PRIVACY POLICY

Last update:  April 2021

Introduction

Our privacy policy sets out how Oxford Capital Partners LLP (“OCP” or the “Firm”) is committed to protecting the privacy and security of your personal data in accordance with data protection law.  This policy gives individuals information on how personal information (i.e. information which directly or indirectly identifies you) is collected, processed, shared and stored.

How we collect data and what we collect

We may collect personal information about you when you communicate or transact business with us, or when an adviser communicates with us on your behalf in writing, electronically or by telephone. For example, we collect personal information about you from the following sources:

  • Applications or forms completed by you;
  • Information you provide during telephone conversations, email, or contact forms that you send us; and
  • When we conduct anti-money laundering searches via third party systems in order to verify who you are

The following are examples of personal information that we may hold with respect to our client and business relationships:

  • Name and contact details
  • Tax information
  • Nationality, passport or other identification documents
  • Information on investigations, litigation, court proceedings, civil liabilities or criminal convictions against you
  • Information received from credit reference agencies, fraud prevention agencies and from other public sources such as Companies House
  • Financial data (such as bank account details)
  • Sensitive personal data – before proceeding with an investment, we may ask the directors and officers to provide personal details about themselves by filling in a director’s questionnaire. This can include information about a director’s health or medical condition that might affect their ability to run the business.

 

How we will use and process your data

We will use and process your data, as necessary, in order for us to:

  • Carry out our obligations arising from any contracts entered into between you and OCP and to provide you with the information, products and services that you request from us.  Under UK General Data Protection Regulation (GDPR), this is deemed to be under the lawful basis of consent, contract or legitimate interests.
  • Comply with our regulatory obligations imposed by the Financial Conduct Authority (FCA) in regard to the relevant ‘Know Your Client’ obligations. In addition, to comply with the FCA’s requirements for record keeping for the purposes of audits and reviews, records of transactions undertaken and customer histories for prescribed periods of time, as directed.  Under UK GDPR, this is deemed to be under the lawful basis of legal obligation.
  • Respond to any legitimate legal requests for information about you to the FCA or pursuant to an order of any court, or as required by law for the purposes of, but not limited to combatting fraud, money-laundering and criminal activities.  Under UK GDPR, this is deemed to relate to the lawful bases of legal obligations and legitimate interests.

 

Sharing of data

We will not share your information with any third parties for the purposes of direct marketing.

We have contracts in place with data processors who are third parties and provide services to us.  This means that they cannot do anything with your personal information unless we have instructed them to do so. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

In some circumstances we are legally obliged to share information.  For example under a court order, or further to a requests from a regulator or governmental authority e.g. the FCA or HM Revenue and Customs.  Prior to provision, we will satisfy ourselves that we have a lawful basis on which to share the information.

How we store your data and retention periods

We employ a variety of physical and technical measures to keep your personal data safe and to prevent unauthorised access, use, or disclosure of it. Electronic data and databases are stored on secure computer systems and we control who has access to them.  We have data protection procedures which employees are required to follow when handling personal data and requirements of employees are reinforced through data protection training.

Your personal data will be retained for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention of your personal data will be subject to periodic review.

Marketing

OCP will send you information about products and services of ours that we think you may be interested in, but only if you have consented to receiving such marketing material from us.  You have the right at any time to stop OCP from contacting you for marketing purposes and therefore please contact us if you no longer wish to receive such material.

Your data protection rights

You are entitled to the following:

  • The right to access – You have the right to request OCP for copies of your personal data
  • The right to rectification – You have the right to request that OCP corrects any information you believe is inaccurate. You also have the right to request OCP to complete the information you believe is incomplete
  • The right to erasure – You have the right to request that OCP erase your personal data, under certain conditions
  • The right to restrict processing – You have the right to request that OCP restricts the processing of your personal data, under certain conditions
  • The right to object to processing – You have the right to object to OCP processing your personal data, under certain conditions
  • The right to data portability – You have the right to request that OCP transfers the data that we have collected to another organisation, or directly to you, under certain conditions

You also have the right to withdraw consent for your processing of your personal data at any time.  Please refer to the ‘How to contact us’ section below in order to choose a suitable medium to progress your withdrawal request.

Cookies

Our website may use “cookies” to enhance your experience and enable certain functionality (such as making login processes easier).  Web browsers place cookies on hard drives for record-keeping purposes and sometimes to track information (such as repeat visits).  You can choose to set your web browser to refuse cookies, or to alert you when cookies are being sent. However, if you refuse to allow cookies, this may interfere with your ability to use the site.

Our website also uses Google’s AdWords remarketing service. This means that if you visit our website, you may see adverts for OCP when you visit other websites.  This happens because Google places a cookie on your machine based on which pages you visit on our site, and then uses that cookie to show you relevant advertisements when you visit other sites.  This remarketing process does not involve collecting or storing any of your personal data.  You can opt-out of Google’s use of cookies by visiting Google’s Ads Settings.  Alternatively, you can-opt out of Google and third-party cookies by visiting the Network Advertising Initiative opt-out page.

International transfers

OCP normally only stores personal information within the UK or the European Economic Area (EEA).  These jurisdictions abide by an equivalent standard of data protection regulation.  If one of our subcontractors (such as a payment processor) needs to transfer data outside of the UK or EEA, then we will take steps to ensure that adequate levels of privacy protection safeguards are in place in line with UK data protection regulation.

We use MailChimp, an email services platform based in the USA, to manage and send email communications.  If you receive emails powered by the MailChimp platform, this will mean your information has been transferred to the USA.  Data between the UK and USA used to take place under the assurance of the EU-US Privacy Shield (the “Shield”) which was one way for companies to transfer data legally from the EU/UK to the US, however on 16 July 2020 the European Court of Justice invalidated the Shield.  At the same time, it was confirmed that Standard Contractual Clauses (SCCs) continue to provide a valid mechanism for companies to transfer personal data outside the EU/UK.

The European Court of Justice advised that in addition to adhering to the SCCs, the data exporter (OCP) and data importer (Mailchimp) may need to agree to supplemental measures to ensure an adequate level of protection for the transferred data, but did not specify what those measures could be. The European Data Protection Board is currently analysing this decision, and will issue guidance on what those supplemental measures could consist of in the future.  OCP and Mailchimp will review this guidance as soon as it is available and implement it to ensure compliance with all applicable data protection laws.

Privacy policies of other websites

OCP’s website may contain links to other websites.  Our privacy policy applies only to our website, therefore if you click on a link to another website you should read their privacy policy.

Changes to our privacy policy

We may revise and / or supplement our privacy policy from time to time to reflect (including but not limited to), any changes in our business, law, regulation, markets and / or the introduction of any new technology.

How to contact us

If you have any questions about our privacy policy, please contact us:

  • Email us: [email protected]
  • Call us: 01865 860760 and ask for the Director, Finance and Operations
  • Or write to us:  Director, Finance and Operations, 46 Woodstock Road, Oxford, Oxfordshire, OX2 6HT

 

Your right to lodge a complaint with the Information Commissioner’s Office (ICO)

If you have raised a query with us and are dissatisfied with our response, or you believe that your data protection or privacy rights have been infringed, you can contact the ICO, which oversees data protection compliance in the UK.  Details of how to do this can be found at www.ico.org.uk

 

 

 

Estimated reading time: 2 min

 

Due to the potential for losses, the Financial Conduct Authority (FCA) considers this investment to be high risk.

What are the key risks?

  1. You could lose all the money you invest
    1. If the business you invest in fails, you are likely to lose 100% of the money you invested. Most start-up businesses fail.
  2. You are unlikely to be protected if something goes wrong
    1. Protection from the Financial Services Compensation Scheme (FSCS), in relation to claims against failed regulated firms, does not cover poor investment performance. Try the FSCS investment protection checker here.
    2. Protection from the Financial Ombudsman Service (FOS) does not cover poor investment performance. If you have a complaint against an FCA-regulated firm, FOS may be able to consider it. Learn more about FOS protection here.
  3. You won’t get your money back quickly
    1. Even if the business you invest in is successful, it may take several years to get your money back. You are unlikely to be able to sell your investment early.
    2. The most likely way to get your money back is if the business is bought by another business or lists its shares on an exchange such as the London Stock Exchange. These events are not common.
    3. If you are investing in a start-up business, you should not expect to get your money back through dividends. Start-up businesses rarely pay these.
  4. Don’t put all your eggs in one basket
    1. Putting all your money into a single business or type of investment for example, is risky. Spreading your money across different investments makes you less dependent on any one to do well.
    2. A good rule of thumb is not to invest more than 10% of your money in high-risk investments. https://www.fca.org.uk/investsmart/5-questions-ask-you-invest
  5. The value of your investment can be reduced
    1. The percentage of the business that you own will decrease if the business issues more shares. This could mean that the value of your investment reduces, depending on how much the business grows. Most start-up businesses issue multiple rounds of shares.
    2. These new shares could have additional rights that your shares don’t have, such as the right to receive a fixed dividend, which could further reduce your chances of getting a return on your investment.

 

If you are interested in learning more about how to protect yourself, visit the FCA’s website here.