Data Privacy Notice: International Biotechnology Trust plc (‘the Trust’)
The Data Protection Legislation (meaning any law applicable from time to time relating to the processing of personal data and/or privacy, as in force at the date of this Data Privacy Statement or as re-enacted, applied, amended, superseded, repealed or consolidated, including without limitation, the General Data Protection Regulation (EU) 2016/679, and the Privacy and Electronic Communications (EC Directive) Regulations 2003, in each case including any legally binding regulations, direction and orders issued from time to time under or in connection with any such law) requires the Trust to provide the Trust’s investors with information about how it uses and processes personal data (meaning any information relating to a living individual from which that individual can be identified). Such processing includes any transfer of personal data to countries outside the European Economic Area (“EEA“).
This Data Privacy Statement sets out how the Trust processes your personal data, as well as the rights of data subjects in connection with that processing. Our Data Protection representative can be contacted at firstname.lastname@example.org or by writing to us at 71 Kingsway, London WC2B 6ST. Note that this Data Privacy Statement may need to be updated from time to time to ensure that it reflects current law, so please check our website for updates. If there are important changes to how your personal data is processed, we may contact you to let you know, depending on the type of change.
Types of personal data collected and used by the Trust
The personal data held by the Trust may include:
- Full name and email address;
- Personal bank account details including account name, sort code and account number;
- Copy passport, driving licence and other documents to complete SVHM internal screening and verification at onboarding and on an ongoing basis and to satisfy third party statutory due diligence obligations; and
- Any other personal data required by SVHM from time to time.
This information may be passed to Equiniti Financial Services Limited (the Registrar), SV Health Managers LLP (SVHM) (the Authorised Investment Fund Manager), BNP Securities Services Limited (the Company Secretary), for the purposes listed in the section below.
We will always inform you if providing some personal data is optional.
The legal basis for using your personal data
The Trust may process your personal data on the basis of one or more of the following:
- in order to perform your contract with the Trust;
- as necessary in accordance with the Trust’s legitimate interests having considered the impact on your interests and rights, and putting in place safeguards to ensure that the intrusion on you privacy is minimised –see below ‘The purposes for using your personal data’;
- as necessary to comply with a legal obligationg. to send you annual reports and accounts, and for the detection and prevention of fraud; and/or
- where you provide express, freely given consentg. should the Trust ever need to process sensitive personal data about you.
The purposes for using your personal data
We may process your personal data in the following ways (in reliance on one or more of the above legal bases):
- to verify your identity and make fraud prevention and anti-money laundering checks;
- for the establishment and defence of legal rights;
- to respond to you when you exercise your rights under Data Protection Legislation and make requests;
- for compliance with legal and regulatory requirements and related disclosures;
- for compliance with our obligations relating to the prevention and detection of crime.
Sensitive personal data
Certain categories of data are deemed to be “sensitive personal data”. This includes data relating to your racial or ethnic origin, your political opinions, your religious or philosophical beliefs, trade union membership, genetic data, biometric data and data concerning your physical or mental health, your sex life or sexual orientation or information about the commission of, or proceedings for, any offence committed or alleged to have been committed by you, the disposal of such proceedings or the sentence of any court in such proceedings.
You may provide us with sensitive personal data from time to time in relation to your investment in the Trust. We will only process sensitive personal data relating to you where you have given your explicit and informed consent or have made the information public, or where otherwise necessary in order to carry out our obligations in relation to your investment or in connection with the establishment, exercise or defence of legal claims.
Sharing your personal data
Subject to applicable Data Protection Legislation the Trust may share your personal information with the following third parties, for one or more of the purposes set out above:
- the directors, consultants, officers, advisers, suppliers, investors, distributors, customers and agents of the Trust including but not limited to Equiniti Financial Services Limited (the Registrar) BNP Securities Services Limited (the Company Secretary), HSBC Securities Services Limited (Depositary and Custodian), and SV Health Managers LLP (Authorised Investment Fund Manager);
- companies, sub-contractors and other persons who support the Trust by providing you with products and services associated with your investment in the Trust;
- companies and other persons to whom the Trust has, whilst retaining management control, delegated elements of its business;
- your legal and professional advisors, including your auditors;
- screening companies for the purpose of undertaking fraud prevention, credit reference and media checks when you first invest in the Trust and on an ongoing basis thereafter;
- regulatory bodies such as the Financial Conduct Authority and the Information Commissioner’s Office;
- government bodies and agencies in the UK and overseas such as HMRC who may in turn share it with relevant overseas tax authorities for the purposes of tax reporting;
- law enforcement in connection with the detection of crime;
- appointed agencies such as the courts to comply with legal requirements and for the administration of justice; and/or
- any other third parties where permitted by the Data Protection Legislation (e.g. where you have provided express consent).
Keeping personal data secure
The Trust has appropriate safeguards in place in line with its obligations under the Data Protection Legislation to ensure that any personal data which it collects is protected by controls to minimise loss or damage through accident, negligence or deliberate action. The Trust’s safeguards reflect industry standards and good practice in terms of data integrity, security, and confidentiality.
Most processing of your personal data will be in the UK and/or the EEA. Some of your personal data may be processed outside the EEA including countries such as the United States, however. Where your personal data is processed outside the EEA, we will put in place legal safeguards to ensure your personal data is protected at least to an equivalent level as would be applied in the UK/EEA.
Retention and accuracy of personal data
The Trust will retain personal data in line with the provisions of the Data Protection Legislation, and, subject to regular review, will consider the following when determining personal data retention periods:
- the length of time necessary to resolve any possible queries in relation to that personal data;
- the length of time that would be suitable in cases where you may wish to bring a legal case against the Trust in relation to that personal data; and
- any legal and regulatory requirements.
You should ensure that your personal data is kept up to date and is accurate. If you believe that any of your personal data is incorrect, please inform our Data Protection representative, who will take all reasonable steps to amend inaccurate or out-of-date data.
Your rights under the Data Protection Legislation
Please note that pursuant to the Data Protection Legislation you have the following rights:
- The right to be informed about the processing of your personal data;
- The right to have any personal data corrected if it is inaccurate and the right to have incomplete data completed;
- The right to object to the processing of your personal data in certain circumstances;
- The right to restrict processing of your personal data in certain circumstances;
- The right to request access to your personal data together with information about how it is processed by the Trust;
- The right to have your personal data erased where there is no longer a legal ground for us to hold it;
- The right to move, copy or transfer your personal data in certain circumstances – “data portability”; and
- The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Your right to complain
If you have any questions or concerns about how your personal data is used or held, in the first instance please contact our Data Protection representative using the contact details set out above. While we hope we can resolve your questions and concerns, you have the right to complain to the Information Commissioner’s Office (“ICO”), regardless of whether or not you have exhausted our complaints procedure. The ICO has enforcement powers and can investigate compliance with the Data Protection Legislation.