INTRODUCTION
Frostrow Capital LLP ("Frostrow Capital", or “we”, “us” or “our") respects your privacy and is committed to protecting your personal data. This privacy notice sets out how personal data will be processed by Frostrow Capital. Please read the privacy notice carefully to understand our views and practices regarding your personal data and how we will treat it.
This policy will also tell you about your privacy rights and how you may exercise these.
This privacy notice is provided in a layered format so you can click through to the specific areas set out below. Please also use the Glossary to understand the meaning of some of the terms used in this privacy notice.
In this privacy notice “you” means visitors to www.frostrow.com, Frostrow Capital’s website (the “Website”) and individuals who contact us in any other way, whether by telephone, email, by post, in person by visiting our office, or otherwise.
- Important information and who we are
- The data we collect about you
- How is your personal data collected
- How we use your personal data
- Disclosures of your personal data
- International transfers
- Data security
- Data retention
- Your legal rights
- Glossary
1. IMPORTANT INFORMATION AND WHO WE ARE
WHO WE ARE
Frostrow Capital is an independent investment companies group and Alternative Investment Fund Manager (“AIFM”), specialising in providing services to a growing number of leading London Stock Exchange-listed investment trust companies (“ITC”). As part of our full service offering, we are able to manage all aspects of the day-to-day operations, administration and promotion of ITC, thus enabling investment managers to focus on the investment portfolios under their management.
PURPOSE OF THIS PRIVACY NOTICE
This privacy notice aims to give you information on how Frostrow Capital collects and processes your personal data through your use of this Website, or when you contact us in any other way, whether by: telephone, email, post, in person by visiting our office, or otherwise.
In legal terms, we are a “controller” of your personal data. This means that we make decisions about how and why we process your personal data and, because of this, we are responsible for making sure it is used in accordance with data protection laws.
This Website is not intended for children and we do not knowingly collect data relating to children.
It is important that you read this privacy notice together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
CONTROLLER
Frostrow Capital LLP (“Frostrow Capital”, "we", "us" or "our”) is the “controller” of your personal data, which is a legal term meaning we decide how and why your personal data is processed.
If you have any questions about this privacy notice, including any requests to exercise your legal rights (as detailed in Section 9 of this privacy notice), please contact us using the details set out below.
Our full details are:
Frostrow Capital LLP (limited liability partnership registration number: OC323835)
Registered office and correspondence address: 25 Southampton Buildings London WC2A 1AL (our “Business Premises”).
Email: data.protection@frostrow.com
You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues, or any other competent data protection authority, regarding the treatment of your personal data.
Website: https://ico.org.uk/global/contact-us/
Address: Wycliffe House, Water Lane Wilmslow, Cheshire SK9 5AF
We would, however, appreciate the chance to deal with your concerns before you approach the ICO or other data protection authority so we would encourage you to please contact us in the first instance.
CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES
We may change this policy from time to time to reflect changes in our practices with respect to the processing of personal data, or changes in applicable law. All amended terms will automatically take effect immediately on posting. Please read this privacy notice carefully, and regularly check this page to review any changes we might make. Where we make material changes in relation to how we process your personal data, we shall update this privacy notice and notify you of such changes by way of notification on this Website.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
2. THE DATA WE COLLECT ABOUT YOU
Personal data means any information about an individual from which that person can be identified.
We may collect, use, store and transfer different kinds of personal data about you, depending on the nature of our relationship with you; these we have grouped together in categories along with the data types within each category, as follows:
- Identity Data (information used to identify a specific individual) such as your first name and last name, gender, date of birth, passport details or other identity documents.
- Contact Data includes company name, job title; and home/business postal addresses, telephone numbers and email addresses.
- Financial Data includes bank account details including IBAN and SWIFT codes.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website.
- Usage Data includes information about how you use our Website, products and services.
- Marketing Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- Communications Data includes all communications we have with you whether by email, post, telephone or otherwise.
Occasionally, we may need to collect special categories of information from you, such as: details of your health – for example if you wish to visit our Business Premises and you have special access requirements; and, depending on your relationship with us, political opinions or affiliations, so that we can identify that you are, or are connected to, a politically exposed person (a “PEP”). In addition to health (and genetic and biometric data) and political opinions, special category data includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation and trade union membership. Again, depending on your relationship with us, we may also collect information about criminal and alleged criminal offences (“Criminal Offence Data”). We will only ever process such data in a manner that is allowed by data protection laws. This means that in some circumstances we may need your explicit consent to process this data, which we will request when required. You may withdraw such consent at any time.
We may collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity (anonymised data). For example, we may aggregate your Usage Data to enable us to decide how to improve the usefulness and efficiency of our Website. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
3. How Is Your Personal Data Collected?
As you interact with the Website, we may automatically collect Technical and Usage Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookie declaration for further details.
Depending on your relationship with us, we may also collect personal data from and about you, through the use of the following different methods:
- Direct interaction. You may give us your Identity and Contact Data by corresponding with us by telephone, email, post, visiting our Business Premises or otherwise. This includes personal data you provide when you:
- view our Website or our Twitter account;
- seek information or give us instructions related to our services;
- request marketing communications from us in respect of our ITC clients;
- visit our Business Premises, or attend events or promotions;
- respond to our requests for ID verification materials;
o provide us with feedback.
Note that where you contact us by telephone, the call may be recorded and retained in connection with the fulfilment of our legal obligations.
- Automated technologies or interactions. As you interact with our website, we may automatically collect Technical and Usage Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookie declaration for further details.
- Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below.
- Technical Data from the following parties:
- Analytics, storage, tools and media providers;
- IP tracking service providers;
- automated quality control tools;
- automated security and compliance tools;
- social media networks, such as Twitter and LinkedIn; and
- email distribution and survey providers;
- Technical Data from the following parties:
-
- Identity and Contact Data from third-party service providers, such as:
- Argyll, our Business Premises’ management company;
- Companies House, the Financial Conduct Authority (in respect of access to the Financial Services Register and the Directory of Certified and Assessed Persons); and the London Stock Exchange;
- Background check providers, such as Verifile;
- social media networks (as detailed above); and
- data feeds such as Bloomberg and Morningstar.
- Identity and Contact Data from third-party service providers, such as:
4. HOW WE USE YOUR PERSONAL DATA
We have set out below, a description of all the ways we plan to use your personal data, which will depend on our relationship with us. We will only use your personal data when allowed by law. Most commonly, we will use your personal data in the following circumstances:
- Where it is necessary in order to perform a contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, as more specifically described below.
- Where it is necessary for us to comply with a legal obligation.
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third-party direct marketing communications to you via email.
We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one of the lawful bases detailed above, depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific lawful basis or bases we are relying on to process your personal data, as set out below.
PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
1. To provide you with services that you have requested we perform, or otherwise carry out our obligations arising from any contract(s) you have entered into with Frostrow Capital
This includes, if you are:
(a) a director or shareholder of one of our ITC clients;
(b) a subscriber to marketing communications in respect of our ITC clients and any hosting networking events;
(c) a service provider or a representative of a service provider, either appointed by Frostrow Capital, or appointed by our ITC clients;
(d) a representative of a firm interested in the services that Frostrow Capital can provide; or
(e) anyone else with whom we maintain any other business relationship.
Type of data:
(a) Identity
(b) Contact
(c) Financial
Lawful basis for processing including basis of legitimate interest:
(a) Necessary to perform a contract with you
(b) Necessary for our legitimate interests (to provide you with services; and for marketing purposes)
(c) Necessary to comply with a legal obligation
2. To manage our relationship with you
This includes:
(a) Notifying you about changes to our terms or privacy policy
(b) Seeking your decision on whether or not to remain as a subscriber to our ITC client marketing communications
(c) Asking you to leave a review or complete a survey
Type of data:
(a) Identity
(b) Contact
(c) Marketing and Communications
Lawful basis for processing including basis of legitimate interest:
(a) Necessary to comply with a legal obligation
(b) Necessary for our legitimate interests (to develop our business keep our records updated, to study how Website users interact with us)
3. To carry out any compliance or risk management checks
Type of data:
(a) Identity
(b) Contact
This includes to verify your identity.
Lawful basis for processing including basis of legitimate interest:
Necessary to comply with a legal obligation
4. To send business or marketing communications which we think may be of interest to you or which you have otherwise indicated a preference to receive (each of which shall contain a mechanism via which you may unsubscribe from receiving any such further communications)
This includes sending you requested marketing communications in respect of our ITC clients and any hosting networking events.
Type of data:
(a) Identity
(b) Contact
(c) Marketing and Communications
Lawful basis for processing including basis of legitimate interest:
Necessary for our legitimate interests (for marketing purposes)
5. To ensure that the content of our Website is presented in the most effective manner for you and your device, and to perform statistical analysis in respect of your use of the Website.
This includes details of your visit to the Website, including traffic data, location data and other communication data, as well as information regarding the resources and sections of the Website that you access.
Type of data:
(a) Technical
(b) Usage
Lawful basis for processing including basis of legitimate interest:
(a) Necessary for our legitimate interests (to keep our Website updated and relevant, to develop our business and to inform our marketing strategy)
(b) Necessary to comply with a legal obligation
6. To manage the efficient operation of our business and the provision of our services and to also protect our business and this Website
This includes: troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data
Type of data:
(a) Identity
(b) Contact
(c) Technical
Lawful basis for processing including basis of legitimate interest:
(a) Necessary for our legitimate interests (for managing the efficient operation of our business, the provision of services to you, the provision of administration, IT services and network security, the prevention of fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
MARKETING
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and communications.
Depending on our relationship with you, occasionally, we would like to contact you with details such as events that we are promoting on behalf of our ITC clients. Where we are legally able to do so, we will process your personal information for these purposes using the lawful basis of it being necessary for our legitimate interest in undertaking marketing activities and if we are sending you marketing communications via email, we will rely on "soft opt-in" consent for the purposes of the ePrivacy legislation. You have the right at any time to stop us from contacting you for marketing purposes by opting out, as detailed in the Opting Out section below.
RECORDING PHONE CALLS
We may monitor or record phone calls with you, in case we need to check we have carried out your instructions correctly and to resolve queries or issues. Our lawful basis for doing this is the performance of our contract with you. We may also monitor or record phone calls with you for regulatory purposes (the lawful basis on which we do this is so as to comply with our legal obligations), to help improve our quality of service and to help detect or prevent fraud or other crimes (the lawful basis for these activities being our and your legitimate interests).
THIRD-PARTY MARKETING
We will not sell your personal data to third parties for them to market their services to you.
OPTING OUT
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us.
COOKIES
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site about aspects of your visit. For more information about the cookies we use and how you can control them, please see our cookie declaration.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will either do so after obtaining your consent or where we are required/permitted by law in the public interest.
5. DISCLOSURES OF YOUR PERSONAL DATA
We will only share your personal data with third parties in the ways set out in this privacy policy. We do not sell your personal data to third parties for them to market their services to you.
We may share your personal data with our service providers as necessary for our business activities, such as managing our client relationships. In all cases we will have a written agreement with these companies safeguarding your personal data, including that it may only be processed for the purposes of that agreement and on our instructions.
We may also share your personal data with external third parties:
- as required by law, such as to comply with a legal obligation or similar legal process;
- as allowed by law, such as when we believe in good faith that disclosure is necessary for our legitimate interest, such as investigating fraud, to make or defend a legal claim, to protect your safety or the safety of others, or to maintain our compliance or that of our staff with applicable laws and regulations;
- with third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice; and
- in other situations, only with your prior consent.
Examples of external third parties are set out in the Glossary.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
6. INTERNATIONAL TRANSFERS
Wherever possible we do not transfer your personal data outside the United Kingdom and European Economic Area (EEA).
Some of our external third parties are based outside the United Kingdom or the EEA so their processing of your personal data may sometimes involve a transfer of data outside the United Kingdom or the EEA.
Whenever we transfer your personal data out of the United Kingdom or EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data, without pre-approved transfer mechanisms, to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or United Kingdom Secretary of State under UK or EU data protection laws (as appropriate).
- Where we use providers based in the US, or in other countries outside the United Kingdom and the EEA which are not deemed to provide adequate protections for personal data, we may transfer data to them on the basis of a transfer mechanism which has been approved by the European Commission and/or UK government, as relevant, such as the EU Standard Contractual Clauses together with the UK International Data Transfer Addendum or the UK’s International Data Transfer Agreement.
Please contact us if you would like further information on the specific mechanism used by us when transferring your personal data out of the UK and/or the EEA.
7. DATA SECURITY
We take your privacy very seriously and have implemented technical and organisational measures designed to protect and secure your personal data and prevent it from being accidentally lost, used or accessed in an unauthorised way.
You are responsible for ensuring that any personal data that you send us is sent securely.
We have procedures in place to deal with any suspected information security breach. We will notify you, and any applicable regulator, of any suspected breach where we are legally required to do so.
When we use third-party organisations to process information on our behalf, we ask them to demonstrate their compliance with our security requirements and any instructions we may give them and their compliance with relevant data protection legislation throughout the time of their relationship with us. These organisations take their instructions from us and their obligations with regard to what information they process and what they can do with it are agreed in the contracts we have with them.
8. DATA RETENTION
HOW LONG WILL YOU USE MY PERSONAL DATA FOR?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us. In some circumstances you can ask us to delete your data: see Request erasure below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you and is no longer personal data) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
9. YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please click on the links below to find out more about these rights:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent.
If you wish to exercise any of the rights set out above, please contact us.
NO FEE USUALLY REQUIRED
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
WHAT WE MAY NEED FROM YOU
We may need to request specific information from you to help us confirm your identity and ensure your right to exercise your rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to clarify your request.
TIME LIMIT TO RESPOND
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
10. GLOSSARY
LAWFUL BASIS
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
THIRD PARTIES
External Third Parties
- Technology providers such as telephone providers, email providers, IT service providers, Website hosting providers
- ITC client registrars
- Printers and fund administrators
- Professional advisers including accountants, auditors, lawyers, bankers, insurers and compliance consultants.
- HM Revenue & Customs, regulators and other authorities acting as processors based in the United Kingdom who require reporting of processing activities in certain circumstances.
- Fraud prevention agencies.
- Event organisation companies and venues for events.
- We may also share your personal data if we are required to by law, under any code of practice by which we are bound or where we are asked to do so by a public or regulatory authority or governmental entity. We may also do so where we think this is necessary, for example to meet our legitimate interests in protecting our business, including from fraud and legal claims.
YOUR LEGAL RIGHTS
You have the right to:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Last updated: April 2023