The North East Fund Limited Privacy Policy

The North East Fund Limited (company number (10441614) (TNEFL) respects your privacy and is committed to protecting your personal information. In line with the EU General Data Protection Regulation (GDPR) this privacy policy outlines the information TNEFL collects (including through our website – www.northeastfund.org) and the actions TNEFL takes in order to protect this information, and your rights and options regarding the ways in which your personal information is used.

This Notice contains important information about your personal rights to privacy. Please read it carefully to understand how we use your personal information.

The provision of your personal information to us is voluntary. However, without providing us with your personal information, your use of our services may be impaired

1.  Personal information about you which we may collect, store and process

TNEFL may collect, store and use the following kinds of personal information:

  • information that you provide when submitting a Contact Form or when you subscribe to our newsletter using the form on our website (including your name and email address);
  • information that you provide if you apply for a job with us;
  • information that you provide when using TNEFL’s services, or that is generated in the course of the use of those services (including your name, address, telephone number, email address and, where applicable, social media identity);
  • information contained in or relating to any communications that you send directly to TNEFL or send through this website (including the communication content and data associated with the communication);
  • information about your education, experience and professional status, if you apply for a job with us or in the context of understanding how our services may be of use or interest to you;
  • information we may obtain from publicly available sources. This may include information available on Companies House, reputable media articles, publications and company websites and professional networking sites such as LinkedIn.         Depending on your privacy settings for social media services, we may access information from those accounts or services, including from Facebook, Instagram and Twitter;
  • information we obtain from third parties; for instance, we may obtain personal information about you from professional advisors or other finance providers;
  • any other personal information you choose to send TNEFL.

The GDPR recognises certain categories of personal information as sensitive and therefore requiring more protection, for example information about your health, ethnicity and political opinions. We do not intentionally collect any such sensitive information through our website nor collect or retain any such sensitive information without your explicit consent to do so.

2.   How and why will we use your personal information?

Your personal information, provided to us through the means set out in point 1 above, may be used for the purposes specified in this Notice. In particular, we may use your personal information:

  • to provide further information about our work, services, activities or products (where necessary, only where you have provided your consent to receive such information)
  • to answer your questions/requests and communicate with you in general;
  • to analyse and improve our work, services, activities, products or information (including our website) and to hold a list of contacts (such as other finance providers) that we work with or would wish to work with;
  • to report on the impact and effectiveness of our work, in particular to investors in our funds and stakeholders, including: the European Investment Bank, the European Commission and the UK Ministry of Housing, Communities and Local       Government (as Managing Authorities of the European Regional Development Fund), the UK Department for Business, Energy and Industrial Strategy, the British Business Bank, North East Access to Finance Limited, the North East             Local Enterprise Partnership and the seven Local Authorities within the counties of Northumberland, Tyne & Wear and County Durham;
  • to run/administer our website, keep the website safe and secure and ensure that content is presented in the most effective manner for you;
  • to register and administer your participation in events;
  • to review your application for a job to work for us or an internship and to contact you about the position and any interview process;
  • for the prevention of fraud or misuse of our services; and/or
  • for the establishment, defence and/or enforcement of legal claims.

3.   Communications for marketing

We may use your contact details to provide you with information about our work, events, services and/or products which we consider may be of interest to you (for example, about services you have previously used or expressed an interest in). We will only contact you where we have informed you that we will and, where the law requires us to, we will obtain your prior consent.

If you meet an employee of TNEFL, for example, at an event, and give them your contact details then TNEFL will keep this information in order to contact you in the future about topics which might be of interest to you. TNEFL will also share this information with other staff members at TNEFL and occasionally may pass it on to third parties (including the managers of the funds which we have established and oversee) who they think you would be interested to hear from. Similarly, we will sometimes receive your contact details from a third party who thinks you would be interested in hearing from us.

Where you do not wish to be contacted by us about our projects and/or services in the future, please let us know by email via info@northeastfund.org. You can also opt-out of receiving emails from TNEFL at any time by contacting us at info@northeastfund.org.

4.   How long do we keep your personal information?

We keep your data for as long as it’s necessary to meet the relevant purposes for which we’ve collected your data, including for the purpose of satisfying any legal, accounting or reporting requirements.

To determine the appropriate length of time for holding your data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm, from unauthorised use or disclosure of your personal data, the purpose for which we process your data and whether we can achieve those purposes through other means, along with the applicable legal requirements.

If at any time: (i) your personal information is no longer required in connection with the purpose(s) for which it was collected; or (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of erasure (please see section 8 below), we will remove it from our records at the relevant time.

5.   Lawful bases

The GDPR requires us to rely on one or more lawful basis to process your personal information. We consider the grounds listed below to be relevant:

(a) Where you have provided your consent for us to use your personal information in a certain way (for example, we will ask for your consent to use your personal information to send you promotional material by email, and we may ask for your explicit consent to collect special categories of your personal information).

(b) Where necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract (for example, if you apply to work for us).

(c) Where there is a “legitimate interest” in us doing so.

5.2 Legitimate interests

The GDPR allows us to collect and process your personal information if it is reasonably necessary to achieve our or others’ legitimate interests (as long as that processing is fair, balanced and does not unduly impact your rights).

In broad terms, our “legitimate interests” means the interests of TNEFL in: operating and raising awareness of our publicly-supported SME investment programme; sign-posting potential applicants for investment to the third-part, FCA authorised managers of the five investment funds which we have established; enabling investors to invest in our funds and enabling our contracted, FCA authorised fund managers to invest those funds in companies. This requires us to provide information about and advertise our services, to hold events and perform the associated administrative tasks, to respond to queries and to monitor and manage our fund portfolio.

When we process your personal information to achieve such legitimate interests, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required to by law).

6.   Will we share your personal information?

We may share your personal information with our third-party suppliers, including the managers of the funds we have established, when they are processing personal information on our behalf.

We may need to disclose your personal information where legally required or upon request to regulatory and government bodies (such as HMRC) as well as law enforcement agencies. We may also merge or partner with other organisations and, in so doing, acquire or transfer personal information but your personal information would continue to be used for the purposes set out above.

We may need to disclose your personal information in order to comply with the terms of our funding agreements, which include a requirement to report on the impact and effectiveness of our work to our funders and stakeholders, including: the European Investment Bank, the European Commission and the UK Ministry of Housing, Communities and Local Government (as Managing Authorities of the European Regional Development Fund), the UK Department for Business, Energy and Industrial Strategy, the British Business Bank, North East Access to Finance Limited, the North East Local Enterprise Partnership and the seven Local Authorities within the counties of Northumberland, Tyne & Wear and County Durham. Such disclosures will generally not be of information which identifies you individually (as it will be of aggregated engagement data), but it may do so in particular if you are a director or employee of, or shareholder in, a company which receives investment from one of our funds.

7.   Security/storage of and access to your personal information

TNEFL is committed to keeping your personal information safe and secure and we have appropriate and proportionate security policies and organisational and technical measures in place to help protect your information. For example, your personal information is only accessible by appropriately trained staff and contractors and stored on secure servers with features enacted to prevent unauthorised access.

In general, the personal information that we collect from you will be stored at a destination within the UK or European Economic Area (“EEA”). However, your personal information will be transferred and stored outside the European Economic Area (EEA) in the circumstances set out below.

7.1 Transfers of your information outside the European Economic Area

We may transfer your information outside the EEA or to an international organisation in order to comply with legal obligations to which we are subject (compliance with a court order, for example). Where we are required to do so, we will ensure appropriate safeguards and protections are in place.

Google Analytics
Information collected by Google Analytics is transferred outside the EEA and stored on Google’s servers. You can access Google’s privacy policy in Section 11.

Country of storage: United States of America. This country is not subject to an adequacy decision by the European Commission.

Safeguard(s) used: Google has self-certified its compliance with the EU-U.S. Privacy Shield which is available here:

https://www.privacyshield.gov/welcome

The EU-U.S. Privacy Shield is an approved certification mechanism under Article 42 of the General Data Protection Regulation, which is permitted under Article 46(2)(f) of the General Data Protection Regulation. You can access the European Commission decision on the adequacy of the EU-U.S. Privacy Shield here:

http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm

Mailchimp
Information collected by Mailchimp is transferred outside the EEA and stored on Mailchimp’s servers. You can access Mailchimp’s privacy policy in Section 11.

Country of storage: United States of America. This country is not subject to an adequacy decision by the European Commission.

Safeguard(s) used: Google has self-certified its compliance with the EU-U.S. Privacy Shield which is available here:

https://www.privacyshield.gov/welcome

The EU-U.S. Privacy Shield is an approved certification mechanism under Article 42 of the General Data Protection Regulation, which is permitted under Article 46(2)(f) of the General Data Protection Regulation. You can access the European Commission decision on the adequacy of the EU-U.S. Privacy Shield here:

http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm

Eventbrite
Information collected by Eventbrite is transferred outside the EEA and stored on Eventbrite’s servers. You can access Eventbrite’s privacy policy in Section 11.

Country of storage: United States of America. This country is not subject to an adequacy decision by the European Commission.

Safeguard(s) used: Google has self-certified its compliance with the EU-U.S. Privacy Shield which is available here:

https://www.privacyshield.gov/welcome

The EU-U.S. Privacy Shield is an approved certification mechanism under Article 42 of the General Data Protection Regulation, which is permitted under Article 46(2)(f) of the General Data Protection Regulation. You can access the European Commission decision on the adequacy of the EU-U.S. Privacy Shield here:

http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm

Flywheel
Information collected by Flywheel is transferred outside the EEA and stored on Flywheel’s servers. You can access Flywheel’s privacy policy in Section 11.

Country of storage: United States of America. This country is not subject to an adequacy decision by the European Commission.

Safeguard(s) used: Google has self-certified its compliance with the EU-U.S. Privacy Shield which is available here:

https://www.privacyshield.gov/welcome

The EU-U.S. Privacy Shield is an approved certification mechanism under Article 42 of the General Data Protection Regulation, which is permitted under Article 46(2)(f) of the General Data Protection Regulation. You can access the European Commission decision on the adequacy of the EU-U.S. Privacy Shield here:

http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm

Please note that some countries outside of the EEA may have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals. Where your personal information is transferred, stored and/or otherwise processed outside the EEA in a country that does not offer an equivalent standard of protection to the EEA, we will take all reasonable steps necessary to ensure that the recipient implements appropriate safeguards (such as by entering into standard contractual clauses approved by the European Commission) designed to protect your personal information and to ensure that your personal information is treated securely and in accordance with this Notice.

Unfortunately, no transmission of your personal information over the internet can be guaranteed to be 100% secure – however, once we have received your personal information, we will use strict procedures and security features to try and prevent unauthorised access.

8.   Exercising your Rights

Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for marketing purposes or to unsubscribe from our newsletter at any time – please see section 11 below for details of how to contact us to do this. You also have the following rights:

(a) Right of access– you can write to us to ask for confirmation of what personal information we hold about you and to request a copy of that information. Provided we are satisfied that you are entitled to see the personal information requested and we have successfully confirmed your identity, we will provide you with your personal information subject to any exemptions that apply.

(b) Right of erasure– at your request and where you are entitled to, we will delete your personal information from our records as far as we are required to do so. In many cases we will need to hold onto limited personal information about you in order to ensure we do not send you further communications.

(c) Right of rectification– if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated. You can also ask us to check the personal information we hold about you if you are unsure whether it is accurate/up to date.

(d) Right to restrict processing– you have the right to ask for processing of your personal information to be restricted if there is disagreement about its accuracy or legitimate usage.

(e) Right to object– you have the right to object to processing where we are (i) processing your personal information on the basis of the legitimate interests ground, (ii) using your personal information for direct marketing or (iii) using your information for research or statistical purposes.

(f) Right to data portability– to the extent required by the GDPR, where we are processing your personal information by automated means and either (i) because we have obtained your consent, or (ii) because such processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contact, you may ask us to provide your personal information to you – or another service provider – in a machine-readable format.

(g) Rights related to automated decision-making– you have the right not to be subject to a decision based solely on automated processing of your personal information which produces legal effects or similarly significant affects you, unless such a decision (i) is necessary to enter into/perform a contract between you and us/another organisation; (ii) is authorised by EU or UK (as long as that law offers you sufficient protection); or (iii) is based on your explicit consent.

We may ask you for additional information to confirm your identity and for security purposes, before disclosing personal information requested to you.

Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you contact us using the details in section 11 below.

You are further entitled to make a complaint about us or the way we have processed your personal information to the data protection supervisory authority in your home country. In the UK this is the Information Commissioner’s Office (www.ico.org.uk). For further information on how to exercise this right, please contact us using the details below.

9.   Changes to this Notice

We may update this Notice from time to time so please check back periodically. We will notify you of significant changes by contacting you directly where we can reasonably do so and by placing a notice on our website. This Notice was last updated on 15/01/2019.

10.  Links and third parties
We link our website directly to other sites. This Notice does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy notices of any external websites you visit via links on our website.

TNEFL use MailChimp as our marketing automation platform. Their privacy policy can be viewed here: https://mailchimp.com/legal/privacy

TNEFL use Google Analytics to track usage of its website. TNEFL do not directly store any cookies directly, however Google Analytics may use cookies. Information on what Google Analytics capture is located here:
https://support.google.com/analytics/answer/6004245

TNEFL use Alcuim Software Ltd to record investment of the funds. The privacy policy can be found here; https://www.alciumsoftware.com/Privacy-Policy

TNEFL use Eventbrite for event management. Their privacy policy can be viewed here: https://www.eventbrite.co.uk/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy?lg=en_GB

TNEFL use Flywheel for website hosting and includes a newsletter subscription tool. Their privacy policy can be viewed here: https://getflywheel.com/legal/privacy-policy/

11.   How to contact us

Please let us know if you have any questions or concerns about this Notice or about the way in which TNEFL processes your personal information by contacting us at the following channels:

Email: info@northeastfund.org

Telephone: + 44 (0) 191 211 2300

Post: The North East Fund Limited, First Floor, 33 Grey Street, Newcastle upon Tyne, NE1 6EE