1.2 Further notices highlighting certain uses we wish to make of your personal data together with the ability to opt in or out of selected uses may also be provided to you when we collect personal data from you.
- Personal data we may collect about you
- How we use your personal data and who we may disclose it to
- Transmission, storage and security of your personal data
- Your rights and contacting us
- Our Cookies policy
- Third Party Websites
2. Personal data we may collect about you
2.1 We may collect and process the following personal data about you:
- Information you provide to us: personal data that you provide to us, for example during the onboarding and investor account activation processes and your use of the websites, including your name, email address (and/or proof of address), other contact details, work-related information, verification information, tax-related information and financial information (some of this information may also be provided by parties connected to you or connected to us, e.g. administrators, financial institutions);
- Our correspondence: information about any correspondence that we may have with you, including when you contact us via the “contact us” links on the websites;
- Survey information: where we ask you to complete surveys that we use for research purpose, the information provided by you in the completed survey;
- Your transactions: details of transactions and investments you carry out through our websites, password protected investor sites or through other channels and of the fulfilment of the other services that we provide; and
- Website and communication usage:details of your visits to the websites and information collected through cookies etc. including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.
If you do not provide certain personal data then we may not be able to provide all or part of our services to you, or your use of our websites may be more limited.
3. How we use your personal data and who we may disclose it to
3.1 Under UK and EU data protection laws (if applicable), we must establish and inform you of the legal basis or “ground” for our use of your personal data.
Use of personal data under UK and EU data protection laws must be based on one of a number of legal “grounds”. The principal legal grounds that may apply to our use of your information are:
- Consent: where you have consented to our use of your information (you will have been presented with a consent form in relation to any such use
- Contract performance: where your information is necessary to enter into or perform our contract with you.
- Legal obligation: where we need to use your information to comply with our legal obligations.
- Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
Where we process special category personal data, we may also rely upon the following legal grounds:
- Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.
- Explicit consent: where you have explicitly consented to our use of your information.
3.2 If you are located in India, we may use your personal data pursuant to your consent.
3.3 For each use of personal data mentioned below, we note the purpose for which we use and disclose it, who we may disclose it to, and the legal grounds we use as a basis for our use (“Use basis”).
- To provide our services and conduct our business: to provide our services, as adviser to the Veld Funds and to carry out obligations arising from any agreements entered into between you and Veld (including Veld Funds), which may include passing your data to third parties such as administrators, agents or contractors or to our advisors (e.g. legal, financial, business or other advisors);
Use basis: contract performance, legitimate interests (to enable us to perform our obligations and provide our services to you)
- In relation to fraud prevention: we and other organisations may access and use certain information to prevent fraud as may be required by applicable law and regulation and best practice at any given time. If false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies and may be recorded by us or by them.
Use basis: legal obligations, legitimate interests (to ensure that you fall within our acceptable risk profile and to assist with the prevention of crime and fraud), explicit consent (where this includes health data, or data relating to ethnic or racial origin, political affiliations)
- To provide you with investor material: to provide you investor material where you have chosen or are required to receive these.
Use basis: legal obligations, contract performance, consent.
- For research and development purposes: to analyse your personal data in order to better understand our investors’ needs and to develop our business. This may involve transferring your personal data to third party service providers;
Use basis: legitimate interests (to ensure that we are continuing to develop our business and meeting investors’ needs)
- To monitor certain activities and carry out certain checks: to monitor calls and transactions to meet regulatory obligations, compliance with procedures and to combat fraud (including “know-your-counterparty”, anti-money laundering, anti-bribery and corruption and other legal requirements, policies and procedures which are aimed at detecting and preventing financial crime). This may include disclosing your personal information to third parties such as administrators, agents or contractors, identity or credit reference checking agencies or to our advisors. We may also be required to monitor certain communications that you have with us in order to comply with our legal obligations;
Use basis: legal obligations, legal claims, legitimate interests (where this is not strictly required by law given we are a regulated business we still need to take certain steps to ensure we honour our regulatory obligations)
- To inform you of changes: to notify you about changes;
Use basis: legitimate interests (in order to provide you with relevant updates)
- To ensure website content is relevant: to ensure that content from our websites is presented in the most effective manner for you and for your device;
Use basis: consent, contract performance, legitimate interests (to assist users of our website)
- To reorganise or make changes to our business: In the event that we are:
- subject to negotiations for the sale of our business or part thereof to a third party;
- sold to, or merged with, a third party; or (iii) undergo a re-organisation, we may need to transfer some or all of your personal data to the relevant third party (or its advisors) as part of any due diligence process or transferred to that re-organised entity or third party and used for the same purposes as set out in this policy or for the purpose of analysing any proposed sale or re-organisation.
Use basis: legitimate interests (in order to allow us to change our business)
In connection with legal or regulatory obligations: We may process your personal data to comply with our regulatory requirements or in connection with dialogue with our regulators as applicable, which may include disclosing your personal information to third parties (including advisors), the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world.
Use basis: legal obligations, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities)
If you are located in India, we may disclose your personal data pursuant to your consent, or where it is necessary for the performance of a legal obligation.
We do not undertake any automated decision-making, including profiling, on your personal data.
4. Transmission, storage and security of your personal data
Security over the internet
4.1 No data transmission over the Internet or website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal data in accordance with data protection legislative requirements. All information you provide to us is stored on secure servers and accessed and used subject to our security policies and standards.
4.2 Where we or a fund administrator have given you (or where you have chosen) a password which enables you to access certain parts of our websites (e.g. our investor pages), you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.
4.3 For personal data collected in India, we implement reasonable physical, technical and administrative security standards designed to protect your personal data from loss, misuse, alteration, destruction or damage and to ensure a level of security appropriate to the risk, and such security standard will be at an equivalent or higher level than the international standard IS/ISO/IEC 27001 on “Information Technology – Security Techniques – Information Security Management System – Requirements”.
Export outside the UK/EEA
4.4 Given Veld’s group structure, personal data may be shared and transferred to other entities within the Veld or to other third parties both within the UK and EEA as well as to other countries outside of the UK and EEA that may have a lower standard than in the UK/EEA.
4.5 When we do so, we will use appropriate safeguards to protect the personal data that we transfer. We will either ask for your consent to the transfer or transfer it subject to European Commission or UK Government approved contractual terms that impose equivalent data protection obligations directly on the recipient, unless we are permitted under applicable data protection law to make such transfers without such formalities (including where the export is to a country that has been approved by the European Commission or UK Government (as applicable) as providing essentially equivalent protections to EU data protection laws and therefore where no further safeguards are required in order to export to that country).
4.5 Please contact us if you would like further information on the specific safeguards we apply in relation to the export of your personal data.
4.6 We will retain your personal data for as long as is necessary for the purposes for which they were collected and any other permitted linked purposes. So if personal data is used for two purposes, we will retain it until the purpose with the longest retention period expires; but we will stop using it for the purpose with a shorter retention period once that shorter period has expired. Periods may also be extended where reasonably required to do so by law or by a regulator.
4.7 We restrict access to your personal data to those persons who need to use it for the relevant purpose(s). Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymised (and the anonymised information may be retained) or securely destroyed.
5. Your rights & contacting us
5.1 Data protection legislation gives you the right (subject to some exceptions) to access certain personal data held about you, correct any inaccuracies and to prevent the processing of your personal data that is likely to cause unwarranted substantial damage or distress to you or anyone else and to object to any decision that significantly affects you being taken solely by a computer or other automated process.
If you have any questions in relation to our use of your personal data, you should first contact us.
If you are situated in the UK, EU or India, you may have the following rights, subject to certain conditions and in certain circumstances:
- Subject Access: You can ask us to provide you with further details on how we make use of your personal data and a copy of the personal data that we hold about you.
- Rectification: You can ask us to update any inaccuracies in the personal data that we hold.
- Erasure: You can ask us to erase your personal data that we no longer have lawful grounds to use.
- Withdrawal of consent: Where processing is based on consent, you can withdraw your consent to processing so that we stop that particular processing.
- Object and Restriction: You can object to, or restrict how we use your personal data in certain circumstances.
- Portability: You can ask us to transmit the personal data that you have provided to us to a third party.
- Raise a complaint: You can raise a complaint about our processing with the data protection regulator in your jurisdiction (for example in the UK, Information Commissioner’s Office).
Although, we would ask you to speak to us first if you are not happy with the way in which we have collected or processed your personal data so that we can seek to resolve the matter.
5.2 We will use reasonable endeavours to ensure that your personal data is accurate. In order to assist us with this, you should notify us of any changes to the personal data that you have provided to us by contacting us.
6. Cookies Policy
7. Third party websites
Our websites may contain links to other third party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal data. Please check these policies before you submit any personal data to such third party websites.