Privacy Policy

YFM Equity Partners is the trading name of YFM Private Equity Limited.  This Privacy Notice is provided by YFM Private Equity Limited (“YFM”) in its capacities as an Alternative Investment Fund Manager and as Investment Adviser and Administrator to British Smaller Companies VCT plc and British Smaller Companies VCT2 plc (together “BSC VCTs”).  References to “we”, “us” and “our” in this Privacy Notice are references to YFM and/or BSC VCTs.

YFM and the BSC VCTs are the controllers of your personal data under applicable data protection law, including the General Data Protection Regulation (“GDPR”) with effect from 25 May 2018.

Purpose of the Privacy Notice

When an individual interacts with us we may collect information that constitutes personal data under GDPR and this Privacy Notice sets out how we collect, share and protect that data.

Whose personal data do we collect?

We collect information about individuals in a number of instances:

  1. when someone invests in a fund managed by us or in the BSC VCTs;
  2. when we speak to individuals about potentially investing in one of our managed funds or in the BSC VCTs;
  3. when we speak with intermediaries, such as financial advisers;
  4. when one of our managed funds or the BSC VCTs are investing in a business;
  5. when we are seeking to employ someone;
  6. when we are seeking to establish a business relationship.

We may also hold publicly available information about an individual.

The sorts of personal data we collect

The data that we collect depends on the nature of the interaction with an individual.  It may include data such as name and address, e-mail address, National Insurance number, passport or driving licence number, bank account details, details of your investments and income on those investments, country of residence for tax purposes, curriculum vitae and other information provided on application forms and related documents.

How your personal data is collected

Personal data may be provided to us in a number of different ways, such as:

  1. on application forms;
  2. as part of our Anti-Money Laundering (“AML”) / Know Your Customer (“KYC”) / Counter Terrorism Funding (“CTF”) procedures;
  3. in correspondence and conversations with a member of staff or one of our intermediaries;
  4. making transactions for a fund or the BSC VCTs, such as buying and selling shares;

Our website will also use cookies.  Cookies are small files saved to the user’s computer’s hard drive that track, save and store information about the user’s interactions and usage of the website.  This allows the website, through its server, to provide the users with a tailored experience within the website. We may use cookies to remember personal settings you have chosen at our website.  In no other context do we use cookies to collect information that identifies you personally. We use anonymous session cookies (short-term cookies that disappear when you close your browser) to help you navigate the website and make the most of the features.

Collecting data from third parties

We may also collect personal data from third parties such as a financial adviser, the organisation you represent, credit reference agencies, authorities and other legal entities and individuals and publicly accessible sources. In certain circumstances we may be required to carry out enhanced due diligence checks to comply with our obligations under the Money Laundering Regulations 2017. These enhanced checks may reveal information about criminal convictions or information about an individual’s political opinions and associations and/or other sensitive personal data. We will only collect and process such information to the extent necessary to comply with our regulatory obligations and in accordance with the applicable data protection laws.

How we use your personal data

Below we set out the purposes that we use your personal data for and the legal bases that we rely on to ensure that your personal data is processed lawfully:

  • to perform our contract with you when you act as an intermediary;
  • to perform a contract with you when you invest in a fund or in a BSC VCT, or when we invest in a business e.g. to verify your identity, admitting an investor to a fund or a BSC VCT, maintaining a share register and providing information to you;
  • to comply with our legal obligations, notably under company and tax law, including the Companies Act, the OECD Common Reporting Standard (“CRS”), the Foreign Account Tax Compliance Act (“FATCA”) and all applicable AML, KYC and CTF laws, and screening against sanctions lists;
  • to pursue our or a third party’s (such as our associates, service providers, agents or delegates) legitimate interests, such as:
    • sharing your personal data within the YFM group of companies for administrative purposes;
    • preventing, detecting and investigating fraud and other crime;
    • ensuring network and information security;
    • purchasing services from third parties that help us to provide our services to you and to comply with our legal obligations;
    • retaining electronic records and communications;
    • developing, and informing you about, events, services and investments that you may be interested in;
    • undertaking market research;
    • maintaining our relationship with you;
    • mitigating business and operational risks;
    • defending our interests;
    • ensuring that our associates, agents and third party service providers also comply with all relevant legislation;

When evaluating whether legitimate interests can be relied on as a legal basis for the activities above we are required to carry out a balancing test to ensure that the use of your personal data will not be overridden by your fundamental rights and freedoms. In certain circumstances we will seek your consent and you will have the right to withdraw such consent at any time.

What happens if you fail to provide the requested personal data?

If, for example, you fail to correctly complete all the necessary sections on an application / subscription form or fail to provide the correct information (e.g. for AML, KYC, CTF, FATCA or CRS) we may reject or delay your application / subscription until the relevant information is receive or we may decide not proceed with a transaction or a business relationship.

Who do we share your personal data with?

We may share your personal data for the purposes set out in the Privacy Notice with our associates, intermediaries, agents, third party service providers and delegates, such as registrars, auditors, professional advisers and third party service providers.

Where we use a third party who process your personal data as a processor we will ensure that they do so in accordance with our instructions and that they put appropriate measures in place to protect your data.

We may allow third parties who we share your personal data with to process your data as controllers solely for the purpose of providing services to us.  In such cases we will ensure that these controllers will process your personal data in accordance with this Privacy Notice and in accordance with applicable laws. We do not allow third party service providers to market to you unless they obtain your consent. We may also share your personal data with a potential buyer in connection with any proposed purchase, merger or acquisition of any part of the business.

Keeping your data secure

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the Internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred via the internet. If you have any particular concerns about your information, please contact us (see ‘Contacting us?’ below).

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Transfers of your information out of the EEA

As we use a number of cloud-based systems your personal data may be transferred outside the European Economic Area.  In such cases we will ensure that adequate safeguards are put in place to ensure the security of your personal data.

Data retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.  For example, in accordance with our legal and regulatory requirements, we will retain investors’ records for a minimum period of at least six years following the termination of our agreement with such investors.  To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you.

Your rights in relation to the personal data that we hold about you

Subject to the conditions set out in applicable laws you have the following rights:

  1. To access, rectify or request the erasure of your personal data;
  2. To ask that the processing of your personal data be restricted;
  3. To request the portability of your personal data;
  4. On certain grounds, to object to the processing of your personal data based on our legitimate interests; and
  5. To object to the processing of your personal data for direct marketing purposes.

You can exercise these rights by contacting us using the contact details below.  You also have the right to lodge a complaint with the Information Commissioner’s Office if you consider that the processing of your personal data infringes the GDPR. You can also contact the Information Commissioner’s Office on 0303 123 1113.

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please let us know if your personal information changes during your relationship with us.

Force24 Cookies & Tracking

Our organisation utilises Force24’s marketing automation platform.

Force24 cookies are first party cookies and are enabled at the point of cookie acceptance on this website. The cookies are named below:

  • F24_autoID
  • F24_personID

They allow us to understand our audience engagement thus allowing better optimisation of marketing activity.

f24_autoId – This is a temporary identifier on a local machine or phone browser that helps us track anonymous information to be later married up with f24_personid. If this is left anonymous it will be deleted after 6 months . Non-essential, first party, 10 years, persistent.

f24_personId – This is an ID generated per individual contact in the Force24 system to be able to track behaviour and form submissions into the Force24 system from outside sources per user. This is used for personalisation and ability to segment decisions for further communications. Non-essential, first party, 10 years, persistent.

The information stored by Force24 cookies remains anonymous until:

  • Our website is visited via clicking from an email or SMS message, sent via the Force24 platform and cookies are accepted on the website.
  • A user of the website completes a form containing email address from either our website or our Force24 landing pages.

The Force24 cookies will remain on a device for 10 years unless they are deleted.

Other Tracking

We also use similar technologies including tracking pixels and link tracking to monitor your viewing activities

Device & browser type and open statistics
All emails have a tracking pixel ( a tiny invisible image ) with a query string in the URL. Within the URL we have user details to identify who opened an email for statistical purposes.

Link Tracking
All links within emails and SMS messages sent from the Force24 platform contain a unique tracking reference, this reference help us identify who clicked an email for statistical purposes.

Contacting us

Please address all questions and concerns about the contents of the Privacy Notice by one of the following methods:

In writing:
The Investor Relations Support Manager
YFM Private Equity Limited
5th Floor, Valiant Building
14 South Parade

By e-mail:
[email protected]

By telephone:
0113 244 1000

Back to top