Capital Gearing Trust

Privacy Policy

1. Introduction

Capital Gearing Trust P.L.C. (the “Company“, “we“, “us“, or “our“) is committed to protecting the privacy and security of the personal data which we process. Where this privacy notice refers to the processing of personal data by the Company, such reference shall include the processing of personal data on behalf of the Company by its third party processors or sub-processors (or any of their affiliates, agents, delegates or subcontractors). We have set out in this privacy notice details of third parties to whom personal data may be disclosed by the Company (and/or its sub-processors) and/or who may process personal data on behalf of the Company.

This privacy notice provides information on how the Company collects and processes personal data as a controller of data held about shareholders, investors, potential shareholders, potential investors, business contacts, website users and directors or prospective directors (“you” or “your“) including in connection with your shareholding/investment (or potential shareholding/investment) in the Company, through your use of this website, by sending us correspondence and/or by providing us with products and/or services.

In addition, it outlines your data protection rights under the EU General Data Protection Regulation (Regulation 2016/679) (the “EU GDPR“) as it forms part of the laws of the United Kingdom (“UK“) (the “UK GDPR“).

This website is not intended for children and we do not knowingly collect data relating to children through this website. Children should not access or use our website.

Capital Gearing Trust P.L.C. is a company registered in Northern Ireland with company registration number NI005574, whose registered address is at C/O Carson McDowell LLP Murray House, Murray Street, Belfast, Northern Ireland BT1 6DN. For the purposes of data protection laws, Capital Gearing Trust P.L.C. is the controller of your personal data. Please contact the Company in writing at c/o Juniper Partners Limited, 28 Walker Street, Edinburgh EH3 7HR if you have any queries in relation to the processing of your personal data under this policy.

2. Categories of data subjects

2.1 Investors and Potential Investors

The kind of information we hold about you

We may hold personal data about shareholders/investors and/or potential shareholders/investors in the Company. We collect this personal data from a variety of sources, including:

  1. From you: when it is provided to us by you directly as a result of your holding and/or investment in the Company (including by completing application forms, fundraising documents, telephone calls and/or corresponding with us);
  2. From third parties: when it is provided to us by third parties, including due diligence service providers or advisers to the Company (such as the appointed administrators, investment manager or registrar); and
  3. From publicly available sources: such as Companies House.

The types of personal data that we collect and use will depend on various circumstances, including whether you are a shareholder, investor or potential shareholder or investor. We may also process personal data about individuals that are connected with you as a shareholder/investor (for example directors, trustees, employees, intermediaries, brokers, representatives, beneficiaries, shareholders, investors, clients, beneficial owners, advisers and/or agents). We have grouped together the various types of data we may hold about you or individuals connected with you as follows:

Identity data may include names, titles, dates of birth and pronoun preferences and personal identifiers such as your national insurance number and tax file number;

Contact data may include addresses, telephone numbers, work and personal email addresses and communication preferences (such as your marketing preferences);

Employment data may include your employer, place of work, job title, employment history and department;

KYC data may include copies of passports and/or driving licences and utility bills, data received in connection with anti-money laundering and/or due diligence activities (including politically exposed persons and sanctions checks) and data related to any public comments about you by statutory or regulatory authorities (including designated professional bodies);

Financial data may include details relating to your investment activity and bank account details; and

Correspondence data may include any other data provided to us in correspondence, telephone calls (which we may record) and/or documents (including subscription/offer documents and other forms).

We do not knowingly collect any sensitive personal data or special categories of personal data about you in your capacity as a shareholder/investor or a potential shareholder/investor (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data), nor do we collect any information about criminal convictions and offences. You must not submit special category data to us. If, however, you otherwise inadvertently or intentionally transmit special category data to us, you will be considered to have explicitly consented to us processing that special category data under Article 9(2)(a) of the UK GDPR. We will use and process your special category data for the purposes of deleting it.

How we will use information about you and our basis for processing

If you are a shareholder/investor or potential shareholder/investor in the Company, your personal data or the personal data of individuals connected to you may be processed by the Company or its processors or sub-processors (or any of their affiliates, agents, delegates or sub-contractors) for the following purposes:

  1. to provide you with information on the Company (including performance updates);
  2. for identification purposes for the purposes of anti-money laundering, counter terrorist financing, suitability and appropriateness assessments, complying with UK and/or international sanctions regimes, “Know Your Client” and creditworthiness checks;
  3. to allow us to administer and manage your holding or beneficial holding in the Company (for example, for processing subscriptions and investments; making payment of dividends; maintaining the share register of investors; carrying out investor instructions; handling any complaints and enquiries; and sending investor communications, including financial reports, valuations and other corporate actions);
  4. to assist us in conducting market research;
  5. to update and maintain records for the Company;
  6. to prepare tax related information in order to report to tax authorities;
  7. to monitor and retain communications (which may include the recording and monitoring by a third party appointed by us), including facsimile, email and other electronic messaging, telephone conversations and other electronic communications with you (including attachments);
  8. to scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems; and
  9. such other actions as are necessary to manage the Company’s activities, to comply with the legal obligations of the Company, to perform a contract to which you are a party, and to pursue the legitimate interests of the Company or a third party including by processing instructions and enforcing or defending the rights and/or interests of the Company.

We will only use your personal data as the law permits. By law we are required to tell you the legal bases upon which we rely in processing your personal data. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

The legal bases we principally rely upon are these:

  1. it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract;
  2. it is necessary for the purposes of our legitimate interests, or those of a third party, where such interests are not overridden by your rights or interests; and/or
  3. it is necessary for us to comply with a legal obligation on us.

Where such processing is being carried out on the basis that it is necessary to pursue the Company’s or a third party’s legitimate interests, we will ensure that such legitimate interests are not overridden by your interests, fundamental rights or freedoms. Such processing may include the use of your personal data for the purposes of contacting you about your investment but will not include marketing communications unless you have specifically requested to receive such or we have another lawful basis for sending such communications (for example, legitimate interests if you are an existing or past shareholder/investor and have not opted out of such communications). You can find out about your right to object to our processing of your personal data when we rely on our legitimate interests below.

Where we need to collect personal data by law or under the terms of a contract to which you are a party and you fail to provide that data when requested, we may not be able to perform the contract or enter a contract with you (and accordingly may be unable to register you as a shareholder/investor, or, if you are a current shareholder/investor, allow you to exercise all of your rights in connection with your investment). We will notify you if this is the case.

Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us at the address above if you need us to confirm which of the legal bases set out above we relied upon in a specific type of processing for a particular category of personal data.

Purpose / ActivityType of dataLegal basis for processing
To provide you with information on the Company (including performance updates).Identity data
Contact data		(a) Our legitimate interests of pursuing and developing our business
For identification purposes, for the purposes of anti-money laundering, complying with UK and/or international sanctions regimes, counter terrorist financing, suitability and appropriateness assessments, “Know Your Client” and credit worthiness checks.Identity data
Contact data
Employment data
KYC data
Correspondence data		(a) Performance of a contract to which you are a party or in order to take steps at your
request prior to entering into such a contract
(b) Compliance with our legal and regulatory obligations
To allow us to administer and manage your holding or beneficial holding in the Company (for example, for processing subscriptions and investments; making payment of dividends; maintaining the share register of investors; carrying out investor instructions; handling any complaints and enquiries; and sending investor communications, including financial reports, valuations and other corporate actions)Identity data
Contact data
Financial data
KYC data
Correspondence data		(a) Performance of a contract to which you are a party or in order to take steps at your
request prior to entering into such a contract
(b) Compliance with our legal and regulatory obligations
(c) Our legitimate interests of pursuing and developing our business
To assist us in conducting market researchIdentity data
Contact data
Financial data
Correspondence data		(a) Our legitimate interests of analysing trends and investigating profit sales and performance to pursue and develop our business
To update and maintain records for the Company.Identity data
Contact data
Employment data
Financial data
KYC data
Correspondence data		(a) Compliance with our legal and regulatory obligations
(b) Our legitimate interests of ensuring effective and accurate record keeping
To prepare tax related information in order to report to tax authorities.Identity data
Contact data
Financial data
Correspondence data		(a) Compliance with our legal and regulatory obligations.
To monitor and retain communications (which may include the recording and monitoring by a third party appointed by us), including facsimile, email and other electronic messaging, telephone conversations and other electronic communications with you (including attachments).Identity data
Contact data
Employment data
Financial data
Correspondence data		(a) Compliance with our legal and regulatory obligations (including under data protection law)
(b) Our legitimate interests, including to document communications regarding trading activity and to monitor email traffic
To scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems.Identity data
Contact data
Correspondence data		(a) Our legitimate interests of document retention and IT security
(b) Compliance with our legal and regulatory obligations (including under data protection law)
Such other actions as are necessary to manage the Company’s activities, to comply with the legal obligations of the Company, to perform a contract to which you are a party, and to pursue the legitimate interests of the Company or a third party including by processing instructions and enforcing or defending the rights and/or interests of the Company.Identity data
Contact data
KYC data
Financial data
Employment data
Correspondence data		(a) Compliance with our legal and regulatory obligations
(b) Our legitimate interests of pursuing and developing our business
(c) Performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract

Where your consent is required

If the Company wishes to use your personal data for purposes which require your consent we will contact you to request this. In such circumstances, we will provide you with details of the personal data that we would like to process and the reason we need to process it, so that you can carefully consider whether you wish to consent. Where you do consent and we rely on consent to process your personal data, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processing based on consent before its withdrawal.

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another lawful basis for doing so.

2.2 Visitors to our website

The kind of information we hold about you

We use different methods to collect data from and about you when you are a website user including:

  1. From you: direct interactions with you, including by you filling in forms. This includes personal data you provide when you subscribe to our publications and/or request marketing to be sent to you;
  2. From automated technologies or interactions: as you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies; and
  3. From third parties: for example, we may collect technical data from third party analytics providers such as Google and search information providers, some of whom may be based outside of the UK and/or may process personal data outside of the UK..

We may process different kinds of data about you which is provided to us through your use of the website including by the use of cookies, server logs, pixel tags and other similar technologies. We have grouped together the various types of data we may hold about you as a website user as follows:

Identity data may include names, titles, dates of birth and pronoun preferences;

Contact data may include addresses, telephone numbers, personal and work email addresses and marketing and communications preferences;

Technical data may include internet protocol (IP) address, your login data, browser type and version, time zone setting and location, internet server provider’s domain name, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website;

Usage data which includes information about how you use our website, products or services; and

User type data which includes information relating to the type of website user you are (for example, institutional investor, journalist, analyst or private investor).

We do not knowingly collect any sensitive personal data or special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data), nor do we collect any information about criminal convictions and offences. You must not submit special category data to us. If, however, you otherwise inadvertently or intentionally transmit special category data to us, you will be considered to have explicitly consented to us processing that special category data under Article 9(2)(a) of the UK GDPR. We will use and process your special category data for the purposes of deleting it.

If you register to receive email alerts in respect of the Company’s RNS announcements, you will need to provide personal data, including your name and email address. The registration process involves you providing your consent to the processing of your personal data to receive alerts from Luminate regarding the Company and to your data (provided to Luminate) being shared with the Company. The email alert service is provided by Luminate. Please note that registering for this service will also create an account on Luminate’s email alerts platform, and you will be able to use your log-in details to subscribe to other alert services on that platform.

For details regarding how your data is handled by Luminate, please refer to Luminate’s Privacy and Cookie Policy.

How we will use information about you and our basis for processing

If you are a website user, your personal data may be processed by the Company or its processors or sub-processors (or any of their affiliates, agents, delegates or sub-contractors) for the following purposes:

  1. to send you updates on the performance of the Company, factsheets, newsletters, invitations to events and other electronic marketing communications;
  2. to use data analytics to improve our website, marketing and customer experiences;
  3. to comply with legal or regulatory requirements;
  4. to scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems; and
  5. such other actions as are necessary to manage the activities of the Company, including to comply with the legal obligations of the Company, to perform a contract to which you are a party (for example, if applicable, our website terms of use), and to pursue the legitimate interests of the Company or a third party including by processing instructions and enforcing or defending the rights and/or interests of the Company.

We will only use your personal information as the law permits. By law we are required to tell you the legal bases upon which we rely in processing your personal data. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

The legal bases we principally rely upon are these:

  1. it is necessary for the purposes of our legitimate interests or those of a third party and where such interests are not overridden by your rights or interests;
  2. it is necessary for us to comply with a legal or regulatory obligation on us; and/or
  3. it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract.
  4. to scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems; and
  5. such other actions as are necessary to manage the activities of the Company, including to comply with the legal obligations of the Company, to perform a contract to which you are a party (for example, if applicable, our website terms of use), and to pursue the legitimate interests of the Company or a third party including by processing instructions and enforcing or defending the rights and/or interests of the Company.

Where such processing is being carried out on the basis that it is necessary to pursue the Company’s or a third party’s legitimate interests, we will ensure that such legitimate interests are not overridden by your interests, fundamental rights or freedoms. You can find out about your right to object to our processing of your personal data when we rely on our legitimate interests below.

Where we need to collect personal data by law or in connection with our website and you fail to provide that information, we may not be able to give you full (or any) access to our website. We will notify you if this is the case.

Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us at the address above if you need us to confirm which of the legal bases set out above we relied upon in a specific type of processing for a particular category of personal data.

Purpose / ActivityType of dataLegal basis for processing
To send you updates on the performance of the Company, factsheets, newsletters, invitations to events and other electronic marketing communications.Identity data
Contact data
User type data		(a) Our legitimate interests of pursuing and developing our business (for example, where you are an existing or past investor and were (and continue to be) given an option to opt-out of such communications)
(b) Your consent
To use data analytics to improve our website marketing and customer experiences.Technical data
Usage data
User type data		(a) Our legitimate interests (to understand user behaviour and improve our website)
To comply with legal or regulatory requirements.Technical data
User type data		(a) Compliance with our legal and regulatory obligations (including under data protection law)
To scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems.Identity data
Contact data
Technical data
Correspondence data		(a) Our legitimate interests including for document retention purposes and IT security
(b) Compliance with our legal and regulatory obligations (including under data protection law)
Such other actions as are necessary to manage the activities of the Company, to comply with the legal obligations of the Company, to perform a contract to which you are a party (for example, if applicable, our website terms and conditions), and to pursue the legitimate interests of the Company or a third party including by processing instructions and enforcing or defending the rights and/or interests of the Company.Identity data
Contact data
Technical data
Usage data
User type data		(a) Compliance with our legal and regulatory obligations
(b) Our legitimate interests (including by processing instructions and enforcing or defending our rights)
(c) Performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract

Where your consent is required

If the Company wishes to use your personal data for purposes which require your consent we will contact you to request this. In such circumstances, we will provide you with details of the personal data that we would like to process and the reason we need to process it, so that you can carefully consider whether you wish to consent. Where you do consent and we rely on consent to process your personal data, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent or to opt out of receiving marketing communications, please contact us in writing or follow the unsubscribe instructions included in each electronic marketing communication.

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another lawful basis for doing so.

Links to third party websites

Where our website provides links to other websites, the Company and its processors are (unless the website is operated by the relevant processor) not responsible for the data protection/privacy/cookie usage policies of such other websites, and you should check these policies on such other websites if you have any concerns about them.

If you use one of these links to leave our website, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting a linked website and such websites are not governed by this policy. You should always exercise caution and review the privacy notice applicable to the website in question.

Cookies

A cookie is a small text file which is sent to and stored on your browser or the hard drive of your computer, smartphone or other device used to access the internet, when you visit certain websites. Cookies help analyse web traffic or let you know when you visit a particular website, and allow web applications to respond to you as an individual. The web application can, for example tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used by website users. This helps us analyse data about web page traffic and improve our website by tailoring it to the needs of users. We only use this information for statistical analysis purposes. Overall, cookies help us provide a better website by enabling us to monitor which pages users find useful and which they don’t.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. If you choose to switch certain cookies off or block cookies, it may affect how our website works. For further details on cookies (including how to turn them off) can be found at www.allaboutcookies.org.

Our Cookie Policy can be accessed here https://www.capitalgearingtrust.com/cookie-policy/

2.3 Business Contacts

The following section of this policy sets out how the Company may process personal data (as a controller) about its business contacts and (current, previous and/or potential) service providers (and employees of service providers) and data subjects that have provided a business card to, or have corresponded with the Company.

The kind of information we hold about you

We may hold personal data about business contacts. We collect this personal data from a variety of sources, including:

  1. From you: when it is provided to us by you, including through correspondence with us or if you provide a business card to us;
  2. From third parties: when it is provided to us by third parties, including (if you are an employee of one of our service providers) from your employer; and
  3. From publicly available sources: such as LinkedIn or Companies House. In connection with your relationship with the Company, we may collect, store, and use the following categories of personal information about you, which you provide to us from time to time or which we obtain in the course of our relationship with you, and which we have grouped together as follows:

    Identity data may include names, titles, dates of birth and pronoun preference;

    Contact data may include addresses, telephone numbers and personal or work email addresses; Financial data may include bank account details;

    Employment data may include place of work and job title, employment history and department; and

    Correspondence data may include any other data which you provide to us in correspondence (including emails), telephone calls and/or documents.

We do not knowingly collect any sensitive personal data or special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data), nor do we collect any information about criminal convictions and offences. You must not submit special category data to us. If, however, you otherwise inadvertently or intentionally transmit special category data to us, you will be considered to have explicitly consented to us processing that special category data under Article 9(2)(a) of the UK GDPR. We will use and process your special category data for the purposes of deleting it.

How we will use information about you and our basis for processing

If you are a business contact, your personal data may be processed by the Company, its processors or its sub-processors (or any of their affiliates, agents, delegates or subcontractors) for the following purposes:

  1. to hold your personal data on our system and to contact you;
  2. in respect of suppliers, to allow us to process payments and orders in respect of any goods and services provided;
  3. to send you updates on the performance of the Company, factsheets, newsletters or invitations to events;
  4. to comply with legal or regulatory requirements;
  5. to monitor and retain communications (which may include the recording and monitoring by a third party appointed by us), including facsimile, email and other electronic messaging and other electronic communications with you (including attachments);
  6. to scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems; and
  7. such other actions as are necessary to manage the activities of the Company, including to comply with the legal obligations of the Company, to perform a contract to which you are a party, and to pursue the legitimate interests of the Company including by processing instructions and enforcing or defending the rights and/or interests of the Company.

Legal basis for processing your personal information

We will only use your personal information as the law permits. By law we are required to tell you the legal bases upon which we rely in processing your personal data. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. The legal bases we principally rely upon are these:

  1. it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract;
  2. it is necessary for the purposes of our legitimate interests, or those of a third party, where such interests are not overridden by your rights or interests; and/or
  3. it is necessary for us to comply with a legal obligation on us.

Where such processing is being carried out on the basis that it is necessary to pursue the Company’s or a third party’s legitimate interests, we will ensure that such legitimate interests are not overridden by your interests, fundamental rights or freedoms. You can find out about your right to object to our processing of your personal data when we rely on our legitimate interests below.

Where we need to collect personal data by law or under the terms of a contract to which you are a party and you fail to provide that data when requested, we may not be able to perform the contract or enter a contract with you (and accordingly may not be able to continue our relationship with you and (if you are a service provider) we may not be able to pay you). We will notify you if this is the case.

Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us at the address above if you need us to confirm which of the legal bases set out above we relied upon in a specific type of processing for a particular category of personal data.

Purpose / ActivityType of dataLegal basis for processing
To hold your personal data on our system and to contact you.Identity data
Contact data		(a) Our legitimate interests, including in connection with using the services that you provide
In respect of suppliers, to allow us to process payments and orders in respect of any goods and services provided.Identity data
Contact data
Financial data		(a) Our legitimate interests, including in connection with using the services that you provide
(b) Performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract
To send you updates on the performance of the Company, newsletters, factsheets or invitations to events.Identity data
Contact data		(a) Our legitimate interests of pursuing and developing our business
(b) Your consent
To comply with legal or regulatory requirements.Identity data
Contact data
Employment data
Financial data
Correspondence data		(a) Compliance with our legal and regulatory obligations (including requirements to monitor our IT systems to comply with data protection law)
To monitor and retain communications (which may include the recording and monitoring by a third party appointed by us), including facsimile, email and other electronic communications with you (including attachments).Identity data
Contact data
Employment data
Financial data
Correspondence data		(a) Compliance with our legal and regulatory obligations (including under data protection law)
(b) Our legitimate interests, including to document services provided to us and monitor email traffic
To scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems.Contact data
Correspondence data		(a) Our legitimate interests including for document retention purposes and IT Security
(b) Compliance with our legal and regulatory obligations (including under data protection law)
Such other actions as are necessary to manage the activities of the Company, including to comply with the legal obligations of the Company, to perform a contract to which you are a party, and to pursue the legitimate interests of the Company including by processing instructions and enforcing or defending the rights and/or interests of the Company.Identity data
Contact data
Employment data
Financial data
Correspondence data		(a) Compliance with our legal and regulatory obligations
(b) Our legitimate interests of pursuing and developing our business
(c) Performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract

Where your consent is required

If the Company wishes to use your personal data for purposes which require your consent we will contact you to request this. In such circumstances, we will provide you with details of the personal data that we would like to process and the reason we need to process it, so that you can carefully consider whether you wish to consent. Where you do consent and we rely on consent to process your personal data, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent or to opt out of receiving marketing communications, please contact us in writing or follow the unsubscribe instructions included in each electronic marketing communication.

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another lawful basis for doing so.

2.4 Directors and Prospective Directors

The kind of information we hold about you

We may hold personal data about directors and/or prospective directors of the Company. We collect this personal data from a variety of sources, including:

  1. From you: when it is provided to us by you, including through application forms, questionnaires and/or corresponding with us;
  2. From third parties: when it is provided to us by third parties, including due diligence service providers; and
  3. From publicly available sources: such as Companies House.

The types of personal data that we collect and use will depend on various circumstances, including whether you are a director or a prospective director. We may also process personal data about individuals that are connected with you as a director (including Family Data (as is defined below)). We have grouped together the types of data we may process about you as follows:

Identity data may include names, titles, sex, gender, gender identity, pronoun preferences, dates of birth, nationality and citizenship;

Family data may include marital status and details of other relatives or persons closely associated with you including family connections (including dependents which may be under the age of 18);

Contact data may include addresses, work or personal email addresses, telephone numbers and contact sheets;

Financial data may include tax residency, financial dealings, banking details, beneficiaries, the number of shares legally and beneficially held by you or any person closely associated with you in the Company and any such holdings in any other securities related to the Company;

KYC data may include copies of passports and/or driving licences and utility bills, details of any disqualifications as a director or disqualifications from acting in company management or from conduct of company affairs, data relating to insolvency proceedings involving you or entities you have been or are connected with, data received from due diligence activities (such as anti-money laundering, politically exposed persons and sanctions checks) and data related to any public criticisms of you by statutory or regulatory authorities (including designated professional bodies) and fraud enquiries (for example, information from police reports);

Employment and directorship data may include places of work, job title, national insurance number and other tax details, signed contracts with you, biographies, job history, qualifications and CV, current and/or former directorships and attendance and voting records at board meetings;

Sensitive/special category data may include details of your socio-economic background and certain data considered more sensitive (which may include details of criminal convictions, ethnicity, age, sexual orientation, religion and beliefs, physical or mental impairment, socio-economic background and native language); and

Correspondence data may include any other data which you provide to us in correspondence (including emails), telephone calls and/or documents.

How we will use information about you and our basis for processing

If you are a director or prospective director of the Company, your personal data may be processed by the Company or its processors (or any of their affiliates, agents, delegates or sub-contractors) for the following purposes:

  1. to hold your personal data on our system and to contact you;
  2. to appoint (or consider appointing) you as a director and to administer our relationship with you as a director. We may process personal data to carry out background and reference checks or to assess your skills and qualifications, to consider your suitability for the role of director. We may also need to communicate with you about the appointment process and to keep records relating to our hiring process.
  3. to administer/perform the contract we have entered into with you, including arranging the payment of directors’ fees and the reimbursement of expenses;
  4. to seek to improve transparency on the diversity of our board and benefit both corporate governance and decision making by us;
  5. to comply with legal or regulatory requirements;
  6. to scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems; and
  7. such other actions as are necessary to manage the Company’s activities, to comply with the legal obligations of the Company, to perform a contract to which you are a party, and to pursue the legitimate interests of the Company or a third party including by processing instructions and enforcing or defending the rights and/or interests of the Company.

We will only use your personal information as the law permits. By law we are required to tell you the legal bases upon which we rely in processing your personal information. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. The legal bases we principally rely upon are these:

  1. it is necessary for the purposes of our legitimate interests or those of a third party and where such interests are not overridden by your rights or interests;
  2. it is necessary for us to comply with a legal or regulatory obligation on us; and/or
  3. it is necessary for the performance of a contract between you and the Company or in order to take steps at your request prior to entering into such a contract.

Where such processing is being carried out on the basis that it is necessary to pursue the Company’s or a third party’s legitimate interests, we will ensure that such legitimate interests are not overridden by your interests, fundamental rights or freedoms. You can find out about your right to object to our processing of your personal data when we rely on our legitimate interests below.

Where we need to collect personal data by law or under the terms of a contract to which you are a party and you fail to provide that data when requested, we may not be able to perform the contract or enter a contract with you (and accordingly may be unable to appoint you as a director). We will notify you if this is the case.

Purpose / ActivityType of dataLegal basis for processing
To hold your personal data on our system and to contact you.Identity data
Contact data		(a) Our legitimate interests of appointing you (or considering appointing you) as a director and pursuing and developing our business
To appoint (or consider appointing) you as a director and to administer our relationship with you as a director. We may process personal data to carry out background and reference checks or to assess your skills and qualifications, to consider your suitability for the role of director. We may also need to communicate with you about the appointment process and to keep records relating to our hiring process. To arrange the payment of directors’ fees and the reimbursement of expenses.Identity data
Contact data
Family data
KYC data
Financial data
Employment and directorship data
Sensitive/special category data
Correspondence data		(a) Performance of a contract to which you are a party or in order to take steps prior to entering into such a contract
(b) Compliance with our legal and regulatory obligations (including under the FCA Listing Rules and Disclosure Guidance and Transparency Rules)
(c) Our legitimate interests of appointing you (or considering appointing you) as a director and pursuing and developing our business
To administer/perform the contract we have entered into with you, including arranging the payment of directors’ fees and the reimbursement of expenses.Identity data
Contact data
Financial data
Employment and directorship data
Correspondence data		(a) Performance of a contract to which you are a party or in order to take steps prior to entering into such a contract
To seek to improve transparency on the diversity of our board and benefit both corporate governance and decision making by us.Identity data
Contact data
KYC data
Employment and directorship data
Sensitive/special category data		(a) Compliance with our legal and regulatory obligations (including under the FCA Listing Rules and Disclosure Guidance and Transparency Rules)
(b) Our legitimate interests of improving transparency and diversity on our board
To comply with legal or regulatory requirements.Identity data
Family data
Financial data
Contact data
Employment and directorship data
KYC data
Sensitive/special category data
Correspondence data		(a) Compliance with our legal and regulatory obligations
To scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems.Contact data
Correspondence data		(a) Our legitimate interests including for document retention purposes and IT Security
(b) Compliance with our legal and regulatory obligations under data protection law
Such other actions as are necessary to manage the activities of the Company, including to comply with the legal obligations of the Company, to perform a contract to which you are a party, and to pursue the legitimate interests of the Company including by processing instructions and enforcing or defending the rights and/or interests of the Company.Identity data
Family data
KYC data
Contact data
Financial data
Employment and directorship data		(a) Compliance with our legal and regulatory obligations
(b) Our legitimate interests of pursuing and developing our business
(c) Performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract

Where your consent is required

If the Company wishes to use your personal data for purposes which require your consent we will contact you to request this. In such circumstances, we will provide you with details of the personal data that we would like to process and the reason we need to process it, so that you can carefully consider whether you wish to consent. Where you do consent and we rely on consent to process your personal data, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processing based on consent before its withdrawal.

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another lawful basis for doing so.

Special category data

We may hold special category data if it is necessary for us to comply with legal and regulatory obligations (see further details below).

Where we process special category data, we ensure that such processing satisfies one of the additional conditions required for processing special categories of personal data. We may process special categories of personal data in the following circumstances:

  • with your explicit written consent; and/or
  • where it is needed in the public interest, such as for equality of opportunity or treatment or racial and ethnic diversity at senior levels of organisations.

Other than as set out above, we do not knowingly or intentionally collect special category data from individuals, and you must not submit special category data to us. If, however, you otherwise inadvertently or intentionally transmit special category data to us, you will be considered to have explicitly consented to us processing that special category data under Article 9(2)(a) of the UK GDPR. We will use and process that special category data for the purposes of deleting it.

Processing of information about criminal convictions

We envisage that we will process information about criminal convictions as part of the Company’s director onboarding/appointment processes and on an ongoing basis. We carry out a criminal records check where permitted by law to seek to review your suitability for the role. We will only collect and use information about criminal convictions if it is appropriate given the nature of the role and where we have a lawful basis to do so. For example, we may use information relating to criminal convictions in relation to legal claims, where regulatory requirements relating to unlawful acts and dishonesty apply, to prevent fraud and to prevent and detect unlawful acts, to protect the public against dishonesty, or where you have already made the information public.

3. Disclosures of your Personal Data

We will not disclose personal information we hold about you to any third party except as set out below and where we have a lawful basis for doing so.

We may disclose your personal data to third parties who are providing services to us, including IT service providers, PR and marketing service providers, recruitment agencies, processors of the Company (including printers, registrars, brokers, investment managers, alternative investment fund managers, administrators), other professional advisers of the Company, telephone service providers, document storage and execution providers and backup and disaster recovery service providers.

We may also disclose personal data we hold to third parties in the following circumstances:

  1. if you are an investor, where your shares are held through a broker, dealer, bank, custodian, trust company, financial adviser or other nominee (each a “Nominee”) and it is lawful for us to do so, then details of your investments and valuations may also be provided to such Nominee;
  2. to background, compliance, sanctions, shareholder register analysis and anti-money laundering check service providers;
  3. to other third parties in connection with providing services to you and/or conducting our business (such as Luminate);
  4. where we sell any business or assets, in which case we may disclose personal data we hold about you to the prospective and actual buyer of such business or assets; and/or
  5. if we are permitted by law to disclose your personal data to a third party or are under a legal obligation to disclose your personal data to that third party. For example, we may disclose your personal data to relevant tax authorities, regulators (including the FCA), government departments or competent authorities of the UK or of other countries (such as Companies House) or make public disclosures, including (if you are a director) publishing information in our annual accounts . We may also be required to disclose your personal data in order to comply with a court order or to meet legal and regulatory requirements arising in the conduct of our business. Such disclosure may be made directly to such regulators or competent authorities or made indirectly to our advisers or providers who will make such filings or disclosures on our behalf.

Where we disclose your personal data to third parties, those third parties may in certain circumstances require to process your personal data for purposes and means which they determine. For example, they may need to use your information to comply with their own legal obligations, including under anti-money laundering legislation. In those cases, the relevant service provider will be acting as a controller in respect of your personal data, and its use of your personal data will be subject to its privacy notice (which they are required by law to make available to you).

4. Data retention

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

5. International transfers

We do not expect to transfer personal data outside of the UK. However, if we transfer your personal data outside the UK or European Economic Area (“EEA”), we will ensure that it is protected in a manner that is consistent with how your personal data will be protected in the UK or EEA (as applicable). We will only transfer your personal data outside the UK or EEA if an appropriate safeguard is in place, including for example that:

  • the country or territory that we send the data to is approved by the Secretary of State or European Commission (as applicable) as offering equivalent protections to those afforded by data protection law in the UK and EEA (as applicable); or
  • we have put in place specific standard contracts approved by the Secretary of State or European Commission (as applicable) which give personal data the same protection it has in the UK and EEA (as applicable).

In all cases, we will ensure that any transfer of your personal data is compliant with data protection law. Please contact us if you want further information on the specific safeguards we will use if transferring your personal data out of the UK or EEA.

6. Data security

The Company has put in place measures designed to ensure the security of the personal data it collects and stores about you. It will use reasonable endeavours and comply with law in its approach to protecting your personal data from unauthorised disclosure and/or access, including through the use of network and database security measures, but it cannot guarantee the security of any data it collects and stores.

We have put in place through our service providers appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those agents, contractors and other third parties who have a business need to know. They will only process your personal data (as a data processor) on our instructions.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

7. Your legal rights

In certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. Please contact us if you believe that the information we hold about you is not accurate, complete or up to date.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.
  • Withdraw your consent. If we are processing your personal data on the basis of your consent, you have the right to withdraw such consent at any time. Withdrawing your consent will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent or to opt out of receiving marketing communications, please contact us in writing or following the unsubscribe instructions included in each electronic marketing communication. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another lawful basis for doing so.

If you wish to exercise any of the rights set out above, please contact us in writing at c/o Juniper Partners Limited, 28 Walker Street, Edinburgh EH3 7HR.

You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

8. Changes to your data

The personal data we hold about you needs to be accurate and up-to-date in order to comply with data protection law. Please let us know of any changes to your personal data so that we can correct our records.

9. Changes to this Privacy Notice

We may update this privacy notice from time to time and will ensure that any changes to this notice are added to the notice available on our website on their effective date. We may also notify you from time to time about the processing of your data. This privacy notice was last updated in June 2025.

10. Further information

If you have any queries about this policy or your personal data, or you wish to submit an access request or raise a complaint about the way your personal data has been handled, please do so in writing and address this to the Company at

Capital Gearing Trust P.l.c.
c/o Juniper Partners Limited
28 Walker Street
Edinburgh
EH3 7HR
United Kingdom

Cgt Logo Col
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.