General Data Protection Regulation (GDPR) Statement (Privacy Notice)
STURGEON VENTURES LLP
SV LLP – GDPR Statement – updated December 2019
Sturgeon Ventures LLP (company number: OC319614), Linstead House, 2nd Floor, 9 Disraeli Road, London, SW15 2DR, United Kingdom (us or we) is committed to ensuring that your privacy is protected, and all data collected by us will be processed in accordance with this Data Protection Privacy & Cookies Policy. Please read this statement carefully to ensure you understand our views and practices regarding your personal data and how we will treat it.
For the purposes of the General Data Protection Regulation (Regulation (EU) 2016/769) (GDPR), the data controller is Sturgeon Ventures LLP of Linstead House, 2nd Floor, 9 Disraeli Road, London, SW15 2DR. We can be contacted at email@example.com or on 020 3167 4652.
SturgeonVentures LLP Information Commissioners Office (ICO) registration number is: Z9516075
By visiting our Site or by providing us with information you are accepting the practices described in this Data Protection Privacy Statement.
- What information we process
Personal information (or ‘personal data’) means any information that can identify a living person, whether directly or indirectly. We collect and process a variety of personal information about individuals, as detailed below.
1.1 As a regulatory incubator, we process the personal information of our clients (i.e. our appointed representatives (ARs)) and the individuals who work for our clients. As such, if we act as principal for you (or the entity you work for) we will process your:
- personal demographics such as your title name, date of birth, residential and employment details;
- financial information, such as income and expenditure and your financial history;
- other customer due diligence information, which may include criminal convictions data; and
- contact details and records of all correspondence with you.
1.2 This information will primarily be collected from you directly, but may also be collected from third parties whom we contact to obtain information about you, such as the entity you work for which is applying to become an AR, previous employers if references are being sought, corporate search engines such as Linked In, credit reference agencies (CRAs) and the Disclosure and Barring Service (DBS).
1.3 We may also obtain personal data belonging to members of your family. Where we do that, you must notify them that you are providing their information to us and draw their attention to this statement.
1.4 We will process this information when considering the application to become an AR and retain it (in accordance with our retention procedures) whether the application is successful or not. Note that we require personal information in order to consider an AR application and if it is not provided we will not therefore be able to consider the application.
1.5 Acting as principal, we process the personal information of our AR’s clients and contacts. If you are a client or contact of an AR we will process the customer due diligence information that was collected by the AR. This may include:
- personal demographics such as your title name, date of birth, residential and employment details, as well as relationships with PEPs or family members where relevant to assessment process;
- financial information, such as income and assets;
- your current and previous employment and educational experience/background;
- your relevant financial services related experience, resources and sources of wealth; and
- criminal convictions data (if applicable).
1.6 We will process personal information about you that we have collected from our website https://www.sturgeonventures.com/ (our Website). We collect information when you submit information to us directly using the contact form on our Website. We also collect information automatically when you use the Website. This includes technical information including the internet protocol (IP) address used to connect to the internet, information about your visit including the full uniform resource locators (URL) clickstream and your search history on our Website.
2. How do we use your personal data?
2.1 When you provide us with your information in making an enquiry we will use it for the purpose of administering your query and responding to you. We have legitimate interests in processing your personal data in this way, since if we do not process your data we will be unable to do this.
2.2 When we collect information from you (or the entity you work for) in the provision of our services as a regulatory incubator, we use it in order to consider the AR application (which will include verifying your identity) and to provide services if we are engaged to do so. We have legitimate interests in processing your personal data in this way, namely in order to assure ourselves that we are able to conduct business with you (or the entity you work for) and tailor our services as may be necessary. If we contract with you directly, the processing may be necessary for the performance of the contract that we have in place with you, or to take steps at your request before entering into the contract. Where we process criminal convictions data in the application process, this processing is necessary for reasons of substantial public interest, namely in order to comply with our regulatory requirements relating to unlawful acts and dishonesty (Data Protection Act 2018, Part 2, Paragraph 12).
2.3 If you are a client of an AR we will process the customer due diligence information that was collected by the AR. This processing is necessary to ensure compliance with our legal obligations and for the purposes of our legitimate interests in ensuring that our ARs have acted diligently and clients are treated appropriately. If criminal convictions data was collected about you in the customer due diligence process, this information will be held by us on the basis that the processing is necessary for reasons of substantial public interest, namely in order to comply with our regulatory requirements relating to unlawful acts and dishonesty.
2.4 Unless you provide your consent by ticking the opt-in box provided on the contact form, we will not send you marketing information that you have not requested. Any consent that you provide can be withdraw at any time by clicking “unsubscribe” on any marketing email we send to you, or by emailing us at firstname.lastname@example.org. Withdrawing your consent does not affect the lawfulness of any processing which occurred prior to the withdrawal of consent.
2.5 We may also process your personal information collected on our Website on the basis of our legitimate interests in providing you with the best possible service:
- to ensure that the content from our Website is presented in the most effective manner for you and your computer;
- as part of our efforts to keep our Website safe and secure; and
- for internal analytical and statistical purposes.
Such data processing will normally be conducted on an anonymous basis.
3. Disclosure of Information
3.1 We will only supply your personal information to a third party:
3.1.1 where we need to verify your identity before we provide regulatory incubator services to you (or the entity you work for) in which case we will share your information with CRAs and the DBS. The identities of the CRAs and the ways in which they use and share personal information are explained in more detail in the CRA Information Notice which can be found at: www.callcredit.co.uk/crain; www.equifax.co.uk/crain; www.experian.co.uk/crain/index.html;
3.1.2 where we need to share the information to provide a product or a service requested by you;
3.1.3 where we need to send the information to persons or organisations who work on our behalf to provide a product or service to you, in which case such persons or organisations may only use this information in order to provide such product or service and not for any other purpose;
3.1.4 companies which perform marketing services on our behalf or with whom we have joint marketing agreements, where we have your consent to share the information;
3.1.5 if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our clients will be one of the transferred assets; or
4. Where we store your information
4.1 The data that we collect from you is stored in the UK but data may also be processed by staff operating outside the EEA who work for us or for one of our suppliers for the purposes set out above only. In order to ensure that any third party treats your personal data in a way which is consistent with UK and EU laws on data protection, we have put in place agreements with those third parties which contain provisions approved by the EU for protecting personal data.
4.2 We will retain your information for six years, after which time it will be destroyed.
5. IP addresses and cookies
5.1 When you use our Website we may obtain information about your computer and general internet usage, including your IP address, operating system and browser type, for system administration purposes.
5.2 Cookies contain information that is transferred to your computer’s hard drive. Cookies allow us to tailor our Website to your needs by gathering and remembering information about your usage and preferences.
5.3 In particular, cookies enable us:
5.3.1 to gather information on IP addresses and pages visited;
5.3.2 to analyse trends;
5.3.3 to administer the website;
5.3.4 to track users’ movements on the website; and
5.3.5 to undertake statistical analysis.
5.5 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
5.6 Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
5.7 Cookies can be used by web servers to identify and track users as they navigate different pages on a website and identify users returning to a website.
5.8 The table below provides more information about the cookies we use and why:
|Name of cookie||Owner||Purpose for the cookie|
|DoubleClick.net||This is from the YouTube embedded video for a video showing Seonaid’s ‘Enterprising Women of the Year 2013’. YouTube has inbuilt advertising and uses DoubleClick.net to display relevant ads. As such this gets embedded at the same time.|
|Option||Link out to YouTube|
|Session Cookies||To allow access to the New Enquiry Form (password protected and login required)|
|Windows 10 uses the Microsoft edge||Chrome, Firefox etc||Windows 10 uses the Microsoft edge browser by default unless you install Chrome, Firefox etc|
5.9 Most browsers allow you to refuse to accept cookies; for example:
in Firefox (version 51) you can block all cookies by clicking “Tools”, “Options”, “Privacy”, selecting “Use custom settings for history” from the drop-down menu, and unticking “Accept cookies from sites”;
in Chrome (version 55), you can block all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Content settings”, and then selecting “Block sites from setting any data” under the “Cookies” heading; and
in Internet Explorer (11) you can turn “Cookies” off by opening Internet Explorer, click Internet options and select the “Privacy” tab. Under “Settings” move the slider to the top or bottom to decline or allow “Cookies” by selecting high or low and then press “apply”.
5.10 You can delete cookies already stored on your computer; for example:
in Firefox (version 51), you can delete all cookies by clicking “Tools”, “Options” and “Privacy”, then selecting “Use custom settings for history” from the drop-down menu, clicking “Show Cookies”, and then clicking “Remove All Cookies”;
in Chrome (version 55), you can delete all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Clear browsing data”, and then selecting “Cookies and other site and plug-in data” before clicking “Clear browsing data”; and
5.11 In Internet Explorer (11) you can select the safety button and then select Delete Browsing History. Then select the check box next to “Cookies”. Select the “preserve favourites” website data check box if you don’t want to delete the “Cookies” associated with website in their favourites list. Select delete.
6. Links to other policies and websites
6.2 This statement does not cover your use of, provision of data to and collection of your data on any website other than the Website.
6.3 Our Website may from time to time contain links to and from other websites. If you follow a link to any of these websites please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these websites or policies. You should always check these policies before you submit any personal data to any third party website.
7. Your rights in respect of your information
The GDPR gives you a number of rights in respect of your personal data, including:
7.1 Right to access
7.1.1 You have the right to access the information we hold about you. We may request proof of your identity before sharing such information.
7.2 Right to rectify your personal data
7.2.1 If you discover that the information we hold about you is incorrect or out of date, you may ask us to correct that information.
7.3 Right to be forgotten
7.3.1 You may ask us to delete information we hold about you in certain circumstances. It may not be possible for us to delete all of the information we hold about you where we have an ongoing relationship, however please contact us and we will do our best to assist with your request.
7.4 Other rights
7.4.1 In addition to the above, you may also ask us to stop or restrict processing of the information we have about you. You may also ask us to transfer your personal information to a third party in certain circumstances. If you would like any other information on these aspect of your rights or would like to exercise them, please contact us using.
8.1 If you have any questions, want to exercise any of your rights or make a complaint, please contact us using the details at the beginning of this statement.
8.2 If we are unable to resolve your complaint you may contact the Information Commissioner’s Office at the Exchange Tower, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Tele: 0303 123 1113.
9. Changes to this Data Protection Privacy Statement
This statement may be reviewed and amended from time to time. As a result of improvements we make to our services, changes in the law or developments in technology, we may change the information we hold about you, the method and purposes for which we process such information. If we make any substantial change in the way in which we use your personal information we will notify you by email.
10. Law and Jurisdiction
Your use of the Website is subject to the laws of England and Wales and the exclusive jurisdiction of the English courts regarding any disputes that may arise under it.