(and individuals whose personal data is obtained in association)
What we collect
We collect personal data about our corporate clients (and associated individuals) which is necessary to effectively deploy our professional services as agreed with our clients. We ask our clients to provide the necessary information to other associated data subjects regarding their personal data use whilst performing our services.
The types of data we collect, and process can vary, it may include:
- Personal details e.g. name and date of birth
- Contact Information e.g. email address, contact number and postal addresses
- Anti-Money Laundering (AML) Identification information (i.e. driver's license and passport copies which include biographical and contact information)
- Employee Information e.g. role, experience, benefits and salary
- Financial Information e.g. salary and payroll information, and other financial-related details such as income and investments etc
- Statutory Company Information (including business activities)
On occasion, for some of our services and when required under a legal obligation, we may also process sensitive data (such as race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and, criminal records) about you, which we ensure is processed securely and within the strict legal parameters.
We collect data;
- Directly when you initially contact us
- Indirectly through subsequent interactions with our clients, from a third party acting on our clients’ instructions, or from other third parties (including publicly available information)
How we use your personal data and legal basis for processing
We process your personal data for various purposes including (but not limited to):
||We have a legitimate interest in using your data for these purposes, as it helps us to manage our relationship with you. We have carried out a Legitimate Interests Assessment (LIA) whereby we have weighed your interests and the risks posed to you against our own interests and consider that they are proportionate and appropriate.|
||We do this to comply with our contractual obligations.|
The processing is necessary for compliance with our obligation under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulation 2017.
Any personal data received as part of our AML process from a corporate client will be processed only for the purposes of preventing money laundering and terrorist financing, unless:
||We have a legitimate interest in using your personal data in this way, as it helps us to run our business and to safeguard our rights as a business.|
We do this to comply with our legal, regulatory and professional obligations.
Where we do not have a legal obligation, we have a legitimate interest in processing.
Sharing and disclosing your personal data
We do not share or disclose any of your personal data without your consent, other than for the purposes specified in this notice or where there is a legal requirement. When we share data with others, we ensure contractual arrangements and security mechanisms are in place to protect the data and to comply with our data protection, confidentiality and security standards.
Your personal data may be shared with:
- Third party organisations such as appropriate lenders and lawyers to facilitate the set up and completion of a transaction
- Third party organisations that provide identification checking services
- Third party organisations that provide applications/functionality, data processing or IT services to us
- Other third parties as instructed by you
- Our trade associations, professional bodies and business associates e.g. auditors, insurers, solicitors, accountants etc.
Occasionally, we may also need to disclose your personal data in the following circumstances:
- Based on our legitimate interests, to third parties if we choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
- To law enforcement officials, law courts and government and regulatory authorities: (a) if we believe disclosure is required by any applicable law, regulation or legal process; or (b) to protect and defend our rights, or the rights or safety of third parties, including to defend against legal claims based on our legitimate interests.
- In exceptional circumstances, to third parties to protect your vital interests if you fell ill or suffered an injury at one of our events or on our premises.
How long we keep your data
We only ever retain personal data for as long as is necessary for the purposes for which it was collected, and we have strict review and retention policies in place to meet these obligations. We keep personal data in accordance with our internal retention policies, which are determined in accordance with our regulatory obligations and good practice.
We retain records and documentary evidence created in the provision of our professional services for 7 years after the end of the engagement, in the absence of specific legal, regulatory or contractual requirements.