Last updated: November 2023
Personal data means any information that directly or indirectly identifies or otherwise relates to a living individual. It includes, for example: names, addresses, email addresses, job applications, photographs, video footage, employment records, records of donations and purchases made, bank details and correspondence to and from individuals. It also includes web browsing information (e.g., cookie data) and IP addresses.
For the purposes of United Kingdom (“UK”), Stanley Capital Partners LLP is the data controller. For the purposes of Guernsey, Stanley Capital Partners GP Limited is the data controller.
We collect personal data when provided to us by you:
We may also collect information and personal data automatically from you when you visit our Website. This information includes: (i) your IP address; (ii) device information including, but not limited to, name and type of operating system; (iii) mobile network information; (iv) standard web information such as your browser type and the pages you access on the Website; (v) transaction information (but not payment card or account details), including device information, transaction details, and IP address; (vi) security information including a list of certain installed software, device and internet connection information, and available space on the device.
Depending on how you use this Website, your interactions with us, the services your request from us, and the permissions you give us, the purposes for which we use your personal data include:
We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where these are required or permitted by law.
We do not make decisions about you based on automated processing of your personal data.
We collect the following categories of personal data:
Prospective and current employees, staff and contractors:
Individuals who enter into an agreement with us for our services:
Individuals who attend an event we host:
Individuals who invest through or with us once being onboarded as a customer:
Individuals who contact us via our contact us page or on the telephone (whether to send a request for our services or request further information relating to our services):
Individuals that sign-up to marketing:
Please let us know if any of your personal data changes as soon as possible. Failure to provide accurate information or to up to date information may have a detrimental impact upon your investment, including the processing of any subscription or redemption instructions or the suspension of your account. Failure to provide information where the same is required for anti-money laundering, pursuant to automatic exchange of information agreements, or other legal requirements means that we may not, or may no longer, be able to offer you our services and have you as a client.
We are entitled to use your personal data for these purposes because one or more of the following legal bases applies:
These third parties will be expected to be subject to confidentiality requirements (either by contract, professional obligation, duty or otherwise) that require them to only use your personal data as described above.
We have implemented commercially reasonable controls and appropriate technical and organisational measures to protect your personal data, as well as to maintain the security of the information contained in our systems in respect of personal data. Appropriate controls (such as restricted access) are placed on our computer systems and used where appropriate. Reasonable measures are taken to ensure physical access to personal data is limited to authorised employees.
When you contact us about your personal data, you may be asked to provide evidence of your identity (e.g., driver’s licence or passport). These types of safeguards are designed to ensure that only you, or someone authorised by you, has access to your file.
Although we do our best to protect your personal data, we cannot guarantee the security of your information transmitted through the Website or over email and any transmission is at your own risk.
We will also retain and use your personal data to the extent necessary to comply with our legal obligations, resolve disputes and enforce our terms and conditions, other applicable terms of service, and our policies.
We may aggregate or de-identify the personal data once the retention period has passed. Aggregation means that we combine the non-personal information of numerous people together so that the data does not relate to any individual. “De-identify” means that we attempt to remove or change certain identifiers that may be used to link data to a particular person.
We take reasonable steps using appropriate technical methods in the circumstances to delete or destroy your personal data when we no longer have a legal basis to retain it or to ensure that the personal data is anonymised or irrecoverable.
We do not knowingly collect personal data from children who aged below 18 (or whatever the age may be of a child in your jurisdiction) without first obtaining consent from their parent or guardian.
If we learn that personal data has been collected through the Website or via any other form from children without parental consent, we will take the appropriate steps to delete the personal data. If you are a parent or guardian and you wish to review the personal data we have collected about your child or delete it, or if you discover that your child has provided us with personal data without your consent, please contact us using the contact information in section 16 below.
Depending on your preferences, and if you are in the EEA and UK, if you have opted-in or notified your interest in a particular product or service, or if you have you previously attended an event, we may send you marketing communications.
If you no longer wish to receive marketing communications from us you can opt-out at any time by informing us (using the information in section 16 below) or by using the ‘unsubscribe’ method provided on the form of marketing you received e.g. the ‘unsubscribe’ button in the email.
For more information, please refer to our Cookies Policy.
If you are located in the EEA or the UK, you have certain rights in relation to your personal data:
Please note that a number of these rights only apply in certain circumstances, and all of these rights may be limited by law. For example, where fulfilling your request would adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interests or where we are required by law to retain your personal data.
To exercise any of these rights, you should contact firstname.lastname@example.org. We will respond to requests to exercise these rights without undue delay and at least within one month (though this may be extended by a further two months in certain circumstances, such as where the request is categorised as complex, or you have been delayed in providing us with further information or proof of identity).
If you have complaints about how we process your personal data, please contact us at email@example.com and we will respond to your request as soon as possible.
If you think we have infringed data protection laws, you can file a complaint with the data protection supervisory authority in your jurisdiction, for example, for the UK, you may contact the UK Information Commissioner’s Office www.ico.org.uk and in Guernsey, you may contact the Guernsey Data Protection Authority www.odpa.gg.
In addition to complaining to the Guernsey Data Protection Authority, you may also appeal to certain courts against: (i) any failure of the Guernsey Data Protection Authority to give written notice of whether the complaint is either being investigated or not being investigated and where applicable, the progress and the outcome of the investigation and (ii) a determination of the Guernsey Data Protection Authority not to investigate the complaint or a determination that a controller or processor has not breached or is not likely to breach an operative provision in connection with the complaint.