GDPR Compliance

Last updated: January 2025

Our Commitment

Veritas Funds LLP is fully committed to complying with the UK General Data Protection Regulation (UK GDPR) and the EU GDPR where applicable. We take data protection seriously and have implemented comprehensive measures to ensure your personal data is processed lawfully, fairly, and transparently.

Data Protection Principles

We adhere to the following data protection principles:

  • Lawfulness, Fairness, and Transparency: We process data lawfully with clear purpose
  • Purpose Limitation: Data is collected for specific, legitimate purposes only
  • Data Minimisation: We collect only the data necessary for our services
  • Accuracy: We take reasonable steps to ensure data is accurate and up to date
  • Storage Limitation: Data is retained only as long as necessary
  • Integrity and Confidentiality: Appropriate security measures protect all data
  • Accountability: We maintain records and can demonstrate compliance

Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of Access (Article 15)

You can request a copy of all personal data we hold about you. We will respond within one month.

Right to Rectification (Article 16)

If your data is inaccurate or incomplete, you can request correction.

Right to Erasure (Article 17)

You can request deletion of your data, subject to legal retention requirements.

Right to Restrict Processing (Article 18)

You can request we limit how we process your data in certain circumstances.

Right to Data Portability (Article 20)

You can receive your data in a machine-readable format and transfer it to another controller.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing.

Data Processing Records

We maintain comprehensive records of processing activities (Article 30) that document:

  • Categories of data subjects and personal data
  • Purposes of processing
  • Categories of recipients
  • International data transfers and safeguards
  • Retention periods
  • Technical and organisational security measures

International Data Transfers

Where we transfer personal data outside the UK/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the ICO, adequacy decisions, or binding corporate rules. Our primary data processing occurs within the UK/EEA.

Data Breach Procedures

In the event of a personal data breach, we will:

  • Notify the Information Commissioner's Office (ICO) within 72 hours where required
  • Notify affected individuals without undue delay where there is a high risk
  • Document all breaches, including facts, effects, and remedial actions
  • Conduct a thorough investigation and implement preventive measures

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) before implementing new processes that are likely to result in a high risk to individuals' privacy rights. This includes large-scale processing of sensitive data and systematic monitoring activities.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact our Data Protection Officer:

Data Protection Officer

Email: dpo@veritasfundsllp.com

Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ

We will respond to all requests within one month. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.