Privacy Policy

If you have any questions about this Privacy Notice, how we handle your personal data, or want to exercise any of your rights, please contact us at johnathan@fuel.ventures.

1. Introduction & Overview

This Privacy Notice explains how Fuel Ventures Ltd (“we,” “us,” “our”) collects, uses, discloses, stores, and protects your personal data when you (i) access or use our website, (ii) contact us, (iii) pitch or apply for investment, (iv) invest, or (v) otherwise interact with us. It also explains your rights under UK data protection law (UK GDPR and the Data Protection Act 2018).

We are committed to protecting your privacy and ensuring your personal data is handled in accordance with applicable laws, including the UK General Data Protection Regulation (“UK GDPR”).

2. Who we are / Data Controller

  • Legal name: Fuel Ventures Limited
  • Registered office address: 424 Margate Road Westwood, Ramsgate, Kent, England, CT12 6SJ
  • Operating address / principal place of business: 22B Bishopsgate, London EC2N 4AJ
  • Contact for data protection / privacy matters:
  • Email: johnathan@fuel.ventures
  • Postal: as above
  • Data Protection Lead / Officer (if applicable): Johnathan Graham, Head of Compliance. 

As far as processing your personal data is concerned, we act as the data controller (i.e. determining purposes and means of the processing).

3. Personal data we collect / when / sources

We collect and process various categories of personal data based on how you interact with us:

Category / Source
Examples of Data
When / Source
Identity & contact data

Name, title, job title, company name, address, email addresses, telephone numbers

When you contact us, sign up for newsletters, or communicate with us

Pitch / application data

Business plans, forecasts, CVs, company incorporation documents, beneficial ownership, referees, references

When you submit a pitch or apply for funding

Investment / transaction data

Bank account details, investment amounts, payment records, SEIS/EIS or tax documents

When you invest or enter into contractual relationships

Compliance / regulatory data

ID / passport / proof of address, AML / KYC checks, beneficial ownership declarations, sanctions screening data

For regulatory compliance, due diligence, onboarding

Technical / usage data

IP address, browser type/version, device identifiers, operating system, referring URL, pages visited, clickstreams, cookies / tracking data

When you visit or use our website

Marketing / preferences data

Consent flags, subscription status, communication preferences, opt-in / opt-out preference

When you subscribe or interact with marketing communications

Third‑party / public data

Company registry data, public filings, social media profiles, credit / corporate data

From publicly available sources or third‑party providers

Other data

Any other information you choose to send us, attachments, feedback, correspondence

Via email, web forms, or other communications

 



4. Purposes & lawful bases of processing

Below is a summary of our principal processing activities, what we do with your personal data, and the lawful bases under UK GDPR. In many cases, more than one lawful basis may apply.

Category / Source
What we do / use the data for
Lawful basis(s)
Responding to enquiries, pitches & applications

Evaluate your submissions, communicate with you, negotiate agreements

Performance of contract / steps to enter contract (Art 6(1)(b)); legitimate interests (Art 6(1)(f))

Due diligence / investment management

Assess, monitor, manage investments; background checks; portfolio oversight

Legitimate interests (Art 6(1)(f)); performance of contract (Art 6(1)(b)); compliance with legal obligations (Art 6(1)(c))

Regulatory & compliance (e.g. AML / KYC / sanctions)

Verification, screening, audits, reporting

Legal obligation (Art 6(1)(c)); or legitimate interests (Art 6(1)(f))

Marketing & communications

Sending newsletters, event invitations, promotional offers

Consent (Art 6(1)(a)); or legitimate interests (provided balance test) (Art 6(1)(f))

Website analytics, performance & improvement

Monitor usage, optimize user experience, security, detect fraud

Legitimate interests (Art 6(1)(f))

Archiving, record-keeping, legal / audit

Maintain legal, accounting, reporting, compliance records

Legal obligation (Art 6(1)(c)); legitimate interests (Art 6(1)(f))

Legal claims & litigation

Use data in disputes, investigations, or enforcement

Legitimate interests (Art 6(1)(f)); legal obligation (Art 6(1)(c))

 

 



Where we rely on legitimate interests (Art 6(1)(f)), we have carried out and documented a Legitimate Interests Assessment (LIA), weighing our interests against the rights and freedoms of the data subject. We do not use legitimate interests where our interests are overridden by your rights.

Where processing is based on consent, you may withdraw your consent at any time, without affecting the lawfulness of prior processing (Art 7(3)).

If you refuse to provide certain personal data that is necessary (e.g. for compliance or contract), we may be unable to proceed with your application or relationship.

5. Recipients / Disclosure / Third parties / International Transfers

We may share your personal data with:

  • Service providers & processors (e.g. cloud hosting, IT providers, CRM, email/marketing platform, analytics, legal / accounting / audit)
  • Portfolio companies, co-investors, syndication partners, prospective investors — in the context of due diligence, reporting, syndication
  • Regulators, tax authorities, courts, government bodies — where required by law or regulation
  • Professional advisors, legal counsel, auditors, insurers — for legal, accounting or risk purposes
  • Acquirers, successors, or during business reorganisations / mergers — if we restructure or sell all or part of our business
  • Other third parties — only where you have given consent or where legally required

All third parties or processors engaged by us are bound by contracts (data processing agreements) requiring them to comply with confidentiality, security, and applicable data protection law.

International / cross-border transfers

If we transfer personal data to countries outside the UK / EEA, we will ensure that suitable safeguards are in place (such as:

  • UK Standard Contractual Clauses (SCCs) / International Data Transfer Addendum
  • Binding Corporate Rules
  • Adequacy decisions by the UK government
  • Other lawful mechanisms


We will inform you (either in this Notice or at the time of collection) should we transfer data to jurisdictions without adequacy.

6. Retention / deletion

We retain personal data only for as long as is necessary for the purposes for which it was collected (or as required by law). Criteria used to determine retention periods include:

  • The nature and purpose of processing
  • Any legal, regulatory or contractual retention requirements
  • Whether the data continues to be needed for ongoing relationships, claims, or audits

Typical retention durations (subject to review):

  • Marketing / newsletter data: until you withdraw consent or unsubscribe
  • Application / pitch data: up to 7–10 years after decision or closure
  • Investment / transaction records: at least 6–10 years (or longer if legal/tax obligations demand)
  • Website analytics / log data: e.g. 1 to 3 years
  • Legal / compliance records: as long as necessary for disputes, regulatory obligations

Once retention is no longer needed, data will be securely deleted or anonymised.

7. Security & Safeguards

We adopt appropriate technical and organisational measures to safeguard your data, including:

  • Encryption in transit (TLS/HTTPS) and encryption at rest where practicable
  • Access controls, role-based access, strong passwords, multi-factor authentication
  • Regular security testing, vulnerability scanning, penetration testing
  • Network monitoring, logging, intrusion detection
  • Data minimisation, pseudonymisation or anonymisation where feasible
  • Secure backups, disaster recovery, segregation of data
  • Physical security for paper records and secure disposal, shredding, secure deletion
  • Requiring our processors to implement equivalent security measures via contractual obligations

We review and update security practices periodically to maintain appropriateness.

8. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have rights in relation to your personal data:

  • Right of access — request a copy of your personal data and supplementary information (Art 15)
  • Right of rectification — ask us to correct inaccurate or incomplete data (Art 16)
  • Right to erasure (“right to be forgotten”) — in certain cases request deletion (Art 17)
  • Right to restrict processing — request suspension of processing (Art 18)
  • Right to data portability — if processed by automated means based on consent or contract, ask for data in structured, machine-readable form (Art 20)
  • Right to object — e.g. to processing based on legitimate interests or direct marketing (Art 21)
  • Right to withdraw consent — at any time if consent is the basis (Art 7(3))
  • Right to lodge complaint — with the Information Commissioner’s Office (ICO) in the UK

To exercise any of these rights, please contact us at the contact details in Section 2. We will respond without undue delay and within one month (which may be extended by up to two further months in complex cases, with notice) (Art 12(3)–(4)).

Note: some rights may be restricted or limited (e.g. for legal claims or compliance purposes).

9. Cookies & Similar Technologies

We use cookies, web beacons, tracking pixels, local storage, and similar technologies to collect data about your use of our website (e.g. pages visited, links clicked, session duration). Some cookies are strictly necessary; others support analytics, performance, advertising, or functionality.

  • On your first visit (or periodically), we will present a cookie banner / consent notice to you, providing clear information and choice (if required)
  • You may withdraw or modify your consent via cookie settings or your browser
  • Please refer to our Cookie Policy (linked from our website) for full details of the cookies used, their purposes, durations, and how to manage them

We do not use cookies to collect personal data beyond what is necessary or lawful.

10. Children / Minors

Our services are directed at adults. We do not knowingly collect personal data from children under age 16 without parental consent. If we become aware of such collection, we will take steps to delete the data promptly.

11. Automated decision‑making / profiling

We do not currently rely on fully automated decision‑making (i.e. solely by a machine) that produces legal or materially binding effects regarding you. To the extent we perform profiling (for analytics, segmentation, marketing), we ensure safeguards are in place, including the possibility to object. Should we adopt AI / generative model tools in the future, we will provide you with details of logic, significance, envisaged consequences, and rights to challenge (in line with UK GDPR / EDPB guidelines).

12. Changes to this Notice

We may update this Privacy Notice occasionally (e.g. due to legal, regulatory, or operational changes). The “Last Updated” date at the top will reflect the current version. Where a change is material, we will notify you (for example, by email) if you are a contact in our systems. We encourage you to review this Notice periodically.

13. Third‑party links & embedded content

Our website may link to or embed external websites or content (e.g. social media, YouTube, third‑party widgets). This Privacy Notice does not cover those external sites or services. Please review their privacy policies before providing personal data.

14. International visitors

If you access our services from outside the UK, your data may be transferred to the UK or other jurisdictions for processing, under the safeguards described in Section 5. By using our services, you consent to such transfers.

15. Contact & Supervisory Authority

If you have any questions, requests or complaints about how we use your personal data or about this Notice, please contact us using the contact details in Section 2.

If you believe we have not handled your personal data lawfully or fulfilled your rights, you may lodge a complaint with the Information Commissioner’s Office (ICO) in the UK (https://ico.org.uk).

TOP