Client Privacy Notice

Introduction

Interpath (“Interpath Advisory”, “we”, “us”, “our”) is dedicated to protecting the confidentiality and privacy of information entrusted to us in accordance with applicable data protection legislation, including the EU General Data Protection Regulation (“GDPR”), the GDPR as it applies in the United Kingdom (“UK GDPR”), the UK Data Protection Act 2018, and all other applicable data protection laws in the territories in which we operate.

What is this notice about?

This Privacy Notice sets out how we process information about you (referred to as “personal data” within this Privacy Notice) when we provide our advisory and insolvency services to clients including how we collect and use this personal data and your rights in relation to this personal data.

This Privacy Notice is supplemented with specific information relating to each country in which we operate. Please see the relevant Country-Specific Information at Appendix 1.

Advisory services

Interpath is a global group of companies providing professional financial advisory services across deals, advisory and restructuring. Interpath supports clients locally and internationally offering a broad range of services including M&A, debt and capital advisory, forensics and data technology, financial restructuring and rationalisation, cash management, loan portfolio due diligence, vendor due diligence and valuations, amongst others.

All advisory services are contracted with the relevant Interpath entity and, generally, the entity acts as a Data Controller for these purposes. There will, of course, be services where a Data Processor role is more appropriate and this will be determined and agreed with the client when initially contracting.

Insolvency services

When an Interpath staff member is appointed as an office holder in insolvency proceedings under local insolvency and similar laws and regulations (e.g., a liquidator or administrator in corporate proceedings or a trustee in bankruptcy proceedings) ("Office Holder"), the Office Holder holds the appointment in their personal capacity and is a separate controller to Interpath. It is important to note that Interpath does not itself accept appointments as an Office Holder.

This Privacy Notice applies to Interpath's processing of personal data relating to individuals involved in or subject to any formal insolvency proceedings across our relevant jurisdictions. (“Insolvency Services”). It also applies to you if you are our client or an employee or consultant working for our client.

This Privacy Notice does not apply to the Office Holder's processing of personal data; it only applies to the processing of personal data by or on behalf of Interpath as controller. Please see the relevant section below where we are specifically delivering Insolvency Services. For information about the Office Holder's processing of personal data, please see the Interpath IP Privacy Notice.

Who are we and how can you contact us?

The precise Interpath entity responsible for the processing of your personal data will depend on which of our offices you are engaging with for the provision of Advisory or Insolvency Services. Details of the relevant entities can be found here: https://interpath.com/locations/.

If you have questions or comments about this Privacy Notice or how we handle personal data, or wish to complain to us about our handling of your personal data, please contact the relevant Interpath entity using the Data Privacy team at .

Personal data we collect and why

Applicable data protection laws require us to inform you about the purposes for which we use your personal data. In some territories, we are also required to have, and to inform you of, the legal basis we rely upon for such use. 'Legal bases' are the legal reasons for our use of your personal data – these are set out in applicable data protection laws. If your territory requires us to have a legal basis, we cannot use your personal data if we do not have a valid legal basis for such use.

This section of the Privacy Notice applies to you if you are our client, or an employee or consultant working for our client and we provide you with advisory services:

We process the following types of personal data, which we collect directly from you when, for example, we are establishing a business relationship, performing professional services through a contract or through our hosted software applications, or where you are otherwise interacting with us:

Category of personal data	Purpose of processing	Legal basis for processing (only applicable in those territories that require us to have a legal basis)
Contact details (Name, company name, job title, work and personal telephone numbers, work and personal email address, postal address)	To respond to you when you send us a request for a proposal, tender, or quotation	Legitimate interests For our legitimate interest in growing our business
	To contact you in relation to our events, meetings or webinars, including to send invitations and providing access to such events, meetings and webinars	Legitimate interests For our legitimate interest in operating successful events, meetings and webinars as part of our ongoing business
	Promoting our professional services, products and capabilities, including via our newsletter and other marketing communications	Consent Where legally required, we ask for your consent when you sign up for our newsletter or other marketing communications. You can withdraw this consent at any time by unsubscribing using the button at the bottom of our emails to you or as otherwise described in the communication
		Legitimate interests For our legitimate interest in keeping you informed about our business offering and wider market information
	Providing professional advice and delivering reports and other deliverables related to our professional services	Performance of a contract with you (where you are our client) For the performance of a contract with our clients to deliver the professional services our clients have engaged us to provide
		Legitimate interests For our legitimate interest in communicating with you to deliver the professional services our clients have engaged us to provide
Device and web data (IP address, traffic data, clickstream information, time stamp, location data, web logs, other communication data such as your browser type and version, time zone setting and location, plug-in types and versions, operating system and platform; and the resources that you access)	Administering, maintaining and ensuring the security of our information systems, applications and websites	Legitimate interests For our legitimate interest in ensuring the safety and security of our website and preventing unauthorised access to our IT systems and websites
		Legal obligation To comply with our legal and regulatory obligations relating to fraud and cyber crime
		Consent We collect this information using cookies. Where legally required, we obtain your prior consent to the dropping of cookies and the processing of personal data collected via those cookies. For further information about our use of cookies, please refer to our cookies policy at https://interpath.com/policies-and-regulatory-information/the-bvi/cookie-policy/
Family and beneficiary details (Names, relationships with you, dates of birth)	Providing professional advice and delivering reports related to our professional services	Performance of a contract with you (where you are our client) For the performance of a contract with our clients to deliver the professional services our clients have engaged us to provide
		Legitimate interests For our legitimate interest in communicating with you to deliver the professional services our clients have engaged us to provide

We collect and use the following personal data from public sources, including public registers (such as Companies House), news articles, sanctions lists, government intelligence and crime prevention agencies, and internet searches:

Category of personal data	Purpose of processing	Legal basis for processing (only applicable in those territories that require us to have a legal basis)
Contact details (Name, company name, job title, work and personal telephone numbers, work and personal email address, postal address)	Verifying your identity and carrying out sanctions screening as part of our ongoing legal obligations when providing professional services to clients	Legitimate interests For our legitimate interest in promoting and publicising our business
		Legal obligation To comply with our legal and regulatory obligations relating to anti-money laundering, terrorist financing, fraud, and other forms of financial crime

This section of the Privacy Notice applies to you if you are an individual involved in or subject to formal insolvency proceedings and we are engaged to provide insolvency services:

We collect and use various categories of personal data shared by our clients when we are engaged to perform Insolvency Services. Such personal data may relate to the insolvent individual, directors/shareholders of the insolvent company, or personal data related to past, present or prospective employees, contractors, suppliers and/or customers. The table below gives examples of the types of personal data we may process. The exact categories will vary depending on the nature of the business in which our client operates.

Category of personal data	Purpose of processing	Legal basis for processing (only applicable in those territories that require us to have a legal basis)
Contact details (Name, company name, job title, work and personal telephone numbers, work and personal email address, postal address)	To respond to you when you send us a request for a proposal, tender, or quotation	Legitimate interests For our legitimate interest in growing our business
	To contact you in relation to our events, meetings or webinars, including to send invitations and providing access to such events, meetings and webinars	Legitimate interests For our legitimate interest in operating successful events, meetings and webinars as part of our ongoing business
	Promoting our professional services, products and capabilities, including via our newsletter and other marketing communications	Consent Where legally required, we ask for your consent when you sign up for our newsletter or other marketing communications. You can withdraw this consent at any time by unsubscribing using the button at the bottom of our emails to you or as otherwise described in the communication
		Legitimate interests For our legitimate interest in keeping you informed about our business offering and wider market information
	Providing professional advice and delivering reports and other deliverables related to our professional services	Performance of a contract with you (where you are our client) For the performance of a contract with our clients to deliver the professional services our clients have engaged us to provide
		Legitimate interests For our legitimate interest in communicating with you to deliver the professional services our clients have engaged us to provide
Family and beneficiary details (Names, relationships with you, dates of birth)	Record keeping purposes following the cessation of the Office Holder's appointment	Legal Obligation To comply with our legal and regulatory obligations to maintain recordings of Office Holder's decision-making as part of the Insolvency Services
Financial information (Taxes, payroll, investment interests, pensions, assets, bank details, insolvency records)	Providing professional advice and delivering reports related to our professional services	Performance of a contract with you (where you are our client) For the performance of a contract with our clients to deliver the professional services our clients have engaged us to provide
		Legitimate interests For our legitimate interest in communicating with you to deliver the professional services our clients have engaged us to provide
	Record keeping purposes following the cessation of the Office Holder's appointment	Legal Obligation To comply with our legal and regulatory obligations to maintain recordings of Office Holder's decision-making as part of the Insolvency Services
Sensitive personal data (Personal identification documents that may reveal race, religion or ethnic origin, biometric data of private individuals, beneficial owners of corporate entities, expense receipts that reveal affiliations with trade unions or political opinions, adverse information about clients that may reveal criminal convictions or offences information)	Providing professional advice and delivering reports related to our professional services	Explicit consent Where legally required, we will write to you to ask for your explicit written consent before we process this personal data
		Legal obligation To comply with our legal and regulatory obligations relating to anti-money laundering, terrorist financing, fraud, and other forms of financial crime
	Record keeping purposes following the cessation of the Office Holder's appointment	Legal Obligation To comply with our legal and regulatory obligations to maintain recordings of Office Holder's decision-making as part of the Insolvency Services

Do we share personal data with third parties?

We occasionally share personal data with trusted third parties to help us deliver efficient and quality services. These recipients are either contractually bound or bound by law to safeguard the data we entrust to them. We engage with the following categories of recipients:

• Parties that support us as we provide our services (e.g., providers of telecommunication systems, mailroom support, IT system support, archiving services, document production services and cloud-based software services).
• Our professional advisers, including lawyers, agents, auditors, health and safety advisors and insurers.
• A potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of our business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it.
• Parties that support us with anti-money laundering, client conflicts and independence checks.
• Law enforcement or other government and regulatory agencies (e.g., HMRC) or to other third parties as required by, and in accordance with, applicable law or regulation.
• Payment, marketing and recruitment services providers.
• Our employees, sub-contractors, agents or service providers who work for us where required or necessary for the performance of their duties and in line with the reasons for processing set out in this Privacy Notice.

Do we transfer your personal data outside your country of residence?

We have servers in the United Kingdom, Europe, Australia and Canada.

We may transfer personal data within the Interpath group of companies or to reputable third-party organisations situated outside the country in which your personal data is stored when we have a business reason to engage these organisations. We only transfer your personal data outside the country in which we have offices where we are satisfied that the transfer complies with local data protection law and, if legally required, appropriate safeguards are in place to ensure that your personal data is subject to safety measures equivalent to those in the country in which it is stored.

What are your data protection rights?

Depending on your location, you may have some or all of the following rights in relation to your personal data, subject to certain limitations and exceptions:

• Access – You can ask us to verify whether we are processing personal data about you, and if so, to provide more specific information.
• Correction – You can ask us to correct our records if you believe they contain incorrect or incomplete information about you.
• Erasure – You can ask us to erase (delete) your personal data after you withdraw your consent to processing or when we no longer need it for the purpose it was originally collected. In most cases, this right will not apply where we process your personal data pursuant to our legal obligations.
• Processing restrictions – You can ask us to temporarily restrict our processing of your personal data if you contest the accuracy of your personal data, prefer to restrict its use rather than having us erase it, or need us to preserve it for you to establish, exercise, or defend a legal claim. A temporary restriction may apply while verifying whether we have overriding legitimate grounds to process it. You can also ask us to inform you before we lift that temporary processing restriction.
• Data portability – Where you have provided personal data to us, you can ask us to transmit that personal data (in a structured, commonly used, and machine-readable format) directly to another company if it is technically feasible. This right is only available in relation to personal data that we process with your consent or where this is necessary for the performance of a contract with you, and such processing is carried out by automated means. 
• Right to object – You can object to our use of your personal data for direct marketing purposes, including profiling, at any time. We may need to keep some minimal information to comply with your request to cease marketing to you. You can also object to our use of your personal data where our processing is necessary for us to pursue a legitimate interest (in those territories where we need a legal basis for processing). 
• Right to withdraw consent – You can withdraw your consent that you have previously given to one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. It may mean we are not able to provide certain products or services to you, and we will advise you if this is the case. This right is only available in relation to personal data that we process with your consent.
• Right to lodge a complaint – You can lodge a complaint with the relevant data protection supervisory of your country if you believe your rights have been infringed. Please see the relevant Country-Specific Information section set out at Appendix 2 below for details of the relevant data protection supervisory in your country.

Please note that the availability and scope of these rights may vary depending on the office with which you engage. If you have a question about your data protection rights or would like to exercise your data subject rights, you can email your local Interpath entity using dataprivacy@interpath.com.

How long do we retain your personal data? 

We retain personal data to provide our services, stay in contact with you and to comply with applicable laws, regulations, and professional obligations that we are subject to. Unless a different time frame applies as a result of business need or specific legal, regulatory or contractual requirements, where we retain personal data in accordance with these purposes, we retain such personal data for seven years.

Do we change this Privacy Notice?

We regularly review this Privacy Notice and will post any updates to it on this webpage. All amendments will automatically take effect immediately on posting. Please check this Privacy Notice periodically to inform yourself of any changes.

This Privacy Notice was last updated in November 2025.

COUNTRY-SPECIFIC INFORMATION

Bermuda – Additional Information

Privacy Officer 

Contact details of our Privacy Officer for Bermuda are:

Email: dataprivacy@interpath.com 

Contact details of our PIPA Privacy Officer for Bermuda are:

Ali Wisbey

Email: dataprivacy@interpath.com 

Complaints

The contact details for the appropriate data protection supervisory is as follows:

Bermuda:

o The Office of the Privacy Commissioner for Bermuda

Email: privcom@privacy.bm

Post: Maxwell Roberts Building, 4th Floor, 1 Church Street, Hamilton, HM11, Bermuda

Website: https://www.privacy.bm/ 

Telephone: 1-441-543-7748

British Virgin Islands – Additional Information

Legal basis for processing

Under the data protection laws of the British Virgin Islands, we are unable to rely on our legitimate interests as a legal reason for processing your personal data. Where "legitimate interests" is referred to in the table under Personal data we collect and why, this shall be replaced with your consent as our legal reason for processing your personal data.

Complaints

The contact details for the appropriate data protection supervisory is as follows:

- British Virgin Islands:

o BVI Information Commissioner:

Email: gis@gov.vg

Post: 33 Admin Drive, Wickhams Cay 1, Road Town, Tortola, British Virgin Islands

Website: https://bvi.gov.vg/departments/office-complaints-commission

Telephone: 1284468701

Cayman Islands – Additional Information

Complaints

The contact details for the appropriate data protection supervisory is as follows:

The contact details for the appropriate data protection supervisory is as follows:

- Cayman Islands:

o Ombudsman Cayman Islands:

Email: info@ombudsman.ky

Post: PO Box 2252, Grand Cayman KY1-1107, CAYMAN ISLANDS

Website: https://ombudsman.ky/data-protection 

Telephone: +13459466283

European Union and United Kingdom – Additional Information

Data Protection Officer

In addition to the contact details set out above, any questions about this Privacy Notice or complaints about how we handle your personal data may be directed to our Data Protection Officer using the email address: dataprivacy@interpathadvisory.com.

International transfers

To the limited extent that it is necessary to transfer personal data outside of the UK or the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data, including standard contractual clauses under Article 46(2) of the GDPR (and the equivalent standard contractual clauses for the UK, where appropriate) or an adequacy decision under Article 45 for the GDPR.  Please contact us using the contact details set out in the Who are we and how can you contact us? section above if you wish to obtain further information concerning the safeguards we put in place, including copies of the standard contractual clauses entered into with any third parties based outside of the UK or EEA to whom we transfer personal data to.

Data Protection Rights

In relation to the personal data that we collect, and process as detailed in this Privacy Notice and to which the GDPR or UK GDPR applies, you have the right to:

• Right to decide the fate of personal data on death (in France only): You have the right to define general or specific instructions relating to the retention, erasure, and disclosure of your personal data after your death. You may modify or delete these instructions at any time by contacting us using the information on the table above.
• Right to complain to the controller (in UK only): You have the right to make a complaint to the controller if the controller is not complaint with Data Protection Legislation or if you consider that there has been an infringement of Data Protection Legislation.

For further information about your data protection rights under GDPR and UK GDPR, see here: https://ico.org.uk/for-the-public/

Complaints

You also have a right to lodge a complaint to an appropriate data protection supervisory authority about the manner in which we handle your personal data. The contact details for the appropriate data protection supervisory authorities are as follows:

- United Kingdom:

o Information Commissioner’s Office 

Email: casework@ico.org.uk

Post: Water Lane, Wycliffe House Wilmslow, Cheshire SK9 5AF, United Kingdom

Website: https://ico.org.uk

Telephone: 03031231113

- Republic of Ireland:

o Data Protection Commission:

Webform: https://forms.dataprotection.ie/contact 

Post: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Website: https://www.dataprotection.ie/

Telephone: 017650100

- Austria:

o Autoriteit Persoonsgegevens (AP)

Email: dsb@dsb.gv.at

Post: Österreichische Datenschutzbehörde, Barichgasse 40-42, 1030 Vienna, Austria.

Website: https://data-protection-authority.gv.at/

Telephone  +43 1 52 152-0

- France:

o Commission Nationale de l'Informatique et des Libertés (CNIL)

Post: 3 Place de Fontenoy TSA 80715, 75334 PARIS CEDEX 07, FRANCE

Website: https://www.cnil.fr/en

Telephone: 01 53 73 22 22

- Germany:

o Federal Commissioner for Data Protection and Freedom of Information (BfDI)

Email: poststelle@bfdi.bund.de

Post: Graurheindorfer Str. 153, 53117 Bonn

Website: https://www.bfdi.bund.de/DE/Home/home_node.html

Telephone: 0228 997799-0

- Spain:

o Spanish Data Protection Agency (AEPD)

Post: Spanish Data Protection Agency, C/ Jorge Juan,6 28001-Madrid

Website: https://www.aepd.es/

Telephone: 900 293 183

Hong Kong – Additional Information

The contact details for the appropriate data protection supervisory is as follows:

- Hong Kong:

o Data Protection Supervisory Authority - PCPD

Email: complaints@pcpd.org.hk

Post: Unit 1303, 13/F, Dah Sing Financial Centre, 248 Queen's Road East, Wanchai, Hong Kong.

Website: https://www.pcpd.org.hk/

Telephone: 2827 2827