Privacy Notice - Mainspring Fund Services

General information

At Mainspring Fund Services Ltd and Mainspring Nominees Limited (‘Mainspring’, ‘we’, ‘us’, and ‘our’) we take data protection very seriously. We are committed to respecting your privacy and protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA) and the Privacy in Electronic Communications Regulations 2003.

For the purposes of data protection legislation, the Data Controller in respect of your personal data is Mainspring Fund Services Ltd or Mainspring Nominees Limited, depending on which one is providing the relevant service to you. For information about which is the applicable data controller please contact us.

Within Mainspring, responsibility for Data Protection resides with the Chief Technology Officer who can be contacted at the details provided below. Mainspring has also appointed an external Data Protection Officer.

This privacy notice (which from now on we will refer to as our privacy policy) explains:
• why we are able to process your information;
• what purpose we are processing it for;
• whether you have to provide it to us;
• how long we store it for;
• whether there are other recipients of your personal information;
• whether we intend to transfer it to another country; and
• whether we do automated decision-making or profiling.

It also sets out your rights and who you can contact for more information.

What is personal information?
Personal information is anything that enables you to be identified or identifiable, such as your:
• First and last names
• Postal and email addresses
• Telephone numbers
• Identity documents (e.g. passports & driving licence)
• Identity numbers (e.g. National Insurance and Bank accounts)
• Career & educational documents (e.g. CVs & qualifications)
• Contact information
Your personal information is sometimes called “personal data”. We collectively refer to handling, collecting, protecting or storing your personal information as ‘processing’.

Collecting your personal information
Below are just some examples of how you may provide personal information to us:

• Asking us to provide information, goods or services to you or someone else
• Contacting us
• Searching and browsing our website
• Subscribing to our newsletters
• Accessing our online publications
• Registering for or attending our events
• Submitting CVs or work history information to us
• Providing us with business cards or other contact information
We may also obtain personal information about you from third parties (other individuals or organisations) or from publicly available sources, in particular from:

• GB Group PLC (https://www.gbgplc.com): for ID Verification
• Dun & Bradstreet Limited (https://www.dnb.com): for corporate structure ‘look throughs’
• Factiva Limited (https://www.dowjones.com): for adverse media and sanctions checks
• Experian Limited (https://www.experian.co.uk/): for bank account verification

Using your personal information
When you provide personal information to us, we may use it for any of the purposes described below or as stated at the point we collect it from you (or as may obvious to you from the context of collection), including:

• To provide information or services that you have requested
• To make contact with you
• To manage our relationship with you
• To develop our businesses and services
• To consider whether to offer someone employment with us
• To administer and manage our website including
• To conduct quality and risk management reviews
• Any other purposes for which personal information has been provided to us, including any of the purposes given in the ‘Collection of personal information’ section above.

We do not collect personally identifying information for sale to third parties.

Legal grounds for processing your personal information
We rely on one or more of the following processing conditions:

• To perform our contractual obligations to you; and/or
• To satisfy any legal and regulatory obligations to which we are subject; and/or
• To satisfy our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our businesses (where this does not interfere with your rights); and/or
• When you have agreed (consented) to us processing your personal information.

Security of your personal information
We have implemented generally accepted standards of technology and operational security in order to protect personally identifiable information from loss, misuse, alteration or destruction.

Only authorised persons are provided access to personally identifiable information we have collected, and such individuals have agreed to maintain the confidentiality of this information.

Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure.

We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to or by us.

Sharing your personal information

Mainspring Nominees may transfer, share or disclose the personal data collected on you with Mainspring Fund Services in order to provide our services, as both entities are part of the same economic group and operate jointly as one business and assist each other in providing services to clients of that economic group.

We may transfer, share or disclose the personal data we collect from you to third parties (other organisations or individuals) for:

• The purposes for which the information has been submitted
• The purposes listed above under ‘Use of personal information’
• Other internal or administrative purposes
• As agreed between us

We may also transfer share or disclose personal data to third party service providers of identity management, website hosting and management, data analysis, data backup, security and storage services. These third parties may use subcontractors (also known as sub-processors) that have access to your personal data.

It is our policy to only use third parties that are legally and contractually bound to maintain levels of security and confidentiality the same as our own (see security of personal information) to process personal information only as instructed by us, and to flow those same obligations down to their subcontractors.

We may also disclose personal information to third parties under the following circumstances:

• When explicitly requested by you
• When required to deliver goods or services requested by you
• When required to facilitate our conferences or events that you have asked to attend which are hosted by a third party
• As otherwise set out in this privacy policy.

We may also disclose your personal information to law enforcement, regulatory and other government agencies and to professional bodies and other third parties, as required by and/or in accordance with applicable law or regulation.

The third parties we may transfer share or disclose the personal data we collect from you to are:
• Professional advisors
• IT support
• Software providers
• Banks & other financial services
• Printers
The above list is subject to change.

International transfers of your personal information
Your personal information may be accessible from the United States of America. We have put in place contractual arrangements which satisfy legal requirements for the transfer of personal data outside the UK.

Retention (storage) of your personal information
We will retain your personal information only for as long as we need it, given the purposes for which it was collected, or as required to do so by law.

Normally, this means we will retain your personal information for a minimum of seven years. For more information, please contact us.

Your rights
You have certain rights in relation to the personal information we hold about you. In particular, you have the right to:

• Request a copy of personal information we hold about you;
• Ask that we update the personal information we hold about you, or correct such personal information that you think is incorrect or incomplete;
• Ask that we delete personal information that we hold about you, or restrict the way in which we use such personal information;
• Object to our processing of your personal information; and/or
• Withdraw your consent to our processing of your personal information (to the extent such processing is based on consent and consent is the only permissible basis for processing).

If you would like to exercise these rights or understand if these rights apply to you, please contact us.

Marketing
We only send marketing materials to companies and other corporate entities, (not individuals, as defined in the Privacy and Electronic Communications Regulations). Therefore, we are not legally required to obtain prior consent to provide those marketing materials.

If you opt into any subscriptions, you will receive emails known as newsletters. If you want to unsubscribe from any subscriptions, you should look for and follow the instructions we will provided in the relevant communications to you.

If you choose to unsubscribe from any or all mailings, we may retain information sufficient to identify you so that we can honour your request.

Automated decision making
We will not use your personal information for automated decision making or profiling.

Our website
We collect personal information from you when you use our website. Our website may link to third-party websites not controlled by us and which do not operate under our privacy practices. When you link to third-party sites, our privacy policy no longer applies. We encourage you to review each third-party website’s privacy policy before disclosing any personally identifiable information.

Cookies
Please see our cookies policy.

Contacting us
If you have any questions or complaints about the way your personal information is processed by us, or would like to exercise one of your rights set out above, please contact us by one of the following means:

Form: www.mainspringfs.com/mainspring/contact/

Email: stephen.doherty@mainspringfs.com (please address to the Chief Technical Officer)

Tel Number: 020 3019 0900

You also have the right to lodge a complaint with your local data protection regulator, which in the UK is the Information Commissioner Office (ICO). The ICO can be contacted by the following means:

Form: www.ico.org.uk/global/contact-us/email/

Telephone: 0303 123 1113. If you’re calling from outside the UK, please call +44 1625 545 700.
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire
SK9 5AF

Updating
We may update this Privacy notice at any time by publishing an updated version here. So that you know when we make changes to this Privacy Statement, we will amend the revision date at the top of this page. The new modified or amended privacy policy will apply from that revision date.

Therefore, we encourage you to review this privacy policy periodically to be informed about how we are protecting your information.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.