This Privacy Notice explains how Griffen Capital ltd (“the Company”) collects, uses and discloses your personal data, and your rights in relation to the personal data it holds.
In this Privacy Notice, “us”, “we” and “our” refers to the Company. “Group” refers to other companies throughout the UK that form part of the Griffen group of companies.
The Company is the data controller of your personal data and is subject to the Data Protection Act 1998 (“DPA”) and, once in force, amendments to the DPA to incorporate legislation equivalent to EU Regulation 2016/679 (the “GDPR”) into UK law.
We may amend this Privacy Notice from time to time, to reflect any changes in the way that we process your personal data. This Privacy Notice supersedes any previous version of this notice with which you may have been provided or of which you have had sight before the date stated below as well as anything to the contrary contained in any agreement with us.
All enquiries in respect of this Privacy Notice should be directed to the Privacy Officer using the following email: email@example.com .
How we collect your data
We may collect your personal data in a number of ways, for example:
- From the information you provide to us when you meet with an employee or employees of one of our Group companies;
- When you communicate with us or when we communicate with you by telephone, fax, email or other forms of electronic communication. In this respect, we may monitor, record and store any such communication;
- Information contained within client on‐boarding documents relating to a service setup for your benefit by you, or another person on your behalf;
- From other companies in our Group;
- From your agents, advisers and employees of firms with which you are associated;
- From publicly available sources or from third parties where we need to conduct background checks about you.
The categories of the data we collect
- Contact details (including names, postal addresses, email addresses and telephone numbers);
- Information required for the Group to meet legal and regulatory requirements, in particular in respect of anti-money laundering legislation, including information on source of funds and source of wealth;
- Information provided in the course of the provision of our services (for example, information on professional relationships and background, financial wealth and assets held, transactions entered into, tax status and other matters);
- Financial information, such as payment related information;
- Professional interests and events attended;
- Meetings attended and visits to our offices;
- Any other information you may provide to us.
The basis for processing your data other than with your consent, how we use that data and whom we share it with
We use data (including personal data of individuals) for the following purposes and the below also confirms the lawful basis we are relying on in each case.
The provision of data to one entity in the Group may result in that data being accessible by all other members of the Group. Reasonable endeavours are made to ensure that data is only accessible by those with a need for access to fulfil the purposes set out above.
The following is a list of potential recipients of data (in each case including respective employees, directors and officers):
- Other members of the Group;
- Other providers of services (legal, governance or otherwise, including any bank or financial institution) where disclosure to that provider of services is considered necessary to fulfil the purposes set out above;
- Any sub-contractors, agents or service providers of the Group;
- Courts or tribunals;
- Third parties with whom the Group engages for the hosting of events or other marketing initiatives;
- Law enforcement agencies where considered necessary for the Group to fulfil legal obligations applicable to it;
- Regulators or other governmental or supervisory bodies with a legal right to the material or a legitimate interest in any material;
- Any registrar of a public register where the data is to be included in a public registry;
Where the Group is entering into an engagement with a third party pursuant to which data may be processed by that third party, we will seek to enter into an agreement with that third party setting out the respective obligations of each party and will seek to be reasonably satisfied that the third party has measures in place to protect data against unauthorised or accidental use, access, disclosure, damage, loss or destruction.
In the event that any such third party is outside of the European Union and where the data being transferred would include personal data which would be protected under applicable Data Protection regulation we will ensure we meet the relevant requirements of that Data Protection regulation prior to carrying out any such transfer.
Rights of Data subjects
Data subjects in the UK (or any jurisdiction with equivalent legislation to the GDPR) have certain rights in respect of their personal data.
Any such data subject wishing to exercise any rights under applicable data protection laws (including the right to withdraw any consent to processing previously given; the right of access to data; or to have data corrected, updated, rectified or erased; or for access to data to be restricted or provided to any third party; or to object to any particular processing) should send the request to our Privacy Officer using the following email: firstname.lastname@example.org .
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply. You can find out more about your rights under data protection legislation at https://ico.org.uk/ .
If you are not satisfied with how we are processing your personal data, you can make a complaint to the Office of the Information Commissioner at https://ico.org.uk/ .
We automatically collect statistical data about usage patterns on our website. This information is not used to identify any individual. It is only collected to provide us with an understanding of the areas of interest on our site and kept only for as long as required for this purpose.
Retention of your data
We may retain your personal data for a maximum period of 10 years after the termination of our relationship with you in order to meet our regulatory and legal obligations.
Changes to this Privacy Notice
We keep this Privacy Notice under review and any updates will appear on our website at www.griffen.co.uk .
We last updated this Privacy Notice on 18th May 2018.