Introduction

This privacy policy applies to Natural Capital Partners Europe Limited with its registered office address at 167 Fleet Street, London, EC4A 2EA, United Kingdom, and the entities we own or control (“Natural Capital Partners”, “we”, “us”, or “our”). Natural Capital Partners is strongly committed to protecting personal data. Personal data is any information relating to an identified or identifiable living person. This privacy policy describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others, together with information that is publicly available. This data may include ‘sensitive’ or ‘special categories’ of personal data. 

Natural Capital Partners processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ. We may use personal data provided to us for any of the purposes described in this privacy policy or as otherwise stated at the point of collection, including to provide our services to you or our clients; to enable us to provide you with information that we think may be of interest to you; and, to meet our legal or regulatory obligations.

When we send you information we think you might be interested in, you have the right to unsubscribe at any time by contacting us as set out hereunder or by following the unsubscribe instructions in our communications.

When we refer to “our Website” or “this Website”, we mean the specific webpages with a URL starting:

In this privacy policy:

“Data Protection Legislation” means (i) before 25 May 2018, the EU Data Protection Directive 95/46 and all national implementing laws (including the UK Data Protection Act 1998); and (ii) on or after 25 May 2018, the EU General Data Protection Regulation 2016/679; together with all other applicable legislation relating to privacy or data protection.

“process” means any operation performed on information about you, including to collect, record, organise, structure, store, alter, use, transfer, destroy or otherwise make available.


Security

We take the security of all the data we hold very seriously and adhere to internationally recognised security standards. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.


When and how we share personal data and locations of processing

We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.

We are part of a multinational corporation and, in common with other multinational corporations, we use third parties located in other countries to assist us in running our business. As a result, personal data may be transferred outside the countries where we and our clients are located, including to countries outside the European Union ("EU") and to countries that do not have laws that provide specific protection for personal data.   

Personal data held by us may be transferred to:

Our parent company, affiliates, and subsidiaries

We may share personal data with our parent company, affiliates, and subsidiaries where necessary for administrative purposes and to provide professional services to our clients (e.g. when providing services involving entities in different territories). Our business contacts are visible to and used by staff from all such entities to learn more about a contact, client or opportunity in which they have an interest.

Third party organisations that provide applications/functionality, data processing or IT services to us

We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service providers, credit card processors, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.

Third party organisations that otherwise assist us in providing goods, services or information

Audtors and other professional advisers

Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation

Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfill requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

Any other person or organisation after a restructure, sale or acquisition of Natural Capital Partners, as long as they use your information for the same purposes we did;

Credit reference agencies or other organisations that help us make credit decisions and reduce the incidence of fraud; and
Other third parties that reasonably require access to personal data relating to you, including your employer.

We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EU are done lawfully. Where we transfer personal data outside of the EU to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as the European Commission approved standard contractual clauses.

We may share non-personal, anonymised and aggregated information with third parties for several purposes, including data analytics, research, submissions, thought leadership and promotional activity.


What personal data we collect

We may collect, record and use your personal data in physical and electronic form, and will hold, use and otherwise process that data in line with the Data Protection Legislation and as set out in this policy.

When we provide services to you or our clients and perform due diligence checks in connection with our services (or discuss possible services we might provide), we will process personal data about you. We may also collect personal data from you when you use this Website.

We may process your data because:

We may process personal data from you because we observe or infer that data about you from the way you interact with us or others. For example, to improve your experience of this Website and to make sure that it is working effectively, we (or our service providers) may use cookies (small text files stored in a user’s browser) or Web beacons to collect personal data. More information on how we use these and other tracking technologies – and how you can control them – can be found in our Cookie policy.

The personal data we process may include your:

The personal data we collect may also include so called ‘sensitive’ or ‘special categories’ of personal data, such as details about your:

We may also process personal data relating to ethnic or racial origin (for example, any multicultural networks you belong to), or about your political opinions (inferred from information you give us about political associations you belong to or have donated to).

We will typically seek separate permission from you in writing to process these special categories of personal data.
If you choose not to provide, or object to us processing, the information we collect (see section ‘Your rights’ below), we may not be able to process your instructions or continue to provide some or all of our services to you or our client.


How we use your personal data

We process information about you and/or your business to enable us to provide our services to you or our clients, and to meet our legal or regulatory obligations. Some of your personal data may be used for other business purposes. Below are some examples.

Use of personal data to provide services to our clients

We will use your personal data to provide you or our clients or other third parties with services, and this includes using your personal data in correspondence relating to those services. That correspondence may be with:

We may also use your personal data to conduct due diligence checks relating to the services.Because we provide a wide range of services to our clients or other third parties, the way we use personal data in relation to our services also varies. For example, we might use personal data about:

Use of personal data for other activities that form part of the operation of our business

We may also use your personal data in connection with:

(a) sending you thought leadership or details of our products and services;
(b) contacting you for feedback on services;
(c) sending you event invitations; and
(d) other marketing or research purposes;

(a) the use of testimonials from a client’s employees as part of our recruitment and business development materials (with that employee’s permission); and
(b) the use of third-party data sources to help us verify and improve the information we hold about key business relationships with individuals;

Use of personal data collected via our Website

In addition to the above, we may also use your personal data collected via our Website:

(a) processing information you have provided on a calculator that measures greenhouse gas emissions attributable to your business operations or personal life;
(b) processing credit card transactions in connection with instrument management services or other services; and
(c) corresponding with you, including by email or telephone, in connection with customer service.


Data retention

We seek to ensure that we only keep your personal data for the longest of:


The legal grounds we use for processing personal data

We are required by law to set out in this privacy policy the legal grounds on which we rely in order to process your personal data. We rely on one or more of the following lawful grounds:

(a) to provide our services to you or our clients and other third parties and ensure that our client engagements are well-managed;
(b) to prevent fraud;
(c) to protect our business interests;
(d) to ensure that complaints are investigated;
(e) to evaluate, develop or improve our services or products; or
(f) to keep you or our clients informed about relevant products and services and provide you with information, unless you have indicated at any time that you do not wish us to do so.

To the extent that we process any special categories of data relating to you for any of the purposes outlined above, we will do so because:

Please note that in certain circumstances it may be still lawful for us to continue processing your information even where you have withdrawn your consent, if one of the other legal bases described above is applicable.


Your rights

Individuals’ rights and how to exercise them

Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights. Where we decide how and why personal data is processed, we are a data controller and include further information about the rights that individuals have and how to exercise them below.

Access to personal data

You have a right of access to personal data held by us as a data controller. This right may be exercised by emailing us at privacy@naturalcapitalpartners.com. We may charge fees for a request for access in accordance with applicable law. We will aim to respond to any requests for information promptly, and in any event within the legally required time limits.

Amendment of personal data

To update personal data submitted to us, you may email us at privacy@naturalcapitalpartners.com or, where appropriate, contact us via the relevant website registration page or by amending the personal details held on relevant applications with which you registered. When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information.

Withdrawal of consent

Where we process personal data based on consent, individuals have a right to withdraw consent at any time. We do not always, or even generally, process personal data based on consent (as we can usually rely on another legal basis). To withdraw consent to our processing of your personal data please email us at privacy@naturalcapitalpartners.com or, to stop receiving an email from a marketing list we use, please click on the unsubscribe link in the relevant email received from us.

Other data subject rights

This privacy policy is intended to provide information about what personal data we collect about you and how it is used. As well as rights of access and amendment referred to above, individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion, to restrict or object to our processing of personal data and the right to data portability.

If you wish to exercise any of these rights or if you have any questions or comments about privacy issues, please send an email to privacy@naturalcapitalpartners.com.  

Right to complain

If you wish to raise a complaint about how we are using your information, you can contact us by sending an email to privacy@naturalcapitalpartners.com.

You can also complain to the Information Commissioner’s Office, which regulates and supervises the use of personal data in the UK, on 0303 123 1113. If you are not based in the UK, you have a right to complain to the EU Data Protection Authority (“DPA”) in your jurisdiction.


Changes to this privacy policy

We may modify or amend this privacy policy from time to time.

When we make changes to this privacy policy, we will amend the revision date at the bottom of this page. The modified or amended privacy policy will apply from that date. We encourage you to review this policy periodically to remain informed about how we are protecting your information.


This privacy policy was last updated on 23 May 2018.