Cross Border Capital Finance, a division of Ars Operandi LTD, (“we” or “us”) take the privacy of your information very seriously. This Privacy Notice is designed to tell you about our practices regarding the collection, use and disclosure of personal information which may be collected in person from you, obtained via our website (www.crossbordercapitalfinance.com) or collected through other means such as by an online form, email, or telephone communication. This privacy notice applies to our clients and third parties but does not apply to information we hold in relation to our staff and contractors.
This notice applies to personal information provided by our clients, their staff, and any third party suppliers (including our clients’ other advisers) whose data we process. In this notice “you” refers to any individual whose personal data we hold or process. This notice is governed by the EU General Data Protection Regulation (the “GDPR”).
This notice may be updated from time to time.
Personal data we collect and how we process this data
Below we have set out the categories of data we collect, the legal basis we rely on to process the data and how we process the data:
- Contact information for our clients and their staff such as names, job titles, email addresses, phone numbers, addresses (“Contact Information”). We process this information when we communicate with our client or provide services to our client on the basis of the performance of our contract with you or on the basis of our legitimate interest in providing our services to our clients.
- Contact information which we hold because you are a third party relevant to the services we provide to our clients (you may for example be a lawyer, accountant or other professional) (“Third Party Contact Information”). We process this information when we provide services to our clients on the basis of the performance of our contract with you or on the basis of our legitimate interest in providing our services to our clients.
- Financial information which we hold in the context of providing services to our clients (“Financial Information”). We process this information when we provide services to our clients on the basis of the performance of our contract with you or on the basis of our legitimate interest in providing our services to our clients.
- Demographic information such as postcodes, preferences and requirements (“Demographic Information”). We process this information when we provide services to you on the basis of the performance of our contract with you and on the basis of our legitimate interest in providing our services to our clients.
- Cookie Information. A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We process Cookie Information in order to improve or communicate with you about our products and services or in order to customise the website according to your personal interests, on the basis of our legitimate interests in communicating with you about our services or on the basis that you have consented to receive the information.
- A record of any correspondence or communication between you and us (“Communication Information”). We process this information when we monitor our relationship with you and provide services to you on the basis of the performance of our contract with you and on the basis of our legitimate interest in providing our services to our clients.
- Marketing information we may hold about you in order to provide information about our services. This may include names, job titles, email addresses, phone numbers, addresses, and other information (“Marketing Information”). We process this information in order to improve or communicate with you about our products and services, for market research purposes or in order to customise our services, on the basis of our legitimate interests in communicating with you about our services or on the basis that you have consented to receive the information.
We will collect information either from you directly or from a third party (for instance an introducer). If we do obtain your personal data from a third party your privacy rights under this notice are not affected and you are still able to exercise the rights contained within this notice.
Our current data retention policy is to delete or destroy (to the extent we are able to) personal data after the following periods:
- Contact Information, Financial Information, Communication Information, Third Party Contact Information and records relating to a contract with us – 7 years from either (i) the end of the contract or (ii) the date you, your employer or our applicable client last used our services.
- Marketing records – 3 years from the last date on which you have interacted with us.
For any category of personal data not specifically defined in this section or notice, and unless otherwise specified by applicable law, the required retention period for any personal data will be deemed to be 3 years from the date of receipt by us of that data. The retention periods stated in this notice can be prolonged or shortened as may be required (for example, in the event that legal proceedings apply to the data or if there is an on-going investigation into the data).
Sharing your information
We may disclose information to third parties in the following circumstances:
- If we are engaged to provide professional services we may work with other professionals and providers in delivering our services, this may include lawyers, accountancy advisers and other professional advisers;
- If we are representing or providing services to a client, we may disclose certain personal information in the context of a transaction for instance to lawyers, counterparties and other professional advisers;
- Where we need to process personal data to provide our services, we may include some personal data in our deliverables;
- we may disclose information to our group companies;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime);
- in order to enforce any terms and conditions or agreements for our services that may apply;
- as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, but we will take steps with the aim of ensuring that your privacy rights continue to be protected;
- to protect our rights, property and safety, or the rights, property and safety of our users or any other third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
If we do supply your personal information to a third party we will take steps to ensure that your privacy rights are protected and that such third party complies with the terms of this notice.
We will take all reasonable steps to ensure that appropriate technical and organisational measures are carried out (including suitable physical, electronic and managerial procedures) in order to safeguard the information we collect from you and protect against unlawful access and accidental loss or damage.
Your privacy rights
With respect to your personal data, you have the right to:
- request that your personal data will not be processed;
- ask for a copy of any personal data that we have about you;
- request a correction of any errors in or update of the personal data that we have about you;
- request that your personal data will not be used to contact you for direct marketing purposes;
- request that your personal data will not be used for profiling purposes;
- request that your personal data will not be used to contact you at all;
- request that your personal data be transferred or exported to another organisation, or deleted from our records; or
- at any time, withdraw any permission you have given us to process your personal data
All requests or notifications in respect of your above rights may be sent to us in writing at the contact details listed below. We will endeavour to comply with such requests as soon as possible but in any event we will comply within one month of receipt (unless a longer period of time to respond is reasonable by virtue of the complexity or number of your requests).
If personal data we hold about you is subject to a breach or unauthorised disclosure or access, we will report this to the Information Commissioner’s Office (ICO) and/or our data protection manager.
If a breach is likely to result in a risk to your data rights and freedoms, we will notify you as soon as possible.
Transferring your information outside Europe
We will not transfer your personal data in a systematic way outside of the European Economic Area or UK (“EEA”) but there may be circumstances in which certain personal information is transferred outside of the EEA, in particular:
- From time to time, some of our data processors (including server providers), may be based outside of the EEA. In that case, we will ensure we have an agreement in place with such processors to provide adequate safeguards and a copy of such safeguards will be available on request.
- If you are engaged in negotiations or discussions with a party outside the EEA and we are representing you in those negotiations or discussions then we may need to provide certain personal information to that party;
- If you use our services while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with our services;
- We may communicate with individuals or organisations outside of the EEA in providing our services. Those communications may include personal information (such as contact information) for example you may be outside of the EEA when we communicate with you;
- From time to time your information may be stored in devices which are used by our staff outside of the EEA (but staff will be subject to our cyber-security policies).
If we transfer your information outside of the EEA, and the third country or international organisation in question has not been deemed by the EU Commission to have adequate data protection laws, we will provide appropriate safeguards and we will be responsible for ensuring your privacy rights continue to be protected as outlined in this notice.