Privacy Policy

1. Introduction

Vittoria & Partners is committed to safeguarding the privacy and security of the personal information in our care and respecting all applicable laws and requirements in the countries in which we operate. This privacy policy (“policy”) explains how we collect your personal information, what we do with it, how we protect it and your rights in respect of it.

All references in this policy to ‘we’, ‘our’, ‘us’ or ‘V&P’ are to Vittoria & Partners,  which is authorised and regulated by the Financial Conduct Authority (“FCA”), FRN: 709710.

2. Relevant legislation

We are required in the jurisdictions in which we operate to comply with relevant legislation regarding the use of personal information including the UK General Data Protection Regulation and the EU General Data Protection Regulation (together for the purposes of this policy “GDPR”) and related privacy laws when we are the controller or processor of such information. For the purposes of our obligations under the GDPR, “personal information” means information relating to an identified or identifiable person who is a resident of the United Kingdom or European Union.

3. The role of V&P

In relation to the roles and responsibilities established under relevant data privacy and security laws, V&P acts as the data controller of any personal information that we process. As a data controller we are legally responsible for ensuring our systems, processes, suppliers and employees comply with data protection laws in relation to the personal information that we handle. Our IT systems are located in the UK or EU.

Where we transfer your personal data to third parties, in certain circumstances those third parties may also be data controllers.  In all cases, your personal information is handled and protected in accordance with data protection law.

Written terms of business, forming part of each of our contracts to deliver Services may supplement this policy by providing further details on our confidentiality obligations to our clients during and beyond the course of our engagement.

4. Who do we process personal information for

We collect and process the personal information of: 

  • Our clients 
  • Counterparties and other third parties of our clients connected to the matters on which we are working for our clients
  • Non-client contacts, such as those who use our website, attend our seminars or other events, subscribe to our newsletters, email services or other promotional services
  • Professional advisers, experts and consultants involved in the work that we carry out for our clients or engaged by us to support client work
  • Contractors, suppliers and other third parties connected to the operation of our services

5. Why do we process personal information

We will only collect and process information where it is necessary for the operation of our business. This will arise in the following situations: 

  • Where the processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract
  • Where the processing is necessary for our legitimate business interests in conducting and managing our business. When considering our legitimate interests, we must take account of what is reasonable for the running of our business, but which is not detrimental to you and would have minimal impact on your privacy. Examples of legitimate interest include:

To provide the products or perform the services requested by clients and individuals pursuant to a letter of engagement, statement of work, or similar

To provide the products or perform the services requested by clients and individuals using our website

Where permitted by applicable law, to advise you through e-mail, phone call, or post about other products or services similar to the products or services we have provided to you and that we think will be of interest to you

For complying with obligations provided by laws, current regulations and legislation (e.g. tax regulations, anti-money laundering regulations)

For hosting of events such as seminars or webinars. We may use your data to manage your registration to a V&P event, including sharing data with event co-hosts and tracking and facilitating event attendance.

6. The personal information we collect

We may collect personal information directly from you, including through your use of the website, when you contact us or request information from us by email, telephone, post or social media, when you apply for an employment opportunity with V&P, when you request a proposal from us in respect of the services we provide, when you engage us for services, when an entity with which you are associated as an employee or officer provides us with such information, or as a result of your attendance at one of our events. 

We may also collect personal information from publicly available sources including social media sites, and/or from third parties, such as companies operating public relations or business development databases. We may use this information in connection with our marketing activities.

The information we collect typically consists of your contact information, including your name, address, business affiliation, business title, email address, and telephone number. 

We also may obtain personal information indirectly from or on behalf of our clients. With respect to personal information that we receive from or on behalf of our clients in order to provide services, our client remains the data controller and V&P acts as a processor of such personal information. 

7. Processing of personal data

Personal data is processed both manually and electronically in accordance with the above-mentioned purposes and in compliance with current regulations. We permit only authorised V&P employees and contractors, suppliers and other third parties connected to the operation of our services to have access to your information. Such individuals are appropriately designated and trained to process data only according to the instructions we provide them.

8. Data integrity

Users are responsible for the accuracy of any user information that they provide to V&P. We will use reasonable efforts to maintain the accuracy and integrity of Information based on the input received from Users.

9. Who can we share personal information with

V&P may share the information that we collect or that you provide to us with our affiliates. We also may share personal information with the following categories of third parties as necessary:

  • Sub-contractors we have engaged in connection with providing services to our clients. 
  • Our professional advisers, including our lawyers and auditors.
  • Our insurers and insurance brokers.
  • Third parties to whom we outsource certain services to assist with operating our business, such as IT managed service providers, software providers, information storage providers and other related service providers. We also require such vendors to maintain reasonably appropriate information security policies and procedures and to maintain personal information confidentially.
  • Third parties to whom our clients have directed us to share information in connection with our services, such as our clients’ lawyers and auditors.
  • Third-party service providers that assist us with client data analytics.
  • Third-party postal or courier providers that assist us with delivering marketing and other documents to you.

10. Where we transfer personal information

V&P is located in the United Kingdom and Malta. Your personal information could be stored in either or both jurisdictions. V&P does not transfer personal information outside the United Kingdom and European Union, except where we have been explicitly authorised by a client to transfer such information to a recipient outside these areas.

11. Personal data rights

Under GDPR you are entitled to see any EU personal data held about you and you may ask us to make any necessary changes to ensure that it is accurate and kept up to date.

Under GDPR your rights with respect to EU personal data are:

  • Right to access – You have the right to request copies of your EU personal data that V&P holds about you in our databases. We will provide you with all the details that we hold about you, both online and offline, upon request.
  • Right to erasure – Under certain conditions, you have the right to request that we erase your EU personal data.
  • Right to restrict processing or object – You also may restrict or object to the processing of your EU personal data, in some circumstances.
  • Right to rectify. You may ask us to correct or remove information you think is inaccurate or out of date.
  • Right to data portability – You have the right to have your EU personal data transmitted to another controller, where technically feasible and if it does not adversely affect the rights and freedoms of others.
  • Rights related to automated decision making and profiling – V&P does not make decisions about you using automated decision making or profiling of your EU personal data.
  • Right to complain – you may have the right to lodge a complaint to an applicable supervisory authority or other regulator if you are not satisfied with our responses to your requests or how we manage your EU personal data.

12. Period of retention

V&P retains personal information in compliance with our obligations under applicable law.  We may destroy personal information without notice or liability.

Your personal information is retained by us in accordance with applicable law and regulation.   Our data retention periods may vary depending on the location, nature and context of the personal information that we have in our care, and will take into account the following factors:

  • potential claims or litigation
  • guidance from official bodies such as relevant data protection supervisory authorities and regulatory bodies
  • how long we need to keep the data to fulfil the original purpose for which it was collected
  • the nature and sensitivity of personal data and
  • legal obligations to which we are subject

13. Confidentiality and information security

An organisation creating, maintaining, using or disseminating personal data must take reasonable and appropriate measures to protect it from loss, misuse and unauthorised access, disclosure, alteration, and destruction. 

V&P is committed to keeping your personal information secure. We have taken reasonably designed steps to protect personal information from unauthorised access, use or disclosure. We also require our vendors to maintain reasonably appropriate information security policies and procedures and to maintain personal information confidentially. 

Our web site has commonly used security measures to protect against the loss, theft, misuse, and alteration of personal information and remains under the control of V&P. You should be aware, however, that we have no control over the security of other websites that you might visit or use, even when a link to those websites is available on or through our web site. 

In the event of a breach of the confidentiality or security of your personal information, V&P will notify you if reasonably necessary under applicable law so that you can take appropriate protective steps. We may notify you under such circumstances using the email address or addresses that we have on record for you.

14. Amendments to privacy policy

V&P may occasionally update this policy, as noted by the “updated date” at the beginning of this policy. If V&P updates this policy in a manner that allows it to collect, use, or disclose your personal information in a materially less restrictive manner than under a prior version of the policy, V&P will provide you with prior notice of the pending update and seek your consent by posting notice on our website or by contacting you using the email address or addresses that V&P has on record for you.

V&P encourages you to periodically review this policy to stay informed about its collection, use, and disclosure of your Information. Your continued use of any web site constitutes your agreement to this policy and any updates.

15. Complaints and dispute resolution

If you have any questions, complaints, or disputes regarding how we handle or protect your personal Information, please bring it to our immediate attention (see “How to Contact V&P below).

The Data Protection Act 2018 and certain other applicable data protection laws give you the right to lodge a complaint with a data protection supervisory authority (‘DPA’), usually in the country or state where you work, normally live or where any alleged infringement of data protection laws has occurred. Details of European DPAs can be found here EU DPA contacts.

16. How to contact V&P

If you have any questions about the policy, please email [email protected]


Paul Springer

Since September 2021 he has been a Senior Surveillance Analyst at Global Regulatory Surveillance Services, an associate company of Vittoria & Partners.

Paul held the position of Senior Compliance Consultant at ACA Mirabella, where he was responsible for monitoring some of the largest and most complex clients served by Mirabella. He is a compliance professional with 25+ years of regulatory experience.

At ACA Mirabella, as well as implementing a compliance infrastructure at each client and conducting ongoing compliance reviews, Paul’s role encompassed oversight and review of clients’ electronic communications (employing Fingerprint) and their staff members’ personal compliance interactions (utilising Compliance ELF).

Paul spent 5 years at the FCA (then the FSA) as the Manager of a Corporate Authorisation team, followed by approximately 20 years of compliance experience in the financial services industry. He has worked in-house and held the Compliance Officer and Money Laundering Reporting Officer roles for approximately 12 years, firstly at a broking firm which he joined at start-up, and then a hedge fund manager. Paul also spent over 3 years working at a leading compliance consultancy, providing compliance support to clients (including full-scope and sub-threshold AIFMs, investment managers and advisers). He is a qualified Chartered Accountant.


Tim Jukes

Since September 2021 he has been a Senior Surveillance Analyst at Global Regulatory Surveillance Services, an associate company of Vittoria & Partners.

For the five years before working at Global Regulatory Surveillance Services, Tim held the position of Senior Compliance Consultant at ACA Mirabella overseeing a wide range of complex and large firms on the hosted platform.

Tim began his career at Price Waterhouse in 1986, where he qualified as a Chartered Accountant. Following qualification, Tim transferred to Hong Kong, where he spent 5 years specialising in the audit of multinational trading and finance entities. Tim spent 18 months on secondment at the Hong Kong Securities and Futures Commission developing an inspection regime for asset managers and advisers.

On returning to the UK, Tim spent 3 years at IMRO, a predecessor to the FCA, specialising in asset management supervision. Tim subsequently undertook several senior in-house compliance and finance roles across a range of start-up and large asset managers specialising in open-ended funds and, subsequently, private equity. Tim then moved into compliance consulting with Cordium and more recently spent 5 years working at ACA Mirabella overseeing a wide range of hosted clients.

Junior compliance monitoring

Rebecca Inversen


Senior Risk officer



Devops Engineer

Gabriel Falzon


Senior Risk officer

Maria Abela CFA


head of onboarding

Martha Cachia

Martha has over 16 years of experience working in the financial services sector. During this time, she has worked for well-established financial services firms, as a Senior Administrator managing their client-facing teams ensuring that various applications were always completed  in accordance with the appropriate regulatory and due diligence standards.

In September 2021, Martha joined Global Regulatory Surveillance Services, an associate company of Vittoria & Partners, as the Head of Administration. Previously, she was an Onboarding Associate at Mirabella for 3 years, where she conducted regulatory reviews and due diligence on both individuals and corporate entities.

In 2019, Martha attained a Diploma in Business Management with University of Chester administered by Global College Malta and she holds a CF1 UK Financial Systems, Regulation & Ethics Certificate.

Chief Financial Officer

Analise Bezzina Attard


General Counsel

Catherine Janula


Senior Risk officer

Ryan Farrugia

Ryan most recently held the position of Senior Risk Associate at ACA Mirabella, where he was responsible for reviewing clients’ investment processes, risk management processes, strategy complexity, and operational arrangements. He was responsible for monitoring clients’ trading activities daily, including risk/trading limits. Ryan was also involved with the creation of the Governance Risk Compliance Operations Unit within the company.

After graduating with a Bachelors’ Degree in Commerce, a Post Graduate Certificate in Finance, and a Master’s Degree in Investment and Finance, Ryan spent over two years at APS Bank in Risk Management and Finance.

Senior Risk Officer

Elizabeth Mallia

An awardee of the Marie Curie Actions scholarship, Elizabeth built up her data crunching and analytical skills in theoretical motor neuroscience where she investigated brain mechanisms in action initiation at the Institute of Neurology, University College London.

She transferred her skillset to financial services in 2017, where she formed part of a formidable risk team at the regulatory hosting platform, ACA Mirabella. There she held the position of Senior Risk Associate, where she concentrated on risk management for funds with model-based strategies, focusing primarily on insurance-linked security investments. As part of the same role, Elizabeth worked with a subsection of the team on consolidating and improving the surveillance framework for potential market abuse of the platform’s diverse clientele, promoting an evidence-based approach in the set-up of the framework.

Having also previously had the opportunity to study and work at various neuro-research institutions, including Karolinska Institutet, Stockholm and Radboud UMC, Nijmegen, Elizabeth brings multi-faceted experience in breaking down complex problems to facilitate custom solutions.

Senior Risk OFficer

Nicholai Cumbo Clarke


Head of Risk & Operations

George Camilleri

Since September 2021 he has been the Head of Risk & Operations at Global Regulatory Surveillance Services, an associate company of Vittoria & Partners.

Before joining GRSS, George worked at ACA Mirabella for six years as Head of Risk Operations and managed the Malta-based Risk Team responsible for all the Firm’s risk monitoring and regulatory reporting.

He holds an MSc in Financial Mathematics from the University of Leeds, focusing on quantitative risk management, and a BSc in Mathematics and Physics from the University of Malta. He has also taken several short courses, including the Oxford Private Markets Certificate at the Saїd Business School, and completed a Postgraduate Certificate in Artificial Intelligence at the University of Leeds.

In his free time, George volunteers for non-governmental organisations within the cultural sector in Malta, having an interest in the arts and classical music.

Head of Sales

Sarah Donnelly

Sarah has spent the last 20 years in Business Development roles within governance risk and compliance firms in the financial services sector. 

Sarah left ACA Mirabella in 2020, where she held the role of Head of Sales. In this role, she was focused on the company’s growth, from targeting new business opportunities to nurturing existing client relationships.

Over the previous 12 years, Sarah had headed up the Sales and Business Development team at Cordium. Before this Sarah had background in sales, talent management, and business process consulting in the UK and overseas with working with Michael Page International and Accounting Professionals She has a wide network of service providers that can assist new start- up managers and overseas firms coming into the UK and is a regular speaker at industry events. 

Sarah graduated from Sussex with a BA Honours Degree, is a qualified Garden Designer  and is currently working towards the CIPD Foundation Certificate in People Practice.

Sarah will continue to head up Sales for Global Regulatory Surveillance Services, a uniquely complimentary business to Vittoria & Partners.


Joe Vittoria

Joe was most recently the CEO and Founder of the Mirabella Group. Mirabella started hosting managers in 2001 and was one of the earliest participants in the regulatory hosting industry.

In 2009 he sold the business and withdrew from the CEO role but returned to it in 2012. Over the next eight years he developed Mirabella into the recognized leader and largest (by AuM) regulatory hosting provider in the UK. As its CEO, and compliance officer he was responsible for ensuring regulatory compliance of Mirabella, and during his tenure at Mirabella, the firm fully and successfully complied with all of its regulatory obligations, which included the FCA (UK), MFSA (Malta), and the NFA/CFTC (USA).

Mirabella was responsible for the regulated activity of over 250+ people working in its 70+ clients, which in total amounted to over $19bn in assets under management. The investment strategies it hosted ranged from Private Equity and Real Estate to complex credit and derivative processes, with the majority in long/short equity. Mirabella became known as the firm most trusted and used by institutional allocators and managers in this industry. Joe parted ways with Mirabella in Aug 2020, due to a strategic change in direction by the firm’s owners. In the months following his departure over half the firm’s staff resigned, and many joined Joe at V&P, with more to follow.

Apart from his experience at Mirabella, Joe has acted as COO to other investment management firms, which included quant, debt and credit strategies. Before starting in the alternative investment management industry in 1998, Joe worked at Salomon Brothers which he joined in 1985, after graduating from Yale with a BA in Economics.

Joe will continue as CEO of Global Regulatory Surveillance Services, a uniquely complimentary business to Vittoria & Partners.