The EU General Data Protection Regulation (GDPR) includes rules on giving privacy information to data subjects in Articles 12, 13 and 14. These are more detailed and specific than in the Data Protection Act and place an emphasis on making privacy notices more transparent, and accessible.
A privacy notice must be supplied to each individual at the time they provide their personal data. The GDPR says that the information a company provides to individuals about the processing of their personal data must be:
• Concise, transparent, intelligible and easily accessible;
• Written in clear and plain language, particularly if addressed to a child; and
• Free of charge.
2. Identity and contact details of the Data Controller
Sempera Limited ‘Sempera’ or ‘The Firm’ is the Data Controller and is committed to protecting the rights of individuals in line with the Data Protection Act 1998 (DPA) and the new General Data Protection Regulation (GDPR).
3. How your information will be used
a) Personal information means information or pieces of information that could lead to your identification. Your information will be used by Sempera for business, regulatory and legal purposes. Sempera is an investment management company; regulated activity by the Firm is governed by the Financial Services and Markets Act 2000 (“FSMA”). We will use the information provided to enable The Firm to comply with its duties and obligations in accordance with FSMA and with the Financial Conduct Authority (“FCA”) handbook and guidance. If you do not provide this data, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision.
b) Sempera pursues regulatory/ compliance/ risk activities, and as such, we may need to process your data to pursue our legitimate business interests, for example to prevent fraud, administrative purposes or reporting potential crimes. The nature of our legitimate interests will vary between being directly or indirectly involved with regulated activities under the Financial Services and Markets Act 2000 (or other similar laws applicable to financial or corporate activities in other jurisdictions), or being directly or indirectly involved with activities which fall under other Acts of Law or Regulations, such as Money Laundering Regulations 2017, the Proceeds of Crime Act 2002, the Counter Terrorism Act 2008, and Market Abuse Regulation 2016. We will never process your data where these interests are overridden by your own interests.
c) As part of our regulatory obligations, we will use your information to send Regulatory newsletters with updates on regulatory matters, investor statements and important information to keep you updated with changes in regulation, updated guidance and business practices, changes to policy or processes, and any additional communication that allows us to additionally fulfil our contractual obligations towards you.
d) Much of the information we hold will have been provided by you, but some may come from other sources such as fund administrators.
e) The sort of information we hold includes your personal information for example as per your subscription documents which include your name/ contact information which includes your email and address/ date of birth/ citizenship, and other personal information.-
f) For the processing of any special categories of information relating to your racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, biometric data or sexual orientation, we will always obtain your explicit consent to those activities unless this is not required by law. Where we are processing data based on your consent, you have the right to withdraw that consent at any time.
g) We will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties, for instance we may need to provide certain information to counterparties as part of the course of our services.
h) In limited and necessary circumstances, your information may be transferred outside of the EEA or to an international organisation to comply with our legal or contractual requirements. Our organisation will only transfer data where we are legally or contractually obliged to, and where safeguards are in place to ensure data is respected and handled lawfully.
i) Your information will be stored for a period of six (6) years after our contract with you is terminated, or 5 years for unsolicited CVs.
j) If in the future we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information.
4. Your rights
a) Under the General Data Protection Regulation (GDPR) and The Data Protection Act 1998 (DPA) you have a number of rights with regard to your personal data. You have the right to:
• request from us access to and obtain a copy of your personal data held
• rectification of incorrect or incomplete data
• erasure of your personal data where there is no legitimate basis for it to be held
• restrict processing
• object to processing as well as in certain circumstances the right to data portability.
b) If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
c) You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or DPA 18 with regard to your personal data.
5. Security of your information
Access to personal data is limited to authorised personnel only, with data access controlled by Senior Management.
6. Identity and contact details of controller and data protection officer
Sempera is the controller and processor of data for the purposes of the DPA 1998 and GDPR.
Sempera has opted not to appoint a Data Protection Officer, which is within the GDPR. Any matters relating to Data Protection can be raised to any of the following persons within the firm:
a) The Company Directors
b) The Head of Compliance
7. Who to Contact
If you have any questions, comments or concerns about Sempera’s handling of your personal data, you may contact us by email at firstname.lastname@example.org, by writing to us directly at our business address 39 Cheval Place, London, SW7 1EW or by calling us at 0203 781 8430 Your request will be welcome and promptly directed to the appropriate representative of Sempera. To expedite any such requests please provide us with your full name and email.
If you remain dissatisfied then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at:
Information Commissioner’s Office