Midven’s ICO registration number is: Z8508972.
Personal data we may collect about you
Where we collect data that identifies an individual this is classed as “personal data”. Personal data may include (but is not limited to) a name, date of birth, contact address and telephone number.
The types of personal data we may request are:
- Full name and title including any previous names
- Photographic proof of identity (typically passports or photo driving licences)
- Proof of address (utility bill)
- Marital status
- Contact information such as residential address, email address and telephone numbers
- Tax information (unique tax reference number and national insurance number)
- Information regarding your investment experience, wealth, source of funds and bank details
- Information regarding your knowledge of investment and types of transactions undertaken
- Employment history and salary details
- Marketing preferences, which include the type of information you wish to receive and how
- Information we learn from you such as requests, transactions, services provided or offered, any advice or recommendations made, a log of meetings, telephone recordings (where permitted and required for regulatory purposes) complaints and dissatisfaction notes, as well as email exchanges
The above list is not exhaustive and we may periodically require additional information in order to satisfy our legal and regulatory obligations. Where additional information is required we will provide you with a reasonable explanation of why it is required unless we are prevented from doing so by law.
The firm may use methods such as pseudonymisation which is a process whereby the firm can replace identifying fields of data with other non-identifying data fields in order to anonymise the data from the individual therefore meaning the data is no longer personal. The firm may use this method where we are required to retain certain types of information for clients, such as number of females and males employed, jobs created and average salaries paid. This type of statistical data is often required for ESG (environmental, social and governance) investment purposes by clients to show value added investments made by the firm on behalf of its clients.
Data collected by cookies
What is a cookie
A cookie is a small piece of text that is stored on your computer, phone or other mobile device when using a browser to connect to the internet, and they are used to store information about you or your computer. Unless you have specifically set your computer to reject cookies, websites will already have been using cookies to enhance your online experience.
Use of this website
The type of data we collect when you visit our site may include your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site as well as the types of products and services and searches you conduct on our site.
In order to comply with EU regulations, visitors to our website have the option of accepting our cookies. We recommend you allow the cookies for this website as they help us provide a better service. If you do not want to receive cookies from this website, select cookie settings under the privacy settings in your browser options, then add our domain to the list of websites you do not want to accept cookies from.
The cookies we use on midven.co.uk collect basic information about our visitors including what pages have been visited and how they found our website. The information we gather does not identify anyone and we make no attempt to find out who has been to our site.
What we do gain from this information is a better understanding of what our users are interested in on our website and how we can improve the experience.
The cookies we use
- Google Analytics: The Google Analytics cookie contains a randomly generated ID used to recognise your browser when you read a page. The cookie contains no personal information and is used only for web analytics.
- Cookie Acceptance: This cookie monitors whether or not you have accepted cookies on our site.
- Software Session Application: This cookie saves application data for eight days, so that you may take a break; this data is never transmitted away from your computer.
Managing your cookies
For further information on how to manage your cookies with a specific browser, please click the appropriate link below:
To manage your Google Analytics cookies, you can visit the Google Analytics help page, however please bear in mind that information obtained from Google Analytics goes towards improving the user experience on our site.
Special category data
Special category data refers to any data which is sensitive and is subject to additional rules and requirements under the General Data Protection Regulations. Special category data may include information regarding: Criminal convictions and offences, race, ethnicity, religious or philosophical beliefs, political opinions, sexual orientation, trade union membership and information about your health, genetic and biometric data.
As a general rule we do not collect any Special Category Data about you. However, we are required to request information relating to criminal convictions as part of our recruitment process for staff and contractors undertaking regulated activities and as such we require consent from the individual for this. If we are required by law to request any special category data from you, asides from the reasons mentioned above we will provide you with a reasonable explanation as to the nature and purpose for this request and obtain your consent. We would not be able to proceed without your consent unless there was a lawful reason for doing so.
How we collect your personal data
Typically, where we are required to obtain your personal data we will request it from you. However, we may also from time to time receive your personal data through intermediaries where you have authorised the sharing of your personal data with us. Intermediaries may include accountants, solicitors, independent financial advisors, tax advisors and wealth managers who may be working on your behalf. Personal data may be provided to us via post, in person, email or via a specially created secure data room / platform. The data we collect may be facilitated by way of completing an application form or questionnaire or by responding to information requests from us. We may also receive information from publicly available resources.
Why we collect your personal data
We only collect your personal data where we believe we have a legitimate business interest with you or we have a lawful purpose to do so. These reasons may include but may not be limited to circumstances where you:
- are a shareholder in one of the companies with which we have an administration and / or management agreement
- are a limited partner or an investor in one of the funds to which we are appointed manager / operator, or any other such investment schemes under our management
- are actively receiving investment services or products from us under a contractual arrangement or engagement
- consent to receiving communications from us
- have a contractual agreement with us
- request resources or marketing be sent to you
- give us feedback, or some other form of legitimate business interest with you.
How and why we use your personal data
Typically, we only use your data to be able to perform our duties under contracts we may have with you or where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We may process your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data. Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by emailing us and also please email us if you need details about the specific legal ground we are relying on to process your personal data, at email@example.com.
You will receive marketing communications from us if you have:
- requested information from us or have a contractual agreement with us; or
- if you provided us with your details and have positively consented to us sending you marketing communications; and
- in each case, you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any third party for marketing purpose, you should be advised that consent is not infinitive and you can opt-out from receiving marketing communication from us at any time by emailing firstname.lastname@example.org.
When you opt out of receiving our marketing communications, this will not apply to communication we make with you in relation to a legitimate business interest or lawful purposes, such as the performance of a contract we may have with you.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal grounds for this. We may process your personal data without your knowledge or consent only where this is required and permitted by law.
Sharing and disclosure of your personal data
We may share your personal data with the parties set out below for legitimate business interests and lawful purposes, these may include but are not limited to:
- Other companies in our group who provide IT and system administration services and undertake leadership reporting. Service providers who provide IT and system administration services
- Professional advisers including lawyers, bankers, auditors, tax advisors and insurers who provide consultancy, banking, legal, insurance, tax and accounting services
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances which may include but is not limited to the Financial Conduct Authority
- Fraud prevention agencies
- Third parties to whom we sell, transfer, or merge parts of our business or our assets.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
We do not share or transfer your data outside of the European Economic Area (EEA).
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Please email email@example.com if you like further information regarding international transfers or visit the ICO (Information Commissioner’s Office) website https://ico.org.uk/for-organisations/guide-to-data-protection/principle-8-international/ .
The security of your data
We have put in place adequate, proportionate and appropriate security measures as is required of an authorised firm to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with data breaches in accordance with the GDPR (General Data Protection Regulation) and we will notify you and any applicable regulator of a breach where we are legally required to do so.
Data retention periods
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we must keep basic information about our customers (including contact, identity, financial and transaction data) for six years for tax purposes and for at least five years after a client ceases to be a client under the UK money laundering regulations 2017.
In some circumstances we may pseudonymise your personal data for statistical purposes in which case we may use this information indefinitely without further notice to you.
GDPR personal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
- Request access to your personal data (subject access request)
- Request correction of your personal data
- Request erasure of your personal data
- Object to processing of your personal data
- Request restriction of processing your personal data
- Request transfer of your personal data
- Right to withdraw consent
For further information visit or if you wish to exercise any of the rights set out above, please email us at firstname.lastname@example.org.
You will not have to pay a fee to access your personal data, or to exercise any of your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. In order to respond to a subject access request, we will need to confirm your identity as a security measure to safeguard you from your personal data from being disclosed to non-authorised third parties. Please provide us with as much information as possible to enable us to comply with your request within an acceptable time-frame. We are required to respond to subject access requests where practically possible within 30 days and if this is not possible we will provide you with a reasonable explanation as to why this cannot be achieved.
We will make all reasonable efforts to ensure the data we hold on you is accurate and up to date and to correct any inaccuracies that we become aware of. Please help us to comply with our obligations by letting us know of any changes in relation to the data we hold about you as It is very important that the information we hold about you is accurate and up to date. Please email email@example.com with any required updates or amendments.
Complaints and queries
If you are not happy with any aspect of how we collect and use your data, please contact firstname.lastname@example.org and we will do our best to resolve your issue. You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
21 May 2018