Data Policy

For the previous version of the Data Policy, click here.

Beauhurst’s Data Policy falls into three parts –

1. GDPR
2. Use of email addresses derived from the Beauhurst platform
3. Data sharing rights

PART 1

1. GDPR

We need to make sure that our sharing of the Beauhurst Data you process takes account of the requirements of the General Data Protection Regulation 2016 and the Data Protection Act, 2018.

This Policy, together with our Terms and Conditions, forms part of your Subscription contract. It comprises a balanced set of terms to support the assessment that our sharing of Beauhurst Data with you is in your and our legitimate interests and does not unduly prejudice the rights and freedoms of individuals to whom the Platform Personal Data relates. If you have any questions about it, please write to Nina Coldham.

1.1 Definitions:  In this clause, the following terms shall have the following meanings:

(a) “controller“, “processor“, “data subject“, “processing” (and “process“)  and special categories of data shall have the meanings given in EU Data Protection Law; and

(b) “Applicable Data Protection Law” means all worldwide data protection and privacy laws and regulations applicable to the personal data in question, including, where applicable, EU Data Protection Law.

(c) “Data Usage Tier” means one of the four tiers outlined in Part 3 of this Data Policy which determines the extent of your usage rights in relation to Beauhurst Data, including Platform Personal Data.

(d) “EU Data Protection Law” means:

(i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (the GDPR);

(ii) the EU e-Privacy Directive (Directive 2002/58/EC); and

(iii) any and all applicable national data protection laws made under or pursuant to (i) or (ii) or pursuant to Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such data; in each case as may be amended or superseded from time to time.

(e) “Party” means you or Beauhurst, as party to a Subscription Order comprising the Beauhurst Platform Terms and Conditions and this Data Policy.

(f) “Permitted Purpose” is as defined in clause 1.2 below.

(g) “Personal data” means any information relating to an identified or identifiable natural person (a data subject). This is one who can be identified, directly or indirectly, in particular by reference to an identifier.

(g) “Platform Personal data” is any personal data made available to you via the Beauhurst Platform, as further described in the Annex below.

1.2 Disclosure of data: Beauhurst will make available to you via the Beauhurst Platform certain personal data as further described in the Annex (the Platform Personal Data) to process strictly in accordance with the Data Usage Tier outlined in your Subscription Summary(and subject to any restrictions outlined in Part 3) or as otherwise agreed in writing between Beauhurst and you (the “Permitted Purpose“).

1.3 Relationship of the parties:  You acknowledge that Beauhurst is a controller of the Platform Personal Data made available via the Beauhurst Platform, and that you will process the Platform Personal Data as a separate and independent controller strictly for the Permitted Purpose.  In no event will Beauhurst and you process the Platform Personal Data as joint controllers.

1.4 Legitimate Interests: The Parties acknowledge that for the purposes of EU Data Protection Law, the legal basis on which Beauhurst will facilitate access by you to the Platform Personal Data is the legitimate interests pursued by Beauhurst in building its business of providing insights into fast-growing startups and scaleups as well as those pursued by the Subscribing Organisation which may wish to invest in, or offer professional services or funding opportunities to, such startups and scaleups

1.5 Compliance with law:  Each of Beauhurst and you shall be separately responsible for complying with the obligations that apply to it as a controller under Applicable Data Protection Law.

1.6 Prohibited data:  We shall not disclose any special categories of personal data to you for processing.

1.7 International transfers:  Transfer of Platform Personal Data occurs whenever a User accesses the Beauhurst Platform.

Subscribing Organisation based in the EEA: you shall not transfer the Platform Personal Data (nor permit the Platform Personal Data to be transferred) outside of the European Economic Area (“EEA“) unless you take such measures as are necessary to ensure the transfer is in compliance with Applicable Data Protection Law.

Subscribing Organisation based outside the EEA: If you are based outside the EEA in a country that has not been deemed as ensuring adequate data protection within the meaning of Article 45 of the GDPR, you agree that the Standard Contractual Clauses (2004/915/EC) (“Standard Contractual Clauses“) shall be incorporated by reference into your Subscription Order. For the purposes the Appendices to the Standard Contractual Clauses, the required information will be as set out in the Annex to this Data Policy. In the event of any conflict between the Data Policy and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail.

1.8 Security:  You shall implement appropriate technical and organisational measures to protect the Platform Personal Data (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorised disclosure of, or access to the Platform Personal Data (a “Security Incident“).  Such measures shall include, as appropriate:

(a) the pseudonymisation and encryption of personal data;

(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

(c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;

(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

1.9 Subcontracting:  You shall not allow access to Platform Personal Data to any person outside the Subscribing Organisation without our prior written consent, unless you are on data Tiers 2 or 3 that allow you to share Platform Personal Data with Clients without our prior written consent, but restrictions must be adhered to (see section 3).

1.10 Cooperation:  In the event that either Party receives any correspondence, enquiry or complaint from a data subject, regulator or other third party (“Correspondence“) related to (a) the disclosure of the Platform Personal Data by Beauhurst to you for the Permitted Purpose; or (b) processing of the Platform Personal Data by the other Party or by a Client, it shall promptly inform the other Party giving full details of the same, and the Parties shall cooperate reasonably and in good faith in order to respond to the Correspondence in accordance with any requirements under Applicable Data Protection Law.

1.11 Security incidents:  Upon becoming aware of a Security Incident, you shall inform us without undue delay.  You shall further take all such measures and actions as are necessary to remedy or mitigate the effects of the Security Incident and shall keep us informed of all developments in connection with the Security Incident. Each Party agrees to provide reasonable assistance to the other to facilitate the handling of any Security Incident in an expeditious and compliant manner.

1.12 Deletion of Platform Personal Data: Further to Clause 11.3 of the main Terms and Conditions, upon termination or expiry of this Agreement, you shall destroy all Platform Personal Data (including all copies of the Platform Personal Data) in your possession or control (including any Platform Personal Data disclosed to a third party outside the Subscribing Organisation, if your Data Tier permits such disclosure or we have consented to such disclosure).  This requirement shall not apply to the extent that you are required by any EU (or any EU Member State) law to retain some or all of the Platform Personal Data, in which event you shall securely isolate and protect the Platform Personal Data from any further processing except to the extent required by such law. For the avoidance of doubt, this clause 1.12 shall not apply to Platform Personal Data which is processed by you in connection with you entering into a direct relationship with a company on the Beauhurst Platform, for instance for investment purposes or the provision of professional services (including in the context of any enquiries by the company in respect of such investment or services).

1.13 Audit:  Should we have reasonable cause, you shall permit us (or our appointed third party auditors) to audit your compliance with this Data Policy, and shall make available to us all information, systems and staff necessary for us (or our third party auditors) to conduct such audit.

PART 2

2. Use of email addresses derived from the Beauhurst platform

We provide business email addresses on the Beauhurst Platform so that you can directly approach the individuals to whom those business email addresses relate. Since the communication (by whatever means) of advertising or marketing material directed to particular individuals is defined as “direct marketing” (even if you are not explicitly selling something), you need be compliant with any applicable rules pertaining to email marketing, as well as the GDPR. Further, some of the restrictions outlined below are a matter of Beauhurst policy to support the assessment that the disclosure of such email addresses to you (and your subsequent use of those email address) is not unduly prejudicial to the rights and freedoms of the individuals to whom the email addresses relate.

2.1 You are forbidden from using email addresses from the Beauhurst platform to email more than 5 people in a single send (“Mailshots”). This is to ensure that any contact that you make is direct and deliberate. Further, if you have not received a response, you shall not contact an individual more than 3 times and you shall ensure that there is at least 7 days interval between one email to an individual and the next email to the same individual.

2.2 You must identify yourself and your Organisation in any email you send and include contact details, ideally a postal address, active email address, and a phone number.

2.3 You must have a clear and simple way for anyone you email to opt out of your communications.

2.4 If someone objects to or opts out of your marketing, you must immediately add them to a ‘do not contact’ list and stop communications with them. You must screen all your marketing against this list to make sure you don’t contact anyone who has opted out.

2.5 You must ensure that you are fully compliant with any Applicable Data Protection Laws, including where applicable European Directive 2002/58/EC, also known as ‘the e-privacy Directive’ (and any and all applicable national data protection laws made under or pursuant to such Directive) . It is your responsibility to keep up to date with any changes in the law, in particular following the introduction of the proposed new e-Privacy Regulation, which is due to replace European Directive 2002/58/EC.

PART 3

3. Data Sharing Rights

Access to the Beauhurst Platform is based on four Data Usage Tiers. Please only refer to the tier that pertains to your Subscription, as outlined in the Subscription Summary.

Tier Zero: User Use Only
Tier One: Internal Use
Tier Two: Client Use
Tier Three: Marketing Use

3.1 Definitions: In this Part 3, the following terms shall have the following meanings (any definitions not found here will be in the main Terms and Conditions):

(a) Client means any of your customers or bona fide prospective customers;

(b) Company means a commercial business included on the Beauhurst Platform;

(c) Fund means an investment organisation, including (but not limited to) private equity firms, venture capital firms, and hedge funds, that appears on the Beauhurst Platform;

(d) Person means any named individual on the Beauhurst platform, including but not limited to any director, shareholder, or Company employee;

3.2 Tier Zero: User Use Only
You may not share any Beauhurst Data with anyone who is not an active User on your Subscription.

3.3 Tier One: Internal Use
You have rights to use Beauhurst Data, including any Platform Personal Data, within your Subscribing Organisation subject to the following restrictions:

(a) You must ensure that Platform Personal Data is only shared in a manner which is compliant with the Applicable Data Protection Law.

(b) Anyone you share Beauhurst Data with must be aware of (and adhere to) the restrictions in place on that information and are strictly forbidden from passing it on to anyone else outside of the Subscribing Organisation. It is your responsibility to ensure this is the case, and Beauhurst shall treat any breach of this rule and/or Applicable Data Protection Law by any person who has been provided with Beauhurst Data as if such breach had been committed by you or your User directly.

3.4 Tier Two: Client Use
You have rights to share Beauhurst Data, which includes Platform Personal Data, with your Clients subject to the following restrictions:

(a) Sharing of Beauhurst Data is done on a one-to-one basis with each Client and is not broadcast in any fashion whatsoever (for example through a marketing email or used in a seminar or conference).

(b) The information being shared is directly relevant to the Client in question and to that particular engagement with them;

(c) You cannot, unless agreed otherwise with Beauhurst in writing, sell any Beauhurst Data to a Client – no transaction may take place in exchange for any Beauhurst Data, and (as outlined in Clause 9.6 of the Terms and Conditions) you must not grant any Client access to the Beauhurst Platform;

(d)You cannot give Beauhurst Data, which includes Platform Personal Data, to a Client for their own marketing or lead-generation purposes;

(e) Clients must not use email addresses from the Platform to contact any Persons.

(f) You shall procure that, in respect of any processing of Beauhurst Data by a Client pursuant to an onward transfer of such Beauhurst Data by you, the Client shall comply with all Applicable Data Protection Laws.

(g) You shall procure that, in respect of any processing of Beauhurst Data by a Client pursuant to an onward transfer of such Beauhurst Data by you, the Client shall delete all Beauhurst Data either at the termination of your Subscription to Beauhurst or at the end of your relationship with the Client, whichever is soonest.

(h) Anyone you share Beauhurst Data with must be aware of (and adhere to) the restrictions in place on that information and is strictly forbidden from passing it on to anyone else, including within the Client’s own organisation. It is your responsibility to ensure this is the case, and Beauhurst shall treat any breach of this rule and/or Applicable Data Protection Law by any person who has been provided with Beauhurst Data as if such breach had been committed by you or your User directly.

3.5 Tier Three: Marketing Use

(a) You have rights to share Beauhurst Data, which includes Platform Personal Data, with your Clients subject to the following restrictions:

(i) Sharing of Beauhurst Data is done on a one-to-one basis with each Client and is not broadcast in any fashion whatsoever (for example through a marketing email or used in a seminar or conference).

(ii) The information being shared is directly relevant to the Client in question and to that particular engagement with them;

(iii) You cannot, unless agreed otherwise with Beauhurst in writing, sell any Beauhurst Data to a Client – no transaction may take place in exchange for any Beauhurst Data, and (as outlined in Clause 9.6 of the Terms and Conditions) you must not grant any Client access to the Beauhurst Platform;

(iv) You cannot give Beauhurst Data, which includes Platform Personal Data, to a Client for their own marketing or lead-generation purposes;

(v) Clients must not use email addresses from the Platform to contact any Persons.

(vi) You shall procure that, in respect of any processing of Beauhurst Data by a Client pursuant to an onward transfer of such Beauhurst Data by you, the Client shall comply with all Applicable Data Protection Laws.

(vii) You shall procure that, in respect of any processing of Beauhurst Data by a Client pursuant to an onward transfer of such Beauhurst Data by you, the Client shall delete all Beauhurst Data either at the termination of your Subscription to Beauhurst or at the end of your relationship with the Client, whichever is soonest.

(viii) Anyone you share Beauhurst Data with must be aware of (and adhere to) the restrictions in place on that information and is strictly forbidden from passing it on to anyone else, including within the Client’s own organisation. It is your responsibility to ensure this is the case, and Beauhurst shall treat any breach of this rule and/or Applicable Data Protection Law by any person who has been provided with Beauhurst Data as if such breach had been committed by you or your User directly.

(b) You have additional rights to Publish Beauhurst Data, not including any Platform Personal Data, subject to the following limitations:

(i) You may not Publish any Platform Personal Data under any circumstances;

(ii) You will not Publish more frequently than once per week on average over any three-month period;

(iii) That each time you Publish, you may not individually identify more than ten Companies, Transactions, or Funds;

(iv) That each time you Publish, you may not use more than five pieces of aggregate data or statistics derived from the Beauhurst Platform;

(v) Anything that is Published needs to be clearly attributed to Beauhurst (including a link back to beauhurst.com);

(vi) Anything that you Publish must strictly be for your own activities – you are forbidden from using Beauhurst to do any marketing/PR/associated activities for another brand or business.

If you’re ever unsure about what you can share or Publish, or if you want to exceed the limits detailed above, please do get in touch with us to discuss.

Annex

Description of data accessed via the Beauhurst platform

Data subjects
The Platform Personal Data accessed concern the following categories of data subjects:

  • Directors, shareholders and employees of companies on the platform, and individuals involved in the ecosystem (funds, accelerators, universities) included within the Beauhurst Platform.

Purposes of the transfer(s)
Access is for the following purpose:

  • To facilitate usage by the Subscribing Organisation in accordance with the Data Usage Tier identified in its Subscription Summary and further described in Part 3 of the Data Policy.

Categories of data
The Platform Personal Data accessed concern the following categories of data:

  • Details pertaining to businesses on the Beauhurst Platform, including but not limited to: names, business contact details (business email address, business telephone number), job title, details of shareholdings, and details of company directorships.

Recipients
The Platform Personal Data accessed may be disclosed only to the following recipients or categories of recipients:

  • Subscribing Organisation: Users (as defined in the main Terms and Conditions) duly authorised by the Subscribing Organisation to have access to Beauhurst Data for the Permitted Purpose or any employee at a Subscribing Organisation if the Subscribing Organisation is on Data Tiers 1, 2 or 3.
  • Public bodies and law enforcement authorities: Duly authorized staff at public bodies and law enforcement authorities who make enquiries of the Subscribing Organisation in accordance with applicable law.
  • Clients of Subscribers: If a Subscribing Organisation is on Data Tier 2 or 3 it may share Platform Personal Data with its Clients. This can only be done on a one to one basis subject to certain restrictions being imposed on the Client in accordance with Part 3 of this Data Policy.

Sensitive data (if appropriate)
The Platform Personal Data accessed do not concern any categories of sensitive data.

Data protection registration information of Beauhurst (where applicable)
Information Commissioner Registration Number for Business Funding Research Limited (trading as Beauhurst): Z291194X

Contact points for data protection enquiries
Nina Coldham

Email: dataprotection@beauhurst.com