AshGrove Capital LLP (“AshGrove”, “we” or “us”) is committed to protecting the privacy and security of your personal information in accordance with applicable UK/EU data protection laws, including the General Data Protection Regulation (“GDPR”). For the purposes of UK/EU data protection laws, AshGrove is the controller of your personal data.
AshGrove is authorised and regulated by the Financial Conduct Authority (Reference number 829447) and registered with the ICO.
We may process your personal data in the course of our relationship with you in a number of ways, including:
- when you use our website (www.ashgrovecap.com);
- when you are seeking to engage our services or solicit our business;
- when you contact us, supply information or request information from us;
- when you contact us directly via one of our members of staff, advisors or agents.
Contact: AshGrove Legal
Email address: email@example.com
Address: AshGrove Capital LLP, 12 Little Portland Street, London W1W 8BJ
We will only obtain personal data from you for specified and lawful purposes and any personal data which we obtain will be processed fairly and lawfully.
We will take all reasonable steps to ensure that the data held is adequate, relevant and not excessive for the relevant purposes.
The servers hosting our website automatically record certain information about you when you use this site. We may use this information to understand who has seen which pages in order that we can monitor and improve the website.
If you submit information to us directly through this website (for example, in a request for general information or through the submission of information through the tools available on this website) we may record and use any personal data that you provide, such as your name, telephone number and e-mail address.
We will only use your personal data when the law allows us to, including:
- to perform our contractual obligations towards you or to take steps before entering into a contract with you or the organisation you work for;
- for our legitimate interests (or those of a third-party) and where your interests and fundamental rights do not override those interests. Our legitimate interests are to conduct our business in an efficient, compliant and profitable manner; and/or
- to comply with our legal or regulatory obligations.
We collect information about you so that we can:
- identify you;
- detect and prevent fraud;
- conduct “Know Your Customer” checks;
- liaise with portfolio companies, suppliers and group companies;
- administer our contract with you and/or our portfolio companies (if applicable);
- improve our services and manage our business, including for accounting and auditing purposes;
- maintain our IT systems and manage hosting of data;
- deal with any legal disputes which may involve you; and
- comply with our regulatory reporting obligations.
We will only use your personal information for the purposes for which we have collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We will collect certain personal data when you are a visitor to our website. We may use “cookies” or other tracking technologies to identify you and to enable us to remember your log-in details. Amongst other things, this helps us to understand our website users and enables us to improve the website experience for you and/or other users.
Disclosures of your Personal Data
We may have to share your personal data with third parties, such as IT service providers. When we do, we require them to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
If we need to transfer your personal data outside the European Economic Area (EEA)/the UK, we will ensure that any transfer of your data will be subject to the same levels of compliance with applicable laws and include appropriate safeguards and remedies in the unlikely event of a security breach.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees, members, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have in place procedures to deal with any suspected personal data breach and will notify you and the Information Commissioner’s Officer (ICO), the UK supervisory authority for data protection issues, of a breach where we are legally required to do so. While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred via the internet. If you have any particular concerns about your information, please contact us.
Personal Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once our processing of your personal data is no longer necessary, we will securely destroy your personal information in accordance with applicable laws and regulations.
Your Legal Rights
Under certain circumstances, by law, you have the right to:
Request access to your personal information – (commonly known as a “data subject access request”). This enables you to receive a confirmation from us as to whether we process any of your personal information or not, and if this is the case, to receive a copy of such personal information and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Right to restrict processing of your personal information. This enables you to limit the way we use your personal information.
Object to processing of your personal information. Where we are relying on a legitimate interest (or those of a third-party) but you to feel such processing of your personal data impacts on your fundamental rights and freedoms, you may object. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with applicable laws. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Request the transfer of your personal information to another party. This right applies if data is supplied by a data subject and the processing is carried out by automated means. We will not process any of the personal data provided by you by automated means, but in the event you submit a request to transfer your personal information to another party, we will consider your request and let you know whether your request can be fulfilled.
Please contact us if you wish to exercise any of the rights set out above. In the event you do contact us, we may need to verify your identity to allow us to prevent disclosure of your information to an unauthorised person. Please note that if you request erasure, object to our processing of your personal data or request the restriction of our processing of your personal data we may not be able to provide our services.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer, if your request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated.
Right to Complain
Issues or concerns individuals have regarding their personal data can also be brought to the attention of the UK Information Commissioner’s Office or any applicable supervisory authority.
Information regarding the UK Information Commissioner’s Office and its powers can be found on its website at www.ICO.org.uk.