personal data such as your name, contact details and correspondence. The purpose is to enter into this agreement and communicate with you before, during and after our formal business relationship.

The lawful bases are b) contract, c) legal obligation related to accounting, tax and other business laws we are required to abide by, and f) where our legitimate interests are to be able to communicate with you before, during and after our formal business relationship (described under the paragraph "You communicate with us" above). We store personal data for as long as we have a formal business relationship and then for up to 6 years after, in accordance with our legal obligations for accounting, tax and other business purposes.

Whom we share your personal data with

To run our business efficiently and securely, we sometimes will have to share your personal data with other (trusted) parties such as:

  • Data processors: providers of various services that process your personal data on our behalf

  • Our accountant

  • Professional advisors from other industries such as Law and Finance

  • IT Support when necessary

  • Public Authorities when we are obliged to report to them.

We require that all such recipients secure data in accordance with good information security and as per the requirements of this Privacy notice. We review and quality assure all vendors and data processors and enter into a data processing agreement/addendum whenever necessary.

We use data processors for:

  • Email, calendar and digital meetings

  • Accounting/bookkeeping

  • Customer relationship management

Accessing and Correcting your Personal Data

You have a right to access your personal data and request a correction if you believe it is inaccurate. If you have submitted Personal Information and would like to have access to it, or if you would like to have it corrected, please get in touch with us using the contact information provided below.

How to Contact Us

If you have any questions regarding this Privacy Policy or to access your information, please send a written request to:

Tupelo Advisors Ltd.
128 City Road, London, United Kingdom, EC1V 2NX

Or send an email to: info@tupelo.capital