This Policy sets out the following:
- What information we collect
- Business contacts and professional advisers and intermediaries
- Directors and shareholders of investees
- Our website and cookies
- Storing your information
- International transfers
- Your rights
- Updates to this Policy
For the purposes of data protection at Oxford Investment Consultants we will be a controller of your personal information. (This means we make decisions about how and why your information is used, and have a duty to ensure your rights are reserved).
2. WHAT INFORMATION WE COLLECT
In order to operate our business and provide our services, we need to use personal information about actual and prospective clients, business contacts, directors and shareholders of companies we advise OTIF about, and details of individual professional advisers and intermediaries.
We collect information from individuals to provide services and to keep them informed about us. This may include personal information, such as your name and contact details provided when communicating with us or signing up to a mailing list. If you instruct us to provide services then we shall also process financial information in order to provide you with those services.
HOW WE USE YOUR INFORMATION
We will only use your information with your consent, or because we need to in order to:
- enter into, or perform, a contract with you
- comply with a legal or regulatory duty
- fulfil our own (or a third party’s) lawful interests, provided your rights don’t override these
- protect your vital interests
In any event, your information will only be used for the purpose(s) we collected it for (or otherwise for a closely related purpose, such as record keeping). Further details on how we use information in relation to particular groups of people (investors, business/professional contacts, and directors/shareholders of OTIF investee companies) can be found in paragraphs 3, 4 and 5 below.
If we need to use personal data in order to enter into or perform a contract with you but you don’t provide that data, we may not be able to contract with you or provide the services.
We will never sell or trade your personal information. We do share information with our suppliers, and this may include personal information in some cases, but they will only be allowed to use the information for a specific purpose and there will be a written agreement which makes sure your information is protected.
We will also share personal information with professional advisers, intermediaries or others when we are required to do so by law or by a regulator or governmental authority (for example HM Revenue and Customers or the Financial Conduct Authority).
In certain limited circumstances, we may collect or process sensitive personal information (such as information about someone’s health). In the event that we do, we’ll ensure that this information is kept private and secure. We will collect some sensitive data about company directors and officers as part of our due diligence process (please see section 5 below for further details).
We collect information about individual investors in order to provide our services, administer accounts and advise OTIF on making investments. This information will include:
- basic personal information and contact details
- personal information about beneficiaries and next of kin
- security information (to enable us to identify individual account holders and prevent fraud)
- information about their investments and transactions
- financial data (such as bank account details and national insurance numbers) which we require to process payments and invest money on our clients’ behalf
4. BUSINESS CONTACTS, PROFESSIONAL ADVISERS AND INTERMEDIARIES
We often work with other businesses. These might be intermediaries, professional advisers or other businesses with whom we choose to partner in relation to events or initiatives. We collect information about individuals working with or for these businesses, including names and contact details, and information about someone’s role in a business (such as their job title).
5. DIRECTORS AND SHAREHOLDERS OF INVESTEES
We research and investigate businesses before reporting to OTIF in connection with an investment. This includes not just the business itself, but also its owners and directors. We look at information which is publicly available and obtain personal information from third party sources like the investee business’s website, Companies House and the Internet. This information might include names, job titles and career history and other directorships or shareholdings.
Before recommending a business as an investment, we sometimes ask the directors and officers to provide personal details about themselves by filling in a director’s questionnaire. This can include sensitive personal data (such as information about the health or medical conditions that might affect someone’s ability to run the business). We process this information on the basis of the relevant individual’s specific consent and he or she can refuse to provide these details or ask us to delete them at any time.
6. OUR WEBSITE AND COOKIES
We don’t collect or process personal information about visitors to our website unless they choose to provide information (such as when signing up to a mailing list).
We may collect non-personal information about visitors to our website as this helps us optimise and improve the website. This information might include your internet protocol address, the browser being used to connect to our site, the device (e.g. its operating system) and the connection type (e.g. the Internet service provider used). However, none of this information will directly identify you.
HYPERLINKS TO OTHER SITES
Where we have the regulatory qualification to do so, we may contact you by email, telephone or post with information about investment products or services that might interest you (see ‘Marketing’ below), updates or information about your investments, or to notify you of changes to our terms of business or this Policy.
If you are an existing client, we’ll send you marketing communications about similar products or services that may be of interest, unless you ask us not to or have written to us to unsubscribe.
We will only contact an individual personally with email marketing communications if that individual is an existing client or if he or she has asked to receive marketing or enquired about a particular service. If you would like to opt-in in to marketing you can do so on our website.
We sometimes send emails to business customers, contacts, intermediaries and professional advisers without their prior consent, which we do in order to promote our services and build relationships. If we have contacted you it will be because we think these communications may be of interest or relevance to you on the basis of our previous dealings with you or a recommendation from a third party.
Our marketing emails will always tell recipients why they are receiving that email and give them the option to unsubscribe.
TELEPHONE AND POST
We may record telephone conversations, video calls or any other electronic communication and retain copies of them, as well as any transcripts and any written or electronic communication we have with you. These will be used for the purpose of administering your account, training, evidencing compliance with regulatory requirements, as evidence in the event of a dispute, or as evidence in court.
CHANGING YOUR PREFERENCES AND UNSUBSCRIBING
You can change how you hear from us or unsubscribe from marketing at any time. You can do this by writing to the Data Protection Officer, Oxford Investment Consultants LLP, HB Allen Centre, 25 Banbury Road, Oxford OX2 6NN or emailing the Data Protection Officer at email@example.com with details of your request. You can also contact us using these details if you wish to complain about a marketing communication you have received in error.
8. STORING YOUR INFORMATION
We employ a variety of physical and technical measures to keep your personal data safe and to prevent unauthorised access to, or use or disclosure of it. Electronic data and databases are stored on secure computer systems and we control who has access to them (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection procedures which personnel are required to follow when handling personal data.
We cannot absolutely guarantee the security of the internet or external networks or your own device. Accordingly, any online communications (e.g. information provided by email or through our website) are at your own risk. We reside on and use an ISO 27001 certified data centre and service provider.
We only store personal information for as long as it is required for the purpose(s) we collected it for (or for a related compatible purpose, such as keeping a record of a transaction). We regularly review what data we have and delete that which is no longer necessary. In certain situations you have the right to request that your data be deleted (the right to be forgotten). Please see paragraph 10 for further details.
If you believe that any information we are holding on you is incorrect or incomplete, please contact us using the details set out in clause 1.
9. INTERNATIONAL TRANSFERS
Except as set out below, we normally only store personal information within the European Economic Area (EEA). If one of our subcontractors (such as a payment processor) needs to transfer it outside the EEA then we will take steps to make sure adequate levels of privacy protection, in line with UK data protection law, are in place. These safeguards will usually be contractual and/or the result of a European Union decision which allows the transfer (for example, to a US organisation which is certified under the EU-US Privacy Shield framework).
10. YOUR RIGHTS
We want you to remain in control of your personal information. Part of this is making sure you understand your legal rights, which are as follows:
- where data is processed on the basis of consent, the right to withdraw that consent
- the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of the personal data
- the right to have inaccurate data rectified
- the right to object to your data being used for marketing or profiling, or on the basis of our or a third party’s legitimate interests
- the right to restrict how your personal information is used
- the right to be forgotten, which allows you to have your data erased in certain circumstances (though this is not an absolute right and may not apply if we need to continue using the information for a lawful reason)
If you would like further information on your rights or wish to exercise them, please write to the Data Protection Officer, Oxford Investment Consultants LLP, HB Allen Centre, 25 Banbury Road, Oxford OX2 6NN; or emailing firstname.lastname@example.org with details of your request.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so (for example, because the information no longer exists or there is an exception which applies to your request).
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner’s Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
11. UPDATES TO THIS POLICY
We may update this Policy at any time. When we do, we will post a notification on the main page of our website, revise the updated date at the bottom of this page. We encourage users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect.
This policy was last updated on 15th July 2019