Data Protection Privacy Notice
Please read this Privacy Notice carefully before providing us with any information about you or any other connected person. Where you provide information about another person, you should first obtain their consent to do so.
We have developed this Privacy Notice in accordance with the Data Protection Act 1998 and Regulation (EU) 2016/679, commonly known as the General Data Protection Regulation or GDPR. Its purpose is to advise you of the personal information we may collect, for what purpose(s), how we will use it, the lawful basis under which we may do this and your rights under the GDPR.
1. The categories of data subject to the provisions of the GDPR
‘Personal data’ (Article 4 of the GDPR) by which we mean information which identifies you as an individual, or is capable of doing so.
2. Contact details and person responsible for Data Protection at Longspur Capital
Longspur Capital Limited is registered with the Information Commissioner’s Office as a Data Controller, reference number ZA778488. We have a responsibility to ensure that your personal information is processed in accordance with this Privacy Notice and the above Regulations.
If you would like to discuss anything in this Privacy Notice, please contact the Compliance Director who is the person responsible for Data Protection within the firm. You may contact her in writing at 20 North Audley Street, London W1K 6WE, by telephone on +44(0)131 357 6770, or by email to email@example.com.
3. The personal data we may collect and the purposes for this.
We may collect and process different types of personal data in the course of operating our business and providing our services. These include:
• Basic personal details such as your name and job title;
• Contact data such as your telephone number and postal or email address;
• Personal data provided to us by or on behalf of our clients or generated by us in the course of providing our services, which may, where relevant, include special categories of personal data;
• Identification and other background verification data such as a copy of passports or utility bills or evidence of beneficial ownership or the source of funds to comply with client due diligence/”know your client”/anti-money laundering laws and collected as part of our client acceptance and ongoing monitoring procedures;
• Any other personal data relating to you that you may provide.
We may collect or receive your personal data in a number of different ways:
• Where you provide it to us directly, for example by corresponding with us by email, or via other direct interactions with us such as completing a form on our website; or
• Where a third party provides it to us on your behalf;
• Other email communications sent from or received by Longspur;
• It should be noted that Longspur do not capture or record any Personal Data relating to website visitors/users;
• Personal information provided by you or third parties on your behalf;
• Recordings of telephone calls between us.
The Personal Data we obtain and hold is used to enable us to:
• Provide investment, management and administration services to our clients;
• fulfil our contractual and other obligations to employees, suppliers, contractors and other business partners; and
• meet our legal and regulatory obligations.
To monitor and maintain our website, we may monitor and retain the following personal data
• All computers that are linked to the Internet have an Internet Protocol (IP) number. Our website logs your IP number when you visit it. An IP number does not provide identifiable personal information on its own but there are facilities to look up IP numbers and establish the owner so this is treated by us as personal information.
We process the following personal data on the legal basis of Legal Obligation, and the information below sets out further details on this processing.
To meet our obligations to the UK Money Laundering Regulations, we may use the following personal data
• Passport or driving license details;
• Your home address;
• Financial information such as occupation, income and source of wealth
4. Data Sharing
We may share information with third parties where this is necessary to enable us to provide our services to you or to allow us to comply with our legal or regulatory obligations. We will not share your data with any third party for marketing purposes. The classes of third parties with whom we will share your personal data, and the reasons for this, are as follows.
• IT systems and support, paper archives, electronic records, recorded telephone calls
We outsource our IT hardware and systems support. Certain operating and record keeping systems are provided by third parties. These third parties may have access to data for support, service, backup and trouble-shooting purposes. We have agreements in place with these third parties to restrict their access to and use of this data.
Financial services regulators, Financial Ombudsman, government and law enforcement agencies
These entities have a legal right to access our records and we have a legal obligation to disclose any information we hold in certain circumstances.
Credit reference agencies, fraud prevention agencies and related service providers
In order to meet our obligations in respect of The UK Money Laundering and Proceeds of Crime Regulations we may, with your consent, use a third party electronic verification system to verify your identity. This is undertaken as part of the initial client appointment, and may be repeated at any time for the duration of the service(s) we provide to you.
We may have to share information with tax authorities, either directly with overseas authorities or via Her Majesty’s Revenue and Customs who may share that information with the appropriate tax authorities abroad.
Our professional advisers and insurers
Our appointed auditors, lawyers, accountants, other professional advisers and insurers may require access to the client information we hold in order to provide us with advice or insurance.
Your professional advisers and representatives
We may share information with your lawyers, accountants and other professional advisers if you request this. We may also share information with persons such as a Power of Attorney, Trustee, Executor or personal representative.
Analysis of traffic using our website may be undertaken by selected third parties on our behalf.
We may transfer our records to a third party as part of a sale or transfer of some or all of the business to a regulated third party.
Data transfers outside of the EU
We may share personal data outside of the EU where it is necessary to deliver the service we are providing. Where data is shared outside of the EU, we have a regulatory obligation to only transfer to States with an ‘equivalent’ standard of data protection and to have in place a data transfer agreement to protect the security and management of the data being transferred.
6. The lawful basis upon which we process personal data and what this means
Part 3 includes the lawful basis upon which we process personal data and the following is a brief explanation of what this means.
The Lawful basis under EU directive 2014/65/EU Article 6, 1(f) Legitimate Interests means the processing is necessary, without your explicit consent, for the legitimate business interests of Longspur Capital, unless these interests are overridden by your interests or fundamental rights. Our legitimate business interests are explained in Part 2 of this privacy notice.
You have the right to object to us processing your personal data on the lawful basis of legitimate interests, but to do so may mean that we are unable to provide services to you. If you wish to object, please use the contact details in Part 1 to do so.
7. The retention periods for personal data
The retention period for personal data varies, depending on our regulatory obligations and complaints time barring rules. The table below shows the various retention periods, and relates to all forms of records such as paper, electronically stored records, emails and recorded telephone calls.
Records relating to: Retention Period
• Client agreements and Terms of Business: The duration of the agreement plus fifteen years
• Transactional records: Indefinitely
• Complaints: Indefinitely
8. Your rights as a data subject
The GDPR provides you with the following rights in relation to your personal data processed by us:
The right to be informed
You have the right to be informed how your data will be processed and of your rights. The required information is provided in this Privacy Notice.
The right of access
You have the right to obtain confirmation that your personal data is being processed and have access to this. When requested by you, we must provide you with a copy of the information free of charge within one month. However, we can charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive. We may also charge a reasonable fee to comply with requests for further copies of the same information. Data access requests should be submitted using the contact details in Part 1 of this Privacy Notice.
The right to rectification
You are entitled to have personal data rectified if it is inaccurate or incomplete. We must respond to a request for rectification within one month. This can be extended by two months where the request for rectification is complex. Data rectification requests should be submitted using the contact details in Part 1 of this Privacy Notice.
The right to erasure
You may request the deletion or removal of your personal data where there is no compelling reason for its continued processing. We may, however, decline the request where we have a legal or regulatory obligation to retain the data, or where it is being used in the exercise or defence of a legal claim. In such circumstances we will write to you explaining our reasons for declining your request for the data to be erased. Data erasure requests should be submitted using the contact details in Part 1 of this Privacy Notice.
The right to restrict processing
You have a right to ‘block’ or suppress the processing of your personal data. When processing is restricted, we are permitted to store the personal data, but not to further process it. Data suppression requests should be submitted using the contact details in Part 1 of this Privacy Notice.
The right to data portability
Individuals generally have the right to data portability. However, this only applies to personal data where the processing is based on the legal basis of consent or for the performance of a contract; and it is carried out by automated means. This right does not apply to your personal data that we process, as this is processed on the legal basis of Legitimate Interests and processing is not carried out by automated means.
The right to object to processing or withdraw consent
You have the right to object to your data being processed on the legal basis of Legitimate Interests and the right to object to direct marketing and data profiling. You also have the right to withdraw consent for us to process your information concerning health. Objections to, or withdrawal of consent for, data processing should be submitted using the contact details in Part 1 of this Privacy Notice.
The right to remedies, liabilities and penalties
You have the right to report any concerns you have about the way we have processed your personal data to the Information Commissioner’s Office. You may do this online at https://ico.org.uk/concerns/handling or in writing to Information Commissioner’s Offices at Wycliffe House’ Water Lane’ Wilmslow, Cheshire, SK9 5AF (telephone 0303 123 1113) or 45 Melville Street, Edinburgh, EH3 7HL (telephone 0303 123 1115).
9. The GDPR Principles
The GDPR Principles apply to all entities that control or process personal data on EU citizens and form the basis for this privacy notice. The Principles require that personal data shall be:
a) processed lawfully, fairly and in a transparent manner in relation to individuals;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Leo RegTech Limited, incorporated and registered in England and Wales with company number 04829021, acting through its French branch located at 128 rue de la Boétie 75008, Paris, France, is a designated representative of Longspur Capital Limited (the “Company”) in the European Union, in accordance with article 27 of the EU General Data Protection Regulation (2016/679/EU) (the “GDPR”).
The Company has mandated Leo and its branch to be the EU Representative of the Company with regards to any communications or enquiry from the Supervisory Authority and/or data subjects on all issues related to the processing of personal data.
If you are in the EU, please contact Leo at the following details:
Address: FAO EuroRep, c/o Leo, 128 rue de la Boétie 75008, Paris, France
When contacting Leo regarding the Company, please quote the name of the Company and the Ref: 0086.
If you would like to discuss anything in this Privacy Notice, please contact the Compliance Director who is the person responsible for Data Protection within the firm. You may contact them in writing at 20 North Audley Street, London W1K 6WE, by telephone on 020 3940 6607, or by email to firstname.lastname@example.org.
Longspur Capital is a clean energy specialist offering investment management, corporate finance and investment research.
20 North Audley Street, London, W1K 6WE
10 Castle Street, Edinburgh, EH2 3AT, United Kingdom
+44(0)203 940 6608
Longspur Capital Limited, are authorised and regulated by the Financial Conduct Authority (FRN 839313). This website is for information purposes only and is not to be regarded as an offer or solicitation to buy any financial product. The value of investments may go down as well as up. Please be advised that the views and opinions expressed in the website may not reflect the views and opinions of Longspur Capital Limited. Longspur Capital is registered in England, company number 11011596.
+44(0)131 357 6770
© 2022. Longspur Capital.
All Rights Reserved