How we collect data and what we collect
We may collect personal information about you when you communicate or transact business with us, or when an adviser communicates with us on your behalf in writing, electronically or by telephone. For example, we collect personal information about you from the following sources:
- Applications or forms completed by you;
- Information you provide during telephone conversations, email, or contact forms that you send us; and
- When we conduct anti-money laundering searches via third party systems in order to verify who you are
The following are examples of personal information that we may hold with respect to our client and business relationships:
- Name and contact details
- Tax information
- Nationality, passport or other identification documents
- Information on investigations, litigation, court proceedings, civil liabilities or criminal convictions against you
- Information received from credit reference agencies, fraud prevention agencies and from other public sources such as Companies House
- Financial data (such as bank account details)
- Sensitive personal data - before proceeding with an investment, we may ask the directors and officers to provide personal details about themselves by filling in a director’s questionnaire. This can include information about a director’s health or medical condition that might affect their ability to run the business.
How we will use and process your data
We will use and process your data, as necessary, in order for us to:
- Carry out our obligations arising from any contracts entered into between you and OCP and to provide you with the information, products and services that you request from us. Under UK General Data Protection Regulation (GDPR), this is deemed to be under the lawful basis of consent, contract or legitimate interests.
- Comply with our regulatory obligations imposed by the Financial Conduct Authority (FCA) in regard to the relevant ‘Know Your Client’ obligations. In addition, to comply with the FCA’s requirements for record keeping for the purposes of audits and reviews, records of transactions undertaken and customer histories for prescribed periods of time, as directed. Under UK GDPR, this is deemed to be under the lawful basis of legal obligation.
- Respond to any legitimate legal requests for information about you to the FCA or pursuant to an order of any court, or as required by law for the purposes of, but not limited to combatting fraud, money-laundering and criminal activities. Under UK GDPR, this is deemed to relate to the lawful bases of legal obligations and legitimate interests.
Sharing of data
We will not share your information with any third parties for the purposes of direct marketing.
We have contracts in place with data processors who are third parties and provide services to us. This means that they cannot do anything with your personal information unless we have instructed them to do so. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
In some circumstances we are legally obliged to share information. For example under a court order, or further to a requests from a regulator or governmental authority e.g. the FCA or HM Revenue and Customs. Prior to provision, we will satisfy ourselves that we have a lawful basis on which to share the information.
How we store your data and retention periods
We employ a variety of physical and technical measures to keep your personal data safe and to prevent unauthorised access, use, or disclosure of it. Electronic data and databases are stored on secure computer systems and we control who has access to them. We have data protection procedures which employees are required to follow when handling personal data and requirements of employees are reinforced through data protection training.
Your personal data will be retained for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention of your personal data will be subject to periodic review.
OCP will send you information about products and services of ours that we think you may be interested in, but only if you have consented to receiving such marketing material from us. You have the right at any time to stop OCP from contacting you for marketing purposes and therefore please contact us if you no longer wish to receive such material.
Your data protection rights
You are entitled to the following:
- The right to access – You have the right to request OCP for copies of your personal data
- The right to rectification – You have the right to request that OCP corrects any information you believe is inaccurate. You also have the right to request OCP to complete the information you believe is incomplete
- The right to erasure – You have the right to request that OCP erase your personal data, under certain conditions
- The right to restrict processing – You have the right to request that OCP restricts the processing of your personal data, under certain conditions
- The right to object to processing – You have the right to object to OCP processing your personal data, under certain conditions
- The right to data portability – You have the right to request that OCP transfers the data that we have collected to another organisation, or directly to you, under certain conditions
You also have the right to withdraw consent for your processing of your personal data at any time. Please refer to the ‘How to contact us’ section below in order to choose a suitable medium to progress your withdrawal request.
OCP normally only stores personal information within the UK or the European Economic Area (EEA). These jurisdictions abide by an equivalent standard of data protection regulation. If one of our subcontractors (such as a payment processor) needs to transfer data outside of the UK or EEA, then we will take steps to ensure that adequate levels of privacy protection safeguards are in place in line with UK data protection regulation.
We use MailChimp, an email services platform based in the USA, to manage and send email communications. If you receive emails powered by the MailChimp platform, this will mean your information has been transferred to the USA. Data between the UK and USA used to take place under the assurance of the EU-US Privacy Shield (the “Shield”) which was one way for companies to transfer data legally from the EU/UK to the US, however on 16 July 2020 the European Court of Justice invalidated the Shield. At the same time, it was confirmed that Standard Contractual Clauses (SCCs) continue to provide a valid mechanism for companies to transfer personal data outside the EU/UK.
The European Court of Justice advised that in addition to adhering to the SCCs, the data exporter (OCP) and data importer (Mailchimp) may need to agree to supplemental measures to ensure an adequate level of protection for the transferred data, but did not specify what those measures could be. The European Data Protection Board is currently analysing this decision, and will issue guidance on what those supplemental measures could consist of in the future. OCP and Mailchimp will review this guidance as soon as it is available and implement it to ensure compliance with all applicable data protection laws.
Privacy policies of other websites
How to contact us
- Email us: [email protected]
- Call us: 01865 860760 and ask for the Director, Finance and Operations
- Or write to us: Director, Finance and Operations, 46 Woodstock Road, Oxford, Oxfordshire, OX2 6HT
Your right to lodge a complaint with the Information Commissioner’s Office (ICO)
If you have raised a query with us and are dissatisfied with our response, or you believe that your data protection or privacy rights have been infringed, you can contact the ICO, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
Last update: April 2021