About this policy

This privacy notice explains how University of Cambridge Investment Management Limited (“UCIM”, “we”, “our”, or “us”) collects, uses and shares the personal data of external business contacts, including other investment managers who provide investment management services to UCIM, and visitors to and the users of the UCIM website hosted at www.ucim.co.uk (the “Site”) (“Users”, “you”, or “your”).

We may amend this privacy notice from time to time. UCIM will notify you of any material changes in this privacy notice by posting an updated copy on the Site. Please check the Site periodically for updates. This page was last updated on 27 June 2023.

If you are a director, officer, employee, authorised signatory, trustee and/or the ultimate controller of organisations which invest in the CUEF, or those which apply to invest in the CUEF (“Investors”), please refer to the Privacy Notice for Investors which is set out as an appendix to the Information Memorandum.

Who will process your personal data?

UCIM is the investment manager of the Cambridge University Endowment Fund (the “CUEF”). UCIM is authorised and regulated by the Financial Conduct Authority in the UK with reference number 515843. UCIM is a private limited company incorporated in England and Wales with company number 06907395 and having its registered address at The Old Schools, Trinity Lane, Cambridge, England, CB2 1TN. ICO Registration number: ZA576004.

UCIM is the ‘data controller’ of your personal data and is subject to the UK General Data Protection Regulation (the “UK GDPR”), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 and any successor legislation or regulations governing data protection and privacy in the UK.

Please note that in circumstances where your details are provided to UCIM in connection with your investment in the CUEF or your business relationship with UCIM, then UCIM (or the University of Cambridge (the “University”), which provides administration services) may process your personal data or that of your directors, officers, employees and/or beneficial owners. For more information about this, please see the Privacy Notice for Investors which is set out as an appendix to the CUEF Information Memorandum.

How we collect your personal data

When you use the Site, we may collect your personal data in a number of ways, for example:

• When you access and navigate around the Site (please see further information regarding our use of cookies below).
• When you communicate with us by post, email, telephone or via the Site, for example when you submit an enquiry; and
• Through other interactions with UCIM or the University.

The types of personal data we collect

We may collect the following types of personal data about Users:

• Names and contact details, including email addresses and telephone numbers;
• Other information that Users provide through the Site, for example in emails, including company or organisation details and information about investment services sought or offered;
• Information about Users' browsing activity collected through the use of cookies including details of your domain name, location and internet protocol (IP) address, operating system, browser version, the date and time of connection, the content viewed during a particular browsing session, and how long a User stayed on a particular page. Please see further information regarding our use of cookies below.

Under the UK GDPR, certain categories of personal information are recognised as sensitive, including health information and information regarding race, religious beliefs and political opinions. We do not seek to collect such “sensitive personal data” but we may obtain it – for example, information concerning health and medical conditions – where Users volunteer this information in communications with us.

The basis for processing your personal data and how we use it

We may process your personal data because it is necessary for the performance of a contract with your organisation or in order to take steps at your request prior to entering into such a contract.

We may also process your personal data because it is necessary for our or a third party's legitimate interests. Our "legitimate interests" include our interests in operating the Site in a focused, efficient and sustainable manner. In this respect, we may use your personal data for the following:

• to assess the information that you provide to us through email, telephone or the Site, and to find out more about you before contacting you in response, where appropriate;
• to interact with you via email, telephone or through the Site (for example, to respond to  enquiries);
• to process and verify your instructions;
• for record keeping purposes, so that we have a record of the enquiries we receive as a result of your use of the Site;
• outsourcing selected website administration functions to third parties for the purposes of the efficient management of the Site; and
• to monitor and evaluate the performance and effectiveness of the Site and our communication with you, including to administer, support, keep secure or improve the Site.

We may also process your personal data for our compliance with our legal obligations. In this respect, we may use your personal data for the following:

• to meet our compliance, legal and regulatory obligations, including in order to comply with any requirement of any applicable statute, regulation or regulatory rule to which we are subject;
• for the prevention, detection and investigation of crime;
• to deal and assist with legal claims, requests and investigations, including those made under data protection law, or requests for formal disclosure by competent authorities; and
• to administer and maintain such records as may be required by applicable laws and regulations from time to time.

We may also process your personal data for additional reasons where:

• it is necessary for reasons of substantial public interest;
• it is necessary for the establishment, exercise or defence of legal claims (for example, to protect and defend our rights, property, or those of any affiliates); and
• we have your specific or, where necessary, explicit consent to do so (for example, where we process sensitive personal data concerning your health or medical conditions because you have provided this in communications with us.

Sharing Users’ personal data with others

For the purposes referred to in this privacy notice and relying on the bases for processing as set out above, we may share your personal data with certain third parties. We may disclose limited personal data to a variety of recipients, including:

• our employees, agents, contractors, the University and the trustee of CUEF or their representatives, where there is a legitimate reason for their receiving the information, including:
• those of our staff and consultants who may provide or offer to provide services to you in response to a enquiry;
• other consultants, experts and service providers who we may refer to where appropriate;
• providers of outsourced services to us (for example, technology partners and any other third party we engage to administer the Site on our behalf);
• internal and external auditors and our legal professional advisors;
• regulatory authorities where we are legally required or authorised to do so by a court, government body, law enforcement agency or other authority of competent jurisdiction; and
• with a third party in a business transaction which involves the transfer of the Site.

Transferring your personal data overseas

Your personal data may be transferred to and processed outside of the UK and/or the European Economic Area ("EEA") in countries or territories that do not provide the same level of protection for personal data as the UK and the EEA does. Where this happens, we will put in place appropriate measures to ensure the adequate protection of your personal data when it is transferred outside of the UK and/or the EEA, as required by the EU GDPR and/or the UK GDPR (as applicable). UCIM has put in place Standard Contractual Clauses with relevant parties to whom personal data will be transferred.

Cookies

UCIM collects standard internet log information and details of individual User behaviour patterns on the Site through the use of tracking tools, such as browser cookies, using the third party service provided by Google Analytics. We do this to analyse the performance of the Site, such as the number of visitors and interactions Users have with the various parts of the Site. Further information regarding how Google Analytics use your personal data can be found here: http://www.google.com/intl/en/policies/privacy/ and https://support.google.com/analytics/answer/6004245.

When you use the Site, you will be asked to confirm whether you agree to the Site using cookies and, if you accept, we will store cookies on your device. If you wish, you can change the cookies settings on your device to refuse cookies. However, if you do this, or if you reject our request to use cookies when you visit our Site, you may be unable to access certain parts of the Site and/or you may not be able to benefit from the full functionality of the Site.

Further information about how we use cookies can be found on our Site here.

How long your personal data is kept

We will retain your personal data for as long as we are interacting with you via the Site (and subsequently, where we continue to interact with you offline), and for as long as permitted or required for legal and regulatory purposes after the last such interaction between you and us.

Subject to any other notices that we may provide to you, we will retain your personal data for as long as permitted or required after our last interaction with you (and for the purposes described above). When you visit the Site, we use cookies and page tagging techniques to collect the request made by your browser to the server hosting the Site. This includes your IP address, the date and time of connection, the version of the web browser you are using, and the page you ask for. We use this information to ensure the security of our Site and we delete it after a maximum of three months. We may need to use and disclose it as necessary in the event of a security concern or incident.

Your rights in relation to your personal data

Under the UK GDPR, you have the following rights in relation to our processing of your personal data:

• to obtain access to, and copies of, the personal data that we hold about you;
• to require us to correct the personal data we hold about you if it is incorrect;
• to require us to erase your personal data, in certain circumstances;
• to require us to restrict our data processing activities, in certain circumstances (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal);
• to receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of your transmitting that personal data to another data controller;
• to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights; and
• to complain about the processing of your data to the UK data protection regulator – the Information Commissioner’s Office (“ICO”) (www.ico.org.uk). The ICO does however recommend that you first try and resolve the complaint with us.

Please note that the above rights are not absolute, and we may be entitled (or required) to refuse requests where exceptions apply. For example, if we have reason to believe the personal data we hold is accurate or we can show our processing is necessary for a lawful purpose set out in this privacy notice.

Contact Us

If you have any questions about this privacy notice or how we process personal data, or if wish to exercise any of your rights under applicable law, please contact UCIM’s Data Protection Officer (karen.whinney@admin.cam.ac.uk).  You may also wish to consult the University’s data protection webpages at https://www.information-compliance.admin.cam.ac.uk/data-protection for further information.

‍

‍