COLLECTIVE EQUITY OWNERSHIP LIMITED PRIVACY NOTICE
Last updated: 30 January 2025
Collective Equity Ownership Limited (“CEO” or “we”) is committed to protecting your personal data and informing you of your rights in relation to it. This privacy notice describes how and why we may collect, store, use, and/or share (“process“) your personal information when you visit our website at www.collectiveequity.com. It also outlines the lawful basis for processing your data, the measures we take to protect it, and how to exercise your rights in connection with the processing of your personal data.
CEO will process your personal data in compliance with the retained EU law version of the General Data Protection Regulation (“UK GDPR”) and the UK Data Protection Act 2018 (“DPA 2018”). This privacy notice is issued in accordance with the retained EU law version of the UK GDPR Articles 13 and 14. The DPA 2018 incorporated the EU UK GDPR’s requirements into UK law. Following Brexit, the Data Protection, Privacy and Electronic Communications” (Amendments etc) (“EU Exit”)) Regulations 2019 amended the DPA 2018 merging it with the EU UK GDPR to create a new UK-specific data protection regime effective from 1 January 2021. This regime is now referred to as the ‘UK GDPR’.
1. Identity and contact details of data controller
CEO, a company registered with the UK Companies House under the number 10770510, is registered as a data controller in the United Kingdom under the UK GDPR. Our registration details can be found via the Information Commissioner’s Office Search Register link here. For more information about us, please see the “Team” section of our Site at www.collectiveequity.com.
For the purposes of the UK GDPR and other applicable local laws, CEO is the controller of your data listed in this Privacy Policy. If you have any queries regarding this policy or complaints about our use of your data, please contact the Data Protection Officer, Luz Elena Arambarri, at operations@collectiveequity.com or at the address below and we will do our best to deal with your complaint or query as soon as possible.
Collective Equity Ownership Limited: 2b Spelman Street, London, England, E1 5LQ.
2. Personal data and its processing
Personal data is defined in the UK GDPR as information relating to a live, identifiable individual. It does not include data where the identity has been removed (anonymous data). It can also include special categories of data, which is information about your racial or ethnic origin, religious or other beliefs, physical or mental health, the processing of which is subject to strict requirements. Similarly, information about criminal convictions and offences is also subject to strict requirements. “Processing” means any operation which we carry out using your personal data, for example obtaining, storing, transferring or deleting.
We only process data for specified purposes and if it is justified in accordance with data protection law.
3. Data protection principles
CEO adheres to the following data protection principles as outlined in UK GDPR:
Lawfulness, fairness, and transparency: Personal data will be processed lawfully, fairly, and transparently.
Purpose limitation: Data will be collected for specified, explicit, and legitimate purposes and not further processed in a way incompatible with those purposes.
Data minimisation: Only data that is adequate, relevant, and limited to what is necessary will be collected and processed.
Accuracy: Personal data will be accurate and kept up to date.
Storage limitation: Personal data will be retained only for as long as necessary for the purposes it was collected.
Integrity and confidentiality: Personal data will be processed securely to prevent unauthorised access, loss, or damage.
Accountability: The Website will be responsible for compliance and will demonstrate adherence to these principles.
Use of Cookies and Tracking Technologies The Website uses cookies and similar tracking technologies to enhance user experience, analyse website traffic, and personalise content. Users can manage their cookie preferences via the cookie settings banner provided on the Website.
Data Breaches In the event of a data breach, the Website will notify affected users and report the incident to the Information Commissioner’s Office (ICO) within 72 hours if required. Users will be informed of actions taken to mitigate risks.
4. How long we keep your data for
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for and where we have an ongoing legitimate business need to do so, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable regulatory and legal requirements.
Where data is obtained for regulatory purposes, we may store this personal data for the time periods specified by the relevant regulators, which could be at least seven years.
5. Your rights as a data subject
Under certain circumstances, you may have the following rights under data protection legislation in relation to your personal data:
● Right to be informed
● Right of access / right to data portability
● Right of rectification
● Right to erasure
● Right to restrict processing
● Right to object
● Rights in relation to automated decision making, including profiling
● Right to withdraw consent
● Right to lodge a complaint with a supervisory authority
If you wish to exercise any of these rights, please contact the Data Protection Officer.
6. Withdrawing consent
If we are relying on your consent to process your data, you may withdraw your consent at any time.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Data Protection Officer. Once we have received notification that you have withdrawn your consent, we consider your request and where applicable, will no longer process your personal data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
7. Complaint to the supervisory authority
You have a right to complain to the supervisory authority about the way in which we process your personal data.
You may lodge a complaint with any supervisory authority regarding our processing of your personal data. The relevant supervisory authorities are set out below:
United Kingdom – You can contact the Information Commissioner’s Office at:
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113
Website: https://ico.org.uk/
8. Data Security
Your personal data is securely stored.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and securely.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, altered, disclosed, used or accessed without authorisation. In addition, we restrict access to personal data to those employees, agents, contractors, consultants and other third parties who have a business need to access the personal data. They will only process personal data on our instructions and they are also subject to a duty of confidentiality.
We have in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally obliged to do so.
9. How do we collect your personal data?
We collect your personal data through the following channels (“Collection Channels”):
a) when you subscribe to our newsletters or events.
b) when you complete one of our forms;
c) by you otherwise interacting with us as a prospective, current or former partner;
d) by you providing us with details to assist us in fulfilling a partnership to our fund (“Limited Partner Partnership”);
e) by you providing your details to us in connection with a service you provides to CEO (“Supplier”); and/or
f) by you contacting us or otherwise providing your personal data to us, directly or indirectly.
g) Regarding information on how you use the site, through cookies.
10. What data to we collect
Across all of the above Collection Channels, we collect the following personal information:
a) name;
b) business postal address;
c) residential address;
d) business email address;
e) telephone number;
f) date of birth;
g) nationality;
h) job title;
i) Financial personal information;
j) mobile telephone number;
k) copy of your passport or other form of photographic ID;
l) corporate and personal Bank Details;
m) source of wealth and source of funds;
n) FCA/CSSF/GFSC registration number (if applicable);
o) list of directorships;
p) employment history;
q) criminal convictions;
r) credit reports/ratings;
s) whether you are a politically exposed person(s);
t) whether you are on a sanctioned or watch list; and
u) other information about you which you may provide to us in the course of us providing the agreed services.
v) Internet Protocol (IP address and details of which type of web browser you used.)
w) The pages you visited, when (date and time) you visited them and how long you visited them for
x) The website address from which you accessed this site
y) The website address from which you exited this site
z) Queries via the site's search engine
aa) Internet browser and devices used
11. What we use your data for
We use your data for the following purposes:
a) in order to accept you in our funds pursuant to our contract with you;
b) in order to comply with our legal obligation such as to carry out anti-money laundering checks on our clients;
c) in order to provide marketing communications to you;
d) for our legitimate business interests such as for internal record keeping purposes;
e) respond to any request/feedback you send us if you've asked us to;
f) analyse, evaluate and improve this Website via data amalgamated from multiple visitors, which does not identify you personally.
12. Who we share your data with
Please note that we may on occasion be required to share your information with the following categories of recipients:
● Third parties who provide services on our behalf such as accountants, administrators, lawyers and banks;
● Regulators or other agencies where there is a legal basis to do so.
We have taken steps to ensure that all such third-party providers keep your data confidential and secure and only use it for the purposes that we have specified and have informed you of. Our service providers are subject to data processing agreements which have been, or are in the process of being, updated to become compliant with the requirements set out in the UK GDPR and/or applicable local laws.
13. Our Use of Cookies and Other Tracking Mechanisms
We and our third-party service providers may use cookies and similar tracking technologies to collect information about your interactions with our website at www.collectiveequity.com. These technologies help us enhance user experience, analyze website traffic, and personalize content. We may combine this information with other personal data collected from you, and our third-party service providers may process it on our behalf. Additionally, we may share certain data regarding your interactions with our website with third parties for marketing and other business-related purposes. By continuing to use our website, you consent to this data collection, processing, and sharing.
Managing Cookies
You have the ability to manage your cookie preferences through the cookie settings banner provided on our website. Most web browsers automatically accept cookies; however, you can adjust your browser settings to refuse cookies or alert you when cookies are being sent. Please note that if you disable cookies, some areas of our website may not function properly.
Types of Cookies Used
We use both session and persistent cookies to improve functionality and enhance your browsing experience:
Session Cookies: These cookies are temporary and only remain active while you are on our website. They help us recognize you during a single browsing session and expire when you close your browser.
Persistent Cookies: These cookies remain on your device even after you close your browser. They allow us to collect aggregate and statistical information about user activity to improve our services.
Do-Not-Track Requests
At this time, our systems do not recognize "do-not-track" signals from web browsers. However, you can disable certain tracking technologies by adjusting your browser settings, though doing so may limit access to certain website features.
14. Lawful basis for processing
The UK GDPR requires that we meet specific conditions before we are permitted to process your personal data in the manner described in this notice, including having a lawful basis for the processing. The lawful bases for processing your personal data are as follows:
● Consent: You have explicitly given us your consent for the processing of your personal data.
● Contract: The processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract.
● Public Task: The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
● Legitimate Interests: The processing is necessary for the purposes of legitimate interests pursued by us or a third party, except where such interests are overridden by your fundamental rights and freedoms that require protection of personal data.
● Legal Obligation: The processing is necessary for us to comply with a legal obligation.
15. International transfers
As part of our purposes we might need to transfer personal data outside the UK to comply with tax regulations, reporting obligations or by contracting any third-party provider outside the UK. In such cases appropriate safeguards will be in place, such as adequacy decisions or standard contractual clauses.
16. Updates to This Policy This policy may be updated periodically to reflect changes in legal requirements or our data practices. Any updates will be posted on this page with an updated effective date.