BROADSTONE
CAPITAL ADVISORS
PRIVACY NOTICE
Last updated: 27 November 2025
1. Who we are and how to contact us
This Privacy Notice explains how Broadstone Capital Advisors Ltd (“we”, “us”, “our”) collects and uses personal data in connection with:
• your use of our website www.broadstonecapitaladvisors.com (the “Site”); and
• our provision of corporate finance and related advisory services.
We are the “controller” of your personal data for the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.
If you have any questions about this Notice or how we handle your personal data, you can contact us at:
• Email: john.kirwan@bca-advisory.com
• Post: Data Protection, Broadstone Capital Advisors Ltd 71-75 Shelton Street, London, United Kingdom, WC2H 9JQ
2. What personal data we collect
The personal data we collect will depend on how you interact with us and may include:
Website and enquiry data
• Name and contact details (email address, telephone number, organisation, job title)
• Information you provide when you contact us via email, phone or the Site
• Technical data from your use of the Site, such as IP address, browser type, device identifiers, pages viewed, and time and date of visits
• Cookie and analytics data (see “Cookies” below)
Client and transaction data
In the course of providing corporate finance and related advisory services, we may collect:
• Business contact details for representatives of corporate clients, counterparties, advisers, lenders and investors
• Identification and verification data (e.g. copies of passports/driving licences, proof of address) as required for anti-money laundering (“AML”) and know-your-client (“KYC”) checks
• Information relating to your role, experience and relationships relevant to a transaction
• Records of communications and meetings
• Information contained in transaction documents, NDAs, term sheets, contracts and corporate records
We will not usually collect special categories of personal data (e.g. health, race, religion) or criminal convictions data, other than where required for regulatory or AML purposes and permitted by law.
3. How we collect your personal data
We collect personal data:
• Directly from you, when you contact us, engage us, attend meetings or events, or otherwise interact with us
• From your organisation or other third parties, for example other professional advisers, counterparties, lenders, investors and intermediaries in a transaction
• Automatically, when you use the Site (through cookies, server logs and similar technologies)
• From public and third-party sources, such as Companies House, credit reference agencies, sanctions lists, professional networking sites and other publicly available sources
4. How we use your personal data and legal bases
We may use your personal data for the following purposes and on the following legal bases:
1. To provide our services and manage our relationship with you / your organisation
o e.g. responding to enquiries, performing engagement letters, arranging and executing transactions, managing ongoing mandates
o Legal basis: performance of a contract; our legitimate interests in running our business and providing services
2. To comply with legal and regulatory obligations
o e.g. AML/KYC checks, sanctions screening, record-keeping, responding to regulatory requests or law-enforcement enquiries
o Legal basis: compliance with legal obligations; substantial public interest (for certain AML/KYC processing where applicable)
3. For business operations and administration
o e.g. IT support, security monitoring, managing our client database/CRM, invoicing and accounting, internal reporting
o Legal basis: our legitimate interests in operating and protecting our business
4. For marketing and business development
o e.g. sending you updates about our services, transactions or events; maintaining and developing our business relationships
o Legal basis: our legitimate interests in promoting and developing our business; consent where required (for example, certain electronic marketing)
You can opt out of receiving marketing communications at any time by following the “unsubscribe” link in our emails or by contacting us using the details above.
5. Who we share your personal data with
We may share your personal data with:
• Other professional advisers, counterparties, investors, lenders and service providers involved in a transaction or mandate
• Our professional advisers (e.g. lawyers, auditors, consultants)
• IT and cloud service providers, CRM and document-management providers
• Third parties to whom we may choose to sell, transfer or merge parts of our business or assets
• Competent authorities, regulators, law-enforcement bodies, courts or tribunals where required by law or regulation, or to protect our rights or the rights of others
Whenever we use third-party service providers, we require them to process personal data only on our instructions and to implement appropriate security measures.
6. International transfers
Some of the third parties with whom we share personal data may be located outside the United Kingdom, or may transfer data outside the UK in the course of providing services.
Where we transfer personal data outside the UK, we will ensure that such transfers are made in compliance with UK data-protection law, for example by:
• transferring to countries which are subject to an adequacy regulation; or
• using standard contractual clauses or other appropriate safeguards.
7. Data retention
We will keep your personal data for as long as is reasonably necessary for the purposes set out in this Notice, including for the purposes of:
• providing services and maintaining our relationship with you or your organisation;
• complying with our legal, regulatory and professional obligations; and
• establishing, exercising or defending legal claims.
In many cases this will mean we retain personal data for the duration of a mandate and for a period of at least six years after it ends. In some circumstances we may retain data for longer where required by law, regulation or professional rules.
8. Your rights
Subject to certain conditions and exemptions, you have the following rights under UK data-protection law:
• Right of access – to obtain a copy of your personal data and information about how we process it
• Right to rectification – to have inaccurate or incomplete data corrected
• Right to erasure – to have your personal data erased in certain circumstances
• Right to restriction of processing – to restrict our processing of your data in certain cases
• Right to data portability – to receive your data in a structured, commonly used and machine-readable format and to transmit it to another controller where technically feasible
• Right to object – to object to processing based on our legitimate interests (including profiling) and to direct marketing
Where we rely on your consent, you may withdraw your consent at any time. This will not affect the lawfulness of processing carried out before consent was withdrawn.
To exercise any of these rights, please contact us using the details above.
9. Cookies and similar technologies
We may use cookies and similar technologies on our Site to:
• enable the Site to function;
• analyse how the Site is used and improve its performance; and
• support certain features (for example, remembering your preferences).
You can control cookies through your browser settings and, where required, via our cookie banner or preference centre.
For more information, please see our [Cookie Policy].
10. How we protect your data
We take appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. These measures include access controls, secure storage and regular review of our information-security practices.
11. Complaints
If you have any concerns about how we handle your personal data, please contact us in the first instance so that we can try to resolve your concern.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection:
• Website: www.ico.org.uk
• Telephone: 0303 123 1113
• Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
12. Changes to this Privacy Notice
We may update this Privacy Notice from time to time. Any changes will be posted on this page with an updated “Last updated” date.
We encourage you to review this Notice periodically to stay informed about how we collect and use personal data.