1. About us

For the purposes of the General Data Protection Regulation and any other applicable data protection laws in force in the UK from time to time, the data controllers are Mercia Asset Management PLC (No. 09223445), along with our group companies Mercia Fund Management Limited (No. 06973399), Enterprise Ventures Limited (No. 03249066) and EV Business Loans Limited (No. 05566789) (“Mercia”, “we”, “us”, “our”). This means that we decide why and how your personal information is used.

For the purposes of data protection these entities operate as a Group and all governed by this same policy in their dealings with your personal data. The Group Compliance Director acts as the Data Protection Officer for all the entities within the Group and can be contacted by emailing data@mercia.co.uk. For the avoidance of doubt, this means that if you contact us through this email in relation to the records we hold about you, you are in effect contacting all the entities listed above.

Mercia Asset Management PLC and Mercia Fund Management Limited are based at our Henley-in-Arden office and Enterprise Ventures Limited and EV Business Loans Limited in our Preston office. You can find the contact details for these entities and our other group companies on our Website here.

2. What information do we collect about you?

By “your information”, “personal data” or “personal information”, we mean information about you (or others acting on your behalf, such as your financial advisor or executor) from which you or that individual may be identified.

The categories of information we collect about you depend on the relationship you have with us. Please select your relevant category from the section “Specific information about your data” below.

We will let you know at the point of collecting your information whether this is optional, or whether it is necessary for you to provide this information to meet certain statutory or contractual requirements. If the latter and you do not wish to provide us with this information, this may limit the services we are able to provide you.

3. Where do we get your data from?

We may collect, store or transfer a variety of personal information from you directly when you:

• communicate with us via email, phone, in person, or an online enquiry form;
• request or receive our Services; or
• access, subscribe to or interact with the Website.

We may also receive your personal information from other sources such as:

• your financial advisor or intermediary (if appointed)
• tracing companies (so that we can find a way to contact you to remind you about your investments, if we lose touch with you)
• fund marketplace platforms (which may send us breakdowns of the flows including names of Independent Financial Advisers)
• public searches (e.g. contact details of financial advisers from LinkedIn)
• the London Gazette or other solvency searches
• event attendance lists (if you have agreed to be contacted by us)
• business intelligence portals (this may cover contact details of employees of institutions we’d like to work with from portals we subscribe to providing information on industry trends, e.g. Meltwater)
• your employer (if you are the nominated contact for a corporate client)
• third party risk and compliance portals (for regulatory checks) and credit referencing agencies
• your profile on any external websites that you submit in connection with your job application (e.g. Linkedin profile, website, blog or portfolio)
• certain third party analytics cookies which collect information on how visitors use our website (see our Cookies policy here for further details).

4. Why do we collect your personal information and on what grounds?

We will only use your personal data if we have a permitted lawful basis to do so. Generally we collect your personal data because is it necessary for:

• Performing our contract for the Services with you. This means processing your personal data where it’s necessary to fulfil a contract with you or to take steps, at your request, before entering into such a contract.

• Pursuing our legitimate interests. This means processing your personal data as and when necessary to do so in order to conduct and manage our business to provide you with the best service and experience. We make sure we consider and balance any potential impact on you and your rights before we process your personal data for our legitimate interests. We don’t use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

• Complying with our legal or regulatory obligations.

We may also rely on your consent to use your personal data for marketing purposes (see “Marketing communications” below).

The purposes for which we use your personal data differ according to your reasons for engaging our services. Please select your relevant category from the section “Specific information about your data” below for further details of why and on what grounds we process your data.

Regardless of your status, we will generally process your information for:

• monitoring the use of our Website (for our legitimate interests in providing effective services to you)
• in order to comply with our contractual obligations, such as requirement to appropriately apply regional funding

5. Marketing communications

We may rely on your consent to use your personal data for marketing purposes. This means that:

• where you have subscribed to our emails or opted in to receive marketing communications from us, you have agreed that we may use your information to contact you by email, post and occasionally by telephone, about new developments, offers and events that you may find useful, as well as other similar products and services offered by us or any of our related entities from time to time.
• where you have permitted us to use your personal details in connection with our promotional materials (e.g. to provide a quote from you in relation to a news update about our work with you), you have agreed that we may publish your name, company name, job title, comments about the services you received from us and any other reasonable personal information which may be relevant to the PR materials on our Website or other forms of media (e.g. published journals and newspaper articles).

You can withdraw your consent to marketing at any time by clicking the “unsubscribe” button at the bottom of each marketing email you get from us or contacting us using the details in the “Contact us” section below.

However, if we have collected your contact details in connection with another purpose or under another lawful basis (e.g. to provide certain contractual services to you), we may still be permitted to retain your data for those alternate purposes after you have withdrawn consent for marketing purposes. Additionally, withdrawing your consent may mean you are unable to receive certain further Services from us and it may not always be possible to remove your personal details from existing promotional materials before you withdrew your consent (e.g. if the materials have already been distributed in hard copy).

When we communicate with you it will be from either or both of Mercia Asset Management PLC, or Mercia Asset Management, which is the collective brand name used for our group companies.

6. Specific information about your data

Please click the relevant headings below to see more specific information about the personal data that we collect about you, our purposes for collecting this data and our legal grounds.

Are you:

• an individual investor in one or more of our funds?
• an advisor, wealth manager, an employee of an existing or potential institutional client, or are exercising investment control for an institutional client?
• a potential investor in one of our funds?
• a director or a co-investor of a fund or company which we have looked to invest in/invested in?
• an associate providing professional services to us (e.g. Mercia’s financial advisors, bankers, accountants, lawyers and network contacts) or a supplier of commercial services?
• applying for a job with us?
• a member of our Non-Executive Director Network?

7. Who do we share your information with?

Generally your information will only be used by Mercia and its group companies, and will not be shared with other third parties (particularly for marketing purposes) without your prior written consent, except where we are required to do so to meet legal or regulatory requirements. All Mercia group companies maintain the same levels of data protection, confidentiality and security.

However, we might occasionally need to share this data with other parties to deliver the required service to you or to comply with our legal obligations. These include third parties who are:

• • • Providing goods or services to you in connection with our Services, including providers of our financial advisory, payment, IT hosting and support, communications, consultancy, PR, market research and recruitment services. These include, as at the date of this version of the policy, Probase Applications Limited, Insight Global Limited and BambooHR LLC.
    • Authorised by you to receive information held by us, e.g. your appointed financial advisors
    • Contacting you directly about their offers, promotions, goods or services (if you have requested to be contacted for such purposes)
    • Fund administrators and custodians and specifically for EIS investors The Share Centre, under the Custodian Terms and Conditions
    • Purchasers or prospective purchasers of our business and/or assets (in whole or in part), in the event that we sell, trade or licence any part of our business and/or assets
    • Our agents and associates, e.g. our financial advisors, bankers, accountants and lawyers
    • Our business partners, joint venture entities or partners
    • Necessary recipients of your data in order for us to comply with our legal obligations, enforce or apply our terms of use, or to protect the rights, property and safety of our customers or others. This may include the police, law enforcement bodies, regulators/supervisory bodies, credit reference agencies or other organisations involved in the provision of fraud protection and credit risk reduction purposes
    • Auditors of organisations providing funding for your organisation which has been facilitated by us, such as the British Business Bank

When we do share your personal data with third parties, they will be required to follow our privacy policy to ensure your personal data is only used and processed for the specified purposes, to process your data in accordance with our instructions and to adhere to the appropriate technical requirements and other regulations required by law. This is with the exception of recipients requiring your personal data for compliance with our legal obligations or for auditors of any third party investors facilitated by us (who will be acting as independent data controllers subject to their own privacy policies).

8. How long will we keep your data for?

We keep your data for as long as it’s necessary to meet the relevant purposes for which we’ve collected your data, including for the purpose of satisfying any legal, accounting or reporting requirements.

To determine the appropriate length of time for holding your data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm, from unauthorised use or disclosure of your personal data, the purpose for which we process your data and whether we can achieve those purposes through other means, along with the applicable legal requirements.

9. Will my personal data be sent abroad?

We will process your personal data within the European Economic Area (“EEA”) as far as possible. However, some of the external parties we work with to provide our services to you are based outside of the EEA. In particular, some of our database providers are based in the USA and your personal data may need to be transferred there.

We ensure that where such international transfers are needed, these will be made subject to appropriate safeguards as required by data protection laws to ensure a similar degree of protection is afforded to your personal data. Such measures include the use of EU Commission approved standard contractual clauses or using organisations certified under the Privacy Shield framework (as at the date of this Policy Bamboo HR LLC). You can request copies of any model clauses currently in use for transferring your data outside of the EEA by contacting us at the details below or view the list of Privacy Shield participants here.

10. Your rights in respect of your personal data

Under certain circumstances, you have rights under data protection laws in relation to the personal data we hold about you. You can request to:

• • • access information held about you. Please note that we reserve the right to request for proof of your ID to process the request, and to charge you a reasonable administrative fee for any repetitive, manifestly unfounded or excessive requests. If we refuse your request to exercise this right, we will give reasons for our refusal and allow you to challenge our decision.
    • rectify any incorrect or incomplete data we hold about you. It is both in our interest and yours that any personal information we hold about you is accurate, complete and current. If the data we hold about you is inaccurate in any way, please contact us to have your personal information corrected.
    • delete, restrict or remove the data we hold about you.
    • transfer the data we hold about you to another party.
    • object to any further processing of your data.

You can make all such requests via emailing: data@mercia.co.uk

Please note that in respect of all these rights we reserve the right to refuse your request based on the exemptions set out in the applicable data protection laws.

If you have any concerns about how we handle your data, please contact us. If you are not satisfied after we’ve tried to resolve your issue, you’ll be entitled to lodge a complaint with our data protection regulator, the Information Commissioner’s Office (ICO). Please see the ICO website for further details, www.ico.org.uk

11. Third party links on the Website

Our site may, from time to time, contain links to and from third party websites. If you follow a link to any of these websites, please note that these will have their own privacy policies which should be checked before you submit any personal information through them. We are not in control of, and do not accept any responsibility or liability for these policies or any third party website linked to the Website.

12. Cookies and other technical information

For further information about our Cookies policy, please click here.

13. Changes to this policy

We may from time to time review and amend this Privacy Policy to take into account changes in law, technology and our operations. We will post any changes to this Privacy Policy on the Website from time to time. Please periodically review this Privacy Policy before using the Website as continued use of the Website shall indicate your acceptance of any changes. All personal information held by us will be governed by the most recent Privacy Policy posted on the Website.

14. Contact us

If you have any questions or comments about this Privacy Policy, including requests to access or modify the user of your personal data, you can contact us by calling us on 0330 223 1430.