Whose personal data do we collect and process?
We need to collect and process the personal data of various categories of people who interact with us, primarily investors and potential investors. This privacy statement applies to all personal data we obtain and process, whichever category you might fall into. The nature of the data we use and how we use it depends on the particular circumstances, as explained below.What is the nature of the personal data we process and how is it collected?
The types of personal data that we will collect and use will depend on various circumstances, for example, your relationship with us, why you are interacting with us and the type of services or products we may provide to you. The data may include, for example:
- identity information, such as your name, the company you work for, your job title and department • contact details, such as your email address and phone number(s)
- communication preferences
- information which you provide in subscription documents and other forms
- identity documents and other personal information used to carry out anti-money laundering (AML) checks, or to apply for travel documents on your behalf
- any other personal data we may obtain through you interacting with us
Most of the time we obtain data from you directly as you interact with us, though sometimes we will conduct open source searches for information or receive qualified leads from a third party introducer. For what purpose do we collect your personal data?
We will only use your personal data for the purposes for which it has been provided to us. Generally, we will process your personal data in order to provide you with those of our services and other offerings you want to receive from us. We will only use your personal data for the purposes for which it has been provided to us, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis that allows us to do so.What lawful bases do we rely on to process your personal data?
We will only use your personal data in compliance with the law. Most commonly, where:
It is necessary for our legitimate interests (or those of a third party), and those interests do not override your interests or fundamental rights. Our legitimate interests typically involve direct marketing.
We need to comply with a legal or regulatory obligation. For example, we may be required to share your personal data with any legal or regulatory authority to which we are subject.Who do we share your personal data with?
We may need to share your personal data with other organisations from time to time, but we will maintain responsibility for what they do with your data and how it is processed. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. For example:
- Service providers who process data for us, including those providing IT and system administration services and hosting.
- Other organisations such as legal advisers and external auditors
- Competent authorities (eg regulators, tax authorities), courts and bodies as required by law or requested or to affiliates for internal investigations and reporting
when we need to transfer your personal data out of the EEA, we will ensure a similar degree of protection is afforded to it as if it were being processed within the EEA. How do we look after your data?
We have established appropriate security measures to help prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long will we use your personal data for?
We will only keep your personal data for as long as necessary to fulfil the purposes for which we collected it or to enable us to comply with our legal obligations or enforce our legal rights.
At the end of the retention period, we will delete your data completely.Your legal rights and accessing your data
You have the right to access information held about you and may request that we amend, delete or update such information, although there may be circumstances where we cannot delete information that we hold about you because of our legal obligations. You can request this access by contacting us as noted below.Should you wish to access your data, the following information will apply:
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.Changes to this privacy statement or to your data
This privacy statement may be revised from time to time as regulatory requirements change.
The personal data we hold about you needs to be accurate and up-to-date in order to comply with data protection law so please let us know of any changes to your personal data so that we can correct our records.