General Data Protection Regulation (GDPR) Statement (Privacy Notice)

SV LLP – GDPR Statement – Last Reviewed August 2024

Sturgeon Ventures LLP (company number: OC319614), Heathmans House, 9 Heathmans Road, London, SW6 4TJ, United Kingdom (Sturgeon, us or we) is committed to ensuring that your privacy is protected, and all data collected by us will be processed in accordance with this Data Protection Privacy & Cookies Policy. Please read this statement carefully to ensure you understand our views and practices regarding your personal data and how we will treat it.

For the purposes of the Data Protection Act 2018 (D)A) and/or the Regulation (EU) 2016/679 (General Data Protection Regulation) as amended) (together, the Data Protection Laws), the data controller is Sturgeon Ventures LLP of Heathmans House, 9 Heathmans Road, London, SW6 4TJ. We can be contacted at hello@sturgeonventures.com or on 020 3167 4652.

Sturgeon Ventures LLP’s Information Commissioners Office (ICO) registration number is:  Z9516075.

By visiting our website or by providing us with information you are accepting the practices described in this Data Protection Privacy Statement.

1 What information we process

    Personal information (or ‘personal data’) means any information that can identify a living person, whether directly or indirectly. We collect and process a variety of personal information about individuals, as detailed below.

    1.1 As a regulatory incubator, we process the personal information of individuals within firms which are/are to become our appointed representatives (ARs) and, without limitation, individuals within such firms who are to be Approved Persons. As such, if we act/anticipated acting as principal for your firm, we will process your:

    1. personal demographics such as your title name, date of birth, residential and employment details;
    2. financial information, such as income and expenditure and your financial history; 
    3. other customer due diligence information, which may include criminal convictions data; and
    4. contact details and records of all correspondence with you. 

    In addition, in our capacity as an FCA directly authorised firm, we process the personal information of individuals who we have/intend to approve as Certified Persons, following the same 1-4 steps described above.

    1.2 This information will primarily be collected from you directly, but may also be collected from third parties whom we contact to obtain information about you, such as the entity you work for which is applying to become an AR, previous employers if references are being sought, corporate search engines such as Linked In, credit reference agencies (CRAs), and the Disclosure and Barring Service (DBS). 

    1.3 We may also obtain personal data belonging to members of your family. Where we do that, you must notify them that you are providing their information to us and draw their attention to this statement.

    1.4 We will process this information when considering the application to become an AR/Approved Person within an AR or a Certified Person of Sturgeon, and retain it (in accordance with our retention procedures) whether the application is successful or not. Note that we require personal information in order to consider an AR/Approved Person or Certified Person application and if it is not provided we will therefore not be able to consider the application. 

    1.5 Acting as principal and as the approver of Certified Persons within Sturgeon, we process the personal information of our AR’s clients and contacts as well as Sturgeon’s direct clients. If you are a client or contact of an AR or Sturgeon directly we will process the customer due diligence information that was collected by the AR. This may include:

    1. personal demographics such as your title name, date of birth, residential and employment details, as well as relationships with PEPs or family members where relevant to the assessment process; 
    2. financial information, such as income and assets; 
    3. your current and previous employment and educational experience/background;
    4. your relevant financial services related experience, resources and sources of wealth; and
    5. criminal convictions data (if applicable). 

    1.6 We will process personal information about you that we have collected from our website https://www.sturgeonventures.com/ (our Website). We collect information when you submit information to us directly using the contact form on our Website. We also collect information automatically when you use the Website. This includes technical information including the internet protocol (IP) address used to connect to the internet, information about your visit including the full uniform resource locators (URL) clickstream and your search history on our Website.

    2.  How do we use your personal data?

    2.1 When you provide us with your information in making an enquiry, we will use it for the purpose of administering your query and responding to you. We have legitimate interests in processing your personal data in this way, since if we do not process your data we will be unable to do this.

    2.2 When we collect information from you (or the entity you work for) in the provision of our services as a regulatory incubator, we use it in order to consider the AR, Approved Person or Certified Person application (which will include verifying your identity) and to provide services if we are engaged to do so. We have legitimate interests in processing your personal data in this way, namely in order to assure ourselves that we are able to conduct business with you (or the entity you work for) and tailor our services as may be necessary. If we contract with you directly, the processing may be necessary for the performance of the contract that we have in place with you, or to take steps at your request before entering into the contract.  Where we process criminal convictions data in the application process, this processing is necessary for reasons of substantial public interest, namely in order to comply with our regulatory requirements relating to unlawful acts and dishonesty (Data Protection Act 2018, Part 2, Paragraph 12). 

    2.3 If you are a client of an AR/Sturgeon we will process the customer due diligence information that was collected by the AR/Certified Pesron. This processing is necessary to ensure compliance with our legal obligations and for the purposes of our legitimate interests in ensuring that our ARs and Certified Persons have acted diligently and clients are treated appropriately. If criminal convictions data was collected about you in the customer due diligence process, this information will be held by us on the basis that the processing is necessary for reasons of substantial public interest, namely in order to comply with our regulatory requirements relating to unlawful acts and dishonesty.

    2.4 Unless you provide your consent by ticking the opt-in box provided on the contact form, we will not send you marketing information that you have not requested. Any consent that you provide can be withdraw at any time by clicking “unsubscribe” on any marketing email we send to you, or by emailing us at hello@sturgeonventures.com. Withdrawing your consent does not affect the lawfulness of any processing which occurred prior to the withdrawal of consent.

    2.5 We may also process your personal information collected on our Website on the basis of our legitimate interests in providing you with the best possible service:

    • to ensure that the content from our Website is presented in the most effective manner for you and your computer;
    • as part of our efforts to keep our Website safe and secure; and
    • for internal analytical and statistical purposes.

    Such data processing will normally be conducted on an anonymous basis.

    3.  Disclosure of Information

    3.1 We will only supply your personal information to a third party:

    3.1.1 where we need to verify your identity before we provide regulatory incubator services to you (or the entity you work for), or services in relation to your appointment as a Certified Person in which case we will share your information with CRAs and the DBS. The identities of the CRAs and the ways in which they use and share personal information are explained in more detail in the CRA Information Notice which can be found at: www.callcredit.co.uk/crainwww.equifax.co.uk/crain; www.experian.co.uk/crain/index.html; 

    3.1.2 where we need to share the information to provide a product or a service requested by you;

    3.1.3 where we need to send the information to persons or organisations who work on our behalf to provide a product or service to you, in which case such persons or organisations may only use this information in order to provide such product or service and not for any other purpose;

    3.1.4 companies which perform marketing services on our behalf or with whom we have joint marketing agreements, where we have your consent to share the information;

    3.1.5 if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our clients will be one of the transferred assets; or

    3.1.6 if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements, or to protect the rights, property or safety of our company, our ARs, clients or others, including exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

    4.  Where we store your information

    4.1 The data that we collect from you is stored in the UK but data may also be processed by staff operating outside the UK who work for us or for one of our suppliers for the purposes set out above only. In order to ensure that any third party treats your personal data in a way which is consistent with UK laws on data protection, we have put in place agreements with those third parties which contain provisions approved by the UK for protecting personal data.

    4.2 We will retain your information for six years, after which time it will be destroyed.

     5.  IP addresses and cookies

    5.1  When you use our Website we may obtain information about your computer and general internet usage, including your IP address, operating system and browser type, for system administration purposes.

    5.2 Cookies contain information that is transferred to your computer’s hard drive. Cookies allow us to tailor our Website to your needs by gathering and remembering information about your usage and preferences.

    5.3 In particular, cookies enable us:

    5.3.1 to gather information on IP addresses and pages visited;

    5.3.2 to analyse trends;

    5.3.3 to administer the website;

    5.3.4 to track users’ movements on the website; and

    5.3.5 to undertake statistical analysis.

    5.4 Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of our Website or accessing certain parts. Our system will issue cookies when you access our Website unless you have adjusted your browser settings so that it will refuse cookies.

    5.5 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

    5.6 Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

    5.7 Cookies can be used by web servers to identify and track users as they navigate different pages on a website and identify users returning to a website.

    5.8 The table below provides more information about the cookies we use and why:

    Name of cookieOwnerPurpose for the cookie
    Google AnalyticsThis is a web analytics service provided by Google Inc which uses cookies to show us how visitors found and explore our site, and how we can enhance their experience. It provides us with information about the behaviour of our visitors (eg how long they stayed on the site, the average number of pages viewed) and also tells us how many visitors we have had.
    DoubleClick.netThis is from the YouTube embedded video for a video showing Seonaid’s ‘Enterprising Women of the Year 2013’. YouTube has inbuilt advertising and uses DoubleClick.net to display relevant ads. As such this gets embedded at the same time.
    OptionLink out to YouTube
    Session CookiesTo allow access to the New Enquiry Form (password protected and login required)
    Windows 10 uses the Microsoft edgeChrome, Firefox etcWindows 10 uses the Microsoft edge browser by default unless you install Chrome, Firefox etc

    5.9 Most browsers allow you to refuse to accept cookies; for example:
    in Firefox (version 51) you can block all cookies by clicking “Tools”, “Options”, “Privacy”, selecting “Use custom settings for history” from the drop-down menu, and unticking “Accept cookies from sites”;

    in Chrome (version 55), you can block all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Content settings”, and then selecting “Block sites from setting any data” under the “Cookies” heading; and

    in Internet Explorer (11) you can turn “Cookies” off by opening Internet Explorer, click Internet options and select the “Privacy” tab. Under “Settings” move the slider to the top or bottom to decline or allow “Cookies” by selecting high or low and then press “apply”.

    5.10 You can delete cookies already stored on your computer; for example:

    in Firefox (version 51), you can delete all cookies by clicking “Tools”, “Options” and “Privacy”, then selecting “Use custom settings for history” from the drop-down menu, clicking “Show Cookies”, and then clicking “Remove All Cookies”;

    in Chrome (version 55), you can delete all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Clear browsing data”, and then selecting “Cookies and other site and plug-in data” before clicking “Clear browsing data”; and

    5.11 In Internet Explorer (11) you can select the safety button and then select Delete Browsing History. Then select the check box next to “Cookies”. Select the “preserve favourites” website data check box if you don’t want to delete the “Cookies” associated with website in their favourites list. Select delete.

    6.  Links to other policies and websites

    6.1 If you are a client or contact of an AR or of Sturgeon you should have received a privacy policy from the AR or relevant Certified Person of Sturgeon when they collected your information. This statement does not govern the use of your information by Sturgeon and/or our ARs and you should refer to Sturgeon’s/the AR’s policy to ensure that you understand how they will use your information. Sturgeon’s/the AR’s policy should also have informed you that your information would be passed to us. If you were not provided with such a privacy policy, please let us know. 

    6.2 This statement does not cover your use of, provision of data to and collection of your data on any website other than the Website.

    6.3 Our Website may from time to time contain links to and from other websites. If you follow a link to any of these websites please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these websites or policies. You should always check these policies before you submit any personal data to any third party website.

    7.  Your rights in respect of your information

    The GDPR gives you a number of rights in respect of your personal data, including:

    7.1 Right to access

    7.1.1 You have the right to access the information we hold about you. We may request proof of your identity before sharing such information.

    7.2 Right to rectify your personal data

    7.2.1 If you discover or are otherwise aware that the information we hold about you is incorrect or out of date, you may ask us to correct that information.

    7.3 Right to be forgotten

    7.3.1 You may ask us to delete information we hold about you in certain circumstances. It may not be possible for us to delete all of the information we hold about you where we have an ongoing relationship, however please contact us and we will do our best to assist with your request.

    7.4 Other rights

    7.4.1 In addition to the above, you may also ask us to stop or restrict processing of the information we have about you. You may also ask us to transfer your personal information to a third party in certain circumstances. If you would like any other information on these aspects of your rights or would like to exercise them, please contact us using.

    8.  Contact

    8.1 If you have any questions, want to exercise any of your rights or make a complaint, please contact us using the details at the beginning of this statement.

    8.2 If we are unable to resolve your complaint you may contact the Information Commissioner’s Office at the Exchange Tower, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Tele: 0303 123 1113.

    9.  Changes to this Data Protection Privacy Statement

    This statement may be reviewed and amended from time to time. As a result of improvements we make to our services, changes in the law or developments in technology, we may change the information we hold about you, the method and purposes for which we process such information. If we make any substantial change in the way in which we use your personal information we will notify you by email.

    10.  Law and Jurisdiction

    Your use of the Website is subject to the laws of England and Wales and the exclusive jurisdiction of the English courts regarding any disputes that may arise under it.