Privacy Policy

Who we are

We are Entrepreneurs First Operations Limited (“EFOL”) and Entrepreneurs First Investment Manager LLP (“EFIM”), collectively referred to as Entrepreneurs First (“EF”, “we”, “us”, “our”). EFOL is a limited company registered in England and Wales under registration number 09064488, with its registered office at Senna Building, Gorsuch Place, London, E2 8JF. EFIM is a Limited Liability Partnership, registered under company number OC397263, authorised and regulated by the Financial Conduct Authority (FRN 807367) and is also registered as a registered investment adviser (“RIA”) with the U.S. Securities and Exchange Commission (“SEC”) with its registered office at International House, 64 Nile Street, London, N1 7SR.

We are registered with the UK’s supervisory authority, the Information Commissioner’s Office (the “ICO”), for the processing of Personal Data under the following registration numbers: ZA078280 for EFOL and ZA123384 for EFIM.

This privacy policy is issued on behalf of Entrepreneurs First and its affiliates (together “Entrepreneurs First Group”), so when we mention “Entrepreneurs First”, “we”, “us” or “our” in this privacy policy, we are referring to the relevant company in the Entrepreneurs First Group responsible for processing your data.

What we do

Entrepreneurs First invests in exceptional individuals to build startups from scratch. We bring together talented outliers to develop their most ambitious ideas and raise money from the world’s best investors. Our portfolio is now collectively valued at over $16B. We and our affiliates, subsidiaries and related entities are committed to protecting the privacy and security of the Personal Data we process about you.

Controller

Unless we notify you otherwise, we are the controller of the Personal Data we process about you. This means that we decide what Personal Data to collect and how to process it.

The purpose of this privacy notice is to explain what Personal Data we collect about you and how we process it. This privacy notice also explains your rights, so please read it carefully. If you have any questions, you can contact us using the information provided below under the ‘How to contact us’ section.

This privacy notice also explains how Entrepreneurs First manages personal data in connection with founder, investor, alumni and ecosystem engagement, networking and introductions, events and community participation, newsletters and promotional communications, and business development and lead generation activities.

This privacy notice applies to you if:

• You visit our website;
• You enquire about our products and/or services;
• You apply for one of our programmes;
• You are an investor with us or a Limited Partner in the Funds under our management;
• You are an alumni with us;
• You sign up for a demo day event; or
• You sign up to receive newsletters and/or other promotional communications from us.
• You otherwise interact with Entrepreneurs First as part of our programme, investor, portfolio, alumni, recruitment, partner, or broader ecosystem activities.
• You have been identified as a potential programme candidate, founder, or ecosystem contact through professional networking platforms, events, referrals, or other outreach or lead generation activities.

‘Personal Data’ means any information from which someone can be identified either directly or indirectly. For example, you can be identified by your name or an online identifier.

‘Special Category Personal Data’ is more sensitive Personal Data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone’s sex life or sexual orientation.

The type of Personal Data we collect about you will depend on our relationship with you. For the type of Personal Data we collect see the table below in the section titled ‘Purposes, lawful bases and retention periods’.

We may collect and maintain information relating to:

• professional and business relationships;
• participation in events, programmes, and networking activities;
• communications preferences;
• interactions with Entrepreneurs First, portfolio companies, and ecosystem partners; and
• publicly available professional information relevant to our programmes, services, and ecosystem activities.

We collect most of the Personal Data directly from you in person, by telephone, electronic messaging or email and/or via our website. We also collect personal data from you if you opt in to provide us this information on demo day.

However, we may also collect your Personal Data from third parties such as:

• Data providers, business intelligence providers, and reputable organisations that provide professional contact information and lead generation services;
• Others to whom you have provided consent;
• Publicly available sources, including professional networking platforms such as LinkedIn and other social media;
• AI-assisted tools used to identify and discover prospective programme candidates, founders, or ecosystem contacts from publicly available sources; and
• Portfolio companies, investors, recruiters, sponsors, or ecosystem partners;
• Event organisers and professional networking platforms; or
• Referrals and introductions.

We will only use your Personal Data when the law allows. Most commonly, we will use your Personal Data in the following circumstances:

Where Personal Data is processed because it is necessary for the performance of a contract to which you are a party, we may be unable to provide our services without the required information.

We do not make decisions based solely on automated processing that produce legal or similarly significant effects on individuals.

We will not disclose your personal data to third parties unless required or permitted by law or regulatory requirements, or as outlined in this policy. This excludes disclosures to our affiliates and companies within the group.

For business operations, Entrepreneurs First may share your data with the following types of companies:

• Professional service providers such as marketing agencies, advertising partners, recruiters, CRM providers, communications providers, analytics providers, and website hosts who assist us in running our business.
• Analytics and search engine providers that support us in improving and optimising our site.
• Third parties who provide IT support, mailings, cloud hosting, security, or event management on our behalf.
• EF Portfolio companies, EF Alumni, investors, sponsors, recruiters, ecosystem partners, or other third parties where relevant to programme participation, networking, fundraising, recruitment, strategic introductions, or ecosystem collaboration.
• Law enforcement agencies, governmental bodies, or other third parties when legally required, such as through a court order or regulatory authority, or when necessary to prevent fraud, cyber-crime, or to protect our Website, our technology, or the rights, property, and personal safety of others.
• Other third parties in cases where it is reasonably clear from the context in which the data was provided.
• Other business entities if we merge with, are acquired by, or reorganise with another business entity.
• Successors in interest in the event of liquidation or administration of Entrepreneurs First.
• Industry Bodies and Professional Associations: As part of our commitment to the Investing in Women Code, we collect and share aggregated, anonymised gender data with the UK Department for Business for inclusion in its Annual Progress Report, promoting female entrepreneurship in the UK.

Depending on the circumstances, recipients of personal data may act as independent controllers of that data. We may share personal data with service providers and vendors performing services on our behalf subject to contractual confidentiality, security, and data protection obligations.

If you are based in the EEA or UK, we may transfer your personal data outside these regions for processing or storage. This may involve employees, affiliates, suppliers, or service providers operating outside the EEA processing your data, for example processing a payment, providing support services, hosting infrastructure, or supporting communications and analytics.

When transferring data outside the UK/EEA, we ensure adequate safeguards are in place, such as:

• Transferring data to countries that have been granted adequacy status by the European Commission or UK Government; or
• Entering into an International Data Transfer Agreement (“IDTA”) or Standard Contractual Clauses (SCCs) with the receiving party, along with any necessary supplementary measures.

We maintain administrative, technical, and organisational safeguards designed to protect personal data against unauthorised access, disclosure, alteration, and destruction. EF is subject to legal and regulatory obligations relating to the safeguarding of personal information, including obligations applicable to regulated financial services firms. EF maintains written policies, procedures, and safeguards designed to protect customer and personal information, including administrative, technical, and physical safeguards appropriate to the size, scope, and nature of our operations and the sensitivity of the information processed.

These measures may include:

• access controls and least-privilege principles;
• encryption and secure data transfer measures;
• multi-factor authentication;
• vendor due diligence procedures;
• monitoring and incident response procedures;
• periodic assessment of service providers that process personal data on our behalf
• business continuity and disaster recovery measures; and
• security testing and review processes.

We may use AI-assisted technologies and analytics tools to support internal business operations, including summarisation, workflow management, communications support, analytics, prioritisation, and operational efficiency.

Where AI-assisted tools are used, we maintain appropriate human oversight and apply contractual, technical, and organisational safeguards designed to protect personal data.

This section applies solely to Entrepreneurs First Investment Manager LLP (“EFIM”) in its capacity as a registered investment adviser with the US Securities and Exchange Commission (“SEC”). It sets out how EFIM meets its obligations under Regulation S-P (17 CFR Part 248) (“Reg S-P”), which governs the privacy and security of nonpublic personal information (“NPI”) relating to natural persons who invest in funds managed by EFIM (“Customers”).

What is NPI?

NPI is any information that is not publicly available and that EFIM collects from or about Customers in connection with their investment relationship with EFIM. This includes name, address, and contact details; financial account information, investment amounts, and transaction records; tax identification and status information; and identity and source of funds documentation collected at onboarding.

How EFIM uses and shares NPI

EFIM uses NPI for the purposes described in this privacy notice. We do not sell NPI to third parties. We may disclose NPI to: (a) service providers (including fund administrators, auditors, legal counsel, compliance advisers, and IT providers) who process NPI on our behalf and are bound by contractual confidentiality and security obligations; (b) regulatory and governmental authorities, including the SEC, FCA, HMRC, and other competent authorities, where required by applicable law; and (c) other parties as described in the “Sharing your personal data” section of this notice. Most disclosures of NPI fall within the exceptions to Reg S-P’s opt-out requirements.

Your opt-out right

To the extent required by Reg S-P, Customers may have the right to direct EFIM not to disclose NPI to certain nonaffiliated third parties. Where such sharing applies, we will notify you and provide instructions for exercising this right.

Safeguards

EFIM maintains a written information security policy and Data Protection Framework designed to protect NPI from unauthorised access, use, or disclosure, as required under the Safeguards Rule within Reg S-P. The measures applied are described in the “Information Security” section of this notice.

Incident response and Customer notification

EFIM maintains written incident response procedures for detecting, responding to, and recovering from unauthorised access to or use of Customer information. In the event of a data security incident involving your NPI, EFIM will notify affected Customers within 30 days of discovery where required under Reg S-P (as amended), and will otherwise comply with applicable notification obligations under US and UK law.

Annual notice

This privacy notice is intended to satisfy EFIM’s privacy notice obligations under Regulation S-P and will be updated where required by applicable law or where our privacy practices change materially

You have several rights regarding your personal data, including:

• Right to be informed: You are entitled to know what personal data we collect, how it is used, the lawful basis for processing, who it is shared with, and how long it will be retained. Our privacy notice provides this information.
  
• Right of access: You can request a copy of the personal data we hold about you.
• Right to rectification: If any of the information we hold is inaccurate or incomplete, you have the right to request corrections.
• Right to erasure (‘right to be forgotten’): You can request the deletion of your personal data in certain circumstances.
  
• Right to object: You can object to us processing your personal data, especially for marketing purposes.
• Right to restrict processing: You can request that we limit how we use your personal data.
  
• Right to data portability: You can ask us to transfer your personal data to another organisation.
  
• Automated decision-making: You have the right to object to decisions made solely through automated processing that significantly affect you. We do not currently engage in such practices.
  
• Right to withdraw consent: If you have given consent for your data to be processed, you can withdraw it at any time, and we will stop processing your data for that purpose unless legally permitted to continue.
• Right to lodge a complaint: If you are concerned about how we handle your personal data, you can file a complaint with us directly – see How to Make a Data Protection Complaint. You also have the right to contact the relevant supervisory, regulatory, or data protection authority in your jurisdiction. In the UK, this is the Information Commissioner’s Office (ICO), which can be contacted online at: Contact us | ICO or by phone at 0303 123 1113. For other EU supervisory authorities, see: Members | European Data Protection Board. Individuals located in the US may also have the right to contact applicable federal or state regulators responsible for privacy, consumer protection, or financial services oversight.

Under the UK Data (Use and Access) Act 2025 (inserting s.164A into the Data Protection Act 2018), individuals have a statutory right to complain directly to us if they believe we have failed to comply with our data protection obligations. From 19 June 2026, organisations are required to have a formal complaints handling process in place. This section sets out how our process works.

• To submit a complaint, please contact us at [email protected] or write to us at the address below. We do not require a specific form; complaints may be submitted by email or in writing. Please include your name, contact details, and a description of your concern so we can respond effectively.
• We will acknowledge receipt of your complaint within 30 days of receiving it. This clock starts the day after we receive it, including if received on a weekend or public holiday.
• We will then investigate your complaint without undue delay. Our investigation will be reasonable and proportionate to the nature and complexity of the issues raised. We will keep you informed of progress and any anticipated delays during the process.
• We will notify you of the outcome of your complaint without undue delay. If you are dissatisfied with our response, or if we fail to address your complaint within a reasonable time, you may escalate your complaint to the ICO. The ICO will generally expect you to have completed our internal complaints process before accepting your complaint for investigation.

You generally will not need to pay a fee to exercise your rights. However, if your request is unfounded or excessive, we may charge a reasonable fee or refuse to comply with the request.

To exercise your rights, contact us at: [email protected]. We may request additional information to verify your identity. We aim to respond within one month of receiving your request, although complex cases may take longer, in which case we will keep you informed.

For any questions regarding this privacy notice or to exercise your rights, you can contact us at: [email protected]. Our Data Protection Officer (DPO) is Leah Gallagher, and she can be contacted at the same email address.

Address:
Senna Building
Gorsuch Place
London
E2 8JF

We may update this notice periodically. Where required by law, we will notify you of any changes.

Last updated: June 2026