Notion Capital (“we”, “us”, “our”) are committed to protecting and respecting your privacy in accordance with data protection laws that are applicable in the UK from time to time.
Information we collect from you
Whether you are an individual investor or a director/shareholder of a company that we are thinking of investing in, or someone from within our network who wishes to have a relationship with us, we may collect and process different kinds of personal data about you, which we have grouped together as follows:
Identity Data includes first name, last name, username or similar identifier, marital status, title, date of birth and gender.
Special category personal data
In certain circumstances, we may collect, store and use your sensitive personal data, known under the UK GDPR as ‘special category’ data. We will do this when you provide us with information about your racial or ethnic origin. Please see below for further details on how we process special category data.
How we collect your personal data
We will ask for your permission (Consent) to place cookies or other similar technologies on your device, except where they are essential for us to provide you with a service that you have requested.
If you do not want to accept any cookies, you may be able to change your browser settings so that cookies (including those which are essential to the services requested) are not accepted. If you do this, please be aware that you may lose some of the functionality of our website.
Uses made of the personal data
We use personal data held about you in the following ways: We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Generally we do not rely on consent as a legal basis for processing your personal data, other than in relation to sending third party direct marketing communications to you via email or text message, certain introductions or using non-essential cookies on our website.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
Notion is likely to receive and store personal information as part of its investment evaluation process. If you are involved in a transaction that Notion and/or the funds that it manages or advises enters into, or a potential transaction that Notion considers, we may store personal information relating to you. This might include your CV, details of your previous employment history and professional activities, information relating to your financial status and dealings, nationality information (including copies of identity documents, such as a passport), references provided by third parties, and results of other due diligence carried out. We collect and store this information for the purposes of:
We store and process information in this way because it is necessary to:
How we will use your special category personal data
We may collect information about your race or ethnic origin to ensure meaningful equal opportunity monitoring and reporting. We will only do this where you have provided us with your explicit consent, to allow us to collect and process this type of information.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). If you are an individual, you will receive marketing communications from us because you have requested to receive them or previously entered into a contract with us and, in each case, you have not opted out of receiving marketing.
If we are contacting you as a business then we are entitled to contact you on the basis of our legitimate interests (to develop and grow our business) with marketing information provided that you have not previously opted out of receiving such communications. In some circumstances you may receive marketing communications from us if we have collected your Identity Data and Contact Data from a publicly available source, however you will always be provided with the opportunity to opt-out of receiving these communications.
We will get your express opt-in consent before we share your personal data with any company outside the Notion group of companies for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by contacting the DPO at 91 Wimpole Street, London W1G 0EF or firstname.lastname@example.org at any time.
Disclosure of your personal data
We may have to share your personal data with the parties set out below for the purposes set out above:
Selected third parties including:
Please contact the DPO at 91 Wimpole Street, London W1G 0EF or email@example.com if you want further information on the Notion Capital Group or any third party with whom we share your personal data.
We will disclose your personal data to third parties:
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We share your personal data within the Notion Capital Group. This may involve transferring your data outside the UK and European Economic Area (EEA). Many of our external third parties are based outside the UK and EEA so their processing of your personal data will involve a transfer of data outside the UK and EEA. Whenever we transfer your personal data out of the UK and EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact the DPO at 91 Wimpole Street, London W1G 0EF or firstname.lastname@example.org if you want further information on the specific mechanism used by us when transferring your personal data out of the UK and EEA.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Details of retention periods for different aspects of your personal data are available in our Data Retention Register which you can request by contacting us.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. You have the right to ask us not to process your personal data for direct marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting the DPO at 91 Wimpole Street, London W1G 0EF or email@example.com. Under certain circumstances, by law you have the right to:
No fee usually required
You will not have to pay a fee to exercise any of your rights as set out above. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity to ensure that you do have a right to exercise any of your rights as set out above. This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Right to withdraw consent
We will not usually rely on your consent as the legal basis for processing your personal data. In the limited circumstances where we have requested you to consent to the processing of your personal data for a specific purpose, and you have provided such consent, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the DPO at 91 Wimpole Street, London W1G 0EF or firstname.lastname@example.org. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Third party sites
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We use a CRA, TransUnion, to provide KYC checks. Information about how TransUnion process your personal data can be found here: https://www.transunion.com/privacy/transunion.
This version was last updated in December 2020.