Privacy policy
We understand the importance of data security and privacy and are committed to protecting Personal Data in accordance with the Data Protection Act 2018 and UK General Data Protection Regulation.
This privacy notice aims to explain what Personal Data we process and why.
We will review this notice on a regular basis to keep it up to date.
Date last updated: 3 June 2021
- Who we are
- Why we process Personal Data
- Automated decision making
- How we safeguard Personal Data
- How long we keep Personal Data
- Where we transfer Personal Data to
- Sharing Personal Data
- Marketing
- Confidential Information
- Data subject rights under Data Protection Legislation
- Contacting us
1. Who we are
Personal Data
1.1
British Patient Capital (“BPC”) is the trading name of British Patient Capital Limited, a wholly owned commercial subsidiary of British Business Bank plc (“British Business Bank”), registered in England and Wales, registration number 11271076, registered office at Steel City House, West Street, Sheffield S1 2GQ.
1.2
BPC is the controller for the Personal Data it processes and is registered with the Information Commissioner’s Office (reference no. ZA525068). BPC relies on the British Business Bank to provide core support services such as Finance, HR, IT, Legal, Procurement, Risk and Compliance, and Internal Audit.
1.3
BPC manages an investment portfolio designed to support UK companies with high growth potential to access the long-term financing they need to scale up. It invests in a diversified portfolio of best-in-class venture and growth capital funds, capturing value through financing the growth of innovative companies. Through its long-term co-investment strategy, BPC also invests directly, alongside its fund managers, in the most promising later- stage companies in its underlying portfolio. BPC has also launched Future Fund: Breakthrough (“FF:B”), a new £375m UK-wide scheme which encourages private investors to co-invest with BPC in high -growth innovative firms.
1.4
BPC (nor any part of the British Business Bank’s Group) is not a banking institution and does not operate as such and is not authorised or regulated by the PRA or FCA. A complete legal structure chart for the British Business Bank’s Group is available here: Corporate information and subsidiary companies – British Business Bank (british-business-bank.co.uk).
1.5
For the purposes of this privacy notice, the terms:
“BEIS” means the Department for Business, Energy and Industrial Strategy.
“Customers” means the individuals who contact us, for example, to make requests for information, sign up to our mailing list, or to make a complaint. We are not a banking institution and do not have account customers.
“Personal Data” means any data which relates to a living individual who can be identified from that data or from other information which is in the possession of, or is likely to come into the possession of, BPC (or its representatives, service providers). In addition to factual information, it includes any expression of opinion about an individual and any indication of the intentions of BPC or any other person in respect of an individual.
2. Why we process Personal Data
2.1
BPC invests in venture and growth capital, capturing value through financing the growth of innovative companies. We focus on investing in both fixed term and evergreen funds and will consider co-investment alongside our portfolio funds. We only invest in commercially viable funds. Our role is to enable the best fund managers to effectively execute their planned investment strategy. We achieve that through anchoring, enabling first close, or boosting a fund to achieve optimal size. Through its long-term co-investment strategy, BPC also invests directly, alongside its fund managers, in the most promising later-stage companies in its underlying portfolio. BPC has also launched Future Fund: Breakthrough, a new £375m UK-wide scheme which encourages private investors to co-invest with BPC in high-growth innovative firms.
2.2
To do this, we process Personal Data that you may provide to us directly or which we collect from third parties or from our websites.
2a. Information you may provide to us and which we may collect for or through our programmes
2b. General Business Activities
3. Automated decision making
3.1
We do not currently make any automated decisions about you. However it is possible automated decisions or profiling do occur with cookie and other similar technology that are enabled our websites. If you believe you have been subject to automated decision making or profiling, you have the right to contact us and ask for a manual review (please see our contact details in Section 11).
4. How we safeguard Personal Data
4.1
We will keep Personal Data secure by taking appropriate technical and organisational measures to protect it against unauthorised or unlawful processing, loss, destruction, or damage.
4.2
We have extensive controls in place to maintain the security of our information and information systems, which include encryption, information classification, anonymisation, and pseudonymisation. Client files are protected with safeguards according to the sensitivity of the relevant information and access controls are placed on our computer systems. Physical access to areas where Personal Data is gathered, processed, or stored is limited to authorised employees.
4.3
BPC’s employees are required to follow all applicable laws and regulations, including in relation to data protection laws. Access to Special Category Data (sensitive Personal Data) is limited to those who need to it to perform their roles. Unauthorised use or disclosure of Personal Data is prohibited and may result in disciplinary measures.
4.4
When you contact us about a matter, you may be asked for some Personal Data, to help us verify your identity and entitlement to the Personal Data we hold.
5. How long we keep Personal Data
5.1
We keep Personal Data for as long as necessary for the purpose for which it is processed. We typically keep information for a minimum of six years from the last action, for example when an investment ceases, file closure, contract end, etc.
6. Where we transfer Personal Data to
6.1
We do not routinely transfer Personal Data to, or store it, outside the European Economic Area (“EEA”).
6.2
If we do transfer Personal Data outside of the EEA, we shall ensure that it is protected and transferred in a manner consistent with legal requirements and in accordance with adequacy agreements and / or additional safeguards (i.e. contractual clauses).
7. Sharing Personal Data
7.1
We may share your Personal Data within the British Business Bank and its subsidiaries for the purposes described above.
7.2
We may share your Personal Data with Government departments, public-sector bodies and other associated Partner organisations for the purpose of scheme administration, market analysis, research and data analysis and analytics, for example including, but not limited to: HMRC, BEIS, Cabinet Office, HM Treasury, UK Finance, Financial Conduct Authority, Prudential Regulation Authority, NATIS, National Crime Agency, Bank of England, Office of National Statistics.
7.3
We may also share Personal Data if we are required or permitted to do so by applicable law, regulation or legal process, for example including (but not limited to) HMRC for payroll or tax purposes; Financial Conduct Authority, Financial Ombudsman Service, Information Commissioner’s Office as independent Regulators; Health and Safety Executive to report health and safety matters; with the UK Government and / or the European Commission to comply with the UK’s international subsidiary reporting requirements and / or State aid laws.
7.4
We may also share Personal Data to help prevent or detect crime (including data analytics) or apprehend or prosecute offenders; to prevent physical harm or financial loss to us, or one of our subsidiaries, colleagues or stakeholders; to establish, exercise or defend our legal rights; in connection with an investigation of suspected or actual fraud, illegal activity, or any security matters.
7.5
Where we contract any part of our business operations or functions that involve the processing of Personal Data, we have contractual clauses to ensure the Personal Data is processed in accordance with data protection requirements. Our contracted providers include (but are not limited to) IT and communication providers; market research; data analysis; accountants; auditors; etc. A list of our key contracted providers is available on Contracts Finder.
8. Marketing
8.1
We may use your Personal Data to provide you with marketing information that you request or that we consider may interest you, by post, email and/or telephone (including SMS) as follows:
- If you are an existing customer or have taken steps to become a customer by using the Websites or contacting us, we may contact you by post, email and/or telephone (including SMS) with information about products and services which are similar to those we previously provided to you, unless, at the time we collect your contact information, you have indicated that you do not want to receive marketing information; or
- If you are a new customer, we may contact you by post, email and/or telephone (including SMS) if you have consented to receiving such information.
8.2
We will not pass your Personal Data to third parties for their marketing purposes.
8.3
We operate an integrated communications programme, which means we use your Personal Data to communicate with you through several different channels; including direct mail and email. Our aim is to keep you up to date with information you have expressed an interest in.
8.4
If you no longer wish to receive marketing communications from us, you can ‘opt out’ of them at any time. You will be able to change your preferences by clicking on the relevant link at the bottom of any marketing emails you may receive. You may also ask us at any time not to use your Personal Data for marketing purposes by contacting us via the methods listed in the ‘How to contact us’ section below.
9. Confidential information
9.1
Under the Freedom of Information Act 2000, we are only permitted to protect information that is actually confidential in law and where, if we were to disclose it, we could be sued for breach of confidence.
9.2
Information you give us which you may consider confidential, or may mark as confidential, may in fact not be confidential in law. However, in respect of any information we receive from you that is truly confidential, we will take steps to ensure it remains confidential.
9.3
Unauthorised disclosure or misuse of confidential information by our employees may lead to disciplinary action.
10. Data subject rights under Data Protection Legislation
10.1
Data protection provides rights to data subjects; these rights are listed below and you can exercise them by contacting us using the details in Section 11.
Consent
If we are processing your Personal Data on the basis of consent, for example you have subscribed to our mailing list, you have the right to withdraw your consent at any time, and expect us to carry out your wishes promptly.
The right of access
The right to request access to the Personal Data we hold about you, subject to exceptions.
The right to object
Where you have actively provided your consent for us to process your Personal Data, the right to withdraw your consent at any time, for example to be removed from our marketing lists. Please note, however, that we may still be entitled to process your Personal Data if we have another legitimate reason (other than consent) for doing so.
The right of data portability
In some circumstances, the right to receive some Personal Data in a structured, commonly used and machine-readable format and/or request that we transmit such data to a third party where this is feasible. Please note that this right only applies to Personal Data which you have provided to us.
The right to rectification
The right to correct any errors in Personal Data we hold about you, and to change or correct any details you have already given us.
It is important that any contact data you provide is kept accurate and up to date so that we can contact you should we need to.
The right to erasure
The right to request that we erase your Personal Data in certain circumstances. Please note that there may be circumstances where you ask us to erase your Personal Data where we are legally entitled to retain it.
The right to restrict processing
The right to request that we restrict our processing of your Personal Data in certain circumstances. Again, there may be circumstances where you ask us to restrict our processing of your Personal Data where we are legally entitled to refuse that request.
Automated decision making and profiling
The right to know what automated decisions are made about you and the reasons why and to ask for a manual review of that decision if it affects your legal rights or other equally important matters.
The right to object to profiling in certain situations, for example direct marketing.
For more information about your data rights, please see the Information Commissioner’s website at ico.org.uk/your-data-matters.
11. How to contact us
11.1
If you have any questions or comments regarding how we handle your Personal Data, you can contact us or our Data Protection Officer at:
BBB: DataProtection@british-business-bank.co.uk or write to the British Business Bank, Steel City House, West Street, Sheffield, S1 2GQ.
BBB Data Protection Officer: dpo@chaucer.com, Chaucer Group, Northern and Shell Building, 10 Lower Thames Street, London EC3R 6EN.
11.2
In the event that you would like to lodge a complaint relating to our use of your Personal Data you can do so by contacting the Information Commissioner’s Office:
Web: https://ico.org.uk/global/contact-us/
Email: casework@ico.org.uk
Phone: 0303 123 1113