PRIVACY STATEMENT & POLICY
PRIVACY COMMITMENT & LEGAL OBLIGATIONS
Claim Finance & Administration Co Limited, trading as Nera Capital (“Nera Capital”) is wholly committed to treating you fairly and protecting your privacy relating to your personal information, and how it is processed and used, and we will only process and use your personal information in accordance with the current data protection laws in Ireland (and the UK as appropriate), as set out in this Privacy Statement and Policy.
We consistently seek to ensure that we operate our Privacy Statement and Policy within a context of lawfulness, fairness and transparency. We will seek to ensure that our policies comply with the following principles:
- Processing must be lawful and fair.
- The processing purposes must be specified, explicit and legitimate.
- Personal data must be adequate, relevant and not excessive in relation to the purpose for which it is processed.
- Personal data must be accurate and, where necessary, kept up to date.
- Personal data must be processed in a manner that ensures appropriate security of the personal data, using appropriate technical or organisation measures.
As a result of the European Union’s General Data Protection Regulation (“ GDPR”) as enacted in the Ireland and the UK (as amended) and the enabling regulations, “Personal Data” is any information relating to an identified or identifiable living individual by reference to an identifier such as a name, an identification number, location data or an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual.
DATA CONTROLLER and PROCESSOR
A Data Controller is defined as the individual or legal person who controls and is responsible for keeping and using personal data in paper or electronic files.
A Data Processor means any person who processes personal data on behalf of the controller (other than a person who is an employee of the controller).
Nera Capital is the Data Controller, as defined by relevant data protection laws and regulation.
Processing is broadly defined to include obtaining, recording, holding, using, disclosing or erasing data.
The necessary conditions for lawful processing are set out in Article 6 of the GDPR, and the relevant Irish legislation.
One or more of the following six conditions must apply, each and every time personal data is to be processed:
- The processing has been done with the “freely given, specific, informed and unambiguous” consent of the data subject for one or more specific purposes. In this instance, you will have given Nera Capital your informed consent for your personal data to be processed for a specific purpose.
- It is necessary for entering or the performance of a contract to which the data subject is party. In this instance, the processing is necessary for a contract you have with Nera Capital, or Nera Capital has asked you to take specific steps before entering into a contract.
- It is necessary for compliance with a legal obligation to which the controller is subject. This would mean that the processing is necessary for Nera Capital to comply with the law; though not including contractual obligations, which are dealt with at paragraph 2, above.
- Is necessary for protecting the vital interests of the data This would occur where processing is necessary to protect your vital interests, such as your life.
- Is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data is disclosed.
- Is necessary for the purposes of the legitimate interests pursued by the controller or a third party except where those interests are overridden by the interests or fundamental rights and freedoms of the data. In such circumstances, the processing is necessary for Nera Capital’s legitimate interests, or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests.
THE PERSONAL DATA THAT CAN BE COLLECTED
We may collect and process various types of personal data about you including, but not limited to: Personal information, such as name and address, telephone number, passport number, email and Internet Protocol address; your password for password protected platforms or services used by us; gender and family details; employment and education and training data; information collected from publicly available resources, integrity data bases and credit agencies; financial information, including bank details; criminal record checks, contractual information (for example, goods and services provided to or by you, as the data subject) and information about relevant and significant litigation or other legal proceedings brought by or against you or a third party related to you (corporate or individual) and any relevant connection with you.
HOW WE OBTAIN YOUR PERSONAL DATA
We may collect personal data about you in a number of circumstances, including (but not limited to) when your firm, company or organisation:
- seeks funding for your firm, company or organisation;
- are a party to a litigation case being considered for funding, or are funded, by Nera Capital;
- are a guarantor of any application being considered for funding, or is funded, by Nera Capital;
- browse, make an enquiry or otherwise interact with us, on our website;
- attend any Nera Capital conference or seminar;
- sign up to receive any information from Nera Capital;
- offer to provide services to Nera Capital.
In some circumstances, we may collect personal data about you from a third-party source. For example, we may collect personal data from your firm, company or organisation, other firms, companies or organisations with whom you have dealings, government agencies, credit reporting agencies, and an information or service provider or from publicly available records.
WHY WE COLLECT PERSONAL DATA
The information we collect helps us to better understand your needs and requirements and provide you with a better service, in particular for the following reasons:
- to inform decisions about future business strategies;
- to advise and inform funding decisions;
- to assist in managing funding;
- for internal record keeping;
- to generally improve our products and services;
- to meet our regulatory and legal obligations, such as knowing you as our client or potential client (including as a partner, director, employee or other representative of our client), GDPR, anti-money laundering and fraud prevention;
- to send emails, texts and letters to you about our products/services, events or other information which we think you may find interesting, using the contact details you will have provided to us. You can change your mind on how you receive these messages or choose to stop receiving them at any time. Even if you tell us to not use a particular method of communication, we will continue to use your other contact details to provide you with important information about our funding and or we need to tell you something to comply with our regulatory obligations.
THE PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We may use your personal data for the following purposes only (“Permitted Purposes”):
- to evaluate, supervise and manage our funding of your firm, company or organisation and any litigation cases;
- to evaluate and manage our funding;
- to aid in managing our investor relationships;
- to provide any services requested by you or your firm, company or organisation;
- to manage and administer your or your firm’s, company’s or organisation’s business relationship with Nera Capital, including administering payments, accounting, auditing, invoicing, compliance and all collection and necessary support services;
- to comply with investigation and screening or recording obligations (e.g. anti-money laundering, fraud and crime prevention purposes), which may include automated checks of personal data or other information you provide about your identity against applicable sanction lists, whilst conducting business;
- to analyse and improve our services and communications;
- to protect the security of, and administer access to, our premises, IT and communication systems, online platforms, websites and other systems, preventing and detecting security threats, fraud or other criminal or malicious or wrongful activities;
- to identify persons authorised to instruct Nera Capital and sign any relevant documentation;
- compliance with our legal and regulatory obligations and requests, domestically and anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies;
- compliance with court orders and applications and/or so as to uphold or defend our legal obligations and rights;
- keeping you up to date on the latest announcements, events and other new information which we feel might be of interest to you;
- any customer surveys and marketing campaigns or other promotional activities or events;
- collecting information about your preferences to create a user profile to personalise our communication and interaction with you.
YOUR RIGHTS WHICH ARISE IN RESPECT OF YOUR PERSONAL DATA
- The right to request subject access. You, as the data subject, shall have the right to obtain from us, as the data controller, confirmation as to whether or not personal data concerning you is being processed. Where such data is being processed, you have the right to be provided with the following information:
- The purposes of the processing.
- The categories of personal data concerned.
- The recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations.
- Where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period.
- The existence of the right to request from us, as the data controller, rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing.
- The right to lodge a complaint.
- Where the personal data is not collected from you, the data subject, any available information as to its source.
- The existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you as the data subject.
- The right to rectification. This is the right to accuracy. This means that you will be able to request us, as the controller, to correct inaccurate personal data, and to obtain completion of incomplete personal data.
- The right to erasure or right to be forgotten. We, as the controller, shall communicate any rectification or erasure of personal data carried out in accordance with the legislation to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.
- The right to restriction of processing. We, as the controller, shall communicate any restriction of processing carried out in accordance with the legislation to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.
- The right to be informed. We, as the controller, shall inform you, as the data subject, about those recipients if the data subject requests it, in accordance with the legislation.
- The right to data portability. You have the right to have provided to you or other controllers, free of charge, a copy of your personal data in an electronic and structured format that allows for further use by the data subject. The statute states that the right only applies in the following circumstances:
- Where you have provided the data to the controller.
- That you, as the data subject, have given your consent to the processing, or the processing is based on the performance of a contract.
- The processing is carried out by automated means.
Where technically feasible, you as the data subject can request to have the data transmitted directly from one controller to another. The right of data portability shall not adversely affect the rights and freedoms of others. We, as controller, will respond without undue delay and at the latest within one month, although this can be extended to two months where the request is complex.
- The right to object. You have a right to object, based on grounds relating to your particular situation, to our data processing activities (including profiling): (i) carried out in the public interest or in the exercise of official authority vested in the controller, and (ii) carried out on the basis of a legitimate interest of the controller. We, as the controller, must stop processing the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of you, as the data subject, or for the establishment, exercise or defence of legal claims.
You also have the right to object to processing for direct marketing purposes and you are not required to indicate specified justifications.
- The right not to be subject to a decision based solely on automated processing. The legislation includes rights in relation to processing that involves automated decision-making. At any time by written notice, you may require us, as the data controller, to ensure that no decision significantly affecting you is based solely on the automated processing of your personal data for the purpose of evaluating matters relating to you (such as creditworthiness or employment or business status). This right will not, however, apply where the decision concerns entering into or performing a contract with the individual and the decision has the effect of granting a request of the individual (for example, the individual is granted the loan applied for) or steps have been taken to safeguard his legitimate interests (for example, the individual is given the opportunity to make representations).
In certain circumstances, you, as the data subject, have the right to an explanation as to how any automated decisions taken about you have been made. This right arises where any automated processing is the sole basis for a decision which significantly affects you. In this case, you will have the right to be informed by us, as the data controller, that the decision was made on that basis and to require us to reconsider or take a new decision on another basis.
RIGHT OF ACCESS TO YOUR PERSONAL DATA
Information is stored by Nera Capital on its computers, which are located in Ireland and on cloud services that are based in the UK and EEA. Nera Capital has security policies in place to manage and record your data privacy lawfully, and to ensure that your data is stored securely to protect against its loss, misuse and alteration.
In addition, Nera Capital takes all practicable steps to ensure that any businesses with which we share your data will have compliant security policies in place to lawfully manage and record your data privacy and that your data will be properly stored, in accordance with the legislation.
Representation for data subjects in the UK
We value your privacy and your rights as a data subject and have therefore appointed Prighter as our privacy representative and your point of contact.
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit the following website. https://prighter.com/q/17739218296
THE RIGHT TO DISCLOSURE OF YOUR PERSONAL INFORMATION
As a financial service provider, we may disclose client details to other organisations as part of our operations, including credit reference agencies. Although an individual’s financial information is not classified as sensitive personal data, it will be considered personal data and as such it will be processed in compliance with the legislation and the eight data protection principles, as set out above. Accordingly, we may exchange your personal information with certain third parties to assist in managing, administering and executing services including, but not limited to:
- That which is required by law or in the public interest.
- That which is required by our interests as the lender.
- That which is made with your express or implied consent.
- Our accountants, solicitors, actuaries, valuers and insurers.
- Businesses who are upgrading and maintaining our information technology system and providing information technology services.
- Authorised financial service institutions, such as banks and building societies.
- Businesses undertaking verification services.
- Businesses undertaking reviews of the accuracy of our information.
We may disclose your Personal Data to third-parties (outside of Nera Capital) if, but only when, we have a legal basis to do. Such recipients include, but are not limited to: legal counsel, solicitors/barristers/experts/foreign law firms whom may be instructed on your behalf; Nera Capital’s insurance brokers and underwriters; Nera Capital’s bank, auditors and accountants; Nera Capital’s outsourced IT providers and other suppliers; HMRC, Revenue; the Solicitors Regulation Authority; the Law Society and any other government party lawfully entitled to request same
WHERE WILL MY PERSONAL DATA BE PROCESSED
As a data controller, Nera Capital will retain all your information inside the European Economic Area (EEA) or the United Kingdom. In circumstances where Nera Capital may transfer your data to a third party, we will seek to ensure that the third party processes your data inside the EEA, or has been allocated an “adequacy” rating by the European Commission.
THE LENGTH OF TIME WE WILL KEEP YOUR PERSONAL DATA
We will not retain your personal data for longer than necessary and we will hold it only for the purposes for which it was obtained. The length of time we retain your personal data will depend on the purposes for which we use it and/or for as long as is necessary to comply with applicable laws and to establish, exercise or defend our legal rights.
HOW YOU MAY OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA
Where permitted by applicable law or regulation, you have the right to object to us processing your personal data or to tell us to stop processing it (including for purposes of direct marketing). Once we have received this request, we shall no longer process your personal data unless permitted by applicable laws and regulations.
REVIEWING AND UPDATING THIS PRIVACY STATEMENT AND POLICY
This privacy statement and policy was last updated in October 2021.
HOW TO CONTACT US
If you have any enquiries or questions about how we obtain or use your personal data, you can write to us at the address below or contact us by email:
Claim Finance & Administration Co Limited, Registered Address: 13 Upper Baggot Street, 2nd Floor, Dublin 4, Ireland
APPEAL & REVIEW
If you are not satisfied with our response to any complaint you might have made, or if you believe our processing of your information does not comply with the relevant data protection law, you can make a complaint to the:
- Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland. Website: dataprotection.ie
You can also consider whether the matter can be addressed to the UK responsible agency: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Website: www.ico.org.uk. We will provide you with the details of our UK data protection representative upon request and publish it on our website.
The Data Protection Commission (as lead agency) is responsible for enforcing the data protection acts. You are encouraged to contact the relevant data controller in the first instance. If the data controller fails to respond appropriately (or at all) to complaints or requests, the data subject may then make a complaint to the relevant authority or, in certain circumstances, go directly to the courts to enforce their rights.