August 2021

Privacy Policy

Key Summary

We are Aura Power Developments Ltd and its subsidiaries (the "Group") and to use your personal data we rely on third parties to develop our business under our directions. For this reason your personal data will normally be directly processed by our service providers, and we will not access or otherwise process your data unless it is strictly necessary.

We process your personal data for the management and administration of shareholdings, to enable us to promote and supervise the management of the Group, to monitor the performance of the Company’s investments, to maintain our accounts and records, to communicate with directors and past, current or prospective shareholders and contractors and co-investors, and to deal with any enquiries or requests you raise.

This notice explains what data we process, why, how it is legal and your rights and it is important you read the whole notice because this section only summarises the relevant points.

About us and this notice

This Privacy Notice is provided by Aura Power Developments Ltd and its subsidiaries as may be from time to time, (all of us together, the "Group" or "we" or "us") and to the extent we process your personal data directly or by a contractor doing it under our instructions, we are the data controller and responsible for processing your data.

We are based in the United Kingdom and we comply with the data protection laws applicable in the United Kingdom and in any other country where we operate or otherwise process your data, including the European General Data Protection Regulation where applicable.  

We take your privacy very seriously. We ask that you read this Privacy Notice carefully as it contains important information about our processing and your rights.

How to contact us

If you need to contact us about this Privacy Notice, or would like this Privacy Notice in another format (for example: audio, large print, braille), please contact us using our contact details which can be accessed on our website.

Changes to this Privacy Notice

The latest version of this Privacy Notice can always be found here at www.aurapower.co.uk

We may change this Privacy Notice from time to time. Regularly reviewing this page ensures that you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.

Current version: August 2021

Useful words and phrases

Please familiarise yourself with the following words and phrases (used in bold) as they have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:

Group, we, us

Means Aura Sustainable Capital Investments Limited whose registered office is at: 30 Queen Square, Bristol, BS1 4ND and its subsidiaries.

controller

This means any person who determines the purposes for which, and the manner in which, any personal data is processed.

criminal offence data

This means any information relating to criminal convictions and offences committed or allegedly committed.

Data Protection Laws

This means the Data Protection Act 2018, as amended from time to time, and any other applicable national laws related to data protection, privacy and electronic communications, applicable in the territories we operate in or in relation to your personal data, including the General Data Protection Regulation 2016/679 which applies in the EEA and the UK version of the General Data Protection Regulation 2016/679 which applies in the UK by virtue of section 3 of the European Union (Withdrawal) Act 2018 , as amended from time to time.

data subject

The individual to whom the personal data relates.

Data Protection Supervisor

This means the UK Information Commissioner’s Office, or any other regulatory authority responsible for implementing, overseeing and enforcing the Data Protection Laws in the territories applicable to us.

individual

This means a living natural person.

personal data, data

This means any information from which an individual can be identified. This includes information such as telephone numbers, names, addresses, e-mail addresses, photographs and voice recordings. It will also include expressions of opinion and indications of intentions about data subjects (and their own expressions of opinion/intentions). It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.

processing

This covers virtually anything anyone can do with personal data, including:– obtaining, recording, retrieving, consulting or holding it;– organising, adapting or altering it;– disclosing, disseminating or otherwise making it available; and– aligning, blocking, erasing or destroying it.

processor

This means any contractor who processes your personal data under our specific instructions and on our behalf.

special categories of data or Sensitive Personal Information

This means any information relating to:
– racial or ethnic origin;
– political opinions;
– religious beliefs or beliefs of a similar nature;
– trade union membership;
– physical or mental health or condition;
– sexual life;
– criminal data; or
– genetic data or biometric data for the purpose of uniquely identifying you.

you

Current, former and prospective:
– directors;
– shareholders;
– contractors and/or service providers;
– buyers and sellers of renewable energy assets/businesses;
– co-investors in renewable energy assets/businesses;
– issues of any securities or debt instruments in which the Group invests;
– individual investors;
– individuals employed by or connected to the above; or
– any other individuals contacting the Group for any purposes related to our business.

WHAT PERSON INFORMATION DO WE COLLECT?

Information we process about you

We, or our processors, collect your contact details such as name, email address, address, telephone number, bank account details, KYC (know your customer) documents such as your passport and credit history, personal identifiers, such as social security number and national insurance number, age, professional title, occupation, financial information and tax status. We do not directly process most of the information you give to our service providers and other third parties, and when they collect your personal data, or any personal data you provide to them, they will inform you about the processing of this data for their own purposes or on our behalf if appropriate.

How personal data is collected from you

Your personal data will be collected when buying shares in Aura Power Developments Ltd or through interactions with us or our contractors in the course of our business, investments, or interests in common, or as part of the services we deliver to you.

Your personal data may also be collected from a third party adviser (such as an introducing agent), from publicly available sources (such as Companies House) or an identification verification database.

SENSITIVE PERSONAL INFORMATION OR SPECIAL CATEGORIES OF DATA

We do not envisage the use of your sensitive personal data as part of our business and will only request for it if it is strictly necessary in order to comply with a legal obligation or otherwise according to the law.

In case we request for this information we will inform you at the time this is requested for, if necessary we will ask for your consent, and we will protect this information with greater care.

PERSONAL INFORMATION ABOUT OTHER INDIVIDUALS

If you provide us with information about other individuals you confirm that you are mandated by them and thus act under their instructions and have informed them about this Privacy Notice as appropriate.

Why do we process your personal data?

We or our service providers use your personal data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section 'How is processing your data lawful' for further detail):

  • To facilitate share transactions
  • To manage and administer share holdings
  • To verify the identity of prospective investors and carry out AML checks
  • To make and administer investments
  • To enable us to administer, promote and supervise the management of the Group
  • To maintain our accounts and records
  • To communicate with prospective, current or former directors, shareholders, contractors, other service providers and investors
  • To comply with regulatory and tax requirements and other legal or financial obligations
  • To deal with any enquiries or requests you raise

Neither us nor any of our processors make decisions about you based on automated processing of your personal data.

How is processing your data lawful?
PERSONAL DATA

We are allowed to process your personal data for the following reasons and on the following legal bases:

Legitimate interests

We have a legitimate interest in sharing data about you:

  • between our group entities if necessary for internal administrative purposes; and
  • with our contractors when it is necessary for them to deliver the services we are contracting.

We do not share information about you with these third parties in a context other than where it is necessary to perform a contract or for us to run and manage our business efficiently as you expect us to do.

You can find more information related to third parties in this Privacy Notice (see "Who will have access to your personal data?"). You can object to processing that we carry out on the grounds of legitimate interests as long as it is not linked to another legal ground (for example if it is necessary to perform a contract we have in place with you). See the section headed 'Your Rights' to find out how.

Contract

It is necessary for our performance of the contract you have agreed to enter with us. If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms of your contract.

Legal obligation

We are subject to legal obligations to process your personal data for the purposes of complying with applicable regulatory, accounting and financial rules, health and safety and to make mandatory disclosures to government bodies, tax administrators and law enforcement agencies.

Who will have access to your personal data?

Certain of our service providers will directly collect and process your personal data as our processors.

In addition, we share your personal data with the certain of our service providers who act as separate controllers of your personal data because although they are our contractors, they decide why and how to use your data when providing services for us.

TRANSFERS OF YOUR PERSONAL DATA OUTSIDE THE TERRITORIES WHERE WE OPERATE

Where we transfer your personal information outside the United Kingdom and/or the territories where we operate, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. This can be done in a number of different ways, for instance:

  • the country to which we send the personal information may be approved according to the United Kingdom law parameters;
  • by having in place a contract based on “model contractual clauses” approved by the European Commission;
  • where the recipient is located in the US, it may belong to the EU-US Privacy Shield scheme; or
  • where the law permits us to otherwise transfer your personal information to another country.

If you would like further information about the safeguards we have in place to protect your personal information, please contact us at [email protected]

HOW WE KEEP YOUR PERSONAL DATA SECURE

We strive to implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data. We follow recognised industry practices for protecting our IT environment and physical facilities and we ensure that the companies processing your data on our behalf provide an adequate level of protection to secure both your personal data and other confidential information.

When will we delete your personal data?

Our main rule is not to keep your data for longer than we need to in order to meet all the purposes we included in the section 'Why do we process your personal data?'

With this in mind, your personal data will generally be retained for the longest of the following periods:

  • for us and the processors and/or any authorised third parties to carry out the purposes for which the data was collected or as long as is set out in any relevant agreement you enter into with us;
  • in order to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations; and/or
  • any retention period that is required by data protection laws and any applicable laws or regulatory requirements.

For example, if you are a shareholder, we will keep your data during the time you are in such position after which, we will keep your personal data if we need it to comply with a legal obligation or if we need it to meet other purposes, but if we do not need all the data you provided at first instance, we will delete the remaining data. For most of the purposes and legal obligations we have stated a retention period of six years although this might vary depending on the agreements we have in place with you, or other legal obligations. A detailed retention schedule is available upon request.

Your rights

As a data subject, in certain circumstances, you have the following rights under the Data Protection Laws:

  • the right to object to processing of your personal data;
  • the right of access to personal data relating to you (known as data subject access request);
  • the right to correct any mistakes in your information;
  • the right to ask us to stop contacting you with direct marketing;
  • the right to restrict your personal data being processed;
  • the right to have your personal data ported to another controller;
  • the right to withdraw your consent;
  • the right to erasure; and
  • rights in relation to automated decision making.

These rights are explained in more detail below. If you want to exercise any of your rights, please contact us (please see 'How to contact us'.

We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.

Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the Data Protection Laws.

RIGHT TO OBJECT TO PROCESSING OF YOUR PERSONAL DATA

You may object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing.

If you object to us processing your personal data we must demonstrate compelling grounds for continuing to do so. We believe we have demonstrated compelling grounds in the section headed 'How is processing your personal data lawful'.

RIGHT TO ACCESS PERSONAL DATA RELATING TO YOU

You may ask to see what personal data we hold about you and be provided with:

  • a copy of the personal data;
  • details of the purpose for which the personal data is being or is to be processed;
  • details of the recipients or classes of recipients to whom the personal data is or may be disclosed, including if they are overseas and what protections are used for those overseas transfers;
  • the period for which the personal data is held (or the criteria we use to determine how long it is held);
  • any information available about the source of that data; and
  • whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.

To help us find the information easily, please provide us as much information as possible about the type of information you would like to see.

RIGHT TO CORRECT ANY MISTAKES IN YOUR INFORMATION

You can require us to correct any mistakes in your information which we hold. If you would like to do this, please let us know what information is incorrect and what it should be replaced with.

RIGHT TO RESTRICT PROCESSING OF PERSONAL DATA

You may request that we stop processing your personal data temporarily if:

  • you do not think that your data is accurate. We will start processing again once we have checked whether or not it is accurate;
  • the processing is unlawful but you do not want us to erase your data;
  • we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or
  • you have objected to processing because you believe that your interests should override our legitimate interests.

RIGHT TO DATA PORTABILITY

You may ask for an electronic copy of your personal data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.

RIGHT TO WITHDRAW CONSENT

You may withdraw any consent that you have given us to process your personal data at any time. This means that we will not be able to carry out any processing which required use of that personal data.

RIGHT TO ERASURE

You can ask us to erase your personal data where:

  • you do not believe that we need your data in order to process it for the purposes set out in this Privacy Notice;
  • if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data;
  • you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
  • your data has been processed unlawfully or has not been erased when it should have been.

RIGHTS IN RELATION TO AUTOMATED DECISION MAKING

You have the right to have any decision that has been made by automated means and which has a significant effect on you reviewed by a member of staff and we will consider any objections you have to the decision that was reached.

WHAT WILL HAPPEN IF YOUR RIGHTS ARE BREACHED?

You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.

COMPLAINTS TO THE REGULATOR

It is important that you ensure you have read this Privacy Notice – and if you do not think that we have processed your data in accordance with this notice – you should let us know as soon as possible. You may also complain to the Information Commissioner’s Office, which regulates and supervises the use of personal data in the UK, via their helpline on 0303 123 1113.