Privacy Policy

Data protection privacy notice

We are committed to protecting your personal information and ensuring we respect your privacy. This Privacy Notice explains how we will look after and use any personal information that we collect about you.

What is personal information?

Personal information means any information about you from which you can be identified. Examples of personal information include your name, home address, national insurance number, date of birth, telephone number and email address but it also includes other pieces of information which can be used to identify you, either directly or indirectly, such as a website cookie.

Who we are

This privacy notice is provided by BNZ (“BNZ”; the “firm”; “we”; “our”) and our subsidiaries.

We are the Controller of the personal information you provide to us. If you have any questions about this Privacy Notice or the information we hold about you please contact us at [email protected], postal address: Passeig de Gracia 50 5º Planta, 08007, Barcelona, Spain

What types of information do we use?

We collect information in the course of providing our services to you. The information which we collect, use, store and transfer about you may include, but is not limited to:

  1. Information you provide to us directly: We may collect personal information such as your contact information including your full name and e-mail address. We may also collect information when you sign up for our mailing list, speak with us over the telephone, fill out a contact form on our website, or otherwise communicate with us. We may also collect any communications between you and BNZ and any other information you provide to BNZ.
  2. Information we receive from third parties: From time to time, we may receive information about you from third parties and other users, such as our business partners, brokers and intermediaries. We may also collect information about you that is publicly available.

We do not collect any special categories of personal data which would include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic or biometric data. We ask that you do not send us any personal data that would fit these categories unless specifically requested to do so.

How we will use your personal information

We only obtain, use and keep personal information where we need it for a specific purpose. We set out below the ways in which we plan to use your personal information. We are only able to use your personal information if we have a proper legal reason or basis for doing so. This is called a legal basis and the regulations require that we have a legal basis so that your privacy is protected.  Most commonly we will use your information in the following ways:

  1. We have a legal obligation. We need to use your personal information to comply with laws that assist in the prevention of financial crime and to comply with regulatory obligations.
  2. We provide services to you or procure such services from you, for example, where we contract with you in the execution of our management services and the projects which we manage.
  3. We, or a third party, have a legitimate interest in processing the information and your interests and fundamental right do not override those interests. For example, processing your information to prevent fraud. We are required to make an assessment with regards to the benefits for us weighed against how appropriate it is to contact you in this way and whether it would be unfair to you. We believe that as a commercial enterprise we do have a legitimate interest in contacting you about our products or services and we will only do so if we decide it would be of interest or beneficial for you.

We will only use your personal information for the reason for which we collected it.  We will only use it for another reason if we believe that new reason is compatible with the original purpose. If we do need to use your personal information for a non-related purpose we will tell you about it and explain the legal basis which allows us to do so.

Who we share your information with

We will only share your Personal Data with third parties in the ways set out in this privacy statement. We do not give, sell or rent your Personal Data to third parties for them to market their services to you. Nor do we accept advertising from third parties on our website.

We may provide your Personal Data to our service providers to help us with our business activities, such as inputting your contact information into our CRM or email marketing system. In all cases we will have a processor agreement with these companies safeguarding your Personal Data, including that it may only be processed for the purposes of that agreement and on our instructions. We may also disclose your Personal Data as follows:

  1. For the operation of our business, to other entities and service providers within BNZ. For provision of the Services, and for our own disaster recovery and business continuity purposes, we may store or transmit Personal Data to or through third party providers, such as with our contractors and advisors to help us operate, secure and analyse our business.
  2. We may be obliged to disclose your Personal Data to comply with a law, order or request of a court, government authority, other competent legal or regulatory authority or any applicable code of practice or guideline.
  3. We may also be obliged to disclose Personal Data when we believe in good faith that disclosure is necessary for our legitimate interest such as investigating fraud, to make or defend a legal claim, to protect your safety or the safety of others, or to maintain our compliance or that of our personnel with applicable laws, regulations and/or professional obligations, all in accordance with applicable law.
  4. If BNZ is involved in a merger, acquisition, or sale of all or a portion of its assets, we may disclose such Personal Data as is necessary for our legitimate interests in completing that transaction and always provided that appropriate safeguards are in place including limitations and restrictions on use, access and retention.
  5. In other situations, only with your prior consent.

Sending your information outside of EEA

The regulations which have been put in place to protect your privacy apply throughout the EEA. The EEA is the European Economic Area which includes all the countries in the European Union plus Iceland, Liechtenstein and Norway. This means that any country within the EEA must meet the same privacy standards as the Netherlands. The personal information is also expected to be sent to the United Kingdom, and we will ensure that consistent privacy standards continue to apply. All the personal information that we hold about you will be processed in the EEA and the United Kingdom.

Storing your information

Our policy is to keep records on prospective investors, management teams and other business contacts indefinitely; we may wish to contact long-standing contacts about a particularly relevant opportunity in the future, and in the context of our business there is no way to predict when such an opportunity might arise. We will ensure all records are safely destroyed if we no longer need to retain them. We review our retention periods for personal information on a regular basis.

Your rights

You are provided with a number of different rights under the data protection laws in relation to your personal information. These allow you to:

  • access your information;
  • request we correct your information;
  • request that we erase your information;
  • object to the processing of your information;
  • request a restriction in the processing of your information;
  • request a transfer of your information; and
  • withdraw your consent.

If you wish to exercise any of these rights please contact us. Please note that you will not have to pay a fee to access your personal information or to exercise any of the other rights. We may, however, charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or we may refuse to deal with your request. We may also need to seek further information from you to confirm your identity before we release any personal information. This does not affect your right to make a complaint.


We have put in place appropriate security measures to protect your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have a procedure to deal with any suspected personal data breach and will notify you, and other regulators, where we are legally required to do so.