2X Certification Privacy Policy

2X GLOBAL LIMITED
2X CERTIFICATION 

2X Global Limited (“2X”) are committed to protecting the privacy and security of your personal data. This Privacy Notice provides information on how we process your personal data as part of the 2X Certification Service.

This Privacy Notice applies to and sets out how we use the personal data of our visitors to the 2X Certification Service. It is important that you read these additional details so that you are aware of how and why we are using the personal data we are collecting, storing, and using about you. 

For the purposes of data protection laws, 2X is the controller of the processing of your personal data that is described in this Privacy Notice. This means that we decide why and how your personal data is processed. It also means that we are legally responsible to you for that processing.


Who are we?

"2X" is 2X Global Limited, a company registered in England and Wales under company registration number 13697512. Our registered office is at Crowe U.K. LLP, 55 Ludgate Hill, London, England, EC4M 7JW. 

"We", "our" or "us" refers to 2X.

If you have any questions about this Privacy Notice, please contact certification(at)2xglobal.org.

What are the processing roles of 2X?

2X makes decisions regarding certain processing of your personal data in respect of delivery as part of the delivery of our 2X Certification Service to you. 

We have responsibility for the day-to-day handling of your personal data including:

  • acting as your main point of contact for any queries you may have relating to this Privacy Notice;

  • responding to your requests when you exercise your data protection rights (see further below regarding these rights);

  • making sure we have the legal grounds to use your personal data in the ways described in this Privacy Notice; and

  • ensuring that the personal data it stores is secured and retained in accordance with data protection laws.

What personal data do we collect and how do we use it?

When you visit the 2X Certification Service we will collect your name, organisation, country, email details, and password in order to create an account for you and to deliver our Certification services to you.

We will only send you marketing emails or contact you about our services and other information we think might interest you if you have explicitly opted in to receive such communications from us. You have the right to withdraw your consent at any time by [clicking the 'unsubscribe' link at the bottom of our emails or contacting us at certification@2xglobal.org.

We will process slightly different personal data about you depending upon whether you represent a corporate entity or a fund. The information processed for each category is set out below.

  • Corporates

    • contact name, title, email address, and phone number for the organisation;

    • contact name, title, email address, and phone number of the person authorised to enter into agreements on behalf of the organisation;

    • country of registration, countries of operations;      

    • documents verifying women’s shares;

    • documents verifying founding by women;

    • documents verifying the number of women senior managers at the organisation;

    • documents verifying active women Board or Investment Committee Members;

    • documents verifying number of women employees;

    • details of supply chain management; 

    • documents verifying racial or ethnic origin, health information, sexual orientation; 

    • the name, employer, and email address of anyone that requested that you fill in the form; and

    • company logo and website (in the case of successful certification), for entity to be added to the 2X Certified entities directory. 

  • Funds

    • contact name, title, email address, and phone number for the fund;

    • contact name, title, email address, and phone number of the person authorised to enter into agreements on behalf of the fund;     

    • country of registration, countries of operations;  

    • documents verifying women’s shares;

    • documents verifying founding by women;

    • documents verifying the number of women with investment responsibility at the fund;

    • documents verifying active women Investment Committee Members;

    • documents verifying the number of women employees; 

    • documents verifying racial or ethnic origin, health information, sexual orientation; 

    • the name, employer, and email address of anyone that requested that you fill in the form; and

    • company logo and website (in the case of successful certification), for entity to be added to the 2X Certified entities directory. 

Processing your personal data 

The purpose of processing your personal data is to perform our evaluation, verification, and certification services as part of the 2X Certification Service. We process this information on the basis of our legitimate interests in operating the 2X Certification Service to increase credibility, provide global peer benchmarking, promote transparency and accountability within the gender finance ecosystem.

We process special category data on the basis of our legitimate interests and for reasons of substantial public interest on the basis in law particularly the Data Protection Act 2018 Schedule 1 paragraph 9 in relation to racial and ethnic diversity at senior levels.

During the verification process, some documents which may contain personal data are processed using machine learning techniques. 

How we share your personal data

We may share your personal data between 2X and third-party organisations: 

  • Equilo, our technology partner; 

  • third party verifiers; and

  • other potential investors, including funds, grant makers, and other third-party technical advisory service providers supporting investors, funds, grant makers.

We may also share your personal data with third parties who provide services to us to the extent that it is necessary for us to do so. 

How long we keep your personal data

We will store your data for no longer than six years. 

For re-certification, the six-year retention period will restart from the date of such re-certification. This is to ensure that information from the original certification is available to support the re-certification process. After this time period, we will only store anonymised data for the purposes of research and learning that will contribute to field building of gender lens investment. 

How we transfer your personal data outside Europe

2X is an English company, headquartered in the United Kingdom. 

Where necessary, we may transfer personal data outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place. 

In the case of transfers out of the UK subject to UK data protection law, the UK government has decided that particular countries ensure an adequate level of protection of personal data (known as an ‘adequacy regulation’). Where a country benefits from an adequacy regulation, then we will rely on it for transfers from the UK to that country. Where a country does not, then we will rely on legally-approved standard data protection clauses. If we cannot or choose not to continue to rely on either of those mechanisms at any time, we will not transfer your personal data outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by UK data protection law.

Automated decisions we take about you

We do not make automated decisions using your personal data. 

Your rights

You have a number of rights over your personal data, which are:

  • the right to ask us what personal data about you we are holding and to have access to a copy of your personal data;

  • the right to ask us to correct any errors in your personal data;

  • the right, in certain circumstances such as where our use of your personal data is based on your consent and we have no other legal basis to use your personal data, to ask us to delete your personal data;

  • the right, in certain circumstances such as where we no longer need your personal data, to request that we restrict the use that we are making of your personal data;

  • the right, in certain circumstances, to ask us to review and explain our legitimate interests to you; and

  • the right, where our use of your personal data is carried out for the purposes of an agreement with us and is carried out by automated means, to ask us to provide you with a copy of your personal data in a structured, commonly-used, machine-readable format.

Providing your personal data to 2X is necessary as part of the 2X Certification Service. Failure to provide such data will impair the ability of 2X to perform the 2X Certification Service.

How to complain 

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this Privacy Notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:   

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint


Changes to this Privacy Notice

We keep our Privacy Notice under regular review and will update it from time to time to make sure it remains up-to-date and accurate.