(and individuals whose personal data is obtained in association)
We collect personal data about our corporate clients (and associated individuals) which is necessary to effectively deploy our professional services as agreed with our clients. We ask our clients to provide the necessary information to other associated data subjects regarding their personal data use whilst performing our services.
The types of data we collect, and process can vary, it may include:
On occasion, for some of our services and when required under a legal obligation, we may also process sensitive data (such as race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and, criminal records) about you, which we ensure is processed securely and within the strict legal parameters.
We collect data;
We process your personal data for various purposes including (but not limited to):
Purpose | Legal basis |
|
We have a legitimate interest in using your data for these purposes, as it helps us to manage our relationship with you. We have carried out a Legitimate Interests Assessment (LIA) whereby we have weighed your interests and the risks posed to you against our own interests and consider that they are proportionate and appropriate. |
|
We do this to comply with our contractual obligations. |
|
The processing is necessary for compliance with our obligation under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulation 2017. Any personal data received as part of our AML process from a corporate client will be processed only for the purposes of preventing money laundering and terrorist financing, unless:
|
|
We have a legitimate interest in using your personal data in this way, as it helps us to run our business and to safeguard our rights as a business. |
|
We do this to comply with our legal, regulatory and professional obligations. Where we do not have a legal obligation, we have a legitimate interest in processing. |
We do not share or disclose any of your personal data without your consent, other than for the purposes specified in this notice or where there is a legal requirement. When we share data with others, we ensure contractual arrangements and security mechanisms are in place to protect the data and to comply with our data protection, confidentiality and security standards.
Your personal data may be shared with:
Occasionally, we may also need to disclose your personal data in the following circumstances:
We only ever retain personal data for as long as is necessary for the purposes for which it was collected, and we have strict review and retention policies in place to meet these obligations. We keep personal data in accordance with our internal retention policies, which are determined in accordance with our regulatory obligations and good practice.
We retain records and documentary evidence created in the provision of our professional services for 7 years after the end of the engagement, in the absence of specific legal, regulatory or contractual requirements.