Privacy Policy

This privacy policy applies to Natural Capital Partners Europe Limited with its registered office address at 167 Fleet Street, London, EC4A 2EA, United Kingdom, and the entities we own or control (“Natural Capital Partners”, “we”, “us”, or “our”). Natural Capital Partners is strongly committed to protecting personal data. Personal data is any information relating to an identified or identifiable living person. This privacy policy describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others, together with information that is publicly available. This data may include ‘sensitive’ or ‘special categories’ of personal data.

Natural Capital Partners processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ. We may use personal data provided to us for any of the purposes described in this privacy policy or as otherwise stated at the point of collection, including to provide our services to you or our clients; to enable us to provide you with information that we think may be of interest to you; and, to meet our legal or regulatory obligations.

When we send you information we think you might be interested in, you have the right to unsubscribe at any time by contacting us as set out hereunder or by following the unsubscribe instructions in our communications.

When we refer to “our Website” or “this Website”, we mean the specific webpages with a URL starting:

• www.naturalcapitalpartners.com;
• hub.naturalcapitalpartners.com;
• www.carbonneutral.com; and
• www.carbonneutralcalculator.co... this privacy policy:

  “Data Protection Legislation” means (i) before 25 May 2018, the EU Data Protection Directive 95/46 and all national implementing laws (including the UK Data Protection Act 1998); and (ii) on or after 25 May 2018, the EU General Data Protection Regulation 2016/679; together with all other applicable legislation relating to privacy or data protection.

  “process” means any operation performed on information about you, including to collect, record, organise, structure, store, alter, use, transfer, destroy or otherwise make available.

  
  Security

  We take the security of all the data we hold very seriously and adhere to internationally recognised security standards. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

  
  When and how we share personal data and locations of processing

  We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.

  We are part of a multinational corporation and, in common with other multinational corporations, we use third parties located in other countries to assist us in running our business. As a result, personal data may be transferred outside the countries where we and our clients are located, including to countries outside the European Union ("EU") and to countries that do not have laws that provide specific protection for personal data.

  Personal data held by us may be transferred to:

  Our parent company, affiliates, and subsidiaries

  We may share personal data with our parent company, affiliates, and subsidiaries where necessary for administrative purposes and to provide professional services to our clients (e.g. when providing services involving entities in different territories). Our business contacts are visible to and used by staff from all such entities to learn more about a contact, client or opportunity in which they have an interest.

  Third party organisations that provide applications/functionality, data processing or IT services to us

  We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service providers, credit card processors, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.

  Third party organisations that otherwise assist us in providing goods, services or information

  Audtors and other professional advisers

  Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation

  Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfill requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

  Any other person or organisation after a restructure, sale or acquisition of Natural Capital Partners, as long as they use your information for the same purposes we did;

  Credit reference agencies or other organisations that help us make credit decisions and reduce the incidence of fraud; and
  Other third parties that reasonably require access to personal data relating to you, including your employer.

  We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EU are done lawfully. Where we transfer personal data outside of the EU to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as the European Commission approved standard contractual clauses.

  We may share non-personal, anonymised and aggregated information with third parties for several purposes, including data analytics, research, submissions, thought leadership and promotional activity.

  
  What personal data we collect

  We may collect, record and use your personal data in physical and electronic form, and will hold, use and otherwise process that data in line with the Data Protection Legislation and as set out in this policy.

  When we provide services to you or our clients and perform due diligence checks in connection with our services (or discuss possible services we might provide), we will process personal data about you. We may also collect personal data from you when you use this Website.

  We may process your data because:

  • you give it to us (for example, in a form on our Website, on a business card, or in a resume emailed to us);
  • other people give it to us (for example, your employer or adviser, or third party service providers that we use to help operate our business); or
  • it is publicly available.

  We may process personal data from you because we observe or infer that data about you from the way you interact with us or others. For example, to improve your experience of this Website and to make sure that it is working effectively, we (or our service providers) may use cookies (small text files stored in a user’s browser) or Web beacons to collect personal data. More information on how we use these and other tracking technologies – and how you can control them – can be found in our Cookie policy.

  The personal data we process may include your:

  • name, gender, age and date of birth;
  • contact information, such as address, email, and mobile phone number;
  • country of residence;
  • lifestyle and social circumstances (for example, your hobbies);
  • family circumstances (for example, your marital status and dependents);
  • employment and education details (for example, the organisation you work for, your job title and your education details);
  • financial and tax-related information (for example your income, investments and tax residency);
  • postings or messages on any blogs, forums, platforms, wikis or social media applications and services that we provide (including with third parties);
  • IP address, browser type and language, and your access times;
  • information in any complaints you make;
  • details of how you use our products and services;
  • CCTV footage and other information we collect when you access our premises; and
  • details of how you like to interact with us, and other similar information relevant to our relationship.

  The personal data we collect may also include so called ‘sensitive’ or ‘special categories’ of personal data, such as details about your:

  • dietary requirements (for example, when Natural Capital Partners would like to provide you with lunch during a meeting);
  • health (for example, so that we can make it easy for you to access our buildings, products and services); and
  • sexual orientation (for example, if you provide us with details of your spouse or partner).

  We may also process personal data relating to ethnic or racial origin (for example, any multicultural networks you belong to), or about your political opinions (inferred from information you give us about political associations you belong to or have donated to).

  We will typically seek separate permission from you in writing to process these special categories of personal data.
  If you choose not to provide, or object to us processing, the information we collect (see section ‘Your rights’ below), we may not be able to process your instructions or continue to provide some or all of our services to you or our client.

  
  How we use your personal data

  We process information about you and/or your business to enable us to provide our services to you or our clients, and to meet our legal or regulatory obligations. Some of your personal data may be used for other business purposes. Below are some examples.

  Use of personal data to provide services to our clients

  We will use your personal data to provide you or our clients or other third parties with services, and this includes using your personal data in correspondence relating to those services. That correspondence may be with:

  • you;
  • other third parties;
  • our service providers; or
  • competent authorities.

  We may also use your personal data to conduct due diligence checks relating to the services. Because we provide a wide range of services to our clients or other third parties, the way we use personal data in relation to our services also varies. For example, we might use personal data about:

  • a client’s employees to communicate about our services; or
  • a client’s employees and customers in the course of developing a white label product for a client.

  Use of personal data for other activities that form part of the operation of our business

  We may also use your personal data in connection with:

  • legal or regulatory requirements;
  • requests and communications from competent authorities;
  • client account opening and other administrative tasks;
  • financial accounting, invoicing and risk analysis;
  • relationship management, which may involve:

  (a) sending you thought leadership or details of our products and services;
  (b) contacting you for feedback on services;
  (c) sending you event invitations; and
  (d) other marketing or research purposes;

  • recruitment and business development, which may involve:

  (a) the use of testimonials from a client’s employees as part of our recruitment and business development materials (with that employee’s permission); and
  (b) the use of third-party data sources to help us verify and improve the information we hold about key business relationships with individuals;

  • services we receive from our professional advisors, such as lawyers, accountants and consultants;
  • investigating or preventing security incidents; or
  • protecting our rights and those of our clients.

  Use of personal data collected via our Website

  In addition to the above, we may also use your personal data collected via our Website:

  • to provide you a service you have engaged us to provide on our Website, which may involve:

  (a) processing information you have provided on a calculator that measures greenhouse gas emissions attributable to your business operations or personal life;
  (b) processing credit card transactions in connection with instrument management services or other services; and
  (c) corresponding with you, including by email or telephone, in connection with customer service.

  • to manage and improve our Website;
  • to tailor the content of our Website to give you a more personalised experience;
  • to draw your attention to information about our products and services that may be of interest to you; or
  • to manage and respond to any request you submit through our Website.

  
  Data retention

  We seek to ensure that we only keep your personal data for the longest of:

  • the period we expect is necessary for the relevant activity or services;
  • any retention period that is required by law; or
  • the period in which litigation or investigations might arise in respect of the services.

  
  The legal grounds we use for processing personal data

  We are required by law to set out in this privacy policy the legal grounds on which we rely in order to process your personal data. We rely on one or more of the following lawful grounds:

  • you have explicitly agreed to us processing your information for a specific reason;
  • the processing is necessary to perform the agreement we have with you or to take steps to enter into an agreement with you;
  • the processing is necessary for compliance with a legal obligation we have such as keeping records for tax purposes or providing information to a public body or law enforcement agency; or
  • the processing is necessary for the purposes of a legitimate interest pursued by us or a third party, which might be:

  (a) to provide our services to you or our clients and other third parties and ensure that our client engagements are well-managed;
  (b) to prevent fraud;
  (c) to protect our business interests;
  (d) to ensure that complaints are investigated;
  (e) to evaluate, develop or improve our services or products; or
  (f) to keep you or our clients informed about relevant products and services and provide you with information, unless you have indicated at any time that you do not wish us to do so.

  To the extent that we process any special categories of data relating to you for any of the purposes outlined above, we will do so because:

  • you have given us your explicit consent to process that data;
  • we are required by law to process that data in order to ensure we meet our ‘know your client’ and ‘anti-money laundering’ obligations (or other legal obligations imposed on us);
  • the processing is necessary to carry out our obligations under employment, social security or social protection law;
  • the processing is necessary for the establishment, exercise or defence of legal claims; or
  • you have made the data manifestly public.

  Please note that in certain circumstances it may be still lawful for us to continue processing your information even where you have withdrawn your consent, if one of the other legal bases described above is applicable.

  
  Your rights

  Individuals’ rights and how to exercise them

  Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights. Where we decide how and why personal data is processed, we are a data controller and include further information about the rights that individuals have and how to exercise them below.

  Access to personal data

  You have a right of access to personal data held by us as a data controller. This right may be exercised by emailing us at [email protected] We may charge fees for a request for access in accordance with applicable law. We will aim to respond to any requests for information promptly, and in any event within the legally required time limits.

  Amendment of personal data

  To update personal data submitted to us, you may email us at [email protected] or, where appropriate, contact us via the relevant website registration page or by amending the personal details held on relevant applications with which you registered. When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information.

  Withdrawal of consent

  Where we process personal data based on consent, individuals have a right to withdraw consent at any time. We do not always, or even generally, process personal data based on consent (as we can usually rely on another legal basis). To withdraw consent to our processing of your personal data please email us at [email protected] or, to stop receiving an email from a marketing list we use, please click on the unsubscribe link in the relevant email received from us.

  Other data subject rights

  This privacy policy is intended to provide information about what personal data we collect about you and how it is used. As well as rights of access and amendment referred to above, individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion, to restrict or object to our processing of personal data and the right to data portability.

  If you wish to exercise any of these rights or if you have any questions or comments about privacy issues, please send an email to [email protected]

  Right to complain

  If you wish to raise a complaint about how we are using your information, you can contact us by sending an email to [email protected]

  You can also complain to the Information Commissioner’s Office, which regulates and supervises the use of personal data in the UK, on 0303 123 1113. If you are not based in the UK, you have a right to complain to the EU Data Protection Authority (“DPA”) in your jurisdiction.

  
  Changes to this privacy policy

  We may modify or amend this privacy policy from time to time.

  When we make changes to this privacy policy, we will amend the revision date at the bottom of this page. The modified or amended privacy policy will apply from that date. We encourage you to review this policy periodically to remain informed about how we are protecting your information.

  
  This privacy policy was last updated on 23 May 2018.