Privacy & Cookie Policy

Privacy Policy


Data privacy is important to Cavendish and maintaining your trust is our priority. This Privacy Policy explains how we collect and use personal data that we obtain through this website and when you register to use our services, and through other means, such as email, in person or from other third party sources.



  • About this Privacy Policy
  • About Cavendish Corporate Finance LLP
  • Contacting us
  • Data protection principles
  • Information we collect
  • How we use your personal data
  • Email marketing
  • Who we share your personal data with
  • International transfers
  • Security of your personal data
  • How long we keep your personal data
  • Access to and updating your personal data
  • Right to object
  • Your other rights
  • Exercising your rights
  • Links
  • Email monitoring
  • Complaints
  • Changes to our Privacy Policy



This Privacy Policy applies when you visit our website (and any mobile site or applications that link to this Privacy Policy) (collectively, the “Sites”). It also applies where we are in contact with you in other ways whether in your capacity as an individual or as director, shareholder, partner, employee or other representative of a company or other organisation.



We are Cavendish Corporate Finance LLP, a limited liability partnership registered in England and Wales under number OC333044, with its registered office at 1 Bartholomew Close, London, EC1A 7BL (“Cavendish”, “we”, “our”, and “us”).

We are registered with the UK Information Commissioner’s Office (“ICO”) under registration number Z1276551.

Cavendish Corporate Finance LLP is authorised and regulated by the Financial Conduct Authority (“FCA”) with Firm Reference Number 474794.



If you have any questions about our privacy policy or your information, or to exercise any of your rights as described in this privacy policy or under data protection laws, you can contact us:

By post:              The Privacy Manager, Cavendish Corporate Finance LLP, 1 Bartholomew Close, London, EC1A 7BL

By telephone:    +44 (0)20 7220 0500

By email:  



Cavendish adheres to the following principles when processing your personal data:

  1. Lawfulness, fairness and transparency – data must be processed lawfully, fairly and in a transparent manner.
  2. Purpose limitation – data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  3. Data minimisation – data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  4. Accuracy – data must be accurate and, where necessary, kept up to date.
  5. Storage limitation – data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  6. Integrity and confidentiality – data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage by using appropriate technical or organisational measures.



Information you provide us

You may provide us with personal data when you are introduced to us, when we meet you in person, or when we are in contact by phone, email, via the Sites and when you register on the Sites or otherwise.

The categories of personal data you provide includes:

  • first and last name;
  • job title and company name;
  • email address;
  • phone number;
  • postal address;
  • demographic information;
  • password to register and use restricted parts of the Sites.

Information we collect from third parties

We collect most of this information from you directly. We also work in conjunction with third parties (including, for example, business partners, professional advisors, search information providers, credit reference agencies) and may receive information about you from them.

We also collect information about you:

  • from publicly accessible sources, e.g. Companies House;
  • from third party sources of information, e.g. client due diligence providers;
  • which you have made public on websites associated with you or your company or on social media platforms such as LinkedIn;
  • from a third party, e.g. a person who has introduced you to us or other professionals (such as solicitors) you may engage.

Information we collect online

If you interact with us online, we use cookies and other technological tools to collect information about your device and your use of our Sites, such as your device’s IP address, your user ID and session identifiers, what pages your device visited, and the time that your device visited our Site.

For more information on cookies, please see our Cookie Policy, below.

Sensitive personal data

We do not generally seek to collect sensitive (or special categories of) personal data on the Sites. Sensitive personal data is defined by data protection laws to include personal data revealing a person’s racial or ethnic origin, religious or philosophical beliefs, or data concerning health. If we do collect sensitive personal data, we will ask for your explicit consent to our proposed use of that information at the time of collection.


The Sites are not intended for or directed at children under the age of 16 years and we do not knowingly collect data relating to children under this age.



The purpose for which we use and process your information (excluding sensitive personal data) and the legal basis on which we carry out each type of processing is explained below.

Purposes for which we will process the information and legal basis for the processing

To enter into and performs contracts with you.

  • It is necessary for us to process your personal data in this way in order to enter into a contract with you and to fulfil our contractual obligations to you.

To provide you with information and services that you request from us.

  • It is in our legitimate interests to respond to your queries and provide any information requested in order to generate and develop business. To ensure we offer a good and responsive service, we consider this use to be proportionate and will not be prejudicial or detrimental to you.

To enable you to register on our Sites and access restricted areas, and sign up to our e- newsletters and Valuation Calculator.

  • It is in our legitimate interests to provide our services to you and to register you at your request.

To send you e-newsletters and marketing communications concerning Cavendish, market developments or notifications we believe may be of interest to you.

  • It is in our legitimate interests to market our services. We consider this use to be proportionate and will not be prejudicial or detrimental to you.
  • You can always opt-out of receiving direct marketing-related email communications or text messages by sending us an email or by following the unsubscribe link.

To invite you to seminars, events, or other functions we believe may be of interest to you.

  • It is in our legitimate interests to market our services. We consider this use to be proportionate and will not be prejudicial or detrimental to you.
  • You can always opt-out of receiving direct marketing-related email communications or text messages by sending us an email or by following the unsubscribe link.

To populate our database which we use for marketing purposes.

  • It is in our legitimate interests to market our services. We endeavour to ensure that the contacts in our database are relevant and up-to-date. We consider this use to be proportionate and will not be prejudicial or detrimental to you.
  • You can always opt-out of receiving direct marketing-related email communications by sending us an email or following the unsubscribe link.

To enforce the terms and conditions and any contracts entered into with you.

  • It is in our legitimate interests to enforce our terms and conditions of service. We consider this use to be necessary for our legitimate interests and proportionate.

To send you information regarding changes to our policies, other terms and conditions and other administrative information.

  • It is in our legitimate interests to ensure that any changes to our policies and other terms are communicated to you. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you.

To administer the Sites including troubleshooting, data analysis, testing, research, statistical and survey purposes; to improve the Sites to ensure that content is presented in the most effective manner for you and your computer, mobile device or other item of hardware through which you access the Sites; and to keep the Sites safe and secure.

  • For all these categories, it is in our legitimate interests to continually monitor and improve our services and your experience of the Sites and to ensure network security. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you.

Where we rely on legitimate interests as a lawful basis, we will carry out a balancing test to ensure that your interests, rights and freedoms do not override our legitimate interests.

If you do not wish to provide us with your personal data and processing such information is necessary for the performance of a contract with you, we may not be able to perform our obligations under the contract between us.

Cavendish will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you in a timely manner and we will explain the legal basis which allows us to do so.



For email marketing to an individual subscriber (that is, a non-corporate email address) with whom we have not previously engaged as a client, we need your consent to send you unsolicited email marketing.

Where you provide consent, you can withdraw your consent at any time, but without affecting the lawfulness of processing based on consent before its withdrawal.

You have the right to opt out of receiving email marketing communications from us at any time by:

  • contacting our Privacy Manager using the contact details set out above; or
  • using the “unsubscribe” link in emails; or
  • sending us an email.



We respect your privacy and will not share your personal data with third parties except as provided in this Privacy Policy.

We share your information where required to allow us to provide the services that you have requested, in particular:

  • to enable you to gain access to restricted parts of the Sites;
  • to enable us to provide or for you to receive and/or pay for a service;
  • to enable you to receive information you have requested to be sent to you;
  • in order to fulfil a request you may have made.

We share your information with the following third parties:

  • with Cavendish directors, staff and consultants based in the UK;
  • with other professional advisors;
  • with our third party data processors and service providers who assist with the running of the Sites and our services including marketing and IT support services such as data storage/back up services and disaster recovery.

Our third party processors and service providers are subject to security and confidentiality obligations and are only permitted to process your personal data for specified purposes and in accordance with our instructions.

In addition, Cavendish may disclose information about you in the following circumstances:

  • if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation, for instance, we may disclose personal data to the FCA and to any other regulatory authority to which we are subject and to any investment exchange on which we may deal or to its related Clearing House (or to investigators, inspectors or agents appointed by them), or to any person in power to require such information pursuant to any legal enactment;
  • in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  • if all or substantially all of Cavendish’s assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
  • if necessary to protect the vital interests of a person; and
  • to enforce or apply our terms and conditions or to establish, exercise or defend the rights of Cavendish, our staff, customers or others.



To deliver services to you, it is sometimes necessary for us to transfer and store your personal data outside the European Economic Area (“EEA”) as follows:

  • with our service providers located outside the EEA;
  • if you are based outside the EEA;
  • where there is an international aspect to the Services we have been asked to provide.

Where personal data is transferred to and stored outside the EEA, we take steps to provide appropriate safeguards to protect your personal data, including:

  • transferring your personal data to a country, territory, sector or international organisation which the European Commission has determined ensures an adequate level of protection, as permitted under Article 45(1) GDPR;
  • entering into standard contractual clauses approved by the European Commission, obliging recipients to protect your personal data as permitted under Article 46(2)(c) GDPR;
  • under the EU-U.S. Privacy Shield Framework which enables U.S. businesses to self- certify as a means of complying with EU data protection laws.

In the absence of an adequacy decision or of appropriate safeguards as referenced above, we will only transfer personal data to a third country where one of the following applies (as permitted under Article 49 GDPR)):

  • the transfer is necessary for the performance of our contractual engagement with you;
  • the transfer is necessary for the establishment, exercise or defence of legal claims; or
  • you have provided explicit consent to the transfer.

If you want further information on the specific mechanism used by us when transferring your personal data out of the EEA, please contact our Privacy Manager using the details set out above.



We use industry standard physical and procedural security measures to protect information from the point of collection to the point of destruction. This includes encryption, firewalls, access controls, policies and other procedures to protect information from unauthorised access.

Where data processing is carried out on our behalf by a third party, we take steps to ensure that appropriate security measures are in place to prevent unauthorised disclosure of personal data.

Despite these precautions, however, Cavendish cannot guarantee the security of information transmitted over the Internet or that unauthorised persons will not obtain access to personal data. In the event of a data breach, Cavendish have put in place procedures to deal with any suspected breach and will notify you and any applicable regulator of a breach where required to do so.



Your personal data will not be kept for longer than is necessary for the purposes for which it was collected and processed and for the purposes of satisfying any legal, accounting, or reporting requirements.

The criteria we use for retaining different types of personal data, includes the following:

  • General queries – when you make an enquiry or contact us by email or telephone, we will retain your information for as long as necessary to respond to your queries. After this period, we will not hold your personal data for longer than 5 years if we have not had any active subsequent contact with you;
  • Direct marketing – where we hold your personal data on our database for direct marketing purposes, we will retain your information for no longer than 5 years if we have not had any active subsequent contact with you.
  • Legal and regulatory requirements – we may need to retain personal data for up 7 years after we cease providing services and products to you where necessary to comply with our legal obligations, resolve disputes or enforce our terms and conditions.



Access to and updating your personal data

You have the right to access information which we hold about you. If you so request, we shall provide you with a copy of your personal data which we are processing (“data subject access request”). We may refuse to comply with a subject access request if the request is manifestly unfounded or excessive or repetitive in nature.

You may also have the right to receive personal data which you have provided to us in a structured and commonly used format so that it can be transferred to another data controller (“data portability”). The right to data portability only applies where your personal data is processed by us with your consent or for the performance of a contract and when processing is carried out by automated means.

We want to make sure that your personal data is accurate and up to date. You have the right to have inaccurate personal data rectified, or completed if it is incomplete. You can update your details or change your privacy preferences by contacting us as provided in “Contacting us” above. We may refuse to comply with a request for rectification if the request is manifestly unfounded or excessive or repetitive.

Right to object

Direct marketing

  • You have the right to object at any time to our processing of your personal data for direct marketing purposes.

Where we process your information based on our legitimate interests

  • You also have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on our legitimate interests. Where you object on this ground, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.


You also have the following rights under data protection laws to request that we rectify your personal data which is inaccurate or incomplete.

In certain circumstances, you have the right to:

  • request the erasure of your personal data erasure (“right to be forgotten”);
  • restrict the processing of your personal data to processing in certain circumstances.

Please note that the above rights are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply. We may refuse a request for erasure, for example, where the processing is necessary to comply with a legal obligation or necessary for the establishment, exercise or defence of legal claims. We may refuse to comply with a request for restriction if the request is manifestly unfounded or excessive or repetitive in nature.

Exercising your rights

You can exercise any of your rights as described in this Privacy Policy and under data protection laws by contacting our Privacy Manager as provided in “Contacting us” above.

Save as described in this Privacy Policy or provided under data protection laws, there is no charge for the exercise of your legal rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or (b) refuse to act on the request.

Where we have reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity.



The Sites may, from time to time, contain links to and from third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and Cavendish does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.



Emails which you send to us or which we send to you may be monitored by Cavendish to ensure compliance with professional standards and our internal compliance policies. Monitoring is not continuous or routine, but may be undertaken where there are reasonable grounds for doing so. Occasional spot checks or audits may also be undertaken.



If you have any questions or complaints regarding our Privacy Policy or practices, please contact our Privacy Manager as provided in “Contacting Us” above.

You have the right to make a complaint at any time with a supervisory authority, in particular in the EU (or EEA) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is ICO who can be contacted at or telephone on 0303 123 1113.



From time to time, we may change this Privacy Policy. The current version of this Policy will always be available from us in hard copy or on the Sites. We will post a prominent notice on the Sites to notify you of any significant changes to this Policy or update you by other appropriate means.

Updated and effective as of 16 March, 2020.



Cookie Policy


We use cookies and similar tools across our websites to improve their performance and enhance your user experience. This policy explains how we do that.



Cookies are small text files which a website may put on your computer or mobile device when you first visit a site or page. The cookie will help the website, or another website, to recognise your device the next time you visit. Web beacons or other similar files can also do the same thing. We use the term “cookies” in this policy to refer to all files that collect information in this way.



There are many functions cookies serve. For example, they can help us to remember your username and preferences, analyse how well our website is performing, or even allow us to recommend content we believe will be most relevant to you.

Certain cookies contain personal information – for example, this website uses a cookie that stores your Member ID to avoid asking for login info each time you visit. Most cookies won’t collect information that identifies you, and will instead collect more general information such as how users arrive at and use our websites, or a user’s general location.



Generally, our cookies perform one of three different functions:

  1. Essential cookies

Some cookies are essential for the operation of our website. For example, some cookies allow us to identify customers and ensure they can access any customer only pages. If a subscriber opts to disable these cookies, the user will not be able to access all of the content that they are entitled to.

  1. Performance Cookies

We utilise other cookies to analyse how our visitors use our websites and to monitor website performance. This allows us to provide a high quality experience by customising our offering and quickly identifying and fixing any issues that arise. For example, we might use performance cookies to keep track of which pages are most popular, which method of linking between pages is most effective, and to determine why some pages are receiving error messages. We might also use these cookies to highlight articles or site services that we think will be of interest to you based on your usage of the website.

  1. Functionality Cookies

We use functionality cookies to allow us to remember your preferences. For example, cookies save you the trouble of typing in your username every time you access the site, and recall your customisation preferences, such as which regional edition of the website you want to see when you log in.

We also use functionality cookies to provide you with enhanced services such as allowing you to watch a video online or comment on a blog.

We use cookies for analytics. We like to keep track of, for example, what information and links are popular and which ones don’t get used as much. This helps us keep our information relevant and up to date. It’s also useful to be able to identify trends of how people find their way through our information as well as when and where an error message may originate from.

Analytics cookies are used to gather this information. The information collected is grouped with the information from everyone else’s cookies. We can then see the overall patterns of usage rather than any one person’s activity. These ‘analytics’ cookies are used to improve how a website and its pages work.

We use or allow third parties to serve cookies that fall into the categories above. For example, like many companies, we use outside vendors (e.g. Google Analytics, Lead Forensics) to help us monitor our website traffic. We may also use third party cookies to help us with market research, revenue tracking, improving site functionality and monitoring compliance with our terms and conditions and copyright policy.



We reserve the right to amend Cookies Notice at any time, for any reason, without notice to you, other than the posting of the amended Cookies Notice at our site. We will make all reasonable endeavours to notify you of any changes. We may also e-mail periodic reminders of notices to our registered customer database. Nevertheless, you should check here regularly to see the current Cookies Notice that is in effect and any changes that may have been made to it.



Cavendish has appointed a Privacy Manager to ensure we protect personal data of our customers. If you have any questions, please contact our Privacy Manager at and we will do our best to help.


This document was last updated on 16 March 2020.

Get in touch

Thank you. We will be in touch soon

There was an error with the form. Please check and try again.