June 2024
Ekorn is a trading name of Umbra Capital Partners LLP (referred to herein as “Ekorn”, “us”, “our”,” we”). Umbra Capital Partners LLP is a Limited Liability Partnership registered in England and Wales at C/O Oakford Advisors Ltd, The Bee House, 140 Eastern Avenue, Park Drive, Milton Park, Oxford, England, OX14 4SB (Number OC425068), and authorised and regulated by the Financial Conduct Authority (Firm Reference Number: 917090). Umbra Capital Partners LLP is authorised and regulated by the Financial Conduct Authority.
Ekorn is committed to processing personal data in line with our responsibilities under the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018. Our offices are in London.
Our contact details:
Name: Ekorn
Address: 10 Lower James Street, London, W1F 9EL
E-mail: [email protected]
Compliance team/data protection officer:
If you need more information about the personal data we process, your rights or have any concerns about your personal data or our processing, please contact us at [email protected]
How Ekorn Collects Your Personal Data
Ekorn will use different methods to collect data from and about you including by:
Our services
Ekorn website
We are data controllers for any personal data we receive when contacted by you directly or via our website.
Ekorn products, services and technology
Where customers use our products, services or technology or integrate with our API, they are data controllers and we are data processors to those customers and their end-users’, where we are providing them with a product or service.
We use different methods to collect and process personal data from or about you, including:
When you browse our website we collect data, via cookies, about your browsing actions, equipment, and patterns. Cookies also help us improve your website experience, for more information about cookies, see our Cookie Policy. You can choose not to accept cookies in your browser, but this may affect some website functionality or features.
We may receive personal data about you from third parties or via public sources, including:
Our primary purpose for processing your personal data is to provide the products, services, or technology you requested. In line with data protection laws and regulations, we only process personal data where we have a lawful basis for doing so. Our lawful bases for processing are:
Where we provide products or services to you through your relationship with your financial adviser (contractual basis)
Where we have legal or regulatory obligations (legal basis)
Where you have given us your explicit consent (consent basis)
Where it is in our (or our third party’s) legitimate interests and where those interests do not override your interests, rights, or freedoms (legitimate interests’ basis)
processing your personal data where it is necessary for the performance of a contract, which you are a party or to take steps, at your request, before entering a contract.
to administer and/or manage the products, services, or technology that you signed up for
to contact you with important information regarding your contracted products, services, or technology
processing your personal data where it is necessary for compliance with legal and regulatory obligations that we are subject to, including HM Revenue & Customs; Financial Conduct Authority (FCA) and Information Commissioner’s Office (ICO) and other United Kingdom authorities who require us to report information to them in specific circumstances.
where you consent to us contacting you when necessary, including routine communications or to share updates about our services and newsletters.
where you consent or opt-in to receive direct marketing communications from us, or a third party, via online, phone, email, or text message.
where you consent to receiving information about recommended goods, services or promotions that interest you.
where you consent to us sharing your personal data with our partners, for managing internal business processes and our services to you, in the most effective way.
if you change your mind and no longer consent to receiving information from us, you can opt-out (at any time), by simply contacting us or associated third parties.
to improve and develop our products, services, and internal operations, including troubleshooting, data analysis, testing, market research campaigns, statistical and survey purposes.
to provide a tailored and personal experience when using our online products and services
to measure or understand the effectiveness of relevant advertising provided by us.
to measure, understand and gain feedback on the effectiveness of our services, allowing us to enhance and improve the services we provide.
to allow us to continually improve our technology by understanding the way our products and services are used by you.
When processing your personal data, we must consider the following individual rights, that you are granted (as a data subject) under data protection laws.
You have the right to complain to us, or against us to the ICO, at any time. In the first instance, we would like to be given the chance to deal with your concerns, before you approach the ICO, by contacting, [email protected].
Alternatively, you can contact the Information Commissioner’s Office (ICO), the UK’s supervisory, regulatory authority, for any concerns you have over our handling of your personal data
Responding to your requests (subject access requests - SARs)
We have one calendar month to respond to your request, but we may extend the time by a further two months if your request is complex or we have multiple requests from you. However, we will always let you know within one month and explain why any extension may be necessary.
If you need more information about the personal data we process, your rights or have any concerns about your personal data or our processing, please contact us at [email protected].
In most cases there is no fee applicable to personal data or rights requests, however, we reserve the right to charge a reasonable fee to cover any administrative burden, where your request is unfounded, overly excessive, or duplicates information previously received.
We may disclose your personal data to third-party sub-processors on occasions where we cannot reasonably perform the processing activity ourselves or where we have made a business decision to do so. Where a sub-processor is used, we always perform due-diligence and/or define contractual clauses to ensure they adhere to our data protection, security and data privacy requirements.
customer relationship management (CRM) - EU
surveys or process feedback - EU
web and usage analytics - US
Our products, services and technology – sub-processors and locations
cloud infrastructure services – UK data centres
database managed services – UK data centres
IT management and administration services – UK
Our website, products or services may include third-party links or associations to applications, contributors, plug-ins and/or other websites. Clicking on these links or enabling connections may allow third parties to collect or process personal data about you. We do not control third-party websites and are not responsible for their privacy statements. When you leave our website, please ensure you review and consider any third-party privacy policies.
On occasions where we process your personal data outside the UK, we take appropriate measures to ensure that your personal data and rights are given equivalent levels of protections, granted under UK data protection laws. In these cases, we consider the following:
The protection and security of your personal data is our priority, where we take a layered approach to our security controls across the following areas: organisation, people, physical, and technology, and we align with international security standards and frameworks.
We store and retain (keep) your personal data for as long as reasonably necessary to fulfil the purpose it was originally collected. We also keep it for additional purposes, where we are obligated to satisfy accounting, legal, regulatory, reporting and tax requirements. On limited occasions, we may keep personal data longer, where you raise a complaint against us, or where we reasonably believe there is a prospect of litigation.
We aim to keep this privacy policy under regular review in line with our legislation and regulatory requirements. Last review and updated date: 30th June 2024.