Privacy policy

Data Protection Privacy Notice

The scope and purpose of this Privacy Notice

This Privacy Notice explains how Rockfire Capital Limited (“we”, “us”, “our”), collects, uses, shares and otherwise processes your Personal Data in connection with your relationship with us in accordance with applicable data privacy laws and the General Data Protection Regulation (“GDPR”).

Personal Data

The term “Personal Data” as used in this Privacy Notice means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, date of birth, residential address, identification number, location data or online identifier. Personal Data does not include data from which you can no longer be identified such as anonymised aggregate data.

What information do we collect about you, how do we collect it and what do we use it for?

The kinds of Personal Data we may collect includes your full name, who you work for, your contact details (such as your address, email address and telephone number) and other information such as your job title. In most cases, we will collect the Personal Data directly from you but may also obtain it from other sources (such as public registers), or you may be a named contact in an agreement which we have with you, or the company you work for.

In accordance with Data Protection Law, we will only process your Personal Data for specific purposes where there is a lawful basis for doing so. The lawful basis, and purpose that we rely on are:

A) you have consented to us doing so (consent) – we rely on consent when sending you marketing communications (if you’ve agreed we may send these to you). Please note, you can opt out of receiving such communications at any time by using the contact information provided below;
B) we need it to perform the contract we have entered into with you (contract) – this involves the use of your Personal Data so that we can communicate with you about the contract (whether to provide or receive instructions, sending or receiving invoices, auditing performance of the contract and other communicates which are necessary for the performance of the contract);
C) we need it to comply with a legal obligation (legal obligation) – these obligations include, where we have a regulatory obligation to conduct customer due diligence or are required to provide information to tax authorities, actions which we are required to take for the prevention and/or detection of fraud, money laundering, or other financial crimes, where we are required to respond to regulatory requests for information, we may also be required to disclose information to our professional advisors (lawyers, auditors, accountants), and/or governmental/regulatory bodies in within the scope of this lawful basis; or
D) we (or a third party) have a legitimate interest which is not overridden by your interests or fundamental rights and freedoms (legitimate interest) – this includes recording incoming or outgoing calls (we will notify you about such call recording if it happens) , the management and/or auditing of the performance of the contract, providing you with necessary updates in relation to this Privacy Notice (and any other updates which we consider we should reasonably provide to you), anonymising Personal Data so that it can be used to enhance our services, disclosures to third parties who we use to assist us in meeting all of the above (including disclosures to service providers, such as our IT service providers, professional service providers (lawyers, accountants, auditors), we may also need to make disclosures to governmental/regulatory bodies in within the scope of this lawful basis.

Where we send periodic marketing emails to you, you will always be given the option to unsubscribe from receiving those e-mails within the e-mail itself, as well as by writing to us using the contact information provided below.

Please note that we may use or disclose Personal Data if we are required by law to do so or if we reasonably believe that use or disclosure is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.

Accuracy of information

It is important that the Personal Data we hold about you is accurate and current, and we rely on you to help us do this. Please let us know if your Personal Data changes during your relationship with us.

What if you do not provide the personal data we request?

Save where we require your information to enter into a contract with you, it is in your sole discretion to provide any other Personal Data to us. If you do not provide us with all or some of the Personal Data we request, we may not be able to accept an engagement from you, to provide all or some of our services, to enter into a contract with you or to send you information about us (e.g. marketing materials).

Change of purpose and anonymisation

We will only use your Personal Data for the purposes for which we collected it as set out above, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

With whom will we share your information?

When using your Personal Data for the purposes and on the legal basis described above we may share your Personal Data with other service providers we work with, such as:

– contractors and advisers in relation to the investment business conducted us,
– consultants and advisers to us in respect of our day-to-day business operations;
– professional service providers such as lawyers, accountants, auditors and other similar professionals to provide us with specialist services where we require them; and
– providers of services to our internal human resource function.

We may also have to share your Personal Data with regulators, public institutions, courts or other third parties where this is required by law.

When sharing your Personal Data with others (in particular our own service providers), we will take appropriate measures (including contracts and other safeguards) to protect your Personal Data. If you would like to know more about the organisations that we share your Personal Data with, please contact us using the contact information provided below.

Will we send our information outside the EEA?

For the purposes described above, from time-to-time, we may transfer your Personal Data outside of the European Economic Area (EEA). In such cases, we will ensure that we have put in place appropriate safeguards for such data transfer so that your Personal Data is treated in a manner that is consistent with EU and other applicable laws and regulations relevant to data protection.

Your rights in relation to your information

You have rights as an individual which you can exercise under certain circumstances in relation to your Personal Data that we hold. These rights are to:

– request access to your Personal Data (commonly known as a “data subject access request”) and request certain information in relation to its processing;
– request your Personal Data in a way that it can be shared moved/copied/transferred to a third party, otherwise known as the right of data portability;
– request rectification of your Personal Data;
– request the erasure of your Personal Data;
– request the restriction of processing of your Personal Data;
object to the processing of your Personal Data.

Please note, some of the above rights may only be exercised in specific circumstances, as they are not absolute. In addition to having the above rights you also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues or, as the case may be, any other competent supervisory authority of an EU member state.

Right to withdraw consent

In those instances where our processing of your Personal Data is based on our having received your consent, you have the right to fully or partly withdraw your consent. Once we have received notification that you have withdrawn your consent at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your Personal Data, unless we have another lawful basis for doing so (as discussed above).

How long will we retain your information?

We will only retain your Personal Data for as long as necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.

To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. If you would like to know more information about our retention practices, please contact us using the information provided below.

Please note, anonymous data is not Personal Data, so will not fall within the retention periods discussed above.

Upon expiry of the applicable retention period we will securely destroy your Personal Data in accordance with applicable laws and regulations.

Changes to this Privacy Notice

We reserve the right to update this Privacy Notice at any time, and in such cases, we will make an updated copy available on our website, or where required by law, we will contact you directly.

Further information

If you have any queries, questions, concerns or require any further information in relation to the Privacy Notice or you wish to exercise any of your rights, please do not hesitate to contact us at accounts@rockfirecapital.com.