Privacy Statement

INTRODUCTION

This document sets out how we will use the information we collect about you from you and from other sources, what you can do about that and generally a bit about the rights you have. As an open innovation hub, the information we handle concerning the huge variety of people we deal with is the lifeblood of our business so it is crucial that you are able to trust us with your personal information.  So please, if you have any questions about what you read here, you can reach us at privacy@wayra.org.

ABOUT YOU

This policy is intended for everybody we interact with. This includes:

• Founders and other staff members of companies in our portfolio, participating in our programmes or otherwise interested in or corresponding with us about what we do;
• Investors and staff members of institutions investing in our portfolio or other companies we’re supporting;
• Individuals whose visa applications we are endorsing;
• Staff members of our clients, prospective clients or of companies supporting our programmes and working with our participating companies;
• Coaches, mentors and professionals involved with our portfolio companies or companies participating in our programmes;
• Staff members of Wayra worldwide, the Telefónica group, Virgin Media O2 or Liberty Global;
• Individuals applying for a position at Wayra or in one of our portfolio companies;
• Individuals who subscribe to receive one of our newsletters; and
• People who are casually browsing our website.

Not everything we document in this policy will be relevant to you, depending upon which of these categories you fall into.

By engaging with us, you accept the terms of this Privacy Statement, however nothing in this statement affects your standing under any Applicable Law (see below as to what that means).

ABOUT US

Wayra UK Limited is a company incorporated in England under registered number 08083534 and whose registered office is located at Highdown House, Yeoman Way, Worthing, West Sussex, United Kingdom, BN99 3HH. Our trading address is Tintagel House, 92 Victoria Embankment, Vauxhall, London SE1 7TY. We operate an open innovation hub, connecting corporates with innovative early-stage businesses through a variety of programmes and other services. We also invest in early-stage businesses in the UK and worldwide.

Where applicable, we are the data controller under applicable law and when we refer to “us”, “we” or “our” in this policy and any related documentation, we referring to Wayra UK Limited.

APPLICABLE LAW

As an individual law, the law that applies to you is the law where you are.  However, this policy is prepared and the operations it governs our designed to be compliant with the following laws and regulations:

The Data Protection Act 2018 (“DPA”) – this is the law that governs the use of “Personal Data” (which we will also refer to as your “information”) in the UK;

The General Data Protection Regulation (“GDPR”), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, which governs the use of personal data relating citizens of the European Union.

There are other regulations that impact these activities too, such as the controls over the use of cookies, email marketing and so on.  When we refer to “Applicable Law”, we are referring to all of these.

TERMINOLOGY

In this policy, we make repeated reference to various terms. These terms are defined in more or less the same way across the DPA and the GDPR, since those laws are intended to provide equivalent protection across the UK the EU. Here’s what we intend these terms to mean.

Explicit consent: means specific, informed, and freely given consent,

Anonymization: means rendering personal data impossible to link with an identified or identifiable natural person, even through matching them with other data,

Data subject: means an individual, information about whom is to be processed in accordance with this Privacy Statement,

Personal data: means any information relating to an identified or identifiable natural person such as yourself, which information we’ll also refer to as your information,

Processing of personal data: means any operation which is performed on personal data, wholly or partially by automated means or non-automated means which form part of a data filing system, such as collection, recording, storage, protection, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization, preventing the use thereof,

Applicable authority: means the Information Commissioner’s Office in the UK, the European Commission in the European Union and equivalent authorities in the other jurisdictions,

Data filing system: means the system where personal data are processed by being structured according to specific criteria,

Data controller: means the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data filing system,

Individuals: means natural persons,

Clients: means businesses to whom we provide services.

OUR PROMISE

All information that you provide to us or which we might gather about you from other sources shall be processed: 

1. within the framework of your explicit consent through your approval of this Privacy Statement in accordance with Applicable Law; or 
2. whenever it is directly related to the fulfilment of our obligations under a contractual relationship you have with us, if you do have such a relationship with us; or
3. for us to fulfill obligations we have to you or to comply with Applicable Law and other legislation; or
4. for other purposes determined to be “legitimate” under Applicable Law. 

All personal data that we collect shall be processed in accordance with the principles listed in Applicable Law. We will endeavour to keep your information up-to-date and to process it correctly, only when necessary and then only for specific, clear and legitimate purposes.  We will process that information in a limited and prudent manner related to the purpose of processing and we shall preserve it as long as is necessary for the purpose of processing or as required under Applicable Law.  We shall not hold your personal data any longer than we need to for the purpose indicated in this policy and when we no longer need it, we will ensure that it is securely erased.

THE INFORMATION WE WILL PROCESS 

We may process your personal data in order to deliver services to you if you are looking for work with or for us, to deliver services to our clients, to support the companies in our portfolio or participating in our programmes (or alumni of those programmes) or in order to run our business.  

Our objectives are to:

• deliver services to our clients, to other companies in the Telefónica Group or to Virgin Media O2 or Liberty Global; and/or
• support the companies in our portfolio or who are participating in or applying to join our programmes or are alumni of those programmes; and/or
• endorse entrepreneurs and innovators applying for visas to work in the UK.  

Depending on our relationship with you, we will process some or all of the following information about you and about individuals whose information you share with us:

• ID data: Name, surname, birth date and place of birth, gender, marital status, nationality;
• Contact data: Email address, address, mobile phone number, phone number;
• Work experience data: Information on past work experience, total work experience, current work status, current and past title, work experience in general (firm names, periods worked, job definition);
• Educational background data: Education status, school history, information on certificate and diplomas you have obtained, languages you speak or write, your areas of expertise and specialism;
• Sensitive personal data: In the unlikely event that you provide to us in any way (whether written or electronic form, orally etc.), fingerprint, information on the membership of a political party, association, foundation, union, information on or information that may suggest religious or philosophical view, ethnic origin and race, information on health or sensitive personal data which are recorded to the automatic sound recording system during phone calls with our staff members, then your voluntary provision of that information will constitute your explicit consent to us to process that sensitive personal data when you approve this Statement. We will process any sensitive personal data you provide strictly in accordance with applicable laws;
• Visual and auditory data: Photographs and audio recordings of you and perhaps other individuals;
• Website usage data: Website login frequency/times, the pages you visit, the site you linked from to reach us, the technology you use in order to view our website (operating system, desktop/mobile);
• Miscellaneous: all information included in pitchdecks and applications for our programmes, notes regarding individuals where phone calls have been made.

If you provide to us personal information concerning any other individual, you do so having confirmed to us (by accepting the terms of this Privacy Statement) that you have that individual’s permission to share that information with us.  Having shared information relating to another with us, we may use that information for any of the purposes set out in this Statement, depending on the context.

HOW WE COLLECT YOUR INFORMATION

We collect your personal data for the purpose of fulfilling our legal and contractual obligations, complying with regulations or to pursue our legitimate business interests as follows:

This information about you is collected by your input of information (including audio and images) to our website, through phone calls and email or other messaging exchanged between you (or your employees and representatives) and our staff members.  If we deem it to be necessary, we also collect your personal data through audio recordings we obtain during phone conversations we have with you (when we inform you that the conversation may be recorded) with the objective of improving our services and/ increase satisfaction levels generally.  We also collect your personal data electronically through cookies used in our website to improve our website/platform/applications by following their usage and making them more productive, useful and functional, as stated in detail in our cookie policy.

Personal information concerning your employees and representatives is collected for the purpose of communication through forms completed and emails and messages sent by the you and phone calls made with you, your employees and representatives and other communication between you and us. By transferring your employees’ and representatives’ personal information to us in this way, you hereby declare and undertake that you have obtained such employees’ and representatives’ explicit consents for that purpose, in accordance with Applicable Law.

WHY WE PROCESS YOUR PERSONAL INFORMATION

We will process your personal information to:

• Fulfil our contractual obligations in the provision of our services generally,
• Form and record profiles and gathering information concerning companies that my wish to engage with our clients or in which we may wish to invest,
• Process applications from companies wishing to join our programmes,
• Provide support to companies within our eco-system, whether as an investee or a participant in or alumnus of our programmes,
• Return your calls and reply to your emails/messages and answer your requests for help/support,
• If there’s a complaint regarding the services we provide, resolve that complaint,
• Conduct correspondence with you via email or some other form of electronic messaging, social media or telephone calls, 
• Pass on your contact details with your consent to third parties with whom you wish to connect,
• Conduct the financial management of our business, including preparing reports required for that purpose,
• Audit customer satisfaction and thereby increase our service quality,
• Conduct analyses and studies with the aim of sales and marketing activities and financial planning, updating existing terms of work, operation and use,
• Improve and enhance our existing and developing systems and processes and market our products,
• Develop, update and enhance the software and applications for our own use possibly with the assistance of external developers,
• Follow your actions on our applications and website/websites and based on these, provide you a personalised, easier, faster and higher quality service, increase our existing service quality, and in doing so remembering your various preferences,
• Support and inform potential clients when we consider it necessary or appropriate.

Personal information obtained from founders, private investors or members of staff at our clients, investment institutions or other service providers may be processed to communicate with their respective companies.  That information may be provided to founders to communicate with our clients or vice versa when we consider that to be appropriate and for such founders to participate in our programmes or otherwise engage with our clients.  

We may use personal information about you to conduct other commercial operations, to operate marketing and advertising activities to you, to improve the experience of individuals within our eco-system, to make any kind of contact with you within the scope of our contractual obligations and terms of use, to send publications, reports, bulletins, notifications to you, to answer your questions and provide you with a service of good quality, to inform you about new services, to market to, to communicate with you as necessary, to make surveys and market research and to fulfill our legal obligations generally. 

Part of the work we do involves connecting people.  Investors with founders.  Founders with coaches.  Management teams at our partners, clients and the companies in our portfolio.  When we make these connections, we will necessarily be transferring a small amount of personal data concerning each individual involved.  At the point at which we transfer that personal data to a third party, that party becomes a data controller in respect of that information. As data controller, that party shall comply with legal obligations under Applicable Law regarding the personal data we have transferred and we shall not be liable should they fail to comply with those obligations. 

Any individual may request the erasure, destruction and anonymization of any personal information that they have provided and if they do, we shall administer that request as quickly as we reasonably can.  If you wish to do this, the most efficient way to do this is to contact us at privacy@wayra.org telling us who you are, what information you wish us to identify and what you wish us to do with that information.

Where requests or demands are made in compliance with applicable law, personal information will be shared in accordance with administrative authorities, prosecutors and courts. Should your personal information become subject to any kind of dispute or judicial or administrative request we are a party to, such personal data may be shared with courts, prosecutors, attorneys, experts, mediators to enable us to defend ourselves legitimately and we may process such personal data for that purpose.

You must inform the individuals whose personal data you convey, transmit or otherwise give to us, and obtain their explicit consent for our collection and processing of their personal data. In accepting the terms of this Privacy Statement, you hereby confirm that you have obtained all relevant consents when you share the information of people whom you appoint as references, contact persons, employees, representatives, etc. or recommend to our services and you represent and warrant that information you share does not contain trade secrets and/or confidential information of third parties. We reserve our rights in this respect and you will indemnify us and hold us harmless against any loss, damage or other harm we suffer as a result of your failure to secure such consent.

WHERE WE MIGHT TRANSFER YOUR PERSONAL INFORMATION

Personal information you provide to us (or about you that we may obtain from elsewhere)

• may be transferred to our product and service suppliers and other suppliers for the purposes of ensuring our service quality and maintaining our services;
• may be transferred particularly to clients and other companies within the Telefónica Group, VirginMedia O2 and Liberty Global all of which for the purpose of delivering our services; 
• may be transferred to third parties including coaches, mentors, professional service providers and investors for the purpose of supporting the companies within our eco-system;
• will be transferred to our relevant product and service suppliers for the purpose of sending mass or individual emails or SMS or other messages to individuals within our eco-system or individuals who have signed up to our mailing lists for the purpose of informing those individuals about our services or to conduct correspondence with them about our business or services;
• may be transferred to third party software and hardware providers and providers of the cloud services we use for maintaining our data;
• may be transferred to service providers and firms we work with, for our sales and marketing activities, to increase our service quality, to improve and develop our products and services and for all kinds of reporting activities related to our work and eco-system, to create/develop advertisements specific to our eco-system and visitors to our website, and for identifying and following where the individuals we work with and other visitors of our website have browsed or used the information and functionality we provide.

Although the personal data provided by you may be used for the sector reports, country reports and other reports we prepare, these reports will not contain information that identifies you.  We may transfer such reports to those we deem important for the sector, potential clients, investors and other private or public institutions and organisations that may be interested in such reports as well as other companies within the Telefónica Group, VirginMedia O2 and Liberty Global.

Save where provided for to the contrary by Applicable Laws, your personal information will not be transferred to third parties without your explicit consent.

Your information will not be transferred beyond the jurisdiction from where that information is obtained without your consent save where permitted to the contrary by Applicable Law.

YOUR RIGHTS 

In accordance with Applicable Laws, you may

1. ask us to confirm whether your personal data is being processed by us or not,
2. if it is, request the details about this from us,
3. ask us to confirm why your information is being processed,
4. ask us to identify the third parties to whom your personal information is being transferred and whether any such third party is located beyond the jurisdiction from which you provided that information,
5. request the rectification of the incomplete or inaccurate information, if any,
6. request the erasure or destruction of your personal information as permitted by applicable,
7. request details of the operations carried out pursuant to sub-paragraphs (e) and (f) involving third parties to whom your personal information has been transferred,
8. object to the occurrence of a result concerning you that results from the analysis of your information where that information is processed solely through automated systems,
9. claim compensation for the damages arising from the unlawful processing of your personal information if applicable.

You may make any of the above requests or demands by email from any email address you have registered with us for the purpose of accessing our services.  You may also make these requests or demands by post at the addresses provided below, in which case such a request must bear your original signature together with that of any other data subject that may also be the subject of your request.  If you have not registered with us or you have made these demands or requests by post, you can still make the request or demand but we may ask you to confirm your identification with reference to the production of personal identification documents (passports, driving licences, etc) and/or by asking you questions intended to confirm your identity.

You must also include your full name, surname, signature, identity number (if applicable), nationality and passport number, correspondence address, email address if available, telephone if available together with the relevant demand/request. Related documents and information shall be attached to the request. The demand/request shall be stated clearly and lucidly. The requests will be evaluated pursuant to Applicable Laws and applicable authority decisions.  Only requests we find to conform with these requirements will be and we will inform you when those requests or demands are dealt with. 

When appropriate we may accept or refuse a request or demand with an explanation of the grounds for our decision in accordance with applicable laws.  Our response will be notified to you in written or electronic form.

Our response will include the information about you that we hold as data controller, which may include your full name, nationality, passport number or identity number if available, together with your email, telephone and your residential and/or business address.

We will resolve the demands/requests in your request as soon as possible and in any event no later than within thirty days.  We will not charge for this. However, if the process requires additional costs, fees permitted by Applicable Laws may be charged. If we are found to be at fault, any fee charged will be refunded to you.  We will keep you informed of the progress we make in processing your request or demand.

CONTACT INFORMATION

Wayra UK Limited 

Contact: privacy@wayra.org

Address: Tintagel House, 92 Albert Embankment, Vauxhall, London SE1 7TY