Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulations and subsequent UK legislation and regulations.
Epworth Investment Management Limited (Epworth) is a limited company (number 03052894). Epworth is registered with the FCA (number 175451) and is data controller, responsible for implementation of legal obligations (contact details at the end of this notice). Epworth decides how your personal data is processed and for what purposes. Epworth will review this statement from time to time and any such changes will be published on our website. Not withstanding any change to this policy, we will continue to process your personal data in accordance with your rights and our obligations in law.
We collect data necessary for Epworth to pursue its stated objectives. Epworth’s primary activities are to act as a manager to funds marketed predominantly to churches and charities and tp provide discretionary portfolio management services to clients. Currently clients are not individuals.
We take the security of all the data we hold very seriously. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.
Personal data held by us may be transferred to:
We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres. Currently these are all located in the UK.
Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
Individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights. Where we decide how and why personal data is processed, we are a data controller and include further information about the rights that individuals have and how to exercise them below.
You have a right of access to your personal data held by us as a data controller. This right may be exercised by emailing us at firstname.lastname@example.org. There is presently no fee for a general subject access request but if we deem any subject access request to be excessive, we reserve the right to charge a fee in line with the GDPR regulations.
We will aim to respond to any requests for information promptly, and in any event within the legally required time limits (currently one month). As part of our checking procedures it will be necessary to request evidence of identity before providing information to data subjects.
To update personal data submitted to us, you may email us at email@example.com.
When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information.
Where we process personal data based on consent, individuals have a right to withdraw consent at any time. To withdraw consent to our processing of your personal data please email us at firstname.lastname@example.org or, to stop receiving an email from an Epworth marketing list, please click on the unsubscribe link in the relevant email received from us.
This privacy statement is intended to provide information about what personal data we collect about you and how it is used. As well as rights of access and amendment referred to above, individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion, to restrict or object to our processing of personal data and the right to data portability.
If you wish to exercise any of these rights, please send an email to email@example.com.
We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to firstname.lastname@example.org. We will look into and respond to any complaints we receive.
You also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”) (the UK data protection regulator). For further information on your rights and how to complain to the ICO, please refer to the ICO website which can be found at the following link:
The data controller is Epworth Investment Management Limited whose registered office is as set out below.
If you have any questions about this privacy statement or how and why we process personal data, please contact us at:
This privacy statement was last updated on 1 May 2018.