<p><strong>Alert</strong>:     <a class="text-black ps-2" href="https://graniteshares.com/media/qosfbc5p/grsh-compulsory-redemption-notice-lse-20240927.pdf" tabindex="-1">Early Redemption Event of certain classes of ETP Securities</a></p>

Privacy Policy

Privacy Policy

About this privacy notice 

For the purposes of data protection law, GraniteShares is a data controller in respect of your personal data. GraniteShares is responsible for ensuring that it uses your personal data in compliance with data protection law. 

This privacy notice applies to clients of GraniteShares, investors or potential investors in GraniteShares exchange traded products (ETPs) and any other relevant persons. This privacy notice sets out the basis on which any personal data about you that you provide to us, that GraniteShares creates, or that GraniteShares obtains about you from other sources, will be processed by GraniteShares. Please take the time to read and understand this privacy notice. 

Personal data that GraniteShares collects about you 

GraniteShares will collect and process the following personal data about you: 

  • Information that you provide to GraniteShares or one of its affiliates. This includes information about you that you give GraniteShares by filling in forms or by communicating with GraniteShares, whether face-to-face, by phone, e-mail or otherwise. This information may include, without limitation, your name, address, gender, job title, telephone number, email address and other contact details and in certain circumstances may also include information supporting any KYC (know your customer) and AML (anti-money laundering) checks GraniteShares, its affiliates or delegates may be required to conduct from time to time. 
  • Information GraniteShares collects or generates about you. This includes: 
  • information that you provide to GraniteShares and which GraniteShares record in its CRM (customer relationship management) systems or otherwise store in our email or file server systems and any further automated back-up of such information by our IT systems; 
  • information that you provide to GraniteShares and that GraniteShares is required to record pursuant to its various compliance and regulatory obligations, including data (including financial information) that GraniteShares is required to collect or generate to ensure compliance with local marketing laws or regulations; 
  • information that is collected and stored as a result of any recording of GraniteShares Limited’s telephone lines; 
  • any information GraniteShares may record as a result of you accessing GraniteShares’ website. 
  • Information GraniteShares obtains from other sources. 
  • GraniteShares may obtain information about you from third party data research sources, such personal data may include your name, role, firm name, email address, online profile, URL and business address. 

Uses of your personal data 

Your personal data may be stored and processed by GraniteShares in the following ways and for the following purposes: 

  • processing for advertising, marketing and business development opportunities, of GraniteShares ETPs, including notifying you of information ; 
  • processing for public relations, including promoting public relations in connection with GraniteShares ETPs, including by use of GraniteShares’ website; 
  • in order for GraniteShares and its affiliates to comply with their respective legal, regulatory and compliance obligations; and 
  • any other purposes reasonably related to the above. 

GraniteShares and its officers are entitled to use your personal data in these ways because: 

  • of legal and regulatory obligations that GraniteShares has to discharge; 
  • GraniteShares may need to establish, exercise or defend its legal rights or for the purpose of legal proceedings; or 
  • the use of your personal data as described is necessary for GraniteShares’ legitimate business interests (or the legitimate interests of one or more of our affiliates), such as: 
  • the performance of any contract in place between you (as the data subject) and GraniteShares (as data controller); 
  • compliance with the legal obligations of GraniteShares; 
  • GraniteShares’ legitimate interests which may include, without limitation, processing for direct marketing purposes and identifying business development opportunities, transmission of personal data (including data on clients, investors and potential investors in GraniteShares ETPs) within the GraniteShares’ group for internal administrative purposes, processing for ensuring cyber security and processing for reporting possible criminal acts or threats to public security to a competent authority; 
  • you may, from time to time, consent to GraniteShares using your personal data for one or more processing activities 

Data Security and Integrity 

GraniteShares looks to ensure that data is accurate, complete, current and reliable for its intended use. GraniteShares uses appropriate technical and organisational measures and safeguards to help protect your personal data from unauthorised access, misuse, alteration or loss. GraniteShares’ internal policies and procedures are designed to help ensure GraniteShares safeguards the privacy and accuracy of all data collected or processed. 

Disclosure of your information to third parties 

GraniteShares may disclose all or certain of your personal data to our affiliates (including, without limitation, GraniteShares Inc) in the circumstances described below: 

  • where GraniteShares has legal and regulatory obligations to discharge; 
  • GraniteShares may need to in order to establish, exercise or defend its legal rights or for the purpose of legal proceedings; 
  • in the course of ensuring the performance of any contract in place between you and GraniteShares; 
  • for direct marketing or business development purposes; 
  • for internal administrative purposes, including as a result of sharing common IT, call recording and data archiving systems; or 
  • for ensuring cyber security and processing for reporting possible criminal acts or threats to public security to a competent authority. 

GraniteShares will take steps to ensure that the personal data is accessed only by staff of such affiliates that have a need to do so for the purposes described in this notice. GraniteShares may also share your personal data with non-affiliated third parties. 

  • if GraniteShares sells any of our business or assets, in which case GraniteShares may be asked to disclose your personal data to the prospective buyer for due diligence purposes 
  • if GraniteShares or any of its affiliates is acquired by a third party or are otherwise subject to outside investment, in which case personal data held by GraniteShares about you will be disclosed to the third party buyer or investor; 
  • to third party agents or contractors (for example, the providers of our IT and electronic data storage services) for the purposes of providing services to GraniteShares. These third parties will be subject to confidentiality requirements and they will only use your personal data as described in this privacy notice; and 
  • to the extent required by law, for example if GraniteShares is under a duty to disclose your personal data in order to comply with any legal obligation, establish, exercise or defend our legal rights. 

Transfers of personal data outside the European Economic Area 

The personal data that GraniteShares collects from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside of the EEA who work for our affiliates or for one of our suppliers. 

Where GraniteShares transfers your personal data outside the EEA, it will ensure that it is protected in a manner that is consistent with how your personal data will be protected by GraniteShares in the EEA. This can be done in a number of ways, for instance: 

  • the country that GraniteShares sends the data to might be approved by the European Commission 
  • the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal data; or 
  • where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme. 

In other circumstances the law may permit GraniteShares to otherwise transfer your personal data outside the EEA. In all cases, however, GraniteShares will ensure that any transfer of your personal data is compliant with data protection law. 

You can obtain more details of the protection given to your personal data when it is transferred outside the EEA by contacting GraniteSharesin accordance with the “Contacting GraniteShares” section below. 

Retention of personal data 

How long GraniteShares holds your personal data for will vary. The retention period will be determined by various criteria including: 

  • the purpose for which GraniteShares is using it – GraniteShares will need to keep the data for as long as is necessary for that purpose; and 
  • legal obligations – laws or regulation may set a minimum period for which GraniteShares have to keep your personal data. 

Your rights 

You have a number of legal rights in relation to the personal data that GraniteShares holds about you. 

These rights include: 

  • the right to obtain information regarding the processing of your personal data and access to the personal data which GraniteShares holds about you; 
  • the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that GraniteShares may still be entitled to process your personal data if GraniteShares has another legitimate reason (other than consent) for doing so; 
  • in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that GraniteShares transmits those data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to GraniteShares; 
  • the right to request that GraniteShares rectifies your personal data if it is inaccurate or incomplete; 
  • the right to request that GraniteShares erases your personal data in certain circumstances. Please note that there may be circumstances where you ask GraniteShares to erase your personal data but GraniteShares is legally entitled to retain it; 
  • the right to object to, and the right to request that GraniteShares restricts, the processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask GraniteShares to restrict, the processing of your personal data but GraniteShares is legally entitled to continue processing your personal data and / or to refuse that request; and 
  • the right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by us. 

You can exercise your rights by contacting GraniteShares using the details set out in the “Contacting GraniteShares” section below. 

You can find out more information about your rights by contacting the Information Commissioner’s Office, or by searching their website at https://ico.org.uk/. 

Changes to our privacy policy 

Any changes GraniteShares makes to its privacy policy in the future will be posted on its website. GraniteShares suggests that from time-to-time you review this privacy policy for the latest information on GraniteShares’ privacy practices. By using GraniteShares’ website, you are agreeing to be bound by this privacy policy. GraniteShares keeps this privacy policy under regular review. This privacy policy was last updated in September 2024. 

Contacting GraniteShares 

If you would like further information on the collection, use, disclosure, transfer or processing of your personal data or the exercise of any of the rights listed above, please address questions, comments and requests to GraniteShares Limited, 3rd Floor, Great Titchfield House,14-18 Great Titchfield Street, London, Westminster, W1W 8BD, United Kingdom. (email: europe@graniteshares.com) 

f