We are committed to protecting your privacy. Here’s how
At Social and Sustainable Capital, we are committed to protecting your privacy and to ensuring that we are in line with the requirements of applicable law from time to time in respect of the processing of personal data and privacy, including the General Data Protection Regulation (GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and the UK Data Protection Act 2018 (“Data Protection Laws”). When we talk about “Personal Data” in this policy, we mean any information which could be used to identify any third party individuals (“you”), either directly or indirectly. It can include your name, email address, contact details.
- what Personal Data we collect about you;
- why we collect that Personal Data;
- who we share your Personal Data with;
- the rights you have in relation to your Personal Data;
- how we keep your Personal Data secure.
SASC is authorised and regulated by the Financial Conduct Authority (the “FCA”) and is registered on the financial services register maintained by the FCA (at www.register.fca.org.uk) with reference number 588445. SASC is registered with the information commissioner’s office as a data controller with registration number ZA267322.
1. What Personal Data we collect about you
When you engage with us, we may collect, store and use your Personal Data, for example:
1.1 Information about your computer and about your visits to and use of the Website (e.g. your IP address);
1.2 Information that you provide to us for the purpose of registering with us; making contact with us and/or applying to us for investment (e.g. your contact details, financial information and other necessary Personal Data);
1.3 Information that you provide to us for the purpose of subscribing to the Website services, email notifications and/or newsletters;
1.4 Information that provide to us (or we may collect from third parties where relevant) if you apply for a job with us.
2. Why we collect Personal Data and what we do with it
We may collect your Personal Data when you communicate with us and we will only use your Personal Data in order to:
2.1 Assess your enquiry or application for social investment;
2.2 Send you email notifications or updates, which you have specifically requested;
2.3 Send you marketing communications relating to SASC which we think may be of interest to you by post or, where you have specifically agreed to this or where we otherwise have the right to do so, by email or similar technology (you can inform us at any time if you no longer require marketing communications);
2.4 Deal with enquiries and complaints made by you relating to the Website or improve our Website; and
2.5 For our internal business processes including staff support.
We may process this Personal Data so that we can perform a contract with you, for the purpose of legal compliance and/or for the purposes of our legitimate business interests.
3. Information that we receive from other sources
We may receive information from third parties who hold Personal Data about you and pass it onto us, for example:
3.1 when we are deciding whether to make a social investment we may receive the Personal Data of key personnel;
3.2 our staff may give us emergency contact information as a part of our emergency scenario planning;
3.3 we may receive Personal Data from past employers and others concerning your employment history when you apply for a job with us.
When we collect your Personal Data from third parties, that third party is responsible for informing you that they have shared your Personal Data with us, directing you to this policy and obtaining any relevant consents from you to ensure you are happy with the ways in which your Personal Data will be used. However, once we are holding your Personal Data, we will only handle any person’s Personal Data in accordance with this policy and Data Protection Laws.
4. Who we share your Personal Data with
We may share your Personal data as described below:
4.1 Third Parties Working For Us
4.2 Following the Law
We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to comply with the law or to protect or enforce our rights. When we receive law enforcement or national security requests for information, we strongly believe in privacy and transparency. We aim to scrutinise such requests carefully and challenge vague, overbroad or otherwise unlawful requests. When legally permitted, we provide our users with notice that their information is being requested. This notice is provided so that you have the opportunity to challenge such requests.
4.3 Business Transfers
If we’re involved in a reorganisation, merger or acquisition, your Personal Data may be disclosed to potential buyers and your Personal Data may be transferred as part of such a deal.
5. Use of third-party social media channels
6. How to stop notifications or marketing messages from SASC
You can stop receiving marketing messages from us at any time.
You can do this:
- By clicking on the ‘unsubscribe’ link in any email
- By contacting firstname.lastname@example.org
Once you do this, we will update your profile to ensure that you do not receive further marketing messages.
Please note it might take a few days for all our systems to be updated, so you might get messages from us while we process your request.
7. How we keep your Personal Data secure and information about deletion of Personal Data
7.1 SASC commits to holding your data securely and we have various security measures in place to protect all Personal Data that we hold. Internally, access to Personal Data is restricted so that staff only have access to data required in order to carry out their duties. We deliver regular staff training on data protection.
7.2 To protect ourselves from external threats, we maintain active cyber security management and password protection on all SASC computers. Hard copies are stored in locked cabinets.
7.3 As part of our ongoing contractual agreements with third-party processors, we work to strict rules and policies. We hold specific GDPR-compliant contractual agreements with our external data processors. We apply certain selection criteria to third-party providers who maintain an offshore presence i.e. are located outside of the European Economic Area or the UK. We mainly transfer Personal Data to countries that have been deemed “adequate” jurisdictions for the protection of Personal Data by the European Commission. Where such countries do not have an adequacy decision (or other permitted mechanisms do not exist), we have put in place standard contractual clauses in order to transfer this Personal Data in accordance with the GDPR.
7.4 We have varied retention periods for each type of data we process but will always try to limit the length of time we hold your data. We keep data that does not have to be retained for statutory reasons no longer than necessary for the purposes we obtained it for.
7.5 We currently provide social investment only to organisations established in the UK and therefore have a general policy of not transferring any Personal Data in respect of any social investments outside of the UK.
8. The rights you have in relation to your Personal Data
Where we are holding your Personal Data, you have the following rights relating to this information:
- The right to be informed about how we are using your Personal Data.
- The right to access the Personal Data that we hold about you.
- The right to request the correction of inaccurate Personal Data we hold about you.
- The right to request that we delete your data, or stop processing it or collecting it, unless required for statutory purposes.
- The right to stop direct marketing messages, and to withdraw consent for other consent-based processing at any time.
- The right to request that we transfer elements of your data either to you or another service provider.
- Rights in relation to automated decision-making and profiling.
- The right to complain to the Information Commissioner’s Office in the UK if you believe that your Personal Data is compromised in any way.
Under the Data Protection laws, in some circumstances, we can deny your request or charge a reasonable fee for your request, for example, where your request is found to be “excessive”.
If you want to exercise any of your rights, have a complaint, or just have questions in respect of the information contained in this policy, please contact email@example.com.
9. Cookies Policy
A cookie in no way gives us access to your computer or any information about you, other than information about how you use the Website and the Personal Data you choose to share with us (including Personal Data you automatically share with us by way of your browser settings).
- Session cookies: temporary cookies which remain in your cookie file until you leave our Website
- Persistent cookies: these remain in place across multiple visits to our Website
- Third party cookies: these are created by a third party to provide us with statistics. An example of this is Google analytics
You can also manage cookie use via your browser settings (this will allow you to refuse the setting of all or some cookies) and your browser provider may ask you to confirm your settings. Note however that if you block all cookies via your browser settings you may not be able to access all or parts of our Website.