We are Octopus Renewables Infrastructure Trust Plc and its subsidiaries (the “Group”) and to use your personal data we rely on third parties to develop our business under our directions. For this reason your personal data will normally be directly processed by companies like Octopus AIF Management Limited, who is our Alternative Investment Fund Manager, Octopus Investments Limited, our Investment Manager, or parties carrying out other functions like our Administrator, Registrar, Receiving Agent or Broker, and we will not access or anyhow process your data unless it is strictly necessary. You can find more information about those parties here.
Some data collected by this website, mainly concerning website users contacting for general enquiries, are under the Investment Manager’s (or other companies) control and we are not responsible for the processing of such data. Please ensure you read their privacy notices if you believe they apply to you.”
We process your personal data for the management and administration of shareholdings, to enable us to promote and supervise the management of the Group, to monitor the performance of the Company’s investments, to maintain our accounts and records, to communicate with directors and past, current or prospective shareholders and contractors and co- investors, and to deal with any enquiries or requests you raise.
This notice explains what data we process, why, how it is legal and your rights and it is important you read the whole notice because this section only summarises the relevant points.
About us and this notice
This Privacy Notice is provided by Octopus Renewable Infrastructure Trust Plc and its subsidiaries as may be from time to time, (all of us together, the “Group” or “we” or “us”) and to the extent we process your personal data directly or by a contractor doing it under our instructions, we are the data controller and responsible for processing your data.
We are based in the United Kingdom and we comply with the data protection laws applicable in the United Kingdom and in any other country where we operate or otherwise process your data, including the European General Data Protection Regulation where applicable.
We take your privacy very seriously. We ask that you read this Privacy Notice carefully as it contains important information about our processing and your rights.
In this Privacy Notice, there are references to various pieces of European Union legislation, for instance the European Union General Data Protection Regulation. While the UK remains a member of the EU or becomes subject to a transitional and implementation period (“TIP“) following the exit day when the UK leaves the EU, during which EU law continues to apply to the UK as if it were still a member of the EU, references to EU legislation should be construed as references to that legislation as enacted by the EU. Should the UK leave the EU without becoming subject to a TIP or on the TIP coming to an end, references to EU legislation should be construed as references to that legislation as transposed into UK law by the European Union (Withdrawal) Act (“EUWA“) and as further amended by secondary legislation made under EUWA.
How to contact us
If you need to contact us about this Privacy Notice, or would like this Privacy Notice in another format (for example: audio, large print, braille), please contact us via our company secretary by using the details below.
PraxisIFM Fund Services (UK) Limited
2 Puddle Dock
Changes to this Privacy Notice
The latest version of this Privacy Notice can always be found here at octopusrenewablesinfrastructure.com/privacy-notice.
We may change this Privacy Notice from time to time. Regularly reviewing this page ensures that you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.
Current version: 18 November 2019
Useful words and phrases
Please familiarise yourself with the following words and phrases (used in bold) as they have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:
|Group, we, us||Means Octopus Renewables Infrastructure Trust Plc whose registered office is at: Mermaid House, 2 Puddle Dock, London EC4V 3DB, and its subsidiaries.|
|controller||This means any person who determines the purposes for which, and the manner in which, any personal data is processed.|
|criminal offence data||This means any information relating to criminal convictions and offences committed or allegedly committed.|
|Data Protection Laws||This means the Data Protection Act 2018 and any other applicable national laws related to data protection, privacy and electronic communications, applicable in the territories we operate or in relation to your personal data, including the European Union General Data Protection Regulation 2016/679.|
|data subject||The individual to whom the personal data relates.|
|Data Protection Supervisor||This means the UK Information Commissioner’s Office, or any other regulatory authority responsible for implementing, overseeing and enforcing the Data Protection Laws in the territories applicable to us.|
|individual||This means a living natural person.|
|personal data, data||This meansany information from which an individual can be identified. This includes information such as telephone numbers, names, addresses, e-mail addresses, photographs and voice recordings. It will also include expressions of opinion and indications of intentions about data subjects (and their own expressions of opinion/intentions). It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.|
|processing||This covers virtually anything anyone can do with personal data, including: |
– obtaining, recording, retrieving, consulting or holding it;
– organising, adapting or altering it;
– disclosing, disseminating or otherwise making it available; and
– aligning, blocking, erasing or destroying it.
|processor||This means any contractor who processes your personal data under our specific instructions and on our behalf.|
|special categories of data or Sensitive Personal Information||This means any information relating to: |
– racial or ethnic origin;
– political opinions;
– religious beliefs or beliefs of a similar nature;
– trade union membership;
– physical or mental health or condition;
– sexual life;
– criminal data; or
– genetic data or biometric data for the purpose of uniquely identifying you.
|you||Current, former and prospective:|
– contractors and/or service providers;
– buyers and sellers of renewable energy assets;
– co-investors in renewable energy assets;
– issues of any securities or debt instruments in which the Group invests;individual investors;
– individuals employed by or connected to the above; or
– any other individuals contacting the Group for any purposes related to our business.
What personal data do we collect?
Information we process about you
We, or our processors, collect your contact details such as name, email address, address, telephone number, bank account details, KYC (know your customer) documents such as your passport and credit history, personal identifiers, such as social security number and national insurance number, age, professional title, occupation, financial information and tax status. We do not directly process most of the information you give to our Alternative Investment Fund Manager, Investment Manager, Registrar, Administrator and other third parties like our Brokers, and when they collect your personal data, or any personal data you provide to them, they will inform you about the processing of this data for their own purposes or on our behalf if appropriate.
How Personal Data is collected from you
Your personal data will be collected when buying shares in Octopus Renewables Infrastructure Trust Plc or through interactions with us or our contractors in the course of our business, investments, or interests in common, or as part of the services we deliver to you.
Your personal data may also be collected from a third party advisor (such as an introducing agent), from publicly available sources (such as Companies House) or an identification verification database.
Sensitive Personal Information or Special Categories of Data
We do not envisage the use of your sensitive personal data as part of our business and will only request for it if it is strictly necessary in order to comply with a legal obligation or otherwise according to the law.
In case we request for this information we will inform you at the time this is requested for, if necessary we will ask for your consent, and we will protect this information with greater care.
Personal information about other individuals
If you provide us with information about other individuals you confirm that you are mandated by them and thus act under their instructions and have informed them about this Privacy Notice as appropriate.
Why do we process your personal data?
We use your personal data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section ‘How is processing your data lawful’ for further detail):
- To facilitate share transactions
- To manage and administer share holdings
- To carry out AML checks
- To make and administer investments
- To enable us to promote and supervise the management of the Group
- To maintain our accounts and records
- To communicate with prospective, current or former directors, shareholders, contractors, other service providers and investors
- To comply with regulatory and tax requirements and other legal obligations
- To deal with any enquiries or requests you raise
Neither us nor any of our processors make decisions about you based on automated processing of your personal data.
How is processing your data lawful?
We are allowed to process your personal data for the following reasons and on the following legal bases:
We have a legitimate interest in sharing data about you
(i) between our group entities if necessary for internal administrative purposes; and
(ii) with our contractors when it is necessary for them to deliver the services we are contracting.
We do not share information about you with these third parties in a context other than where it is necessary to perform a contract or for us to run and manage our business efficiently as you expect us to do.
You can find more information related to third parties in this Privacy Notice (see “Who will have access to your personal data?”). You can object to processing that we carry out on the grounds of legitimate interests as long as it is not linked to another legal ground (for example if it is necessary to perform a contract we have in place with you). See the section headed “Your Rights” to find out how.
It is necessary for our performance of the contract you have agreed to enter with us. If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms of your contract.
We are subject to legal obligations to process your personal data
for the purposes of complying with applicable regulatory, accounting and
financial rules, health and safety and to make mandatory disclosures to government
bodies, tax administrators and law enforcement agencies.
Who will have access to your personal data?
Our Administrator, Registrar and Receiving Agent will directly collect and process your personal data as our processors. The companies delivering these services are as follows:
|Who information is processed by: processors|
|Administrator and Company Secretary||PraxisIFM Fund Services (UK) Limited|
|Registrar||Computershare Investor Services Plc|
|Receiving Agent||Computershare Investor Services Plc|
In addition, we share your personal data with the following entities who act as separate controllers of your personal data because although they are our contractors, they decide why and how to use your data when providing services for us. You should review their privacy notices to find out how they process your personal data. If you have any queries or complaints about how they process your personal data by them, please contact them separately using the contact information provided on their website.
|Who information is shared with: controllers||Link to their privacy notice|
|To the extent that they do not act under our instructions (for example when they need to comply with their own legal obligations): Administrator and Company Secretary||PraxisIFM Fund Services (UK) Limited|
|To the extent that they do not act under our instructions (for example when they need to comply with their own legal obligations): Registrar||Computershare Investor Services Plc|
|To the extent that they do not act under our instructions (for example when they need to comply with their own legal obligations): Receiving Agent||Computershare Investor Services Plc|
|Investment Manager||Octopus Investments Limited|
|Depositary||BNP Paribas Securities Services|
|Broker and Placing Agent||Peel Hunt LLP|
|Other parties by categories||We share data concerning you with other providers such as our legal advisers based in each of the territories we operate. We will also share your personal data with the police, tax authorities and other law enforcement agencies or regulators where we are required by law to do so. More information concerning these recipients is available under request.|
Transfers of your personal data outside the territories where we operate
Where we transfer your personal information outside the United Kingdom and/or the territories where we operate, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. This can be done in a number of different ways, for instance:
- the country to which we send the personal information may be approved according to the United Kingdom law parameters, or by the European Commission as providing adequate protection for personal data;
- by having in place a contract based on “model contractual clauses” approved by the European Commission;
- where the recipient is located in the US, it may belong to the EU-US Privacy Shield scheme; or
- where the law permits us to otherwise transfer your personal information to another country.
If you would like further information about the safeguards we have in place to protect your personal information, please contact us at [email protected]
How we keep your personal data secure
We strive to implement appropriate technical and
organisational measures in order to protect your personal data against
accidental or unlawful destruction, accidental loss or alteration, unauthorised
disclosure or access and any other unlawful forms of processing. We aim to
ensure that the level of security and the measures adopted to protect your personal
data are appropriate for the risks presented by the nature and use of your personal
data. We follow recognised industry practices for protecting our IT environment
and physical facilities and we ensure that the companies processing your data
on our behalf provide an adequate level of protection to secure both your
personal data and other confidential information.
When will we delete your personal data?
Our main rule is not to keep your data for longer than we need to in order to meet all the purposes we included in the section “Why do we process your personal data?“.
With this in mind, your personal data will generally be retained for the longest of the following periods:
- for us and the processors and/or any authorised third parties to carry out the purposes for which the data was collected or as long as is set out in any relevant agreement you enter into with us;
- in order to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations; and/or
- any retention period that is required by data protection laws and any applicable laws or regulatory requirements.
For example, if you are a shareholder, we will keep your data during the time you are in such position after which, we will keep your personal data if we need it to comply with a legal obligation or if we need it to meet other purposes, but if we do not need all the data you provided at first instance, we will delete the remaining data. For most of the purposes and legal obligations we have stated a retention period of 6 years although this might vary depending on the agreements we have in place with you, or other legal obligations. A detailed retention schedule is available upon request.
As a data subject, in certain circumstances, you have the following rights under the Data Protection Laws:
- the right to object to processing of your personal data;
- the right of access to personal data relating to you (known as data subject access request);
- the right to correct any mistakes in your information;
- the right to ask us to stop contacting you with direct marketing;
- the right to restrict your personal data being processed;
- the right to have your personal data ported to another controller;
- the right to withdraw your consent;
- the right to erasure; and
- rights in relation to automated decision making.
These rights are explained in more detail below. If you want to exercise any of your rights, please contact us (please see “How to contact us“).
We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.
Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the Data Protection Laws.
Right to object to processing of your personal data
You may object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing.
If you object to us processing your personal data we must demonstrate compelling grounds for continuing to do so. We believe we have demonstrated compelling grounds in the section headed “How is processing your personal data lawful”.
Right to access personal data relating to you
You may ask to see what personal data we hold about you and be provided with:
- a copy of the personal data;
- details of the purpose for which the personal data is being or is to be processed;
- details of the recipients or classes of recipients to whom the personal data is or may be disclosed, including if they are overseas and what protections are used for those overseas transfers;
- the period for which the personal data is held (or the criteria we use to determine how long it is held);
- any information available about the source of that data; and
- whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.
To help us find the information easily, please provide us as much information as possible about the type of information you would like to see.
Right to correct any mistakes in your information
You can require us to correct any mistakes in your information which we hold. If you would like to do this, please let us know what information is incorrect and what it should be replaced with.
Right to restrict processing of personal data
You may request that we stop processing your personal data temporarily if:
- you do not think that your data is accurate. We will start processing again once we have checked whether or not it is accurate;
- the processing is unlawful but you do not want us to erase your data;
- we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or
- you have objected to processing because you believe that your interests should override our legitimate interests.
Right to data portability
You may ask for an electronic copy of your personal data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.
Right to withdraw consent
You may withdraw any consent that you have given us to process your personal data at any time. This means that we will not be able to carry out any processing which required use of that personal data.
Right to erasure
You can ask us to erase your personal data where:
- you do not believe that we need your data in order to process it for the purposes set out in this Privacy Notice;
- if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data;
- you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
- your data has been processed unlawfully or has not been erased when it should have been.
Rights in relation to automated decision making
You have the right to have any decision that has been made by automated means and which has a significant effect on you reviewed by a member of staff and we will consider any objections you have to the decision that was reached.
What will happen if your rights are breached?
You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.
Complaints to the regulator
It is important that you ensure you have read
this Privacy Notice – and if you do not think that we have processed your data
in accordance with this notice – you should let us know as soon as possible.
You may also complain to the
Information Commissioner’s Office, which regulates and supervises the use of
personal data in the UK, via their helpline on 0303 123 1113.