Privacy Policy

1. Sustainable Impact Alliance Privacy Notice

Sustainable Impact Alliance Limited ("SI Alliance") is fully committed to respecting the privacy rights of individuals, and to compliance with all applicable data protection laws. The purpose of this Notice is to explain how and why we collect, use, transfer ("Process") and protect personal data when administrating and operating SI Alliance.

2. Who we are

2.1 Sustainable Impact Alliance Limited (a company limited by guarantee registered in England and Wales (Company No. 16094522) and a registered charity in England and Wales (Charity No. 1217213)) is responsible for deciding what personal data to collect, how it is used, and for what purposes. The SI Alliance's sole member is Ashurst LLP ("Ashurst"). The SI Alliance is a philanthropic investment vehicle that invests in companies that have the delivery of positive social and/or environmental impact as their core purpose and also operates training and grant-making programmes to support its charitable aims and purpose.

2.2 The SI Alliance shares the premises of Ashurst's London office as well as Ashurst's IT infrastructure systems. Employees and partners at Ashurst also provide services to the SI Alliance on a pro bono basis to support its operation and the delivery of its purpose and mission. Through this use of shared premises, IT infrastructure and delivery of services, data (including personal data) may be transferred between the SI Alliance and Ashurst (together with other members of the Ashurst group). For further details, please see sections 7 and 9 below.

This Notice was last updated in March 2026. We may make changes to the ways in which we process personal data, and we reserve the right to modify this Notice from time to time to reflect those changes. We therefore recommend that you check this Notice periodically to ensure that you are aware of any changes.

It is also important to read this Notice together with any other privacy policy or fair processing notice we may provide when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This Notice supplements such other notices and privacy policies and is not intended to override them.

3. Personal Data

Personal data means any information which relates to an identified or identifiable individual. For example:

"Attendance Data": including but not limited to details of your attendance at the SI Alliance premises or any events that the SI Alliance hosts that you attend, including CCTV footage, photographs, meeting recordings, and other information relating to access to our premises or services obtained through electronic means, such as swipe card records, WiFi connections, visitor or attendance logs;
"Contact Data": including but not limited to email address, billing address, postal address, and telephone numbers including frequency of contact (these details may relate to your work or to you as an individual, depending on the nature of our relationship with you or the organisation you work for);
"Financial Data": including but not limited to bank account information and other payment method details, credit reference reports and other information needed in order to process payments and donations and prevent fraud;
"Identity Data": including but not limited to your name, maiden name, last name, username or similar identifier, marital status, title, social media handle, date of birth, location of birth, gender, nationality, residential status, passport or identity card details, photograph, likeness or image;
"Professional Data": including but not limited to your job function, professional history and education history (including your prior professional experience, previous employers, positions, locations, publications, locations, and professional relationships), current employer, areas of specialism, expertise and responsibility or department;
"Profile Data": including but not limited to information about you, provided by you on our electronic portals and platforms such as your usernames and passwords, your interests, biography, profile settings, date of registration and current state of registration or account status and level of access;
"Technical Data" including but not limited to:

(i) The Internet Protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug in types and versions, operating system and platform;

(ii) Information about your visit to our Website, such as the full Uniform Resource Locators (URL), clickstream to, through and from our Website (including data and time), pages viewed and searched for, page response times, download errors, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from a page, and direct dials or social media handles used to connect with our personnel; and

(iii) Location data which we may collect through our Website and which provides your real-time location in order to provide location services (where requested or agreed to by you), or deliver content or other services that depend on knowledge of your location. This information may also be collected in combination with an identifier associated with your device, to enable us to recognise your mobile browser or device when you return to the Website. Delivery of location services will involve reference to one or more of the following: (a) the coordinates (longitude/latitude) of your location; (b) look-up of your country of location by reference to your IP address against public sources, and/or (c) your Identifier for Advertisers (IFA) code for your Apple device, or the Android ID for your Android device, or a similar device identifier. For more information on the use of cookies and device identifiers on the Website, please review our Cookies Policy;

"Transaction Data": including details about payments to and from you, and other details of services you or your organisation has received from us; and
"Usage Data": including but not limited to information about your use of the Website and similar electronic services. For example, information collected when you visit our Website, electronic portals and platforms, details of content viewed, including when and how many times the content was viewed etc.

We collect and use personal data in the course of our activities for a variety of purposes, as further described in this section. We will only process the personal data that is necessary in order to achieve these purposes.

4. Sensitive or "Special Category" Data

Special categories of personal data include data from which we can infer an individual's racial or ethnic origin, political opinions and religious or philosophical beliefs. It also includes trade union membership, data concerning health, sex life or sexual orientation, or data relating to actual or alleged criminal offences committed and any penalty or sentence imposed.

5. The personal data that we collect

In the table below, we have set out the personal data that we may collect, what we use it for, how we obtain it, and our legal justification for doing so:

Purpose/Activity	Types of Data	Data Source	Lawful Basis (justification) for using your data
Administration and operation of the SI Alliance (including but not limited to the use of third party matter management software for the management of SI Alliance operations)	Identity Data Contact Data Financial Data Profile Data	Directly from the individual From authorised representatives Created during our relationship	Legal or regulatory obligation Performance of a contract Legitimate Interests (ensuring we can operate the SI alliance in an efficient and compliant manner)
Recruitment of trustees, investment committee members and volunteers (including but not limited to any due diligence checks carried out on prospective trustees, investment committee members and volunteers)	Identity Data Contact Data Financial Data Professional Data Special Category Data	Directly from the individual From authorised representatives Created during our relationship	Legal or regulatory obligation Consent Legitimate Interests (ensuring we can create robust governance structures)
Remuneration of expenses to trustees, investment committee members and volunteers	Identity Data Contact Data Financial Data	Directly from the individual From authorised representatives Created during our relationship	Legitimate Interests (ensuring we can create robust governance structures and pay expenses as properly incurred by those who help operate the SI Alliance)
Opening and operating the bank account of SI Alliance	Identity Data Contact Data Financial Data	Directly from the individual From authorised representatives	Legal or regulatory obligation Performance of a contract Legitimate Interests (ensuring we can receive donations and operate the SI Alliance)
Performance of core activities such as the assessment/due diligence, making, ongoing management and exit of investments (including any due diligence on the key individuals involved in an organisation), the running of its grant making programmes and processing of donations.	Identity Data Contact Data Financial Data Special Category Data	Directly from the individual From authorised representatives Public registers of company directors and shareholdings Regulatory bodies Searches of publicly available information Systems controlled by SI Alliance or by the third parties managing/supporting our systems, equipment or technologies on our behalf	Legal or regulatory obligation Performance of a contract Legitimate Interests (ensuring efficient operation of the SI Alliance in accordance with our mission statement and charitable purpose, promoting our products and services and seeking to develop our business)
Monitoring compliance with equal opportunities legislation and for purposes related to our diversity policies	Identity Data Special Category Data	Directly from the individual	Legal or regulatory obligation
Running of core training programmes (including the marketing, recruitment and screening for such training programmes)	Identity Data Contact Data Financial Data Special Category Data Attendance Data	Directly from the individual From authorised representatives	Legal or regulatory obligation Consent Legitimate Interests (ensuring efficient operation of the SI Alliance training programs in accordance with our mission statement/charitable purpose and promoting our products and services)
Recording or monitoring telephone or video calls made or received by our networks, or of events that we organise (including any training programmes)	Identity Data Contact Data Professional Data Attendance Data	Directly from the individual From authorised representatives Systems controlled by the SI Alliance or by the third parties managing or supporting our premises, systems, equipment or technologies	Legitimate Interest (ensuring that we can accurately record information (including advice) and monitoring compliance with our policies and procedures) Legal or regulatory obligation
CCTV and other monitoring for security and health and safety	Identity Data Contact Data Attendance Data	Directly from the individual From authorised representatives Provided by client or another business contact Security and access systems controlled by the SI Alliance, Ashurst LLP or by the third party managing our premises	Legal or regulatory obligation Legitimate Interest (ensuring the safety of our staff and visitors whilst on out premises)
Compliance with its legal, regulatory and tax obligations and internal policies relating to background checks (including sanctions screening, anti-money laundering, anti-terrorism, fraud and other background checks)	Identity Data Contact Data Financial Data Professional Data	Directly from the individual From authorised representatives Public registers of company directors and shareholdings Regulatory bodies Searches of publicly available information	Legal or regulatory obligation Performance of a contract Legitimate Interest (prevention or detection of crime and ensuring we do not deal with the proceeds of any criminal activities)
Appointment and management suppliers	Identity Data Contact Data Financial Data Transaction Data Professional Data	Directly from the individual From authorised representatives Provided by supplier or another business contact Public registers of company directors and shareholdings Searches of publicly available information	Legal or regulatory obligation Performance of a contract Legitimate Interest (to ensure we can manage any fees, payments and charges and administer supplier relationships
Delivering relevant content to the public via our website and social media channels and measuring the effectiveness of the content that we provide	Identity Data Contact Data Usage Data Technical Data	Directly from the individual From authorised representatives Systems controlled by SI Alliance or by the third parties managing/supporting our systems, equipment or technologies on our behalf	Legitimate Interest (promoting our content, products and services and seeking to develop our business)
Improving our Website, services, content, marketing efforts, communication and visitor experiences and relationships through data analytics	Usage Data Technical Data	Systems controlled by SI Alliance, Ashurst LLP or by the third parties managing or supporting our systems, equipment or technologies	Legitimate Interest (understanding how visitors interact with our Website, gaining insights into their experience and seeking continuous improvement to develop our business)
Managing and maintaining our IT services (including third party platforms such as our HighQ site)	Identity Data Contact Data Professional Data Location Data Profile Data Usage Data	Systems controlled by SI Alliance, Ashurst LLP or by the third parties managing or supporting our systems, equipment or technologies	Legitimate Interest (ensuring we can protect, develop and improve our business)
Marketing and promoting the SI Alliance and producing and disseminating reporting relating to the performance and activities of the SI Alliance	Identity Data Contact Data	Directly from the individual From authorised representatives	Legitimate Interest (promoting our content, products and services and seeking to develop our business)

6. Are you required to provide personal data?

We collect your personal data on a voluntary basis. There will be no negative effects for you if you choose not to provide your personal data to us. However, there may be times when we cannot take action without collecting and using certain personal data. In these cases, it will not be possible for us to provide you with our services or continue our professional relationship with you and/or the organisation you represent unless you provide your personal data, and consent to us using it.

7. Disclosure and International Transfers of Personal Data

We may share your personal data with members of the Ashurst group of companies and to certain third parties on a confidential basis where this is necessary for the legitimate purposes set out in this Notice. This may include countries which do not provide the same level of protection as the laws of your home country. We will ensure that any transfer of your personal data abroad is made with suitable safeguards as required by law. This may include the European Commission's Standard Contractual Clauses ("SCCs"), which can be found here and the UK Addendum to the EU SCCs, which can be found here.

We may also share personal data with providers of certain technology services which help us to operate the SI Alliance. These services include cloud security systems and subscription application services. The use of these services may require your personal data to be held in the cloud on infrastructure managed by a third party service provider. Where we do share your personal data we require the receiving party or individual to respect its confidentiality, ensure it is kept securely and only be used in accordance with applicable laws.

We permit such recipients to use the personal data we share only for limited, specified and lawful purposes, and in accordance with our instructions. Otherwise, we will only share your personal data when you tell us to, when you give us permission, when we are required by law or as required to investigate fraudulent or criminal activities. We will not sell your personal data.

8. Personal data about other people which you provide to us

If you provide personal data to us about someone else then you must check that you have their permission to share that personal data with us. In particular, you must check that the other person is aware of this Notice, including who we are and how to contact us.

9. Security of Personal Data

We implement and maintain appropriate technical, organisational and physical safeguards to ensure a level of security which is appropriate to the risk of processing your personal data. We take reasonable measures to restrict access so that only those who require access to your personal data in order to fulfil the purposes set out in this Notice are granted access to it.

SI Alliance premises are access controlled and its electronic databases require logins and password authentication. Both the SI Alliance and Ashurst ensure that individuals that have regular access to personal data are obliged to protect its confidentiality and receive appropriate training regarding their rights and obligations when processing personal data.

However, no information system is completely secure, and we cannot guarantee the protection of any personal data you choose to transmit to our Website.

10. Retention of Personal Data?

We will only retain your Personal Data for as long as is reasonably necessary to achieve the purposes for which we collected it. We may retain your personal data for a longer period in order to comply with our legal and regulatory obligations, or if we reasonably believe there is a prospect of a legal claim in relation to the activities of the SI Alliance.

We will also comply with our legal obligations if you make a request to erase your personal data, or if you previously gave your consent to us using your personal data but now wish to withdraw it. Please note that there may be some cases in which we are entitled to retain your data even if you make such a request. For further information about this, please contact SIAlliance@ashurst.com.

11. Your Data Rights

Depending on the applicable law, you may have the right to:

further information about the ways in which we process your personal data;
receive a copy of the personal data that we hold which relates to you;
request that we correct or complete any inaccurate or incomplete personal data;
request that your personal data in our possession is deleted, subject to exceptions that may exist under applicable laws;
where the lawful basis for our processing is consent, withdraw your consent;
prevent us from using your personal data for direct marketing purposes;
object to any processing based on the legitimate interests ground, unless our reasons for processing the personal data outweigh any adverse impact on your data protection rights;
where we process your personal data by automated means and the lawful basis for processing your personal data is (a) consent; or (b) that it is necessary to process it in order to enter into a contract with you, you may request that we provide you with a copy of your personal data in a machine-readable format (data portability);
request that we restrict our processing of your personal data where (a) you believe such data to be inaccurate; (b) you believe our processing to be unlawful; or (c) we no longer need to process the personal data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation (or because you do not want us to delete it); and
bring a complaint to a Data Protection Supervisory Authority. If you are in the United Kingdom, this will be the Information Commissioner's Office https://ico.org.uk/make-a-complaint. If you are in the European Union, this will be the Supervisory Authority in the country in which you are located. However, we would appreciate the opportunity to address any complaints you may directly. Should you have any questions in relation to the content of this Notice please contact SIAlliance@ashurst.com.

12. How to get in touch with us

If you would like to contact us with any queries or comments, please send an email to:

SIAlliance@ashurst.com or send a letter to: Privacy & Tech Regulatory Team, c/o Sustainable Impact Alliance Limited, London Fruit & Wool Exchange, 1 Duval Square, London E1 6PW, United Kingdom.