Privacy Policy

Updated in May 2023 and compliant with UK GDPR rules

Introduction

The SFC Capital Group of Companies (the “Organisation”) is committed to protecting and respecting your privacy. This Policy explains how your personal information is processed by the Organisation, including any affiliates listed in the Data Controllers and Contact section below (hereinafter also collectively referred to as “us”, or “we”). 

This Policy covers personal information relating to you that we may collect through any medium, including specifically in relation to the investment services we provide to you, via our partners and service providers, or through our website. This policy describes how you can access and make certain choices about how we use your personal information.

Your personal information that we may collect

We may collect and process the below listed information with respect to persons connected with the angel networking and investment services that we provide. As well as collecting personal data from our clients, we may also process personal data about relevant persons connected with the investment services, for example investors in our funds, co-investors, directors of investee startup companies, etc.

We may collect this information from a number of sources, including directly from you, via our affiliates, delegates, partners, service providers, professional advisors, or third-party entities with whom we undertake due diligence checks upon you and via automated technologies or interactions. In doing so, we will ensure that the information we collect is proportionate to our stated purposes.

Where relevant, we may collect and process personal information related to persons related to you. In such circumstances, it is your responsibility to ensure you have permission from that third-party for us to collect their information and you remain responsible for ensuring that the third-party understands how their information is being used.

Individuals connected with our investment services

We may collect and process your personal details, including your name, address, email and telephone/fax numbers, date of birth, nationality; employment details, including your employers name, your position or title and your corporate contact details; information on your financial circumstances, including your profession, income, assets and liabilities, as well as sensitive and/or criminal data as part of our standard due diligence process.

Individuals connected with our partners and service providers

We may collect and process your contact information, including your name, address, position, email and telephone/fax numbers; financial details, including relevant details for invoicing and billing; and KYC documentation, if and where required under relevant Anti-Money Laundering, Financial Sanctions, Non-Proliferation or Counter Terrorism Financing (“AML”) legislation.

Individuals connected with our website

We may collect and process your personal details, including your name, address, email and telephone/fax numbers, as well as your login identification and password details; and technical information, including your IP address, browser information, and details relating to your visit behaviour on our website. Further details are provided under our ‘Cookie Policy’ heading below.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

Our legal bases and purpose for holding your personal information

Unless specifically stated otherwise in a Privacy Notice provided to you, we use your personal information in the following ways and based upon the following lawful bases:

Individuals connected with our investment services

  1. In order to achieve our legitimate interests. In doing so, we ensure that:
    1. your rights and interests are considered and protected and there is a minimal privacy impact upon you;
    2. we are able to demonstrate that we use your data in a proportionate manner and you would not likely be surprised or likely to object to our usage;
    3. we can lawfully disclose personal data to a third-parties where we can demonstrate that this disclosure is justified;
  2. To comply with our legal or regulatory obligations. For instance, under the UK Financial Conduct Authority Conduct of Business rules and/or relevant AML legislation;
  3. In order to fulfil our contractual obligations to you in order to facilitate the provision of goods or services; and
  4. Based upon reasons of substantial public interest. [1]

Individuals connected with our partners and service providers

  1. In order to fulfil our contractual obligations to you in order to facilitate the provision of goods or services. This includes where you have asked us to do something before entering into a contract, for example to provide a quote;
  2. To comply with our legal or regulatory obligations. For instance, under relevant AML legislation; and
  3. Based upon reasons of substantial public interest.

Individuals connected with our website

  1. In order to achieve our legitimate interests. This may include electronic communications between us; the provision of investment information to you; details in order for us to manage and improve our website; for us obtaining and recording details relating to your visit behaviour on our website;
  2. To comply with our legal or regulatory obligations. For instance, under relevant AML legislation; and
  3. Based upon reasons of substantial public interest.

Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you. You may receive marketing communications from us if you have requested information from us or entered into a contract with us and you have not opted out of receiving that marketing. We will not share your personal data with any third party for marketing purposes. You can ask us to stop sending you marketing messages at any time following the opt-out links on any marketing message sent to you.

Where you opt out of receiving these marketing messages, this will not apply to platform related messages (for example, providing you with information on your portfolio of investments with us).

When we may disclose your personal information

We may disclose your personal information with the following category of recipients, and based upon the legal bases and purposes set-out above:

  1. Our affiliates, including where relevant third-party investment funds that we either manage or advise;
  2. Our partners, fund managers, and service providers, including service providers appointed by the third-party investment funds that we either manage or advise and including our appointed representatives where appropriate;
  3. Any law enforcement, court, regulator or other government authority in order for us to comply with a legal obligation laid down by UK or EU law. This includes the provision of information relating to any affiliate of the Organisation;
  4. A prospective buyer of our business, including where we intend to sell part of our business or merge with another third-party.

How and where we store your personal information

We store your electronically held personal information on Amazon Web Services servers located in the UK/EU. Our web application is encrypted using SSL certificate and monitored for vulnerabilities by a specialist third party service, Proberly. We understand that we have to ensure that service providers do comply with GDPR requirements.

We take all reasonable steps to protect your personal information; however, where you choose to transmit your personal data to us via the internet, we do not guarantee the security of the personal information transmitted and therefore any transmission is at your own risk.

We may transfer your personal information to our affiliates, partners or service providers that are based outside of the UK/EU. In such circumstances, we will ensure that your personal information is adequately protected to UK/EU approved standards.

Your rights as a Data subject

In certain circumstances, in relation to your data, you have:

  1. the right to be informed,
  2. the right of access,
  3. the right to rectification,
  4. the right to erasure,
  5. the right to restrict processing,
  6. the right to data portability,
  7. the right to object, and
  8. rights in relation to automated decision making and profiling.

Further details of your rights can be found at the ICO website, however, please note that your rights are subject to our overarching legal responsibilities: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

If you wish to exercise any of these rights, please contact the relevant data controller (listed below).

How long we retain your personal information

We reserve the right to retain your personal information for as long as we reasonably believe it to be necessary in order to facilitate our legitimate interests, in order for us to comply with our legal or regulatory obligations, where based upon reasons of substantial public interest, or where your personal information remains public information by your own actions. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. For further information, please contact the relevant data controller (listed below).

Our responsibilities when we make changes to our Privacy Policy

We may make changes to our Privacy Policy at any time and may do so without expressly notifying you of these changes. However, should the legal bases or purpose for processing your personal information changes then we shall expressly notify you.

Our Data Controllers and how to contact us

Questions or individual data requests relating to this Policy should be addressed to the relevant data controller. For the purpose of the data protection legislation, the relevant data controllers are:

Co registration no: 09898901

SFC Advisory Ltd.
C/O Bennett Brooks Ltd
2 Maple Court, Davenport Street
Macclesfield, SK10 1JE

GDPR contact: Angelika Burawska, angelika@sfcadvisory.com, telephone: 0333 335 5834

Our Cookie Policy

A cookie is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. We only use cookies that are required for the essential operation of our website. These cookies are typically deleted from your device once the browsing session is terminated.

You can choose to block cookies that we may deliver to your device through settings on your web-browser; however, in doing so you may not be able to access or utilise all aspects of our website.

 

 

[1] Where personal information is public is not a processing condition under DPA 2018. It is a factor that supports reliance on the processing condition of legitimate interest.