This document sets out how we will use the information we collect about you from you and from other sources, what you can do about that and generally a bit about the rights you have. As an open innovation hub, the information we handle concerning the huge variety of people we deal with is the lifeblood of our business so it is crucial that you are able to trust us with your personal information. So please, if you have any questions about what you read here, you can reach us at privacy@wayra.org.
This policy is intended for everybody we interact with. This includes:
Not everything we document in this policy will be relevant to you, depending upon which of these categories you fall into.
By engaging with us, you accept the terms of this Privacy Statement, however nothing in this statement affects your standing under any Applicable Law (see below as to what that means).
Wayra UK Limited is a company incorporated in England under registered number 08083534 and whose registered office is located at Highdown House, Yeoman Way, Worthing, West Sussex, United Kingdom, BN99 3HH. Our trading address is Tintagel House, 92 Victoria Embankment, Vauxhall, London SE1 7TY. We operate an open innovation hub, connecting corporates with innovative early-stage businesses through a variety of programmes and other services. We also invest in early-stage businesses in the UK and worldwide.
Where applicable, we are the data controller under applicable law and when we refer to “us”, “we” or “our” in this policy and any related documentation, we referring to Wayra UK Limited.
As an individual law, the law that applies to you is the law where you are. However, this policy is prepared and the operations it governs our designed to be compliant with the following laws and regulations:
The Data Protection Act 2018 (“DPA”) – this is the law that governs the use of “Personal Data” (which we will also refer to as your “information”) in the UK;
The General Data Protection Regulation (“GDPR”), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, which governs the use of personal data relating citizens of the European Union.
There are other regulations that impact these activities too, such as the controls over the use of cookies, email marketing and so on. When we refer to “Applicable Law”, we are referring to all of these.
In this policy, we make repeated reference to various terms. These terms are defined in more or less the same way across the DPA and the GDPR, since those laws are intended to provide equivalent protection across the UK the EU. Here’s what we intend these terms to mean.
Explicit consent: means specific, informed, and freely given consent,
Anonymization: means rendering personal data impossible to link with an identified or identifiable natural person, even through matching them with other data,
Data subject: means an individual, information about whom is to be processed in accordance with this Privacy Statement,
Personal data: means any information relating to an identified or identifiable natural person such as yourself, which information we’ll also refer to as your information,
Processing of personal data: means any operation which is performed on personal data, wholly or partially by automated means or non-automated means which form part of a data filing system, such as collection, recording, storage, protection, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization, preventing the use thereof,
Applicable authority: means the Information Commissioner’s Office in the UK, the European Commission in the European Union and equivalent authorities in the other jurisdictions,
Data filing system: means the system where personal data are processed by being structured according to specific criteria,
Data controller: means the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data filing system,
Individuals: means natural persons,
Clients: means businesses to whom we provide services.
All information that you provide to us or which we might gather about you from other sources shall be processed:
All personal data that we collect shall be processed in accordance with the principles listed in Applicable Law. We will endeavour to keep your information up-to-date and to process it correctly, only when necessary and then only for specific, clear and legitimate purposes. We will process that information in a limited and prudent manner related to the purpose of processing and we shall preserve it as long as is necessary for the purpose of processing or as required under Applicable Law. We shall not hold your personal data any longer than we need to for the purpose indicated in this policy and when we no longer need it, we will ensure that it is securely erased.
We may process your personal data in order to deliver services to you if you are looking for work with or for us, to deliver services to our clients, to support the companies in our portfolio or participating in our programmes (or alumni of those programmes) or in order to run our business.
Our objectives are to:
Depending on our relationship with you, we will process some or all of the following information about you and about individuals whose information you share with us:
If you provide to us personal information concerning any other individual, you do so having confirmed to us (by accepting the terms of this Privacy Statement) that you have that individual’s permission to share that information with us. Having shared information relating to another with us, we may use that information for any of the purposes set out in this Statement, depending on the context.
We collect your personal data for the purpose of fulfilling our legal and contractual obligations, complying with regulations or to pursue our legitimate business interests as follows:
This information about you is collected by your input of information (including audio and images) to our website, through phone calls and email or other messaging exchanged between you (or your employees and representatives) and our staff members. If we deem it to be necessary, we also collect your personal data through audio recordings we obtain during phone conversations we have with you (when we inform you that the conversation may be recorded) with the objective of improving our services and/ increase satisfaction levels generally. We also collect your personal data electronically through cookies used in our website to improve our website/platform/applications by following their usage and making them more productive, useful and functional, as stated in detail in our cookie policy.
Personal information concerning your employees and representatives is collected for the purpose of communication through forms completed and emails and messages sent by the you and phone calls made with you, your employees and representatives and other communication between you and us. By transferring your employees’ and representatives’ personal information to us in this way, you hereby declare and undertake that you have obtained such employees’ and representatives’ explicit consents for that purpose, in accordance with Applicable Law.
We will process your personal information to:
Personal information obtained from founders, private investors or members of staff at our clients, investment institutions or other service providers may be processed to communicate with their respective companies. That information may be provided to founders to communicate with our clients or vice versa when we consider that to be appropriate and for such founders to participate in our programmes or otherwise engage with our clients.
We may use personal information about you to conduct other commercial operations, to operate marketing and advertising activities to you, to improve the experience of individuals within our eco-system, to make any kind of contact with you within the scope of our contractual obligations and terms of use, to send publications, reports, bulletins, notifications to you, to answer your questions and provide you with a service of good quality, to inform you about new services, to market to, to communicate with you as necessary, to make surveys and market research and to fulfill our legal obligations generally.
Part of the work we do involves connecting people. Investors with founders. Founders with coaches. Management teams at our partners, clients and the companies in our portfolio. When we make these connections, we will necessarily be transferring a small amount of personal data concerning each individual involved. At the point at which we transfer that personal data to a third party, that party becomes a data controller in respect of that information. As data controller, that party shall comply with legal obligations under Applicable Law regarding the personal data we have transferred and we shall not be liable should they fail to comply with those obligations.
Any individual may request the erasure, destruction and anonymization of any personal information that they have provided and if they do, we shall administer that request as quickly as we reasonably can. If you wish to do this, the most efficient way to do this is to contact us at privacy@wayra.org telling us who you are, what information you wish us to identify and what you wish us to do with that information.
Where requests or demands are made in compliance with applicable law, personal information will be shared in accordance with administrative authorities, prosecutors and courts. Should your personal information become subject to any kind of dispute or judicial or administrative request we are a party to, such personal data may be shared with courts, prosecutors, attorneys, experts, mediators to enable us to defend ourselves legitimately and we may process such personal data for that purpose.
You must inform the individuals whose personal data you convey, transmit or otherwise give to us, and obtain their explicit consent for our collection and processing of their personal data. In accepting the terms of this Privacy Statement, you hereby confirm that you have obtained all relevant consents when you share the information of people whom you appoint as references, contact persons, employees, representatives, etc. or recommend to our services and you represent and warrant that information you share does not contain trade secrets and/or confidential information of third parties. We reserve our rights in this respect and you will indemnify us and hold us harmless against any loss, damage or other harm we suffer as a result of your failure to secure such consent.
Personal information you provide to us (or about you that we may obtain from elsewhere)
Although the personal data provided by you may be used for the sector reports, country reports and other reports we prepare, these reports will not contain information that identifies you. We may transfer such reports to those we deem important for the sector, potential clients, investors and other private or public institutions and organisations that may be interested in such reports as well as other companies within the Telefónica Group, VirginMedia O2 and Liberty Global.
Save where provided for to the contrary by Applicable Laws, your personal information will not be transferred to third parties without your explicit consent.
Your information will not be transferred beyond the jurisdiction from where that information is obtained without your consent save where permitted to the contrary by Applicable Law.
In accordance with Applicable Laws, you may
You may make any of the above requests or demands by email from any email address you have registered with us for the purpose of accessing our services. You may also make these requests or demands by post at the addresses provided below, in which case such a request must bear your original signature together with that of any other data subject that may also be the subject of your request. If you have not registered with us or you have made these demands or requests by post, you can still make the request or demand but we may ask you to confirm your identification with reference to the production of personal identification documents (passports, driving licences, etc) and/or by asking you questions intended to confirm your identity.
You must also include your full name, surname, signature, identity number (if applicable), nationality and passport number, correspondence address, email address if available, telephone if available together with the relevant demand/request. Related documents and information shall be attached to the request. The demand/request shall be stated clearly and lucidly. The requests will be evaluated pursuant to Applicable Laws and applicable authority decisions. Only requests we find to conform with these requirements will be and we will inform you when those requests or demands are dealt with.
When appropriate we may accept or refuse a request or demand with an explanation of the grounds for our decision in accordance with applicable laws. Our response will be notified to you in written or electronic form.
Our response will include the information about you that we hold as data controller, which may include your full name, nationality, passport number or identity number if available, together with your email, telephone and your residential and/or business address.
We will resolve the demands/requests in your request as soon as possible and in any event no later than within thirty days. We will not charge for this. However, if the process requires additional costs, fees permitted by Applicable Laws may be charged. If we are found to be at fault, any fee charged will be refunded to you. We will keep you informed of the progress we make in processing your request or demand.
Wayra UK Limited
Contact: privacy@wayra.org
Address: Tintagel House, 92 Albert Embankment, Vauxhall, London SE1 7TY