Notion Capital (“we”, “us”, “our”) are committed to protecting and respecting your privacy in accordance with data protection laws that are applicable in the UK from time to time.
Information we collect from you
Whether you are an individual investor or a director/shareholder of a company that we are thinking of investing in, or someone from within our network who wishes to have a relationship with us, we may collect and process different kinds of personal data about you, which we have grouped together as follows:
- Identity Data includes first name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from investments you are involved in and share information.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call us.
- Profile Data includes your username and password, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
Special category personal data
In certain circumstances, we may collect, store and use your sensitive personal data, known under the UK GDPR as ‘special category’ data. We will do this when you provide us with information about your racial or ethnic origin. Please see below for further details on how we process special category data.
How we collect your personal data
- Personal data you give us. This may include Identity Data, Contact Data and Financial Data about you that you give us by filling in forms on our site (our site) or by corresponding with us by phone, e-mail or otherwise. It includes personal data you provide when you register to receive Notion’s news and updates, subscribe to any of our services, participate in discussion boards or other social media functions on our site and when you report a problem with our site.
- Personal data we collect about you. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies. We may also collect your Identity Data and Contact Data from publicly available sources, to send you communications which make suggestions and recommendations to you about services or investments that may be of interest to you. You will always be provided with the opportunity to opt-out of receiving these communications (see “Marketing” below).
We will ask for your permission (Consent) to place cookies or other similar technologies on your device, except where they are essential for us to provide you with a service that you have requested.
If you do not want to accept any cookies, you may be able to change your browser settings so that cookies (including those which are essential to the services requested) are not accepted. If you do this, please be aware that you may lose some of the functionality of our website.
Uses made of the personal data
We use personal data held about you in the following ways: We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Generally we do not rely on consent as a legal basis for processing your personal data, other than in relation to sending third party direct marketing communications to you via email or text message, certain introductions or using non-essential cookies on our website.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
||Type of data
||Lawful basis for processing including basis of legitimate interest
|To register you when you sign up to join our network or apply for investment
|(a) Performance of a contract with you (b) Necessary for our legitimate interests (to develop our business)
|To process any payments by you or us: (a) Manage payments, (b) Collect and recover money owed to us (c) Transfer funds
(e) Marketing and Communications
|(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us)
(d) Marketing and Communications
|(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to make investment decisions, keep our records updated and to study how customers use our products/services)
|To research and develop potential investments and talent opportunities both within our existing network and the wider market
(e) Marketing and Communications
(f) Job history
|(a) Performance of a contract with you (b) Necessary for our legitimate interests (for running our business, and carrying out due diligence in preparation for an investment)
|To enable you to interact with us, through our website and social media platforms
(e) Marketing and Communications
|(a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how individuals interact with us, to help develop and grow our business)
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
|(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation
|To deliver relevant website content to you and measure or understand the effectiveness of the advertising we serve to you
(e) Marketing and Communications
|Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
|To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
||(a) Technical (b) Usage
||Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
|To make suggestions and recommendations to you about services or investments that may be of interest to you
(f) Marketing and Communications
|(a) Consent (where you are a consumer and you have opted in to receiving these suggestions and recommendations); or (b) Necessary for our legitimate interests (to develop our products/services and grow our business)
|Carrying out checks required by law such as Know Your Client and requirements necessitated by our LPs
|Necessary to comply with a legal obligation
|To invite you to events that we think may be of interest to you
(f) Marketing and Communications
|Necessary for our legitimate interests (to develop our products/services, grow our business, and educate our membership on relevant material)
|Making introductions within our network and candidate matching
|(a) Necessary for our legitimate interests (to manage and grow our professional network) (b) consent
|To manage our third party supplier relationships
|Necessary for our legitimate interests (for running our business and receiving services in relation to administration, IT, network security and office functionality)
Notion is likely to receive and store personal information as part of its investment evaluation process. If you are involved in a transaction that Notion and/or the funds that it manages or advises enters into, or a potential transaction that Notion considers, we may store personal information relating to you. This might include your CV, details of your previous employment history and professional activities, information relating to your financial status and dealings, nationality information (including copies of identity documents, such as a passport), references provided by third parties, and results of other due diligence carried out. We collect and store this information for the purposes of:
- Evaluating a transaction and your role in it;
- Executing transactions;
- Managing an investment once made;
- Maintaining records of investments;
- Meeting regulatory and legal obligations e.g. KYC checks;
- Safeguarding our legal rights and interests;
- Seeking and receiving advice from our professional advisors, including accountants, lawyers and other consultants; and
- Providing periodic business updates, as described below.
We store and process information in this way because it is necessary to:
- perform a contract to which you are likely to be a party;
- comply with a legal or regulatory obligation; and/or
- protect our legitimate interests in running and promoting our business.
How we will use your special category personal data
We may collect information about your race or ethnic origin to ensure meaningful equal opportunity monitoring and reporting. We will only do this where you have provided us with your explicit consent, to allow us to collect and process this type of information.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). If you are an individual, you will receive marketing communications from us because you have requested to receive them or previously entered into a contract with us and, in each case, you have not opted out of receiving marketing.
If we are contacting you as a business then we are entitled to contact you on the basis of our legitimate interests (to develop and grow our business) with marketing information provided that you have not previously opted out of receiving such communications. In some circumstances you may receive marketing communications from us if we have collected your Identity Data and Contact Data from a publicly available source, however you will always be provided with the opportunity to opt-out of receiving these communications.
We will get your express opt-in consent before we share your personal data with any company outside the Notion group of companies for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by contacting the DPO at 91 Wimpole Street, London W1G 0EF or email@example.com at any time.
Disclosure of your personal data
We may have to share your personal data with the parties set out below for the purposes set out above:
- Any member of the Notion Capital Group, which includes any Notion Capital entity that directly or indirectly controls, is controlled by, or is under common control with another Notion Capital entity acting as both controllers and processors based inside and outside the UK and EU.
Selected third parties including:
- Business partners, including portfolio companies and investors, acting as processors or joint controllers based inside and outside the UK and EU.
- Suppliers and sub-contractors acting as processors based inside and outside the UK and EU who provide IT and systems and administration services.
- Professional advisers acting as processors or independent controllers including lawyers, bankers, auditors and insurers based in the UK, the US and other jurisdictions outside the EEA who provide consultancy, banking, legal, insurance and accounting services.
- Regulators and other authorities, including HMRC acting as processors or joint controllers based in the UK who require reporting of processing activities in certain circumstances.
- Analytics and search engine providers based in jurisdictions both inside and outside of the UK and EU that assist us in the improvement and optimisation of our site.
Please contact the DPO at 91 Wimpole Street, London W1G 0EF or firstname.lastname@example.org if you want further information on the Notion Capital Group or any third party with whom we share your personal data.
We will disclose your personal data to third parties:
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
- If Notion Capital or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We share your personal data within the Notion Capital Group. This may involve transferring your data outside the UK and European Economic Area (EEA). Many of our external third parties are based outside the UK and EEA so their processing of your personal data will involve a transfer of data outside the UK and EEA. Whenever we transfer your personal data out of the UK and EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
Please contact the DPO at 91 Wimpole Street, London W1G 0EF or email@example.com if you want further information on the specific mechanism used by us when transferring your personal data out of the UK and EEA.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Details of retention periods for different aspects of your personal data are available in our Data Retention Register which you can request by contacting us.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. You have the right to ask us not to process your personal data for direct marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting the DPO at 91 Wimpole Street, London W1G 0EF or firstname.lastname@example.org. Under certain circumstances, by law you have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate personal data we hold about you corrected.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal data to another party. If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact us.
No fee usually required
You will not have to pay a fee to exercise any of your rights as set out above. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity to ensure that you do have a right to exercise any of your rights as set out above. This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Right to withdraw consent
We will not usually rely on your consent as the legal basis for processing your personal data. In the limited circumstances where we have requested you to consent to the processing of your personal data for a specific purpose, and you have provided such consent, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the DPO at 91 Wimpole Street, London W1G 0EF or email@example.com. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Third party sites
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We use a CRA, TransUnion, to provide KYC checks. Information about how TransUnion process your personal data can be found here: https://www.transunion.com/privacy/transunion.
This version was last updated in December 2020.