FORESIGHT GROUP LLP PRIVACY NOTICE

Introduction

Welcome to Foresight Group’s privacy notice.

Click here to download a copy of the Privacy & Cookies.

Foresight Group respects your privacy and is committed to protecting your personal data. This privacy notice informs you about how we use and look after your personal data when you visit our website (regardless of where you visit from), when we provide our products and services to you and when information is provided to us relating to our investment business and also informs you about your privacy rights and how the law protects you.

This privacy notice is provided in a layered format so you can click through to the specific areas listed below.

For the purposes of this document, references to “Foresight” or “Foresight Group” shall mean Foresight Group LLP together with any entity in which Foresight Group Holdings Limited directly or indirectly owns at least a 50% controlling interest/ shareholding, except where such entity is subject to more onerous GDPR legislation in its own jurisdiction.

Additionally, references to “ICO” shall mean the Information Commissioner’s Office, the UK supervisory authority for data protection issues (www.ico.org.uk) or the equivalent authority in non-UK jurisdictions.

  1. IMPORTANT INFORMATION AND WHO WE ARE
  2. THE DATA WE COLLECT ABOUT YOU
  3. HOW YOUR PERSONAL DATA IS COLLECTED
  4. HOW WE USE YOUR PERSONAL DATA
  5. DISCLOSURES OF YOUR PERSONAL DATA
  6. INTERNATIONAL TRANSFERS
  7. DATA SECURITY
  8. DATA RETENTION
  9. YOUR LEGAL RIGHTS

1. Important information and who we are

Purpose of this privacy notice

This privacy notice aims to give you information on how Foresight collects and processes your personal data through your use of this website, including any data you may provide through this website, or when you request information about other products or services from Foresight or otherwise communicate with us, when we provide our products and services to you, when information and personal data is provided to us relating to our investment business and when you seek employment with Foresight, including submitting a CV or job application.

This website is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

Controller

Foresight Group LLP or another member of the Foresight Group is the controller and responsible for your personal data (collectively referred to as “Foresight”, “we”, “us” or “our” in this privacy notice).

The Foresight Group is made up of different legal entities, including our holding companies and ultimate holding company, partnerships, subsidiaries and affiliates, with the principle entities being Foresight Group LLP and Foresight Group CI Limited, together with the following Funds: Foresight Solar Fund Limited, Foresight VCT PLC, Foresight 4 VCT PLC and Foresight Solar & Infrastructure VCT PLC. This privacy notice is issued on behalf of the Foresight Group so when we mention “Foresight”, “we”, “us” or “our” in this privacy notice, we are referring to the relevant company within the Foresight Group responsible for processing your data. Foresight Group LLP is responsible for this website. We may share your personal data with any of the entities in the Foresight Group.

Our GDPR Panel is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights (including any opt-out mentioned in this privacy notice), please contact them using the details set out below.

Contact details

Our full details are:

  • Name of legal entity: Foresight Group LLP (No. OC300878: registered in England and Wales and authorised and regulated by the Financial Conduct Authority)
  • Name: GDPR Panel
  • Email address: dataprotection@foresightgroup.eu
  • Postal address: Foresight Group LLP, The Shard, 32 London Bridge Street, London SE1 9SG
  • Telephone number: 0203 667 8100

If you have a complaint relating to such data, please contact the GDPR Panel by email, telephone or post at the above address. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk) or the equivalent authorities in non-UK jurisdictions. We would, however, prefer to deal with your concerns before you approach the ICO so please contact us in the first instance.

Changes to the privacy notice and your duty to inform us of changes

This version was last updated on 25 May 2018 and previous versions can be obtained by contacting us. We may modify this Privacy Notice at any time but will provide advance notice of any material changes by either posting a notice to you or via our websites or by email to provide you with the opportunity to review these changes and choose whether or not to continue using our products or services.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Who we are

Foresight Group LLP, which is authorised and regulated by the Financial Conduct Authority

(“FCA”), ref no. 198020 and headquartered in The Shard, 32 London Bridge Street, London SE1 9SG, is a leading independent infrastructure and private equity investment manager which has been managing investment funds on behalf of institutional and retail investors for more than 30 years.

Foresight Group CI Limited, which is authorised and regulated by the Guernsey Financial Services Commission, ref no. 2006518 and headquartered in Dorey Court, Admiral Park, St Peter Port, Guernsey GY1 2HT.

Foresight has large and growing networks of relationships with investors and their advisers, including institutional investors and Family Offices Worldwide and many High Net Worth and retail investors and their independent financial advisers, predominantly in the UK. In order to generate potential deal flow and identify suitable investment opportunities in the abovementioned sectors, Foresight has similarly developed large and growing networks with a variety of parties including corporate financiers, accounting firms, lawyers, banks, brokers, non-executive directors, consultancies and infrastructure and private equity industry participants, principally in the UK, Europe, Australia and the USA.

Foresight currently has some £2.8 billion of assets under management across a number of funds, including Stock Exchange Listed Vehicles, Limited Partnerships, Enterprise Investment Schemes (EISs) and Venture Capital Trusts (VCTs).

2. The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

Your personal data will be held securely in Foresight’s systems and archives so that we and any other companies in our Group that you have dealings with, either now or in the future, can manage your relationship with us. This will include personal data you provide to us, and any additional personal information provided by you or others in various ways, including:

  • in applications whether to invest in Foresight products or for investment finance or for possible employment, in emails, letters and CVs, during telephone calls, at face to face meetings, interviews and conversations, when registering for services, in customer surveys, when you accept invitations to and attend events and promotions, enter competitions and when using any Foresight website.
  • data used to help us combat fraud, money laundering, terrorist financing, other illegal activity and as obliged by law to assist tax authorities in collecting data (e.g. FATCA and CRS).
  • information Foresight Group entities receive from each other, from our business partners and networks, or through other organisations (e.g. business introducers, companies’ advisers, credit reference agencies, due diligence providers, insurance companies and fraud prevention agencies) whether in the course of providing products and services to you or otherwise, and from information we gather from your use of and interaction with our websites and the devices you use to access them.

We may collect, process, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

For prospective, existing and past investors

  • Identity Data includes title, gender, forenames, surname, maiden name, user name or similar identifier, marital status, date of birth, nationality, tax number and national insurance number, passport, utility bills and similar information required under Anti Money Laundering legislation.
  • Contact Data includes correspondence and billing address, delivery address, post code, email address and telephone numbers.
  • Financial Data includes bank account details such as IBAN and SWIFT code.
  • Transaction Data includes details of products and services you have purchased from us, details about payments to and from you and details about parties related to you where relevant, including details about your Independent Financial Adviser, other advisers e.g. accountant or solicitor, your attorneys and trustees, your beneficiaries, your executors and H M Customs and Revenue and your authorisation to deal with the same.
  • Technical Data includes internet protocol (IP) address (a string of numbers unique to your computer that is recorded by our web server when you use or request anything from our website which is used to monitor your usage of our website), your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website and our services.
  • Usage Data includes information about how you use our website, products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

For those seeking finance from Foresight and existing and past investments

When applying to Foresight for potential funding, companies and their various advisers provide a wide range of information to Foresight about their business, products, markets, plans and prospects which includes personal data relating to their past, existing and prospective directors, officers, shareholders, employees, agents and contractors as well as principal customers and suppliers etc. When assessing such opportunities, Foresight treats all such information in confidence, whether obtained under the terms of non disclosure agreements or not.

In assessing such potential investment opportunities in more detail, Foresight may seek references from third parties and also may require third parties to carry out detailed due diligence (e.g. on the senior management team, the company’s financial affairs and prospects, customers and suppliers) which will generate further personal data. Similarly, once invested in a company, further additional personal data will arise over time. Even after an investment has been realised, Foresight will hold and be obliged to hold data about the investment including such personal data under FCA rules and the Companies Act 2006.

In the course of assessing and making investments, we may collect, process, use, store and transfer different kinds of personal data about you as grouped above, which may include data expressing opinions about you.

For those seeking employment with Foresight

When recruiting, Foresight often uses the services of recruitment consultants who nominate potential candidates for each particular vacancy by forwarding CVs and their views on the merits of each candidate to us. Similarly, Foresight often receives unsolicited CVs, emails and letters from individuals enquiring about possible vacancies. Please click here to view current vacancies data on candidates not selected may be retained for a short period before being destroyed to see if other suitable vacancies arise in the meantime.

Aggregated Data

We may collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to enable us to decide how to improve the usefulness and efficiency of our websites. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We do not collect any Special Categories of Personal Data about anyone other than employees and prospective employees (this includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) who should refer to the Foresight Staff Privacy Policy. We do collect any information about criminal convictions and offences of principle parties when we are considering investing in their companies.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

3. How is your personal data collected?

We use different methods to collect data from and about you including through:

  • Direct interactions. You or your advisers or your attorney or other representative may give us your personal data by filling in forms, giving us information in hard copy or electronically or by corresponding with us by post, telephone, email or otherwise. This includes personal data you provide when you:
  • apply for our products or services;
  • view our websites or Linkedin or Facebook pages;
  • seek information on our products and services;
  • request marketing or our publications to be sent to you;
  • attend events or promotions or complete a survey or enter competitions;
  • give us some feedback;
  • seek funding from Foresight for an investment opportunity; or
  • seek employment with us.
  • Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy section below for further details.

Foresight does not utilise automated data scoring technologies when assessing investment opportunities.

  • Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
  • Technical Data from the following parties;
  • analytics providers such as Google based outside the EU;
  • credit reference, criminal record background and anti-money laundering agencies such as Experia, Worldcheck and Veriphy;
  • search information providers based inside the EU, and where necessary and/ or relevant, outside the EU.
  • Contact, Financial and Transaction Data from providers of technical, payment, delivery and other services based inside the EU], and where necessary and/ or relevant, outside of the EU
  • Identity and Contact Data from publicly available sources such as providers of directories of independent financial advisers, Companies House, websites and the Electoral Register based inside the EU;
  • Independent Financial Advisers and your other advisers, such as accountants and solicitors;
  • When you are seeking finance from Foresight we may receive personal data about you from third parties, such as corporate finance advisers, referees, due diligence providers and industry consultants and participants;
  • Recruitment consultants seeking to fill vacancies notified to them by Foresight which put you forward as a possible candidate for the particular role;
  • Registrars and Receiving agents, such as Computershare and City Partnership.

4. How we use your personal data

We will only use your personal data when allowed by law. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with our clients.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message if you are a private individual, sole trader or partnership. You have the right to withdraw consent to marketing at any time.

Purposes for which we will use your personal data

We have set out below, in a table format, a description of all the ways we plan to use your personal data and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To establish you as a new customer, investor or employee (a) Identity

(b) Contact

(c) Criminal Background checks

(d) For investment related business only, credit reference checks

Performance of a contract with you
To process your application and manage your investment including:

(a) Receive payments, fees and charges and make payments to you including distributions from funds or investments or the proceeds from the realisations of investments (b) Collect and recover any money owed to us

(a) Identity

(b) Contact

(c) Financial

(d) Transaction

(e) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary for our legitimate interests

To manage our relationship with you including:

(a) Notifying you about changes to our terms or privacy policy

(b) Notifying you about the performance of your investment by sending you updates, newsletters and reports

(c) Where relevant seeking your decision on whether or not you wish to remain invested in a particular fund or, as a shareholder in a specific fund agree or not with a particular proposed course of action

(b) Asking you to leave a review or complete a survey

(a) Identity

(b) Contact

(c) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To enable you to participate in a competition or complete a survey (a) Identity

(b) Contact

(c) Usage

(e) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)

To manage the efficient operation of our business and the provision of products and services and also protect our business (a) Identity

(b) Contact

(c) Technical

(a) Necessary for our legitimate interests (for managing the efficient operation of our business, the provision of products and services to you, the provision of administration, and this website including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data, IT services and network security and the prevention of fraud

(b) Necessary to comply with a legal obligation

To deliver relevant website content and marketing to you and measure or understand the effectiveness of our marketing (a) Identity

(b) Contact

(c) Usage

(d) Marketing and Communications

(e) Technical

Necessary for our legitimate interests (to study how customers use our

products/services, our websites, to grow our business and to inform our marketing strategy)

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences (a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our websites updated and relevant, to develop our business and to inform our marketing strategy)
To inform independent financial advisers about new or existing products or services that may be of interest to you (a) Identity

(b) Contact

(c) Technical

(d) Usage

Necessary for our legitimate interests (to develop our products/services and grow our business)

Type of processing undertaken

Foresight will process your data only to the extent necessary to comply with the above purposes and activities, in particular in providing the products and services to which you have agreed. Data will be processed for as long as is necessary either under the terms of the contract between us or required by law. The processing of the data will include collection, recording, organisation, structuring, storage, adaptation, amending or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Data may be processed electronically or manually, including being stored electronically or as a paper copy.

Marketing

We will always give the opportunity to manage your marketing preferences, including the ability to opt out of our marketing. We may use your Identity, Contact, Technical and Usage Data to form a view on what we think you might want or what might be of interest to you.

You will receive marketing communications from us if you have requested information from us or purchased products or services from us or if you provided us with your details when you entered a competition or registered for an event or a promotion and, in each case, you have not opted out of receiving that marketing.

Recording phone calls

We may monitor or record phone calls with you in case we need to check we have carried out your instructions correctly, to resolve queries or issues, for regulatory purposes, to help improve our quality of service and to help detect or prevent fraud or other crimes. Conversations may also be monitored for staff training purposes.

Using information on websites and social networking sites

As part of our ongoing commitment to understanding our customers better, we may research comments and opinions made public on websites and social networking sites such as Twitter, Facebook and Linked In.

Third-party marketing

Foresight will not share your data with third parties for marketing purposes

Opting out

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of investing in a Foresight product or service or other transaction with Foresight.

Cookies

At Foresight, customer experience is at the heart of what we do. How we use cookies is integral to that experience, and this policy explains what cookies are, the different types of cookies, how we use them and most importantly how to control or delete our cookies. You do not have to accept cookies but without accepting them you may experience reduced website functionality.

What are cookies?

Most websites use cookies to improve your online experience. Cookies are small text files that are placed on your computer or mobile phone when you browse a website. There are various categories of cookies, and we have set out below the cookies used on our website.

Necessary Necessary cookies help make our website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function without these cookies.
Preference Preference cookies enable us to remember information that changes the way the website looks, such as your preferred language or the region that you are in.
Authentication These cookies do things such as ensuring that your password works and you stay logged in when you move between pages on the site and help the site to remember details about your visit. They also keep you secure while you are logged in and help to ensure the site looks consistent during your visit.
Performance, Statistics, Analytics and Research These cookies collect information about how you use our site, such as which pages you visit and if you experience any errors. They do not collect anything that could identify you as it is aggregated data and we only use them to improve how our site works, understand what interests our users, and measure how effective our content is. Our performance cookies include: (a) web analytics to provide information on how our site is used, and (b) error management to help us improve the site by measuring any errors that occur

Why does Foresight use cookies?

Foresight cookies help us to:

  • Make our website work as you’d expect
  • Save you having to login every time you visit the site
  • Remember your settings during and between visits
  • Improve the speed/security of the site
  • Continuously improve our website for you
  • Make our marketing more efficient

We do not use cookies to:

  • Collect any personally identifiable information (without your express permission)
  • Collect any sensitive information (without your express permission)
  • Pass data to advertising networks
  • Pass personally identifiable data to third parties

What are the different types of cookies?

Session cookies – A session cookie only exists while you are reading or navigating the website. These cookies are only stored on your device (which may mean a desktop computer, laptop, tablet or mobile phone) during a single visit to the site (called a ‘browser session’). They do not do anything unless you are actively browsing, and they are deleted as soon as you close your browser.

Persistent cookies – These remain on your device until they are set to expire or you choose to delete them from your browser cache. They are activated each time you visit the website that created them.

Third-party cookies – First-party cookies are cookies set with the same domain (or its subdomain) as your browser’s address bar. Third-party cookies are cookies set with domains different from the one shown on the address bar. Foresight uses Google Analytic to collect statistical data relating to our website’s traffic. This is not used to collect any personal data about you.

Sharing with social networks

Foresight does not share any data with social networks.

How do you control cookies?

If the settings on your software that you are using to view our website (your browser) are adjusted to accept cookies, we take this, and your continued use of our website, to mean that you are fine with this. Should you wish to remove or not use cookies from our site you can learn how to do this below, however doing so will likely mean that our site will not work as you would expect.

Can you turn cookies off?

You can usually switch cookies off by adjusting your browser settings to stop it from accepting cookies. Doing so however will likely limit the functionality and you experience when using our website.

Learn how to turn cookies off here. This is an external link. Although we have taken all reasonable measures to ensure that its contents are safe, we cannot accept any liability for the information shared on this website.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

Please note that we may process your personal data without your knowledge or consent in compliance with the above rules, where this is required or permitted by law.

5. Disclosures of your personal data

We may share the personal data we hold about you across the Foresight Group and our agents for the following activities: (a) providing you or your business with products and services and notifying you about important changes or developments to the operation of those products and services; (b) responding to your enquiries and complaints; (c) administering offers, competitions and promotions; (d) undertaking financial reviews; and also for the following data sharing activities: (e) updating, consolidating, and improving the accuracy of our records; (f) undertaking transactional analysis; (g) arrears and debt recovery activities; (h) testing new systems and checking upgrades to existing systems; (i) crime detection, prevention and prosecution; (j) evaluating the effectiveness of marketing, and for market research and training; (k) statistical analysis with the aim of developing and improving products and services; (l) assessing risks across the Foresight Group; (m) managing your relationship with Foresight Group companies. By sharing this information, it enables us to better understand you and your business’ needs and manage our relationship efficiently. Your personal information may also be used for other purposes for which you give your specific permission, or, in very limited circumstances, when permitted by Data Protection legislation.

We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 4 above.

  • Other companies within the Foresight Group;
  • External Third Parties including
  • Service providers acting as processors, which provide administrative, IT system and network security services.
  • Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers, which provide consultancy, banking, legal, insurance and accounting services.
  • HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers, which require reporting of processing activities in certain circumstances.
  • Service providers including market researchers, fraud prevention agencies, etc.

Specific third parties listed in the table in section 4 above.

  • Third parties to whom we may choose to sell, transfer, or merge all or parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

6. International transfers

From time to time we may need to share your personal data with organisations which may be based outside the European Economic Area (EEA). We always take steps to ensure that any international transfer of information is managed carefully and in accordance with data protection law to protect your rights and interests.

These measures include:

  • Transfers of your personal data to countries which are recognised as providing an adequate level of legal protection for personal data;
  • We have obtained the consent of data subjects to the international transfer of their personal data;
  • Transfers within the Foresight Group where we have entered into Standard Contractual Clauses or an intra-group agreement, both of which give specific contractual protections designed to ensure that your personal data receives an adequate and consistent level of protection wherever it is transferred within the Foresight Group;
  • Transfers to organisations where we are satisfied about their data privacy and security standards and protected by contractual commitments such as signing the Standard Contractual Clauses and, where available, further assurances such as certification schemes; and
  • if transferred to the United States of America, the transfer will be to organisations that are part of the Privacy Shield.

You have the right to ask us for more information about our safeguards. Please contact the GDPR Panel whose contact details are set out above.

We do not transfer your data outside the European Economic Area.

7. Data security

We have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Data retention

How long will you use my personal data for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances you can ask us to delete your data: see below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

9. What are your rights?

You have certain rights regarding your personal data. These include the rights to:

  • request a copy of the personal data we hold about you;
  • request that we supply you (or a nominated third party) with an electronic copy of the personal data that you have provided to us;
  • inform us of a correction to your personal data;
  • exercise your right to restrict our use of your personal data
  • exercise your right to erase your personal data; or • object to particular ways in which we are using your personal data (such as automated decision making, or profiling (for example to help us decide what products and services would suit you best); or
  • understand the basis of international transfers of your data by us.

Where we rely on our legitimate interests to obtain and use your personal data then you have the right to object if you believe your fundamental rights and freedoms outweigh our legitimate interests. Where processing is carried out based upon your consent, you have the right to withdraw that consent.

Your ability to exercise these rights will depend on a number of factors and in some instances, we will not be able to comply with your request e.g. because we have legitimate grounds for not doing so or where the right does not apply to the particular data we hold on you.

You should note that if you exercise certain of these rights we may be unable to continue to provide some or all of our services to you (e.g. where the personal data is required by us to comply with a statutory requirement or is necessary in order for us to perform our contract with you).

Please contact us to update or correct your information if it changes or if the personal data we hold about you is inaccurate.

You may also exercise a right to complain to your Supervisory Authority. Please contact the GDPR Panel if you wish to exercise any of your rights.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. Please note there may be some latency in deleting your personal data from all our systems and those of any third parties which process such data on our behalf.