This Privacy Notice sets out how we’ll use your personal data. Your personal data is data which by itself or with other data available to us can be used to identify you. We use your personal data in accordance with Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR).
1.The types of personal data we collect and use?
To assist you in your application for authorisation to the Financial Conduct Authority we’ll use certain owners, directors and shareholder’s personal data for the reasons set out below.
The sources of personal data collected indirectly are mentioned in this statement. The personal data we use may be about the owners, directors and shareholders may include:
- Full name and personal details including contact information (e.g. home address and address history, email address and contact telephone numbers);
- Date of birth;
- Financial details (in certain instances we may request a statement of personal assets and liabilities);
- Information from credit reference or fraud prevention agencies, electoral roll, court records of debt judgements and bankruptcies and other publicly available sources;
- Employment details/employment status
- Personal data about other named applicants. You must have their authority to provide their personal data to us and share this Privacy Notice with them beforehand together with details of what you’ve agreed on their behalf.
2. Providing your personal data
You must provide your personal data so we complete the required sections of the application documents in relation to your application for authorisation to the Financial Conduct Authority (unless you’re a customer and we already hold your details).
3. Using your personal data: the legal basis and purposes
We’ll process your personal data:
1.As necessary to perform our contract in assisting you with your application for authorisation to the Financial Conduct Authority:
2.As necessary for our own legitimate interests or those of other persons and organisations, e.g.:
- a.To take steps at your request prior to entering into it;
- b.To manage and perform that contract;
- c.To update our records; and
3.As necessary to comply with a legal obligation, e.g.:
- a.For good governance, accounting, and managing and auditing our business operations;
4.Based on your consent, e.g. :
- a.When you exercise your rights under data protection law and make requests;
- b. For compliance with legal and regulatory requirements;
- c.To update our records; and
- d.For activities relating to the prevention, detection and investigation of crime;
- e.To verify your identity, make credit, fraud prevention and anti-money laundering checks;
- a.When you request us to disclose your personal data to other people; You’re free at any time to change your mind and withdraw your consent. The consequence might be that we can’t do certain things for you.
4. Sharing of your personal data
Subject to applicable data protection law we may share your personal data with:
- The Financial Conduct Authority as part of the application process for authorisation.
- Companies and other persons providing services to us;
- Our legal and other professional advisors;
- Fraud prevention agencies;
- Government bodies and agencies in the UK and overseas (e.g. HMRC and with regulators e.g., the Financial Conduct Authority, the Information Commissioner’s Office);
- Courts, to comply with legal requirements, and for the administration of justice;
- In an emergency or to otherwise protect your vital interests;
- To protect the security or integrity of our business operations;
- To other parties connected with your Product application e.g. other people named on the application who will see your transactions;
- When we restructure or sell our business or its assets or have a merger or reorganisation; and
- Anyone else where we have your consent or as required by law.
5. Identity verification and fraud prevention checks
The personal data we’ve collected from you at application or at any stage may be shared with fraud prevention agencies who will use it to prevent fraud and moneylaundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment in future. We may also search and use our internal records for these purposes.
6. Criteria used to determine retention periods (whether or not you become a customer)
The following criteria are used to determine data retention periods for your personal data:
Retention in case of queries. We’ll retain your personal data as long as necessary to deal with your queries (e.g. if your application is unsuccessful);
- Retention in case of claims. We’ll retain your personal data for as long as you might legally bring claims against us; and
- Retention in accordance with legal and regulatory requirements. We’ll retain your personal data based on our legal and regulatory requirements.
7. Your rights under applicable data protection law
Your rights are as follows:
- The right to be informed about our processing of your personal data;
- The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed;
- The right to object to processing of your personal data;
- The right to restrict processing of your personal data;
- The right to have your personal data erased (the “right to be forgotten”);
- The right to request access to your personal data and information about how we process it;
- The right to move, copy or transfer your personal data (“data portability”); and