Privacy Policy
Privacy Notice – Personal Data of Clients, Suppliers and Service Providers
Effective Date: 23 July 2025
This privacy notice (“privacy notice”) explains what personal data (information) we hold about you (as defined below), how we collect it, how we use and may share personal data about you, and how long we keep it. Deucalion is required to notify you of this information under data protection legislation. Please ensure that you read this privacy notice and any other similar notice(s) we may provide to you from time to time when we collect or process personal data about you.
Deucalion Aviation Limited (“DAL”), ETG FP Cayman, L.P., ETG FP Lux SCSp and DAL’s subsidiaries and branches from time to time, including (at the time of last review of this privacy notice) Deucalion Aviation Ireland Limited, Deucalion Aviation USA LLC and Deucalion Aviation Limited Singapore Branch (referred to collectively in this privacy notice as “we”, “us” or “our”) are data controller and we process personal data of our customers , suppliers and other service providers.
For convenience, in this privacy notice we refer to our customers, suppliers and other service providers, or potential customers, suppliers or other service providers as our “Business Partners”.
This privacy notice applies to:
- an individual associated with any of our customers Business Partners, such as an employee, other representative or beneficial owner of such a Business Partner; or
- an individual whose personal data is given to us by a Business Partner, or which we otherwise receive, in the course of our dealings with that Business Partner, or which we received in the context of the acquisition of the aviation investment management and aviation asset management businesses from DVB Bank SE (“DVB”).
Such individuals are collectively referred to as “you” and “your” in this privacy notice.
This privacy notice provides important information about how we process your personal data, and your data protection rights.
1. Personal data we collect about you
We may collect and process the following personal data about you:
Personal data that you give us:
This is personal data about you that you give to us when filling in forms that we (or our Business Partner on our behalf) ask you to complete or corresponding with us by email, telephone, post or otherwise. It may include, for example: your name, address, email address and telephone number; information about your business relationship with us; information about your professional role and background; and identification documentation for verification and authorisation purposes (collectively, “Business Data”).
We may have received your Business Data in the context of the acquisition of DVB’s aviation investment management and aviation asset management business, for example by way of novation of the respective advisory and management contracts.
If you do not provide your Business Data, we may not be able to provide or receive (or continue providing or receiving) relevant services to/from you or otherwise do business with you or our Business Partner with whom you are associated or from whom we received personal data about you.
If you are providing us with personal data about other individuals, such as your colleagues, please inform them of the purpose for which you are providing us the personal data and ensure they are aware of this privacy notice.
Personal data that our systems collect about you:
If you exchange emails, telephone conversations or other electronic communications with us and our staff members, our information technology systems may record details of those communications, including their content (collectively, “Communication Data”).
If you visit our websites, they will collect some information about you and your visit, including the internet protocol (“IP”) address used to connect your device to the internet and some other information such as your browser type and the pages on our site that you visit (collectively, “Technical Data”). Our websites may also download “cookies” to your device as described in our separate cookie statements on our websites if applicable.
Our premises have closed circuit TV systems and building access controls for security and safety purposes which may record you if you visit our premises (collectively, “Security Data”).
Personal data we receive from Business Partners or other third-parties:
Your colleagues or other business contacts may provide us with your Business Data.
If we need to conduct anti-money-laundering or similar background checks [(involving you, this may require more extensive personal data about you – for example, a copy of your passport. We sometimes collect personal data from third party data providers, international sanctions lists, the internet or other publicly available sources for anti-money-laundering, background checking and similar purposes, and to protect our business and comply with our legal and regulatory obligations (collectively, “Verification Data”).
2. Why we process your personal data
Under data protection law, we can only use your personal data if we have a proper reason, for example:
- you have given consent—where we need your consent, we will ask for it separately of this privacy policy and you can withdraw your consent at any time;
- to comply with our legal and regulatory obligations;
- to fulfil our contract with you or take steps at your request before entering into a contract; or
- for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. You have the right to object to processing based on legitimate interests. We must then stop the processing unless we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms or the processing is required to establish, exercise or defend legal claims.
The table below explains what we use your personal data for and why.
| What we use your personal data for | Our reasons | |
| Providing products and services to our customers | To fulfil our contract with customers or to take steps at their request before entering into a contract | |
| Preventing and detecting fraud against you or us | For our and/or your legitimate interests, i.e. to minimise fraud that could be damaging for you and/or us | |
| To check whether there is any conflict of interest between us and you and/or between you and another customer | To comply with our legal and regulatory obligations | |
| Conducting checks verify the identity of customers, service providers and suppliers
Screening for financial and other sanctions or embargoes Other activities necessary to comply with legal and regulatory obligations that apply to our business, e.g. under health and safety law |
Depending on the circumstances: —to comply with our legal and regulatory obligations —for our legitimate interests |
|
| To enforce legal rights or defend or take legal proceedings | Depending on the circumstances: —to comply with our legal and regulatory obligations —for our legitimate interests, or those of a third party |
|
| Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies | Depending on the circumstances: —to comply with our legal and regulatory obligations —for our legitimate interests |
|
| Ensuring internal business policies are complied with, e.g. policies covering security and internet use | For our legitimate interests, i.e. to make sure we are following our own internal procedures so we can deliver the best service to our customers | |
| Operational reasons, such as improving efficiency, training and quality control | For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to our customers at the best price | |
| Ensuring the confidentiality of commercially sensitive information | Depending on the circumstances: —for our legitimate interests, i.e. to protect trade secrets and other valuable information —to comply with our legal and regulatory obligations |
|
| Statistical analysis to help us manage our business, e.g. in relation to our financial performance, customer base, services range or other efficiency measures | For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to our customers at the best price | |
| Protecting the security of systems and data used to provide services, prevent unauthorised access and changes to our systems | Depending on the circumstances: —for our legitimate interests, i.e. to prevent and detect criminal activity that could be damaging for you and/or us —to comply with our legal and regulatory obligations |
|
| Updating and enhancing our records | Depending on the circumstances: —to fulfil our contract with you or to take steps at your request before entering into a contract —to comply with our legal and regulatory obligations —for our legitimate interests, e.g. making sure we can keep in touch with our customers about existing and new services |
|
| Statutory returns | To comply with our legal and regulatory obligations | |
| Ensuring safe working practices, staff administration and assessments | Depending on the circumstances: —to comply with our legal and regulatory obligations —for our legitimate interests, e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you |
|
| Providing information updates and/or marketing our services [and those of selected third parties] to existing and former customers and third parties | Depending on the circumstances: —for our legitimate interests, i.e. to promote our business —consent (which you can withdraw at any time) |
|
| Dealing with complaints or claims | Depending on the circumstances: —to comply with our legal and regulatory obligations —for our or your legitimate interests or those of a third party, e.g. to make sure any potential claim is reported to our insurer |
|
| External audits and quality checks, e.g. for ISO or Investors in People accreditation and the audit of our accounts [to the extent not covered by ‘activities necessary to comply with legal and regulatory obligations’ above | Depending on the circumstances: —for our legitimate interests, i.e. to achieve and maintain relevant accreditations so we can demonstrate we operate at the highest standards —to comply with our legal and regulatory obligations |
|
| Sharing your personal data with members of our group of companies and/or third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale or in the event of our insolvency
In such cases information will be anonymised where possible and only shared where necessary |
Depending on the circumstances: —to comply with our legal and regulatory obligations —in other cases, for our legitimate interests, i.e. to protect, realise or grow the value in our business and assets] |
Special category data is personal data which is deemed particularly sensitive and therefore subject to additional protection under data protection legislation (“Special Category Personal Data”). It includes, for example, personal data revealing racial or ethnic origin, political opinion, religious or philosophical beliefs and sexual orientation. Where we process Special Category Personal Data, we will also ensure we are permitted to do so under data protection laws, for example:
- we have your explicit consent;
- the processing is necessary to protect your (or someone else’s) vital interests where you are physically or legally incapable of giving consent;
- the processing is necessary to establish, exercise or defend legal claims; or
- the processing is necessary for reasons of substantial public interest.
3. To whom do we disclose your personal data?
We will disclose personal data about you, where reasonably necessary for the various purposes set out above, to:
- the direct and indirect shareholders, subsidiaries and other affiliates of ours;
- your colleagues representing the Business Partner with whom you are associated or from whom we received personal data about you, or our other Business Partners (where we have a lawful basis to do so);
- counterparty financial institutions, and other persons from whom we receive, or to whom we make, payments, or with whom we conduct other transactions;
- our auditors and our legal, accounting and other professional advisors, so that they can advise us;
- other service providers who hold or process your personal data on our behalf, under strict conditions of confidentiality and security;
- third parties who will or may take control or ownership of some or all of our business or assets in connection with a significant corporate transaction, restructuring or insolvency (and professional advisors acting on our or their behalf);
- regulatory, tax, law enforcement or other governmental agencies, courts or litigation counterparties, in any country or territory; and
- other persons where we are required by law to disclose.
4. How do we transfer your personal data?
The disclosures of your personal data may involve transferring your personal data abroad. You should be aware that, where our processing of your personal data is subject to EU, UK or Cayman Islands data protection laws, this may include transfers to countries outside the European Economic Area, the United Kingdom or the Cayman Islands (as applicable), which do not have similarly strict data privacy laws, including, for example, the United States of America.
We will transfer your personal data outside the UK and /or EEA as applicable only where:
- the UK government or European Commission (as applicable) has decided the recipient country ensures an adequate level of protection of personal data (known as an adequacy decision); or
- there are appropriate safeguards in place (e.g. standard contractual data protection clauses published or approved by the relevant data protection regulator), together with enforceable rights and effective legal remedies for you; or
- a specific exception applies under data protection law.
For more information or for a copy of the appropriate safeguard for any of the transfers below please contact us (using the ‘How to contact us’ information at section 9 of this privacy notice).
5. Where is your personal data held?
Personal data may be held at our premises and those of our group companies, third party agencies, service providers, representatives and agents as described in section 3 ‘To whom do we disclose your personal data’.
Some of these third parties may be based outside the UK. For more information, including on how we safeguard your personal data when this occurs, see section 4 ‘How do we transfer your personal data’.
6. For how long do we keep your personal data?
We will not keep your personal data for longer than we need it for the purpose for which it was collected or as required by law.
If we no longer engage with you, are no longer providing goods or services to you, or are no longer receiving goods or services from you, we will usually delete or anonymise your account data after seven years.
Following the end of the of the relevant retention period, we will delete or anonymise your personal data.
If you would like further information about how long we keep your personal data, please contact us (see ‘How to contact us’ at section 9).
7. Your data protection rights
This section applies where our processing of your personal data is subject to EU and UK Cayman Islands data protection laws.
You have a right of access to the personal data that we hold about you, and to some related information, under the applicable data protection laws. You can also require any inaccurate personal data to be corrected or deleted.
You can object to us processing your personal data (i) for direct marketing purposes, or (ii) on grounds relating to your particular situation, in case we process your personal data for the purposes of our legitimate interests, at any time.
You may, in some circumstances, have the right to restrict our processing or obtain the erasure of your personal data.
You have the right to request, in some circumstances, certain of your personal data to be transferred to you or a third party.
To the extent our processing of your personal data is based on your consent, you also have the right to withdraw your consent, without affecting the lawfulness of our processing based on your consent before its withdrawal.
You further have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Exercising any of your rights mentioned above is subject to legal prerequisites and, in certain circumstances, your rights may be limited due to legal exceptions set out, in particular, in articles 17(3) and 22(2) of the UK or EU General Data Protection Regulation or Part 2 of the Cayman Islands Data Protection Act, 2017 (as applicable).
Please contact us in accordance with the “How to contact us” section below if you wish to exercise any of these rights or should you have any questions relating to your rights or their limitations.
You can also lodge a complaint about our processing of your personal data with the Information Commissioner, the Irish Data Protection Commission , the Cayman Islands Ombudsman (as applicable) or the supervisory authority in the place of your habitual residence, place of work or of an alleged infringement of applicable data protection laws.
8. Keeping your personal data secure
We have implemented appropriate technical and organisational measures to keep your personal data confidential and secure from unauthorised access, use and disclosure. We limit access to your personal data to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
We require our Business Partners, suppliers and other third parties to implement appropriate security measures to protect personal data from unauthorised access, use and disclosure.
We also have procedures to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are required to do so.
9. How to contact us
If you have any questions about this privacy notice or our processing of your personal data, or if you wish to exercise your data protection rights, our contact details are below. We are committed to working with you to obtain a fair resolution of any complaint or concerns about privacy.
Deucalion Aviation Limited
MYO (Deucalion, Office 2.04, Second Floor) One New Exchange
London, EC4M 9AF
Data Protection Contact
dataprotection@deucalion.com
10. Updates to our privacy notice
We may amend or update our privacy notice. We will provide you notice of amendments to this privacy notice, as appropriate, and update the “Effective Date” at the top of this privacy notice. Please review our privacy notice from time to time.
11. Updating your personal data
We take reasonable steps to ensure your personal data remains accurate and up to date. To help us with this, please let us know if any of the personal data you have provided to us has changed, e.g. your surname or address—see below ‘How to contact us’.
Deucalion Issue 2: 23 July 2025