Contents

Privacy policy

This policy was last updated on Tuesday 4th February 2025.

Mercia Asset Management PLC, including its fund management subsidiaries, is committed to keeping your information private and being transparent about our dealings with your personal data.

As an existing or prospective investor, investee, associate or job applicant of Mercia, there are many ways you can use the services we offer, some of which require you to share your personal data with us.

This Privacy Policy (together with our Terms and Conditions and any other documents that may be referred to in either) outlines the way in which we manage any personal data obtained through www.mercia.co.uk (the “Website”) or otherwise provided by, or about, individuals (“you”, “your”) in the course of our fund management and investment services (the “Services”). It explains:

    • what personal data we collect about you in the course of your engagement with our services, why we collect it, who it goes to and how long we keep it
    • how we use your personal data
    • how we protect your personal data
    • your legal rights in respect of your personal data, including how to access and update the information we hold about you.

You can navigate to the relevant sections of the policy by clicking the links on the left-hand side.

1. About us

For the purposes of the General Data Protection Regulation and any other applicable data protection laws in force in the UK from time to time, the data controllers are Mercia Asset Management PLC (No. 09223445), along with our group companies Mercia Fund Management Limited (No. 06973399), Mercia Regional Ventures Limited (No. 03249066), Mercia Business Loans Limited (No. 05566789) and Frontier Development Capital Limited  ( No. 09967393)  (“Mercia”, “we”, “us”, “our”). This means that we decide why and how your personal information is used.

For the purposes of data protection these entities operate as a Group and are all governed by this policy in their dealings with your personal data. The Compliance Manager acts as the Data Protection Officer for all the entities within the Group and can be contacted by emailing data@mercia.co.uk. For the avoidance of doubt, this means that if you contact us through this email in relation to the records we hold about you, you are in effect contacting all the entities listed above.

Mercia Asset Management PLC and Mercia Fund Management Limited are based at our Henley-in-Arden office, Mercia Regional Ventures Limited and Mercia Business Loans Limited in our Preston office and Frontier Development Capital Limited in our Birmingham office. You can find the contact details for these entities on our Website here.

2. What information do we collect about you?

By “your information”, “personal data” or “personal information”, we mean information about you (or others acting on your behalf, such as your financial advisor or executor) from which you, or that individual, may be identified.

The categories of information we collect about you depend on the relationship you have with us. Please select your relevant category from the section “Specific information about your data” below.

We will let you know at the point of collecting your information whether this is optional, or whether it is necessary for you to provide this information to meet certain statutory or contractual requirements. If the latter, and you do not wish to provide us with this information, this may limit the services we are able to provide you.

3. Where do we get your data from?

We may collect, store or transfer a variety of personal information from you directly when you:

  • communicate with us via email, phone, in person, or an online enquiry form;
  • request or receive our Services; or
  • access, subscribe to or interact with the Website.

We may also receive your personal information from other sources such as:

  • your financial advisor or intermediary (if appointed)
  • tracing companies (so that we can find a way to contact you to remind you about your investments, if we lose touch with you)
  • fund marketplace platforms (which may send us breakdowns of the flows including names of Independent Financial Advisers)
  • public searches (e.g. contact details of financial advisers from LinkedIn)
  • credit reference agencies, the London Gazette or other solvency searches
  • Mercia or other event attendance lists (if you have agreed to be contacted by us)
  • business intelligence portals (this may cover contact details of employees of institutions we’d like to work with from portals we subscribe to providing information on industry trends, e.g. Meltwater)
  • your employer (if you are the nominated contact for a corporate client)
  • third party risk and compliance portals (for regulatory checks) and credit referencing agencies
  • your profile on any external websites that you submit in connection with your job application (e.g. Linkedin profile, website, blog or portfolio)
  • certain third party analytics cookies which collect information on how visitors use our website (see our Cookies policy here for further details).

4. Why do we collect your personal information and on what grounds?

We will only use your personal data if we have a permitted lawful basis to do so. Generally we collect your personal data because is it necessary for:

  • Performing our contract for the Services with you. This means processing your personal data where it’s necessary to fulfil a contract with you or to take steps, at your request, before entering into such a contract.
  • Pursuing our legitimate interests. This means processing your personal data as and, when necessary, to do so in order to conduct and manage our business and to provide you with the best service and experience. We make sure we consider and balance any potential impact on you and your rights before we process your personal data for our legitimate interests. We don’t use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
  • Complying with our legal or regulatory obligations. We may also rely on your consent to use your personal data for marketing purposes (see “Marketing communications” below).

The purposes for which we use your personal data differ according to your reasons for engaging our services. Please select your relevant category from the section “Specific information about your data” below for further details of why and on what grounds we process your data.

Regardless of your status, we will generally process your information for:

  • monitoring the use of our Website (for our legitimate interests in providing effective services to you)
  • complying with our contractual obligations, such as requirement to appropriately apply regional funding

5. Marketing communications

We may rely on your consent to use your personal data for marketing purposes. This means that:

  • where you have subscribed to our emails or ‘opted in’ to receive marketing communications from us, you have agreed that we may use your information to contact you by email, post and occasionally by telephone about new developments, offers and events that you may find useful. This may also include other similar products and services offered by us or any of our related entities from time to time.
  • where you have permitted us to use your personal details in connection with our promotional materials (e.g. to provide a quote from you in relation to a news update about our work with you), you have agreed that we may publish your name, company name, job title, comments about the services you received from us and any other reasonable personal information which may be relevant to the PR materials on our Website or other forms of media (e.g. published journals and newspaper articles).

You can withdraw your consent to marketing at any time by clicking the “unsubscribe” button at the bottom of each marketing email you get from us or contacting us using the details in the “Contact us” section below.

However, if we have collected your contact details in connection with another purpose or under another lawful basis (e.g. to provide certain contractual services to you), we may still be permitted to retain your data for those alternate purposes after you have withdrawn consent for marketing purposes. Additionally, withdrawing your consent may mean you are unable to receive certain further services from us and it may not always be possible to remove your personal details from existing promotional materials before you withdrew your consent (e.g. if the materials have already been distributed in hard copy).

When we communicate with you it will be from either or both of Mercia Asset Management PLC, or Mercia Asset Management, which is the collective brand name used for our group companies.

7. Who do we share your information with?

Generally your information will only be used by Mercia and its group companies, and will not be shared with other third parties (particularly for marketing purposes) without your prior written consent, except where we are required to do so to meet legal or regulatory requirements. All Mercia group companies maintain the same levels of data protection, confidentiality and security.

  • However, we might occasionally need to share this data with other parties to deliver the required service to you or to comply with our legal obligations. These include third parties who are providing goods or services to you in connection with our Services, including providers of our financial advisory, payment, IT hosting and support, communications, consultancy, PR, market research and recruitment services. These include, as at the date of this version of the policy; BambooHR LLC, Teamtailor, Project Affinity Inc and Hubspot Inc
  • Authorised by you to receive information held by us, e.g. your appointed financial advisors
  • Contacting you directly about their offers, promotions, goods or services (if you have requested to be contacted for such purposes)
  • Fund administrators and custodians specifically for:
  • EIS investors: Mainspring Fund Services Limited
  • N2, N3 and NVT investors: The City Partnership (UK) Limited
  • External debt/ equity approval committees (VCT and FDC transactions only)
  • Purchasers or prospective purchasers of our business and/or assets (in whole or in part), in the event that we sell, trade or licence any part of our business and/or assets
  • Our agents and associates, e.g. our financial advisors, bankers, auditors, accountants and lawyers
  • Our business partners, joint venture entities or partners
  • Necessary recipients of your data in order for us to comply with our legal obligations, enforce or apply our terms of use, or to protect the rights, property and safety of our customers or others. This may include the police, law enforcement bodies, regulators/supervisory bodies, credit reference agencies or other organisations involved in the provision of fraud protection and credit risk reduction purposes
  • Debt collection agencies and related activities

In the majority of cases where we do share your personal data with third parties we will continue to act as controllers.  The third party will be required to follow our privacy policy to ensure your personal data is only used and processed for the specified purposes, to process your data in accordance with our instructions and to adhere to the appropriate technical requirements and other regulations required by law.

There are a number of situations where we do share your personal data with third parties. Examples of such times are:

  • in debt collection cases, where third party debt collection organisations will act as controllers of your data
  • in cases where third party investors, such as the British Business Bank, require your personal data for compliance with their legal obligations or for auditing purposes
  • where your investment results in you being a named shareholder in a company, in cases where a request is made for a copy of the shareholder register in accordance with s116 Companies Act 2006

8. How long will we keep your data for?

We keep your data for as long as it’s necessary to meet the relevant purposes for which we’ve collected your data, including for the purpose of satisfying any legal, accounting or reporting requirements.

To determine the appropriate length of time for holding your data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purpose for which we process your data and whether we can achieve those purposes through other means, along with the applicable legal requirements.

.

9. Will my personal data be sent abroad?

In cases where your data is transferred outside of the UK, we take steps to ensure that appropriate safeguards are in place to protect such data.

Such safeguards may include a data transfer agreement with the data recipient based on standard contractual clauses or other such mechanism as is approved by the European Commission for transfers of personal data to third countries.

For further details relating to the transfers described above and the adequate safeguards used with respect to such transfers, please contact us.

10. Your rights in respect of your personal data

Under certain circumstances, you have rights under data protection laws in relation to the personal data we hold about you. You can request to:

  • access information held about you. Please note that we reserve the right to request for proof of your ID to process the request, and to charge you a reasonable administrative fee for any repetitive, manifestly unfounded or excessive requests. If we refuse your request to exercise this right, we will give reasons for our refusal and allow you to challenge our decision
  • rectify any incorrect or incomplete data we hold about you. It is both in our interest and yours that any personal information we hold about you is accurate, complete and current. If the data we hold about you is inaccurate in any way, please contact us to have your personal information corrected
  • delete, restrict or remove the data we hold about you
  • transfer the data we hold about you to another party
  • object to any further processing of your data

You can make all such requests via emailing: data@mercia.co.uk

Please note that in respect of all these rights we reserve the right to refuse your request based on the exemptions set out in the applicable data protection laws.

If you have any concerns about how we handle your data, please contact us. If you are not satisfied after we’ve tried to resolve your issue, you’ll be entitled to lodge a complaint with our data protection regulator, the Information Commissioner’s Office (ICO). Please see the ICO website for further details, www.ico.org.uk

12. Cookies and other technical information

For further information about our Cookies policy, please click here.

13. Changes to this policy

We may from time to time review and amend this Privacy Policy to take into account changes in law, technology and our operations. We will post any changes to this Privacy Policy on the Website from time to time. Please periodically review this Privacy Policy before using the Website as continued use of the Website shall indicate your acceptance of any changes. All personal information held by us will be governed by the most recent Privacy Policy posted on the Website.

14. Contact us

If you have any questions or comments about this Privacy Policy, including requests to access or modify the user of your personal data, you can contact us by calling us on 0330 223 1430.