GCM Grosvenor Privacy Notice
Last updated: January 10, 2023.
Grosvenor Capital Management, L.P., GCM Customized Fund Investment Group, L.P., GCM Investments UK LLP, and affiliated entities (collectively GCM Grosvenor, we and us) are providing this Privacy Notice to inform you about how we process the Personal Data that we collect through the Services. This Privacy Notice does not cover or apply to our investors and limited partners. We maintain a separate Investor Privacy Notice that describes how we process the Personal Data of our investors and limited partners.
Scope and Definitions
When we use the term “Services”, we mean to refer collectively to:
- The websites owned and controlled by us that link to this Privacy Notice (Websites);
- The provision of investment and related services in the conduct and operation of our business (Investment Services); and
- Marketing and business development activities, including events we host, social media properties we operate, and emails that we send (Marketing Activities).
When we use the term “Personal Data”, we mean information that one can reasonably use to identify an individual person or that reasonably relates to an identifiable person (Data Subject).
The Data Subjects we receive Personal Data from in providing the Services are:
- Directors, officers, employees, representatives and other individuals associated with the companies in which GCM Grosvenor has made an investment or is considering making an investment;
- Individual representatives of third party sellers, placement agents, finders, investment bankers, consultants, lawyers, accountants, advisers and other service providers, whether or not engaged by GCM Grosvenor;
- Directors, officers, employees and other representatives of GCM Grosvenor;
- Individuals applying for or inquiring about employment with us; and
- Visitors to our offices, events and conferences, Website and users of any digital Services we provide.
The gcmgrosvenor.com and hedgefundgps.com Websites
We operate the gcmgrosvenor.com and hedgefundgps.com through servers in the United States. BY USING THE WEBSITES AND PROVIDING INFORMATION TO US, YOU CONSENT TO THE TRANSFER AND PROCESSING OF YOUR PERSONAL DATA IN THE UNITED STATES.
Please be aware that the Websites may contain links to other websites hosted by third parties. GCM Grosvenor does not control and is not responsible for the content or privacy practices and policies of such third party websites. We encourage you to be aware when you leave the websites and to read the privacy policies of each third-party website, especially if such website collects Personal Data from you.
What Personal Data We Collect
In connection with the Services, we collect:
- identification information—including name, ID card and passport numbers, nationality, place and date of birth, gender, picture, IP address, physical location
- contact information—including postal address and e-mail address, phone number
- family situation—including marital status, number of children
- tax status—including tax ID, tax residence
- professional and employment information—including resume details, work history, personnel files, pay and benefits information
- financial data—including bank account details, credit card number, money transfers, including communications regarding bank transfers, assets, investment profile, credit history, debts and expenses
- service data—including information on requests you make to provide our Services and your activity on our Websites
- other background data—including information on criminal history and unlawful conduct, and
- health information—including if you attend one of our events, information like dietary restrictions or disabilities or if a business we are considering investing in makes the information available to us
How We Collect Personal Data
We collect this Personal Data in various ways, including:
- Directly from the Data Subject—for example, from visitors to our offices, visitors to our Websites, when you voluntarily submit information on our Websites, including to sign up for our mailing list, when you attend one of our events or conferences, when you apply for a job, send us an email, other written correspondence, or complete a form in connection with our Services;
- Indirectly from other sources—for example, when we are evaluating an investment opportunity and we receive diligence information from the target that may include Personal Data, when service providers provide us Personal Data in connection with their services, or when we undertake certain investment activities during which we may receive Personal Data from placement agents, finders, investment bankers, consultants, lawyers, accountants, advisers and others, whether or not engaged by GCM Grosvenor; and
How We Use Personal Data
We use Personal Data for a variety of business purposes.
When processing Personal Data in connection with our Investment Services, we generally rely on our legitimate business interests. These include:
- making, maintaining, managing and disposing of our investments;
- conducting due diligence and evaluating business opportunities;
- developing new investment opportunities;
- managing, operating and growing our business, administering the Services and managing investor accounts, including through the use of third party service providers;
- complying with legal or regulatory obligations, such as our obligations regarding tax withholdings;
- processing and considering applications for employment, including evaluating and confirming your suitability for a position and accuracy of any information submitted;
- monitoring and auditing compliance with internal policies and procedures, legal obligations and to meet requirements and orders of regulatory authorities; and
- conducting risk mitigation activities to maintain and protect the safety and security of our Services, systems, premises and events, and to prevent and detect security threats, fraud or other criminal or malicious activities.
We also may process Personal Data to perform a contract with you or to take steps at your request before entering into a contract, including to: (i) provide you with information regarding GCM Grosvenor Services, (ii) assist you and answer your requests, or (iii) evaluate whether we can offer you GCM Grosvenor Services and under what conditions.
We also may process Personal Data with your consent, but only in those cases where we make it clear to you in advance that we are relying on your consent for the processing.
When processing Personal Data through our Websites and in connection with our Marketing Activities, we also generally rely on our legitimate business interests. These include:
- communicating with Data Subjects and building relationships with Data Subjects;
- conducting direct marketing activities and providing newsletters, updates, invitations and other information that we believe may be of interest to you; and
- administering, improving and customizing our Websites and understanding how our Services are used.
How We Share Personal Data
- Within GCM Grosvenor: We share your Personal Data within GCM Grosvenor for the purposes set forth above.
- Service Providers. We may disclose your Personal Data to third-party service providers to provide us with services such as website hosting, web analytics, professional services, including information technology services and related infrastructure, customer service, e-mail delivery, auditing and other similar services.
- Affiliates. We may disclose Personal Data to our affiliates for the purposes described in this Privacy Notice, including for their marketing purposes, and to be consistent with our goal of providing the superior client service and engagement experience that our clients have come to expect from us around the world.
- To Perform Investment Services. We will also disclose Personal Data to the following categories of third parties: (i) anyone involved in the matter we are working on, including lawyers, barristers, counterparties, experts, mediators, opponents, attorneys and witnesses, (ii) law enforcement, tax and regulatory agencies and bodies, (iii) insurers, and (vi) service providers such as IT and telephone services, catering, document production and postal and delivery services.
- Fulfill Requests. We may disclose Personal Data to third parties in order to perform services you request or functions you initiate, including when you post information and materials publicly on message boards and forums.
- Corporate Transactions or Events. We may disclose your information to a third party in connection with a corporate reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or capital, including in connection with any bankruptcy or similar proceedings.
- Other Legal Reasons. In addition, we may use or disclose your Personal Data as we deem necessary or appropriate: (1) under applicable law, including laws outside your country of residence; (2) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (3) to comply with subpoenas and other legal processes; (4) to pursue available remedies or limit damages we may sustain; (5) to protect our operations or those of any of our affiliates; (6) to protect the rights, privacy, safety or property of GCM Grosvenor, our affiliates, you and others; and (7) to enforce our terms and conditions.
How We Protect Personal Data
GCM Grosvenor seeks to maintain physical, electronic, and procedural safeguards in accordance with our information security program in order to protect your personal data from unauthorized access or use. However, no data transmission or storage system can be guaranteed to be secure at all times. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Us” section below.
How Long We Retain Personal Data
GCM Grosvenor retains personal data pursuant to our records retention program for as long as is necessary for the purposes set out in this Privacy Notice, unless a longer period is required or permitted under applicable law or is needed to resolve disputes or protect our legal rights.
Keeping Personal Data Current
In general, we seek to ensure that we keep your Personal Data accurate and up to date. However, you are responsible for, and we kindly request that you inform us of, any changes to your Personal Data—such as a change in your contact details. To update or edit your Personal Data that we have on file, including your communication preferences, please contact us using the contact details set out under the “Contact and Complaints” heading below or by sending an e-mail to [email protected]
For individuals in the European Economic Area, please read below for additional detailed disclosures.
Contact and Complaints
GCM Grosvenor takes very seriously any complaints we receive about our use of your Personal Data. Please send any questions, comments, requests, or complaints regarding the Website, this Privacy Notice, the user agreement and our use of your Personal Data to [email protected]
We will treat any Personal Data we receive from you when making a complaint in accordance with this Privacy Notice and only to process the complaint and check on the level of service we provide. Similarly, where you submit inquiries to us, we will only use the information supplied to us to deal with the inquiry and any subsequent issues and to check on the level of service we provide.
Additional Information for Residents of the European Economic Area (EEA)
In respect of the collection, holding, storage, use, and processing of your Personal Data:
- We will process the data lawfully, fairly and in a transparent way.
- We will obtain the data only for valid purposes that we have clearly explained to you and not use data in any way that is incompatible with those purposes.
- The data we collect will be relevant to the purposes we have informed you about and limited only to those purposes.
- We will take reasonable steps to ensure that the data is accurate and kept up to date.
- Subject to applicable legal or other requirements, we will keep the data only as long as necessary.
- We will use appropriate technical and/or organizational measures to ensure appropriate security of the data.
Transfer of Personal Data Outside of the EEA
The transfer of Personal Data from the UK/EEA to the GCM Grosvenor entities outside the EEA is governed by data transfer agreements, which are in the form of the standard contractual clauses approved by the European Commission—a copy of which can be obtained from us via the contact details below.
Where your Personal Data is processed by third parties outside of the EEA, we will ensure that appropriate safeguards are in place to adequately protect your Personal Data, as required by applicable law, including the execution of standard contractual clauses if the recipients are not located in a country with adequate data protection laws—as determined by the European Commission—or certified under the EU-US Privacy Shield framework.
GDPR Data Subject Rights
Under the GDPR, in certain circumstances, an EEA-resident Data Subject has certain individual rights with respect to the Personal Data that we hold about them. In particular, you may have the right to:
- Request access to any data held about you 
- Ask to have inaccurate data amended
- Request data held about you to be deleted, provided the data is not required by GCM Grosvenor to perform a contract, defend a legal claim or to comply with applicable laws or regulations
- Prevent or restrict processing of data which is no longer required
- Request transfer of appropriate data to a third party where this is technically feasible
Additionally, in the circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific purpose at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. However, if you decline to provide or consent to our use of the data and we are relying on consent as the legal basis for its processing, there are circumstances in which we will not be able to provide you with Services or take action on your behalf.
To exercise any of these rights, please contact us using the contact details set out under the “Contact Us” heading below. As a resident of the EEA, you are also entitled to direct any complaints in relation to our processing of your Personal Data to your national or local data protection supervisory authority.
Automated Decision Making
We respect your legal rights not to be subject to decisions that are based solely on automated processing of your Personal Data, including profiling, especially where such processing has legal or other significant effects on you. In establishing and carrying out a business relationship, we generally do not use any automated decision-making pursuant to the GDPR. We may process some of your Personal Data automatically, with the goal of assessing certain personal aspects (profiling), such as to comply with legal or regulatory obligations to combat money laundering, terrorism financing, and offenses that pose a danger to assets.
|Grosvenor Capital Management, L.P.|
900 North Michigan Avenue, Suite 1100
Chicago, IL 60611
+1 (312) 506-6500
GCM Investments UK LLP
33 Jermyn Street, Level Seven
London SW1Y 6DN
+44 (0) 20 3727 4450
Additional Information for Residents of California
What Categories of Personal Information do we Collect?
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA’s scope, such as personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
The following is a list of categories of personal information, defined under the CCPA, which we may collect or may have been collected from California residents within the last twelve months.
In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or federal law||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||YES|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||NO|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.||YES|
|G. Geolocation data.||Physical location or movements.||YES|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||NO|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||YES|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||NO|
|K. Inferences drawn from other personal information.||Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||YES|
Please note that the categories and examples provided in the list above are those defined in the CCPA. Not all examples of each category of personal information were in fact collected by us, but this reflects our good faith belief to the best of our knowledge that some of the information from the applicable category may be and may have been collected. For example, particular categories of personal information would only be collected if you provided such personal information directly to us.
DISCLOSURE OF PERSONAL INFORMATION FOR BUSINESS PURPOSES OR COMMERCIAL PURPOSES
We may disclose and may have disclosed in the last twelve months the following categories of personal information for business or commercial purposes:
- Category A: Identifiers.
- Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
- Category C: Protected classification characteristics under California or federal law.
- Category D: Commercial information.
- Category F: Internet or other similar network activity. Professional or employment-related information.
- Category G: Geolocation data.
- Category I: Professional or employment-related information.
- Category K: Inferences drawn from other personal information.
No Sale of Personal Information
We do not sell personal information. As defined in the CCPA, a sale of personal information broadly includes any communication or transfer of your personal information to another business or third party for monetary or other valuable consideration (e.g., a nonmonetary benefit).
No Sale of Personal Information of Minors Under 16
We do not knowingly collect personal information from minors under the age of 16 through our Website, and we do not sell the personal information of consumers we actually know are less than 16 years of age. If you believe that a child under the age of 16 has provided us with personal information, then please contact us with sufficient detail to enable us to delete that information.
Your Rights Under the CCPA
The CCPA provides California residents with the following rights:
The right to know. You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete, below), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
The specific pieces of personal information we collected about you (also called a data portability request).
The right to delete personal data. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete, below), we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
The right to opt-out of the sale of personal data. You have the right to direct us not to sell your personal information.
The right not to be discriminated against. You have the right not to be discriminated against for exercising any of your consumer’s rights under the CCPA. We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Exercising Your Right to Know or Delete
If you are a California resident, to exercise your rights to know or delete described above, please submit a request by contacting us at:
|Grosvenor Capital Management, L.P.|
900 North Michigan Avenue, Suite 1100
Chicago, IL 60611
+1 (312) 506-6500
GCM Investments UK LLP
33 Jermyn Street, Level Seven
London SW1Y 6DN
+44 (0) 20 3727 4450
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information. To submit a CCPA request as an authorized agent, please provide us with: (1) the first and last name, date of birth, phone number, primary physical address, and email address of the person who the CCPA request is for, (2) what the individual is requesting (e.g., categories of data, data points, or data erasure) and (3) your first and last name, phone number, primary physical address, and email address.
You may only submit a request to know twice within a 12-month period. Your request to know or delete must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
We will only use personal information provided in the request to verify the requestor’s identity or authority to make it.
We will confirm receipt of your request within 10 days. In response to a verifiable request, we will attempt to deliver the required information free of charge within 45 days. If we need additional time to respond to your request, then we will notify you and respond within 90 days of the request. Any disclosures by us will cover only the 12-month period preceding our receipt of the request.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Use of our Cookies
A cookie is a string of information, including a unique reference code, that a website stores on a visitor’s computer when visiting a website and that the visitor’s browser provides to the website each time the visitor returns. A number of cookies we use will last only for the duration of your web session and expire when you close your browser. Other cookies last longer and are used to recognize your computer when you return to the website.
Necessary session management
- managing your login session so you can move easily from one page to another within the Website and so that your page requests are loaded in a smooth and secure manner;
- collecting statistical information about how you use the Website and your browsing experience so that we can improve our Websites and services;
- collecting demographic statistical information derived from a 3rd party cookie that uniquely identifies a web browser on a specific computer, not a specific person;
- remembering that you have used the Website before; this means we can establish the number of unique visitors we receive to different parts of the Website and serve relevant content based on previous browsing experience.
In addition to cookies, we may use small image files called Pixel Gifs/Web beacons so that we know when you open an email from us or click on a link included in one of these emails. This helps us to understand whether particular content is of interest. Instructions on how to unsubscribe are included in each email.
The cookies you receive from the Website are served by GCM Grosvenor. However, some cookies served by us use code provided by a third party delivering analytical services on our behalf.
Necessary session management. These cookies manage your session on the Website, enabling you to navigate different pages of the Website during your session, understand when you have entered information, and to route content requests correctly.
Analytics. Analytics cookies help us collect anonymous statistics on visitors to the Website, where visitors have come to the Website from, how long a user spends on the Website and the pages they visited. We use this information for our internal purposes in managing the Website and improving its functionality.
Most web browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can review your Internet browser settings, typically under the sections “Help” or “Internet Options”, to exercise choices you have for certain cookies.
Please note that by blocking or deleting cookies used on the Website, you may not be able to take full advantage of the Website.
You can also learn more about how to manage all cookies across different types of browsers by visiting www.allaboutcookies.org. The Website includes additional useful information on cookies.
We support the Self-Regulatory Principles for Online Behavioral Advertising of the Digital Advertising Alliance (DAA). To learn more about certain third-party cookies used for interest-based advertising, including through cross-device tracking, and to exercise certain choices regarding such cookies, please visit the Digital Advertising Alliance, Network Advertising Initiative, Digital Advertising Alliance-Canada, European Interactive Digital Advertising Alliance or your device settings if you have the DAA or other mobile app.
The opt-outs described above are device- and browser-specific and may not work on all devices. If you choose to opt-out through any of these opt-out tools, this does not mean you will cease to see advertising. Rather, the ads you see will just not be based on your interests.
Please note that new services using cookies may be added to the Website from time to time. We aim to keep the cookies information as accurate as possible and use reasonable efforts to regularly review and update the details.
Changes to these Policies
 You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive.