Latest update: June 2018
About Corporate Finance Limited (“ACF”), a data controller, is committed to protecting your personal data and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide us, will be processed by us. Please read the following carefully; it will help you to understand how we use your personal data.
2. What is Personal Data?
Personal data means any information about you from which you can be identified. Examples of personal data include your name, home address, national insurance number, date of birth, telephone number and e-mail address but also electronic location data and other online identifiers.
3. What information do we collect?
When you visit our website, use our services, make an enquiry, meet us at events or under the terms of a contract, you may be asked to provide personal data. You are under no obligation to provide such information.
When you visit our website, we may also collect other information including the pages you view, the links you click, the files you download, the search criteria used, and other actions taken on the website. Additionally, we may collect certain information that your browser or mobile device sends to every website you visit, such as your IP address, operating system, geographic location, browser type and language, access times and referring Web site addresses.
Once you are on our database, we may also record details of any ACF marketing lists to which you have subscribed or unsubscribed, mailings we have sent to you, hyperlinks you have followed in our email marketing messages and/or event invitations sent to you and your response.
4. How is the information used?
We only obtain and process personal data for a specific purpose. We are only able to use your personal data if we have a proper legal reason or basis for doing so. Most commonly we will use your information in the following ways:
- We have a contract with you.
- We have a legal obligation.
- We, or a third party, have a legitimate interest in processing the data and your interests and fundamental rights do not override those interests.
- We have received your consent.
The table below sets out the ways we plan to use your personal data and the legal bases we rely on to do so.
|To respond to new enquiries from potential clients or their agents.||Legitimate interests – to develop and grow our business.|
|register you as a new To client||To fulfil our contract with you.|
|To provide ongoing services.||To fulfil our contract with you.|
|To meet our regulatory and legal obligations.||To comply with Money laundering Regulations, Know your Customer checks, legal duties to prevent financial crime and other regulatory obligations.
Legitimate interests – to keep our records updated, manage complaints or conflicts.
|To send communications, e.g. to||Legitimate interests – to develop our services and grow our business
Consent - obtained for all personal rather than corporate email addresses.
|To use data analytics to improve our website and our services||Legitimate interests – to keep our website relevant and updated, to develop our business and inform our marketing strategy|
|To recruit new employees||Legitimate interests – to recruit new staff and grow our business.|
|To fulfil general HR and finance administration including payroll and benefits for current employees.||To fulfil employee contracts.
Legitimate interests – to manage our business and keep our records updated.
To comply with HMRC requirements.
We may also process your personal data on the basis that is necessary for our legitimate interest in the effective management and running of our firm which may include (but is not limited to):
- To engage suppliers and contractors;
- To facilitate, make and receive payments.
- To ensure the secure management and storage of your personal data within our IT environment and hard copy filing systems;
To ensure our premises are secure and running efficiently;
- For insurance purposes;
- To help measure performance and improve our services;
- To carry out internal reviews, investigations and audits;
- For any other regulatory, legislative, compliance, auditing and reporting requirements.
From time to time we may also ask you to review your contact details and mailing list preferences to ensure that we only send you information which is relevant to you. To ensure we adhere to your instructions and take accurate record of such instructions, we may monitor and record any communication between you and us.
5. To whom might we disclose your personal data?
We may pass your personal data to third parties but only when it is necessary to do so. For instance:
- to fulfil your requirement(s) for our services;
- to process a payment;
- to accountants, auditors, lawyers or similar advisors when we ask them to provide us with professional advice;
- to comply with any legal obligation or regulatory body;
- to investors or other relevant parties in the event of a corporate transaction related to ACF.
Some of our third party service providers we use may be based outside the European Economic Area (“EEA”). We ensure that third parties that we share your data with are GDPR compliant.
We may also disclose your personal data in the course of business to staff in our US office. We take suitable steps to ensure that appropriate data security systems are in place across the whole of the ACF Group.
6. How is the information stored?
We employ appropriate security measures to help protect your Personal Data and guard against access by unauthorised persons. All information you provide us is stored on our secure on-site servers, and off-site hosted servers in certified data centres. We undergo periodic reviews of our security policies and procedures to ensure that our systems are secure and protected. However, as the transmission of information via the Internet is not completely secure we cannot guarantee the security of your information transmitted to our website.
We require any third-party organisations we use to have appropriate security arrangements in place and ensure compliance with GDPR requirements. For instance, our client relationship management system is currently hosted by Rackspace who follow US-Swiss Safe Harbor, Privacy Shield, and ISO27001 certifications and policies, as well as additional security measures. Rackspace’s certifications can be found on their Compliance and Validation page.
7. How long will your Personal Data be retained?
We will only retain your personal data for the length of time required for the specific purpose or purposes that it was collected. However, we may be obliged to keep your personal data for a longer period due to, for example, legal and regulatory obligations, (potential) disputes or guidelines issued by relevant data protection authorities.
A “cookie” is a small piece of data or message that is sent from an organisation's web server to your web browser and is then stored on your hard drive. Cookies can't read data off your hard drive or cookie files created by other sites, and do not damage your system.
To find out more about cookies, including what cookies have been set and how to manage and delete them, visit https://www.allaboutcookies.org.
9. Your rights
You are provided with a number of different rights under GDPR in relation to your personal data. These allow you:
- To access your information;
- To request we correct your information;
- To request that we erase your information;
- To object to the processing of your information;
- To request a restriction in the processing of your information;
- To request a transfer of your information; and
- To withdraw your consent.
If you wish to exercise any of these rights please email email@example.com.
Please note that you will not have to pay a fee to access your personal information or to exercise any of the other rights. We may, however, charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to deal with your request in these circumstances.
We may also need to seek further information from you to confirm your identity before we release any personal information.
10. Contact Us
If you want to request any information about your personal information, please contact us.
Email address: firstname.lastname@example.org
ACF Investment Bank
7-12 Tavistock Square
+44 20 7467 9600
ACF Investment Bank
1900 Avenue of the Stars
+1 424 332 0450
11. How to make a complaint
If you are unhappy with the way in which we have responded to your query, of if you have a further complaint, you can contact The Information Commissioner. The Information Commissioner’s Office (ICO) can be contacted at www.ico.org.uk or on +44 30 3123 1113.