Northstar Ventures Limited (company number 05104995) (“Northstar”) respects your privacy and is committed to protecting your personal information. The EU General Data Protection Regulation (the GDPR) is coming into force in the EU (including the UK) on 25 May 2018 and enhances an individual’s rights in relation to personal information about them. At all times we aim to respect any personal information you share with us or that we collect about you and keep it safe.
This Privacy Notice (“Notice”) sets out our data processing practices when you interact with us including online through our website – www.northstarventures.co.uk– and your rights and options regarding the ways in which your personal information is used.
It is important that you read this privacy notice together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
This Notice contains important information about your personal rights to privacy. Please read it carefully to understand how we use your personal information.
The provision of your personal information to us is voluntary. However, without providing us with your personal information, your use of our services may be impaired. For example, you will be unable to contact us via this website or we may not be able to invest in your company.
1.1 When you give it to us directly
For example, personal information that you give us by signing up for our email newsletter, contacting us through our Contact Us page or if you apply for a job with us, or personal information that you provide in any way to any of our staff.
If we are in contact with you in relation to one of the funds that Northstar manages investing into, or alongside, your organisation, we will use the information you give us for administration and analysis. The majority of the information will not include personal information. However, we may collect certain categories of personal information. We will collect contact details and job titles for you and other staff members at your organisation in order to contact you about the application or for due diligence. We may also use these details in the future to contact you about initiatives which we think will be of interest to you, such as surveys related to Northstar’s work, invitations to Northstar events and to feature in our case studies. If we are in contact with you for an investment opportunity, as part of our due diligence on the investment, the personal information we may also collect includes CVs, biographies, salary information and references for key people in your organisation. The majority of this will be information which you, or someone at your organisation, give(s) us. In some cases, it will come from third parties such as when we seek references.
We may give copies of all or some of this information to individuals and organisations we consult when assessing applications, conducting due diligence, administering and monitoring investments and evaluating processes and impacts and our systems and controls. These organisations may include accountants, our stakeholders, insurers, the Financial Conduct Authority and organisations or groups involved in delivering our investments. We will share your contact details and job title with third parties who want to get in touch with us about investing in or partnering with you. We may make public aggregated, anonymised data as part of our research, impact reporting and engagement work.
1.2 When you visit our website
When you visit our website, we automatically collect the following types of personal information:
(a) Technical information, including the internet protocol (IP) address used to connect your device to the internet, browser type and version, time zone setting, browser plug-in types and versions and operating systems and platforms.
(b) Information about your visit to the websites, including the uniform resource locator (URL) clickstream to, through and from the site (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, referral sources, page interaction information (such as scrolling and clicks) and methods used to browse away from the page.
We also collect and use your personal information by using cookies on our website – please see our Cookie Notice.
1.3 When we obtain it frompublicly available sources
Your personal information may be available to us from external publicly available sources. This may include information available on Companies House, the Charity Commission and other charity registers, reputable media articles, publications and company websites and professional networking sites such as LinkedIn. Depending on your privacy settings for social media services, we may access information from those accounts or services, including from Facebook, Instagram and Twitter.
1.4 When we obtain it from third parties
For instance, we may obtain personal information about you from professional advisors and other finance providers.
In general, we may combine your personal information from these different sources for the purposes set out in this Notice.
1.5 Duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
We may collect, store and otherwise process the following kinds of personal information:
(a) your name and contact details, including postal address, telephone number, email address and, where applicable, social media identity;
(b) information about your professional status and background in the context of understanding your potential interest in our services;
(c) information about your experience and education if you apply for a job with us or you apply for a management position in one of our portfolio companies;
(d) information about your computer/mobile device and your visits to and use of this website, including, for example, your IP address and geographical location;
(e) information about our services which you use/ which we consider may be of interest to you;
(f) information you provide in any way to any of our staff in the context of a potential commercial acquisition or investment, including about your health or criminal convictions.
2.2 Do we process special categories of personal information?
The General Data Protection Regulation (“GDPR”) recognises certain categories of personal information as sensitive and therefore requiring more protection, for example information about your health, ethnicity and political opinions. We do not intentionally collect special categories of data through our website.
When we process special category data (on health) we will only do so where you have voluntarily provided this information to us and you have confirmed your explicit consent for our use unless processing is necessary for compliance with our legal and regulatory obligations.
When we process data on criminal convictions we do so because it is necessary for compliance with our legal or regulatory obligations.
Your personal information, provided to us through the means set out in point 1 above, will be used for the purposes specified in this Notice. In particular, we may use your personal information:
(a) to provide further information about our work, services, activities or products (where necessary, only where you have provided your consent to receive such information)
(b) to answer your questions/requests and communicate with you in general;
(c) to analyse and improve our work, services, activities, products or information (including our website) and to hold a list of contacts (such as other finance providers) that we work with or would wish to work with;
(d) to report on the impact and effectiveness of our work, in particular to stakeholders in our funds, i.e. investors in those funds and the ultimate providers of those funds (including The North East Fund Limited, North East Access to Finance Limited, the European Investment Bank, European Regional Development Fund, DCLG, BEIS, British Business Bank, Big Society Capital, Esmée Fairbairn Foundation, Joseph Rowntree Foundation, The Northstar Foundation;
(e) to run/administer our website, keep the website safe and secure and ensure that content is presented in the most effective manner for you and for your device;
(f) to register and administer your participation in events;
(g) to satisfy legal obligations which are binding on us, for example in relation to regulatory, government and/or law enforcement bodies with whom we may work (for example requirements relating to the payment of tax or anti-money laundering). As a regulated firm, we are required to conduct due diligence on investors in our funds, organisations in which our funds invest, directors and senior management or trustees of those organisations, individuals and organisations we invest alongside and purchasers when we exit an investment, for the purposes of preventing financial crime. In order to fulfil our obligations, we are required to verify the organisation’s identity and conduct certain background screening. This may include verifying the identity of the organisation's shareholders, beneficial owners, management, directors, trustees or officers and/or other relevant information. To assist us with the verification and screening process, contact details you provide will be disclosed to credit reference and fraud prevention agencies which may keep a record of that information. If we need to conduct this due diligence using any of the personal information you have provided us with, you will be provided with further information prior to us doing so. We may also share this information with our lawyers and FCA-approved co-investors in relation to the particular transaction as is customary in the sector to avoid you having to provide the information more than once.
(h) to review your application for a job to work for us or an internship and to contact you about the position and any interview process;
(i) to review any applications for a management position where we are involved in the recruitment process for one of our portfolio companies;
(j) to carry out appropriate due diligence on shareholders and management team members in the context of a commercial acquisition or investment;
(k) to carry out our business activity as an investment fund manager;
(l) for the prevention of fraud or misuse of our services; and/or
(m) for the establishment, defence and/or enforcement of legal claims.
We may use your contact details to provide you with information about our work, events, services and/or products which we consider may be of interest to you (for example, about services you previously used). We will only contact you where we have informed you that we will and, where the law requires us to, we will obtain your prior consent.
If you meet an employee of Northstar, for example, at an event, and give them your contact details they will keep this information in order to contact you in the future about topics which might be of interest to you. They will also share this information with other staff members at Northstar and occasionally, they will pass it on to third parties who they think you would be interested to hear from. Similarly, we will sometimes receive your contact details from a third party who thinks you would be interested in hearing from us.
Where you do not wish to be contacted by us about our projects and/or services in the future, please let us know by email via email@example.com. You can opt out of receiving emails from Northstar at any time by contacting us at firstname.lastname@example.org.
In general, unless still required in connection with the purpose(s) for which it was collected and/or processed, we remove your personal information from our records six years after the date it was collected. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of erasure (please see section 9 below), we will remove it from our records at the relevant time.
If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to comply with your request and avoid sending you unwanted materials in the future.
The GDPR requires us to rely on one or more lawful basis to process your personal information. We consider the grounds listed below to be relevant:
(a) Where you have provided your consentfor us to use your personal information in a certain way (for example, we will ask for your consent to use your personal information to send you promotional or fundraising material by email, and we may ask for your explicit consent to collect special categories of your personal information).
(b) Where necessary so that we can comply with a legal obligationto which we are subject (for example, when we are required to carry out a Know Your Client check in the context of an investment or where we are obliged to share your personal information with regulatory bodies which govern our work and services).
(c) Where necessary for the performance of a contractto which you are a party or to take steps at your request prior to entering a contract (for example, if you apply to work for/volunteer with us).
(d) Where there is a “legitimate interest” in us doing so.
6.2 Legitimate interests
The GDPR allows us to collect and process your personal information if it is reasonably necessary to achieve our or others’ legitimate interests (as long as that processing is fair, balanced and does not unduly impact your rights).
In broad terms, our “legitimate interests” means the interests of running Northstar as a specialist fund manager enabling investors to invest in our funds and us to invest those funds in companies and other organisations; for example, providing information about our services, responding to queries, making investments and managing our investment portfolio, administering events and advertising our services.
When we process your personal information to achieve such legitimate interests, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
We may share your personal information with our third-party suppliers when they are processing personal information on our behalf.
Please note that if you are a shareholder or a director or a trustee in a company in the context of a commercial acquisition or investment that we are involved in, we are required to carry out Know Your Client checks. For this purpose, we use a third party – Veriphy (http://veriphy.com/). As part of using Veriphy, your personal information may be disclosed to a credit reference agency which may keep a record of your personal information and may disclose the personal information, and the fact that a search was made, to other customers for purposes of credit risk and occasionally to prevent fraud, for money laundering and debtor tracing.
We may need to disclose your personal information where legally required or upon request to regulatory and government bodies (such as HMRC) as well as law enforcement agencies. We may also merge or partner with other organisations and, in so doing, acquire or transfer personal information but your personal information would continue to be used for the purposes set out above.
We may need to disclose your personal information in order to comply with the terms of the fund management agreements for the funds that we manage which include reporting on the impact and effectiveness of our work to stakeholders in our funds, i.e. investors in those funds and the ultimate providers of those funds (including The North East Fund Limited, North East Access to Finance Limited, the European Investment Bank, European Regional Development Fund, DCLG, BEIS, British Business Bank, Big Society Capital, Esmée Fairbairn Foundation, Joseph Rowntree Foundation, The Northstar Foundation.
8.1 Northstar is committed to keeping your personal information safe and secure and we have appropriate and proportionate security policies and organisational and technical measures in place to help protect your information. For example, your personal information is only accessible by appropriately trained staff and contractors and stored on secure servers with features enacted to prevent unauthorised access.
8.2 In general, the personal information that we collect from you will be stored at a destination within the UK or European Economic Area (“EEA”). However, your personal information may sometimes be transferred or stored outside the EEA.
8.3 Please note that some countries outside of the EEA may have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals. Where your personal information is transferred, stored and/or otherwise processed outside the EEA in a country that does not offer an equivalent standard of protection to the EEA, we will take all reasonable steps necessary to ensure that the recipient implements appropriate safeguards (such as by entering into standard contractual clauses approved by the European Commission) designed to protect your personal information and to ensure that your personal information is treated securely and in accordance with this Notice.
8.4 Unfortunately, no transmission of your personal information over the internet can be guaranteed to be 100% secure – however, once we have received your personal information, we will use strict procedures and security features to try and prevent unauthorised access.
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for marketing purposes via the contact details in section 12 below or to unsubscribe from our newsletter at any time. You also have the following rights:
(a) Right of access– you can write to us to ask for confirmation of what personal information we hold about you and to request a copy of that information. Provided we are satisfied that you are entitled to see the personal information requested and we have successfully confirmed your identity, we will provide you with your personal information subject to any exemptions that apply.
(b) Right of erasure– at your request and where you are entitled to, we will delete your personal information from our records as far as we are required to do so. In many cases we will need to hold onto limited personal information about you in order to ensure we do not send you further communications.
(c) Right of rectification– if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated. You can also ask us to check the personal information we hold about you if you are unsure whether it is accurate/up to date.
(d) Right to restrict processing– you have the right to ask for processing of your personal information to be restricted if there is disagreement about its accuracy or legitimate usage.
(e) Right to object– you have the right to object to processing where we are (i) processing your personal information on the basis of the legitimate interests ground, (ii) using your personal information for direct marketing or (iii) using your information for research or statistical purposes.
(f) Right to data portability– to the extent required by the GDPR, where we are processing your personal information by automated means and either (i) because we have obtained your consent, or (ii) because such processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contact, you may ask us to provide your personal information to you – or another service provider – in a machine-readable format.
(g) Rights related to automated decision-making– you have the right not to be subject to a decision based solely on automated processing of your personal information which produces legal effects or similarly significant affects you, unless such a decision (i) is necessary to enter into/ perform a contract between you and us/ another organisation; (ii) is authorised by EU or UK (as long as that law offers you sufficient protection); or (iii) is based on your explicit consent.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing personal information requested to you.
Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you contact us using the details in section 12 below.
You are further entitled to make a complaint about us or the way we have processed your personal information to the data protection supervisory authority in your home country. In the UK this is the Information Commissioner’s Office (www.ico.org.uk). For further information on how to exercise this right, please contact us using the details below.
We may update this Notice from time to time so please check back periodically. We will notify you of significant changes by contacting you directly where we can reasonably do so and by placing a notice on our website. This Notice was last updated on 21/05/2018.
We link our website directly to other sites. This Notice does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy notices of any external websites you visit via links on our website.
Please let us know if you have any questions or concerns about this Notice or about the way in which Northstar processes your personal information by contacting us at the following channels:
Telephone: + 44 (0) 191 229 2783
Post: Northstar Ventures Limited, 5thFloor, Maybrook House, 27-35 Grainger Street, Newcastle upon Tyne, NE1 5JE.
Please mark the message for the attention of / ask for the Finance Director.