Policies

Confidentiality Policy

Protection of client and counterparty information: how confidential information is identified, handled and safeguarded across every HudsonRoux engagement.

Download branded PDF
Reference
HR-POL-004
Version
1.0
Effective
June 2026
Next review
June 2027
Owner
Francois Roux, Principal
Classification
Public

1. Purpose

This policy sets out how HudsonRoux handles confidential information received from clients, prospective clients and counterparties in the course of its advisory practice.

Confidentiality is not a procedural obligation for HudsonRoux; it is a professional one. The nature of the work requires access to commercially sensitive, personally sensitive and strategically significant information. Clients share that information because they trust it will be protected. This policy describes how that trust is earned and maintained.

This policy should be read alongside HudsonRoux's Data Processing Agreement, which addresses the specific obligations that arise when HudsonRoux processes personal data in the course of an engagement.

2. What is confidential information?

For the purposes of this policy, confidential information means any information shared with HudsonRoux in the course of an engagement or a pre-engagement discussion that:

  • Is not already in the public domain.
  • Is marked or described as confidential by the client.
  • Would reasonably be understood to be confidential given its nature or the circumstances in which it was shared.

This includes, but is not limited to: financial data, operating metrics, customer and supplier details, strategic plans, personnel matters, intellectual property, pricing structures and any information that a buyer, investor or regulator would consider material.

HudsonRoux treats all client information as confidential unless the client has explicitly stated otherwise.

3. HudsonRoux's obligations

HudsonRoux will:

  • Use confidential information only for the purpose for which it was shared: the delivery of the relevant engagement.
  • Not disclose confidential information to any third party without the prior written consent of the client, except as set out in Section 4.
  • Not use confidential information received from one client for the benefit of another client or any other third party.
  • Take reasonable steps to protect confidential information from unauthorised access, disclosure or use.
  • Return or securely destroy confidential information at the end of an engagement upon request, subject to any legal or regulatory obligations to retain it.

These obligations apply during an engagement and continue indefinitely after it concludes.

4. Permitted disclosures

HudsonRoux may disclose confidential information without the client's prior consent only in the following circumstances:

  • Where required by law, court order or regulatory obligation, in which case HudsonRoux will, where legally permitted, notify the client before making the disclosure.
  • Where the information is already in the public domain through no breach of this policy.
  • Where the client has given prior written consent to the specific disclosure.

HudsonRoux does not engage subcontractors or third-party advisors in connection with client engagements without prior notification to the client. Where a third party is engaged, appropriate confidentiality obligations will be in place before any confidential information is shared.

5. Information security

HudsonRoux will take the following practical steps to protect confidential information:

  • Client documents and data are stored in password-protected systems with access limited to HudsonRoux.
  • Email communications containing confidential information are sent to verified client contacts only.
  • Devices used for client work are password-protected and kept secure.
  • Confidential information is not discussed in public places or settings where it could be overheard.
  • On completion of an engagement, client materials are archived securely or returned/destroyed at the client's direction.

6. Breach

In the event of an actual or suspected breach of confidentiality, HudsonRoux will:

  • Notify the affected client as soon as practicable.
  • Identify the nature and scope of the breach.
  • Take all reasonable steps to contain and mitigate the breach.
  • Cooperate fully with any investigation or regulatory process that follows.

Where the breach involves personal data, HudsonRoux's obligations under the UK GDPR and its Data Processing Agreement will also apply.

7. Relationship to engagement letter

Confidentiality obligations applicable to a specific engagement are also addressed in the signed engagement letter for that engagement. In the event of any conflict between this policy and the engagement letter, the engagement letter takes precedence for that engagement.

8. Non-disclosure agreements

8.1 Where an engagement involves access to particularly sensitive information, or where either party requires it, a standalone mutual non-disclosure agreement ("NDA") will be executed prior to or alongside the Engagement Letter. HudsonRoux maintains a standard short-form mutual NDA for this purpose.

8.2 The NDA is mutual: it protects the confidential information of both parties, including HudsonRoux's methodologies, frameworks and engagement approach shared during pre-engagement discussions.

8.3 Where an NDA is in place, its terms govern confidentiality for the matters it covers. In the event of any conflict between an executed NDA and this policy, the NDA takes precedence. Where no NDA is in place, this policy and the confidentiality provisions of the Engagement Letter apply in full.

9. Review

This policy is reviewed annually by the Principal.

← All policies