BGF Privacy Notice

Updated October 2020, version 5.0

About BGF and the lawful basis upon which it processes Personal Data

BGF was set up in 2011 to offer growing companies and ambitious entrepreneurs patient capital and strategic support. Today, we are the UK and Ireland’s most active investor in small and medium sized companies. An established and independent company, we have £2.5bn to support a range of growing companies – early stage, growth stage and quoted – across every region and sector of the economy. Hundreds of companies have benefited from our equity capital investments to accelerate growth.

It is in our legitimate interests to identify and contact suitable businesses that may benefit from investment by BGF and to continue to develop a relationship with them until such time as BGF may make an investment. Thereafter, it remains our legitimate interest to effectively manage the performance of our portfolio of investments including undertaking appropriate risk management,
exercising our legal rights and fulfilling contractual and regulatory obligations.

We believe growing businesses deserve the best possible support. That’s why we’ve built up a network that provides access to expertise, guidance and knowledge, whatever the sector or situation. It is in our legitimate interest to research the market to find those talented individuals best suited to join our network, and in their legitimate interest to have the opportunity to help nurture these growing companies.

Outside of our legitimate interest and any contractual agreements with you governing the processing of personal data, we shall obtain consent where practicable and proportionate in relation to the largely business-centric data that we process.

About this Privacy Notice

When we say ‘we’ or ‘us’ or ‘BGF’, we mean BGF Investments LP, BGF Ireland 1A LP, BGF Investment Management Limited (which acts as manager for BGF Investments LP and BGF Ireland 1A LP) and Business Growth Fund Limited as appropriate, each of whom are committed to protecting and respecting your privacy. The following group companies act as data controllers: BGF Investment Management Limited and Business Growth Fund Limited and the registered address of each company is 13-15 York Buildings, London, England, WC2N 6JU. If you would like to get in contact with us, you will find the appropriate contact details below.

“You” or “your” refers to you and any authorised person acting on your behalf. This may include but is not limited to your professional advisers. Whilst BGF primarily processes information related to businesses, this notice covers information we may hold on you and individuals connected to your business, such as a director, officer or employee of the business; partners or members of a partnership; any beneficial owner, controlling person or trustee; advisers or agents related to your business and any other person(s) with whom you have a relationship that is relevant to your engagement with BGF. It also refers to any individual who is an existing or prospective member of our Talent Network.

This privacy notice explains what information we collect, how the information is used, if it will be shared with others and the controls we’ll put in place to keep the information secure. The notice should be read alongside any other written agreement or related contracts between BGF and you in relation to its investment activity (including but not limited to any non-disclosure or confidentiality agreement, investment or subscription and shareholders’ agreement and/or any contract or engagement letter for the supply of goods or services). This notice continues to apply even after your engagement with us ends subject to the terms of any other written agreement between you and BGF.

It is your responsibility to ensure any relevant individuals are made aware of this notice and the rights and information it contains, prior to sharing any relevant information with us, or permitting (or reasonably expecting) us to obtain the information from an alternative source. If you, or anyone else on your behalf, has provided or provides information on an individual connected to your business to BGF, the responsibility to ensure that you or they have the authority or approval to do so remains with you.

The information we collect relating to you and individuals connected to your business and the key purpose for which that information will be used

BGF will collect your information and information relating to individuals connected to your business, in line with relevant regulations and applicable law. It could be collected from a range of sources and may relate to our investment portfolio; proposed new investments (some of which you and/or BGF may subsequently decide not to progress); or any previous investments. We may also collect information about you and individuals connected to your business when you or they interact with us, e.g. via a telephone call or email; visit our website or other digital channels; visit one of our offices; or ask about our investment activity at events; or via your affiliated intermediaries such as banks, corporate finance firms and other advisers. The information may come directly from you or individual(s) connected to your business such as other employees, professional advisers, and/or other related firms. We may supplement this information from publicly available sources, professional data service providers and other appropriate third parties.

The key purpose for collecting personal data and the type of information we may collect could include:

Information relating to you and individuals connected to your business that you provide to us, or which others provided to us on your behalf

for the purposes of our investment activity – investment proposals and supporting papers containing analysis and appropriate due diligence surrounding the suitability of a potential new or follow on investment and monitoring any of our portfolio of investments. This may include analysis about you and individuals connected to your business including: past, current and future performance assessments; drivers and motivations for obtaining investment; ongoing details regarding share ownership and financial remuneration; and information that may be obtained from third parties (e.g. references)

for the purposes of identifying investment risk and deal origination – trading information and risk rating information specific to your business and its key personnel in relation to identifying new opportunities, considering a potential new investment and our portfolio of existing investments

for the purposes of customer relationship management including marketing, business development and event management – information regarding email/mailing preferences, event and meeting attendance, areas of business interest, records of correspondence with you and individuals connected to your business via post/telephone/email/online and cookie/preference tracking information following engagement with us online or through other digital channels

for the purposes of joining and benefiting from our Talent Network – independent opinions and references, supplementary public career information, information from subscribed services such as Linkedin and Boardex, and relevant financial information for the purposes of past, current and future investment analysis and ongoing service improvement – data aggregated into data warehouse and similar technologies to enable us to effectively analyse, report and where appropriate conduct predictive analytics in relation to investment performance

for the purposes of compliance, fraud prevention, physical security, other legal and regulatory obligations and pursuing our mutual legitimate interests and legal rights – records of correspondence and other communication between you and your professional advisers and BGF, including email, instant messages, voicemail and records captured through other digital channels. Additionally, we will collect individual information for the purposes of maintaining an insider list in compliance with Market Abuse Regulation (596/2014) in respect of our investment activity in regulated markets

for the purposes of staff and visitor welfare (including stopping the spread of Covid19), security, fire safety and crime prevention – CCTV, sign in/out and digital door entry records at any of our offices or scheduled events

How we make decisions about investing in your business

We undertake due diligence and use our experience to help decide whether investing in your business is right for us. We do not use automated decision support systems.

Using your data for marketing and market research

We may use your information and information relating to individuals connected to your business to provide information about BGF’s investment activity and products or services from our partners and other relevant third parties. We may send marketing messages by post, email, telephone, text or secure messages and our other digital channels.

If you or individuals connected to your business wish to change how marketing messages are sent or wish to stop receiving these, please update your preferences or contact us using the details below. It may take us a short period of time to update our systems and records to reflect requests to stop receiving marketing messages, during which time you and individuals connected to your business may continue to receive marketing messages. Even if you tell us not to send marketing messages, we’ll continue to use contact details to provide important information, such as details regarding our investment in your business or opportunities through our Talent Network.

We may use your information and information relating to individuals connected to your business for market research and to identify trends. Market research or public relations agencies acting on our behalf may get in touch with you or individuals connected to your business by post, telephone, email or other methods of communication to invite you or them to take part in research. If you don’t have a contractual requirement to participate, and you prefer not to take part, please contact us to request that you or the details of any individual connected to your business which you have
provided be removed.

Who we might share information with

We may share your information and information relating to individuals connected to your business with others where lawful to do so where we (subject to the terms of any confidentiality agreement in place governing such information):

need to in order to successfully provide the services we’ve agreed to provide you (e.g. investment related activity)

have a legal or regulatory duty to do so (e.g. preventing fraud and other financial crime, for regulatory reporting including internal and external audit, asserting or defending our legal rights and interests)

have a legitimate business reason for doing so (e.g. to manage risk, verify identity, enable another company or individual to provide you with services you have requested, assess your suitability for investment by BGF, or in order to monitor our investment)

have asked you and/or if appropriate the individuals connected to your business for your permission to share it, and you (or they) have agreed

We may also share your information and information relating to individuals connected to your business (subject to the terms of any confidentiality obligations in place governing such information) with:

other BGF Group companies (which does not include our portfolio of investments) and any subcontractors, agents or service providers who work for us or provide services to us or other BGF Group companies to the extent reasonable and necessary to do so

authorised agents, professional advisers and sub-contractors acting for you, your business, or individuals connected to your business

authorised agents and professional advisers that provide due diligence and corporate transaction services on our behalf, which may include but are not limited to legal advisers, tax advisers, financial advisers and specialist sector/industry experts

other financial institutions, lenders and holders of security over any property or assets over which we may have a charge, tax authorities, trade associations, credit reference agencies, payment service providers and debt recovery agents. To understand how your data may be processed by our credit referencing agency please review their privacy notice here
https://www.transunion.co.uk/legal-information/bureau-privacy-notice

our existing portfolio companies or a prospective new investment but only to the extent of providing your contact details or those of individuals connected with your business where they may be relevant (e.g. Talent Network or inter-portfolio business development activities)

our KYC provider who’ll also use it to verify your identity

anybody else that we’ve been instructed to share your information with by you, or anybody else who provides instructions or operates any of your investment services on your behalf

we may share our knowledge and expertise through aggregated and anonymised data with industry bodies and other interested parties both in the UK and abroad, such as government organisations, to facilitate industry analysis and policy formulation

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

How long we’ll keep information

Our general retention policy is to keep information for a minimum of seven years although we will keep information for as long as is necessary to fulfil the purposes we collected it for and to comply with our legal and regulatory requirements, therefore we will often extend the seven-year period should we anticipate the need to re-engage with you for similar services as we continue to monitor your business through our customer relationship management and deal flow activities.

We may retain records relating to you and individuals connected to your business for legitimate reasons, for example preventing fraud and financial crime, complying with regulatory requirements, protecting our legal rights and interests, or dealing with complaints.

Where information has been shared with third parties in relation to our investment activity with you or those connected to your business, those third parties may use different retention schedules to ours in line with their own terms, conditions and associated policies.

Transferring information overseas

Your information and information relating to individuals connected to your business may be transferred within the European Economic Area (EEA). In certain limited circumstances, information may be transferred outside of this area, for example, this may include your instruction, or instruction from your professional advisers, to transact with services providers, trade bodies, corporate finance providers and other agents outside of the EEA. Where it is in our own legitimate interests to transfer personal data outside the EEA, we will apply or seek a similar level of protection commensurate with the sensitivity of the personal data.

Rights of Individuals

You and individuals connected to your business have a number of rights in relation to the information that we hold about them. These rights include:

the right to access information we hold about them and to obtain information about how we process it

in some circumstances, the right to restrict, object to or withdraw their consent to our processing of their information, which they can do at any time. We may continue to process their information if we continue to have a legitimate reason for doing so

in some circumstances, the right to receive certain information they have provided to us in an electronic format and/or request that we transmit it to a third party

the right to request that we rectify their information if it’s inaccurate or incomplete

in some circumstances, the right to request that we erase their information. We may continue to retain their information if we continue to have a legitimate reason for doing so

You and individuals connected to your business can exercise their rights by contacting us using the details set out in the ‘Who to contact for more information” section above. Individuals also have a right to lodge a complaint to the UK Information Commissioner’s Office. Further information can be obtained by visiting www.ico.org.uk.

Regulatory requirements such as fraud prevention and anti-money laundering

In order to comply with our legal, regulatory and compliance requirements, we may need to share your data or that of individuals connected to your business with the Financial Conduct Authority, National Crime Agency or other such regulatory bodies and any of our third-party providers in respect of providing KYC or compliance and regulatory consultancy services to BGF.

This data may include but is not limited to name, address, date of birth, contact details, financial and employment information used to verify your identity and detect evidence of possible fraudulent activity. This processing is typically a contractual requirement and remains a legitimate interest to protect our business and comply with relevant laws and regulations.

How we keep your information secure

We use a range of technical and organisational measures to keep information safe and secure which may include encryption and other forms of security. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and applying appropriate measures for the use and transfer of information.

What we need from you

You are responsible for making sure the information you give us, information which is provided by individuals connected to your business, or information which is otherwise provided on your behalf is accurate and it is your responsibility to inform us to update your records.

Who to contact for more information

Due to the limited nature, volume and sensitivity of personal data that BGF process, we are not required to employ a formal Data Protection Officer. You or individuals connected to your business can obtain further information on anything stated in this Privacy Notice, or can exercise your rights under this notice, by writing to:

Compliance Officer (Data Privacy)
BGF
36 Melville Street
Edinburgh
EH3 7HA