Wincent Capital Management Limited (“Wincent” together, with Wincent Investment Fund PCC Limited and its affiliated entities, “we”, “us” or “our”) is committed to protecting the privacy and personal data of individuals who interact with us. This Privacy Notice explains how we collect, use, disclose and safeguard your personal data, in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Gibraltar GDPR and Data Protection Act 2004 (“DPA”)(together, the (“Privacy Legislation”). We may provide different or additional notices of our privacy practices with respect to certain products, in which case such notices will supplement but not supersede this Privacy Notice.
We aim to present this information in a concise, transparent, intelligible, and easily accessible manner. If you require clarification or an alternative format, please contact our DPO on the details below.
| Personal data | Means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
| Controller | Means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. |
| Processor | Means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. |
| Data subject | Means an identified or identifiable natural person whose personal data is processed by a data controller or data processor. |
The data controller responsible for your personal data is:
Wincent Capital Management Limited
Address: 120B Old Police Station, Irish Town, Gibraltar, GX11 1AA
For any questions or to exercise your rights, please contact DPO:
Data Protection Officer: Luke McMorrow
Postal Address: 120B Old Police Station, Irish Town, Gibraltar, GX11 1AA
Email: gdpr@wincent.co
We collect your personal data:
Directly from you: e.g. when you submit a subscription form as an investor, apply directly for a role at Wincent, enter into an counterparty agreement with Wincent, or submit your personal information in the process of onboarding a counterparty as its UBO, director or shareholder.
Indirectly from other sources: e.g. from submitting an application for a role via LinkedIn, receiving a referral from a recruitment agency you are working with or background check providers.
When data is collected indirectly, we will provide you with this Privacy Notice at the earliest opportunity and no later than one month from collection, in accordance with GDPR Article 14.
Our website uses cookies to enhance your browsing experience and to collect analytics to help us improve our offerings. Cookies are small text files that are placed on your device when you visit our website.
We use both session and persistent cookies, including:
Strictly necessary cookies: required for basic site functionality;
Analytics cookies: understand site usage (e.g. via Google Analytics);
Functionality cookies : remember your preferences;
Marketing cookies : track user activity for advertising purposes
We rely on your consent to use any cookies that are not strictly necessary. You may manage or withdraw consent through our cookie banner.
We collect and process personal data where necessary for the performance of a contract, to comply with legal obligations, to pursue our legitimate business interests (balanced against your rights), or based on your consent where required in accordance with Article 6 GDPR. The Personal Data we collect depends on manner in which you interact with us:
| Types of Data | Purpose of Processing | Wincent Access | Lawful Basis | Data Transfer |
| Prospective Job Candidates | ||||
| Name CV and Cover Letter Contact Information Interview Notes (if any) Communications Details of Offers (if any) Assessment Results | Evaluation of Candidate Conducting Interviews Pre-employment Obligations Employee Screening | HR Service Providers Senior Management Team Leader | Legitimate Interest Necessary for the performance of a contract Explicit Consent | Data shared to the Wincent HR Service Provider based in EEA |
| Prospective Investors | ||||
| Passport Address Date of Birth Proof of Income Tax Information Source of Wealth Contact Information | Background Screening KYC Checks AML / CTF Checks Accounting purposes Fund Administration | Ramparts (GFSC Regulated Fund Administrator) Business Development Team Finance Team Legal Team Compliance Team Fund Administration Team | Necessary for the performance of a contract Compliance with legal obligations Explicit Consent | Data shared with Ramparts, Wincent, its affiliated entities and Services Providers based in EEA and Gibraltar. |
| Prospective OTC Counterparties and their Authorised Representatives | ||||
| Passport Address Liveness Check Trade Information Wallet Information | Background screening Accounting purposes Settlement purposes KYC Checks AML / CTF Checks | Business Development Team Finance Team Legal Team Compliance Team Settlement Team | Explicit Consent (given to our data processor SumSub) Compliance with legal obligations Necessary for the performance of a contract | Data shared with Wincent, its affiliated entities and Service Providers based in EEA and Gibraltar. |
| Website Visitors | ||||
| IP Address Browser Information Cookie Data Usage Data Submitted Information | Website Functionality Security Monitoring Analytics Statistics Marketing | IT Team Marketing Team Legal Team | Explicit Consent Legitimate Interest | Data shared with Wincent, its affiliated entities and Service Providers based in EEA and Gibraltar. |
In accordance with GDPR Article 5(1)(a), and DPA Articles 14(2) and 8(a), Wincent Processes Personal Data lawfully, fairly, and transparently, ensuring that individuals are informed about the collection and use of their Personal Data. In addition, in accordance with GDPR Article 6 and DPA Article 10, all Processing activities have a valid lawful basis, as displayed in the above table.
Wincent collects and Processes Personal Data solely for specified, explicit, and legitimate purposes, as mandated by GDPR Article 5(1)(b) and DPA Article 43, ensuring that data collected is (i) adequate, (ii) relevant, and (iii) limited to what is necessary for the relevant business functions, in compliance with the principle of data minimisation under GDPR Article 5(1)(c).
Wincent acknowledges and is fully committed to upholding Data Subjects’ rights, continuously monitoring compliance, rectifying inaccuracies, erasing data, and transparently communicating to Data Subjects their rights as stipulated in Chapter 3, Articles 15-21 of the GDPR and Articles 55, and 56 of DPA. These rights are enshrined in the Privacy Legislation and include, but are not limited to, the following:
Right to Be Informed: Transparency regarding data collection and Processing.
Right of Access: The ability to obtain a copy of Personal Data.
Right to Rectification: Correction of inaccurate or incomplete data.
Right to Erasure: Deletion of Personal Data under certain conditions.
Right to Restrict Processing: Limiting the Processing of data.
Right to Data Portability: Receiving data in a structured format for transfer to another party.
Right to Object: Opposing Data Processing based on legitimate interests or direct marketing.
Right Not to Be Subject to Automated Decision-Making: Protection against solely automated Processing affecting legal or significant decisions.
To exercise your rights, please contact us at GDPR@wincent.co. We respond without undue delay and in any case within one month. Where requests are complex or numerous, this may be extended by up to two additional months, in which case you will be notified.
We may disclose personal data to the following categories of recipients:
Group companies and affiliates
Fund administrator
IT/cloud service providers
Legal, tax, and compliance advisors
Background screening providers
Recruitment platforms and agencies
Regulatory or governmental authorities (e.g. GFSC, FCA)
Wincent engages third-party service providers to process personal data on our behalf under written agreements that comply with Article 28 GDPR. These providers are contractually required to implement appropriate technical and organisational measures, maintain confidentiality, and act only on our instructions.
Wincent does not sell Personal Data to any third parties.
Wincent may share Personal Data internally within the Wincent Group and externally with service providers, financial institutions, legal advisors, and, where legally required, government authorities. As Wincent is a global entity, Wincent might also transfer Personal Data outside the European Economic Area (EEA). In such cases, Wincent ensures appropriate safeguards are applied to the data transferred in compliance with Chapter V of GDPR (standard contractual clauses or adequacy decisions) and Article 82 - Article 85 of DPA.
You may request further information regarding data transfers by contacting us at .
Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, following Article 5(1)(e) GDPR. Typically, the timeframe for retention is up to five years post-termination of agreements unless a longer retention period is required by law or a competent authority via an official communication to Wincent. Additionally, in order to maintain accuracy and integrity, Wincent commits to promptly rectify any inaccuracies in personal data as per GDPR Article 5(1)(d).
In many cases, the provision of personal data is a legal or contractual requirement. For example, we cannot process an investment without completing required due diligence, or assess a job application without essential candidate information. Failure to provide such data may prevent us from onboarding you, entering into a contract, or proceeding with your investment.
Where we carry out automated decision-making or profiling that may have a legal or similarly significant effect on you (within the meaning of Article 22 of the GDPR), we implement robust safeguards to protect your rights ensuring that all such automated decisions are subject to meaningful human intervention by a suitably senior and qualified employee with full authority to override or amend the outcome of the automated processing.
In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with Articles 33 and 34 of the GDPR.
You may lodge a complaint with your local Data Protection Authority. The appropriate regulatory agency for Gibraltar is:
Gibraltar Regulatory Authority
Website:
Phone: (+350) 20074636
If you are based in the EEA, a list of authorities is available here:
We may update this Privacy Notice from time to time. The most current version will always be available on our website. Material changes will be communicated where appropriate.
