YFM Equity Partners is the trading name of YFM Private Equity Limited. This Privacy Notice is provided by YFM Private Equity Limited (“YFM”) in its capacities as an Alternative Investment Fund Manager and as Investment Adviser and Administrator to British Smaller Companies VCT plc and British Smaller Companies VCT2 plc (together “BSC VCTs”). References to “we”, “us” and “our” in this Privacy Notice are references to YFM and/or BSC VCTs.
YFM and the BSC VCTs are the controllers of your personal data under applicable data protection law, including the General Data Protection Regulation (“GDPR”) with effect from 25 May 2018.
Purpose of the Privacy Notice
When an individual interacts with us we may collect information that constitutes personal data under GDPR and this Privacy Notice sets out how we collect, share and protect that data.
Whose personal data do we collect?
We collect information about individuals in a number of instances:
We may also hold publicly available information about an individual.
The sorts of personal data we collect
The data that we collect depends on the nature of the interaction with an individual. It may include data such as name and address, e-mail address, National Insurance number, passport or driving licence number, bank account details, details of your investments and income on those investments, country of residence for tax purposes, curriculum vitae and other information provided on application forms and related documents.
How your personal data is collected
Personal data may be provided to us in a number of different ways, such as:
Our website will also use cookies. Cookies are small files saved to the user’s computer’s hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server, to provide the users with a tailored experience within the website. We may use cookies to remember personal settings you have chosen at our website. In no other context do we use cookies to collect information that identifies you personally. We use anonymous session cookies (short-term cookies that disappear when you close your browser) to help you navigate the website and make the most of the features.
Collecting data from third parties
We may also collect personal data from third parties such as a financial adviser, the organisation you represent, credit reference agencies, authorities and other legal entities and individuals and publicly accessible sources. In certain circumstances we may be required to carry out enhanced due diligence checks to comply with our obligations under the Money Laundering Regulations 2017. These enhanced checks may reveal information about criminal convictions or information about an individual’s political opinions and associations and/or other sensitive personal data. We will only collect and process such information to the extent necessary to comply with our regulatory obligations and in accordance with the applicable data protection laws.
How we use your personal data
Below we set out the purposes that we use your personal data for and the legal bases that we rely on to ensure that your personal data is processed lawfully:
When evaluating whether legitimate interests can be relied on as a legal basis for the activities above we are required to carry out a balancing test to ensure that the use of your personal data will not be overridden by your fundamental rights and freedoms. In certain circumstances we will seek your consent and you will have the right to withdraw such consent at any time.
What happens if you fail to provide the requested personal data?
If, for example, you fail to correctly complete all the necessary sections on an application / subscription form or fail to provide the correct information (e.g. for AML, KYC, CTF, FATCA or CRS) we may reject or delay your application / subscription until the relevant information is receive or we may decide not proceed with a transaction or a business relationship.
Who do we share your personal data with?
We may share your personal data for the purposes set out in the Privacy Notice with our associates, intermediaries, agents, third party service providers and delegates, such as registrars, auditors, professional advisers and third party service providers.
Where we use a third party who process your personal data as a processor we will ensure that they do so in accordance with our instructions and that they put appropriate measures in place to protect your data.
We may allow third parties who we share your personal data with to process your data as controllers solely for the purpose of providing services to us. In such cases we will ensure that these controllers will process your personal data in accordance with this Privacy Notice and in accordance with applicable laws. We do not allow third party service providers to market to you unless they obtain your consent. We may also share your personal data with a potential buyer in connection with any proposed purchase, merger or acquisition of any part of the business.
Keeping your data secure
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the Internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred via the internet. If you have any particular concerns about your information, please contact us (see ‘Contacting us?’ below).
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Transfers of your information out of the EEA
As we use a number of cloud-based systems your personal data may be transferred outside the European Economic Area. In such cases we will ensure that adequate safeguards are put in place to ensure the security of your personal data.
Data retention
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. For example, in accordance with our legal and regulatory requirements, we will retain investors’ records for a minimum period of at least six years following the termination of our agreement with such investors. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you.
Your rights in relation to the personal data that we hold about you
Subject to the conditions set out in applicable laws you have the following rights:
You can exercise these rights by contacting us using the contact details below. You also have the right to lodge a complaint with the Information Commissioner’s Office if you consider that the processing of your personal data infringes the GDPR. You can also contact the Information Commissioner’s Office on 0303 123 1113.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please let us know if your personal information changes during your relationship with us.
Force24 Cookies & Tracking
Our organisation utilises Force24’s marketing automation platform.
Force24 cookies are first party cookies and are enabled at the point of cookie acceptance on this website. The cookies are named below:
They allow us to understand our audience engagement thus allowing better optimisation of marketing activity.
f24_autoId – This is a temporary identifier on a local machine or phone browser that helps us track anonymous information to be later married up with f24_personid. If this is left anonymous it will be deleted after 6 months . Non-essential, first party, 10 years, persistent.
f24_personId – This is an ID generated per individual contact in the Force24 system to be able to track behaviour and form submissions into the Force24 system from outside sources per user. This is used for personalisation and ability to segment decisions for further communications. Non-essential, first party, 10 years, persistent.
The information stored by Force24 cookies remains anonymous until:
The Force24 cookies will remain on a device for 10 years unless they are deleted.
Other Tracking
We also use similar technologies including tracking pixels and link tracking to monitor your viewing activities
Device & browser type and open statistics
All emails have a tracking pixel ( a tiny invisible image ) with a query string in the URL. Within the URL we have user details to identify who opened an email for statistical purposes.
Link Tracking
All links within emails and SMS messages sent from the Force24 platform contain a unique tracking reference, this reference help us identify who clicked an email for statistical purposes.
Contacting us
Please address all questions and concerns about the contents of the Privacy Notice by one of the following methods:
In writing:
The Investor Relations Support Manager
YFM Private Equity Limited
5th Floor, Valiant Building
14 South Parade
Leeds
LS1 5QS
By e-mail:
[email protected]
By telephone:
0113 244 1000