Site Services

Privacy Policy

IMPORTANT INFORMATION

Dunedin Enterprise Investment Trust PLC ("we", “our”) are committed to protecting and respecting the confidentiality, integrity and security of personal information about individuals whose data we hold ("you", "your").

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us, and how we comply with our responsibilities under applicable data protection laws, including, when and to the extent in force, the General Data Protection Regulation (Regulation (EU) 2016/679), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003, all as amended and updated from time to time ("Data Protection Laws"). Please read this policy carefully.

DATA CONTROLLER

For the purposes of processing your personal information under this policy in compliance with the Data Protection Laws, we are the data controller and we are situated at Saltire Court, 20 Castle Terrace, Edinburgh, EH1 2EN.

We have appointed a Data Privacy Manager who is responsible for overseeing compliance with Data Protection Laws and this privacy policy (please see Contact Us below for details of how to contact them in relation to this policy or your personal data).

HOW WE COLLECT PERSONAL INFORMATION

We collect information from you when you interact with us, e.g. when:

  • you are an actual or potential investor;
  • you are a business owner, prospective job applicant or other individual who is interested in the work we do or the opportunities we provide;
  • you visit www.dunedinenterprise.com (“our website”);
  • you send us an email, for example if you send us your CV for recruitment purposes;
  • you sign up to our news notifications via any registration form on our website;
  • you contact us by any means with queries, interests or concerns;
  • you have an appointment with us;
  • you visit one of our offices which have CCTV systems which record your image for the security of both visitors and staff; and / or
  • you choose to provide us with your personal information during business encounters, for example in the form of a business card.

THE PERSONAL INFORMATION COLLECTED

Investors, consultants, suppliers, advisers and existing and potential business partners

The information that we collect includes first names, last names, email addresses, work addresses, and information required to verify your identity, including passports, identification documents and proof of home addresses for Know Your Customer checks, anti-money laundering, references, background checks and other similar checks. Other information will also be collected where it is contained in consultancy agreements, engagement letters or other forms of written agreements.

If you subscribe to our regulatory updates, we will collect your name, email address and place of work. This information will be used to send you news and other updates (which may include marketing material). If you would like to stop receiving this information, please contact us at [email protected] or click the unsubscribe link in our marketing emails.

PURPOSES FOR WHICH WE MAY USE YOUR PERSONAL DATA

We have set out below the purposes for which we may use your personal data:

  • responding to your enquiries and resolving your complaints;
  • communicating with you about financial reporting and regulatory updates (if you would like to stop receiving these communications, please contact us at [email protected]);
  • communicating with you about potential business, partnership or career opportunities;
  • compliance with Know Your Customer, anti-money laundering, references, background and other similar checks on Dunedin LLP;
  • obtaining professional services from our lawyers, accountants, consultants and auditors;
  • conducting market due diligence or other due diligence in respect of potential or actual investment opportunities;
  • in relation to a transfer to a potential buyer or merger partner, including their advisers in connection with an actual or potential merger or acquisition; and/or
  • administering and managing our relationship with you.

 

OUR USE OF YOUR INFORMATION

Data Protection Laws only permit us to process your personal data to the extent that one of the lawful bases set out in the Data Protection Laws applies to that processing. 

In processing your personal data, we will rely on one of the following lawful bases for our processing:

  • it is in our or others’ legitimate interests to do so (as described below), and such interests are not overridden by your privacy interests;
  • it is required or desirable to meet our legal or regulatory responsibilities, including our fiduciary duties and FCA obligations to our clients or when we make the disclosures to authorities, regulators or governmental bodies;
  • in some cases, it is necessary for us to enter into, and perform our obligations under, our contract with you; and/or
  • we have obtained your consent to do so.

 

Where appropriate, we may rely on the following legitimate interests as our lawful basis for processing:

  • to study how our users use our services;
  • to develop our services and grow our business;
  • for running our business.

 

We may process your personal data relying on more than one lawful bases depending on the specific purpose for which we are using your data.  Please contact us using the contact details set out below (see Contact Us) if you need details about the specific lawful basis on which we are relying to process your personal data or if you would like further information on how we have balanced our legitimate interests against your privacy interests.

WHO WE SHARE YOUR INFORMATION WITH

Dunedin LLP

We share your information with Dunedin LLP in order to be able to manage your investments on our behalf. We will ensure that Dunedin LLP has agreed to protect and maintain the confidentiality and security of information that we share with them.

Service providers

We share your information with third parties, including Dunedin LLP entities, subcontractors, agents and service providers who need your information in the course of providing services for and on behalf of us for the purposes specified in this privacy statement. Where a third party is used for these specified reasons, we will ensure that each such service provider has agreed to protect and maintain the confidentiality and security of information that we share with them.

Third party IT providers

We engage trusted third-party IT providers. For example, information about event attendees are held on our CRM system which is hosted by a third-party IT provider. Information will only be transferred to third party IT providers where reasonably necessary to enable us to fulfil the purposes set out in this privacy notice, and we will ensure that those providers have agreed to protect and maintain the confidentiality and security of information that we share with them.

Potential merger or acquisition

In addition, we may share information with a potential buyer, seller, co-investor or joint venture partner and their advisers in connection with any actual or potential acquisition, sale, joint venture or similar transactions in connection with the portfolio companies managed and/or invested by Dunedin LLP on our behalf.

Where required or permitted by law

We may disclose your personal information: (a) as required or permitted by, or to comply with, applicable law, regulation, court process or other statutory requirement; (b) in response to requests from or required by any regulatory, supervisory or governmental authorities or (c) to comply with Know Your Customer, anti-money laundering, references, background and other similar checks.

THIRD PARTY SITES

When using our website, you may be directed to other sites that are beyond our control and there are links to other sites outside our service. We are not responsible for and accept no liability in relation to these sites and you should read the privacy policy of any new site that you visit.

TRANSFERRING INFORMATION INTERNATIONALLY

We do not intend to transfer any personal data we hold about you to a country outside the European Economic Area ("EEA"). If we do transfer any of your personal data outside the EEA, we will ensure that an adequate safeguard (compliant with Data Protection Laws) is implemented.

SECURITY

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place physical, electronic and managerial procedures to safeguard and secure the information we collect.

RETENTION AND DELETION

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of your personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal and regulatory requirements.

COOKIES

When you visit our website, we use cookies to distinguish you from other users of our website. For detailed information on the cookies we use and the purposes for which we use them please refer to our Cookies Policy.

YOUR RIGHTS

You may request to obtain personal information we hold about you at any point by making a request in writing to us using the contact details set out below (see Contact Us).  On receipt of such request, we will provide you with a copy of the information we hold about you within one (1) calendar month, unless we require more time to respond fully to your request, in which case we will notify you in writing within that one (1) calendar month period. Any additional copies of any information we provide to you may be subject to a reasonable fee.

You also have other rights under Data Protection Laws in relation to your personal data. In particular, you have:

  • the right to request that we rectify or erase information we hold about you in certain circumstances;
  • the right to ask us to limit our processing of your information;
  • the right (if we are processing information based on your consent, such as for marketing purposes) to withdraw your consent;
  • the right to object to certain processing of your information (including the right to object to processing of your personal data for direct marketing purposes at any time); and
  • the right to ask us to move, copy or transfer your personal information to another organisation.

 

If you wish to exercise any of these rights, please contact us by using the contact details below (see Contact Us).

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

CONTACT US

If you have any queries about this policy or your personal data, or you wish to submit an access request or raise a complaint about the way your personal information has been handled, please do so in writing and address this to our Data Privacy Manager at Dunedin Enterprise Investment Trust PLC, 20 Saltire Court, Edinburgh, EH1 2EN or by email to [email protected].

COMPLAINTS

If you are not satisfied with our response to any queries or complaints you raise with us or believe we are not processing your personal data not in accordance with the Data Protection Laws you can complain to the Information Commissioner’s Office (https://www.ico.org.uk/) (the “ICO”).  We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

SCOPE OF THIS NOTICE

This notice applies to potential and actual investors, consultants, suppliers, advisers, actual and potential business partners, recruitment candidates, and visitors to our office and website.

UPDATES

We may make changes to this data protection policy at any time. We will make reasonable endeavours to notify you of any changes to this policy in writing.

This privacy statement was updated on 22nd Oct 2019.

Powered by Sitecore