This Private Notice explains how Wattly safeguards confidential and sensitive information that sits outside routine personal-data processing. It supplements our public Privacy Notice and Information Security Policy, and aligns with applicable laws (e.g., GDPR where personal data is involved, and the EU Trade Secrets Directive 2016/943 for trade secrets).
This notice applies to non-public information we create or receive, including (without limitation):
Legal materials: contracts, litigation/arbitration files, regulatory correspondence.
Financial & strategic content: investment terms, proprietary models/forecasts, non-public performance data.
Intellectual property & technical data: designs, specifications, algorithms, prototypes.
Security information: architecture diagrams, keys/credentials (stored separately), penetration-test reports.
Corporate transactions: M&A, fundraising, board papers, non-public corporate information.
Counterparty confidentials provided under NDA or similar agreements.
If processing involves personal data, GDPR rights and obligations apply in addition to this notice.
We process confidential information to:
Perform contracts / NDAs, conduct due diligence, and deliver services.
Protect legitimate interests (e.g., safeguarding IP, ensuring compliance, managing risk).
Comply with legal obligations (record-keeping, regulatory requests, litigation holds).
Access is strictly need-to-know, mapped to role and purpose.
We may share confidential information with:
Internal recipients (limited to authorised roles).
External advisers and service providers (e.g., law firms, auditors, data-room and cloud vendors) under confidentiality and, where personal data is involved, DPA/SCC terms.
Regulators/courts where legally required.
We do not sell confidential information.
Where cross-border transfer is necessary, we apply appropriate safeguards (e.g., EU Standard Contractual Clauses, transfer risk assessments, supplementary technical measures).
We protect confidential information through layered measures, including:
Least-privilege access (RBAC), MFA, session management, and tamper-evident logging.
Encryption in transit and at rest, managed keys, network segmentation, hardened endpoints.
Secure development & code review for GreenBridge360™, vulnerability management, and third-party risk assessments.
DLP and classification for labelled documents; clean-desk/secure-print for physical copies.
Staff training and confidentiality undertakings.
Security is aligned with recognised practices (e.g., ISO/IEC 27001 principles) and evolving obligations (e.g., NIS2, where applicable).
We keep confidential information only as long as needed for its purpose and legal requirements, following our records-retention schedule and any litigation holds. Examples (indicative):
Contracts & corporate records: term + statutory limitation period.
IP & technical docs: for the life of the asset + protection period.
Due diligence data rooms: for the transaction lifecycle, then securely disposed.
When no longer required, data is securely deleted or anonymised.
If your personal data appears within confidential material, you may exercise GDPR rights (access, rectification, erasure, restriction, objection, portability) subject to legal and confidentiality constraints.
For non-personal confidential information, rights are governed by the applicable contract/NDA.
Contact:
Suspected loss or unauthorised access is handled under our incident-response plan. Where required, we notify affected parties and competent authorities without undue delay.
Owner: Chief Compliance Officer • DPO: [Name/Email]
Effective date: [DD Mon YYYY] • Version: 1.0 • Next review: [DD Mon YYYY + 12 months]
For professional and institutional investors only. This material is informational and does not constitute investment advice or an offer to buy or sell any security. Investments involve risk and are subject to eligibility and definitive documentation. Past performance is not a reliable indicator of future results.
