Privacy & Cookie Policy

Privacy Policy
Cavendish Corporate Finance LLP

Data privacy is important to CCF and maintaining your trust is our priority. This Privacy Policy explains how we collect, store, use and share personal data that we obtain through this website or from third party sources and when we are in contact with you by other means, such as on social media, by email or in person.

TOPICS:

 

Privacy & Cookie Policy

Privacy Policy
Cavendish Corporate Finance LLP (“CCF”)

Data privacy is important to CCF and maintaining your trust is our priority. This Privacy Policy explains how we collect, store, use and share personal data that we obtain through this website or from third party sources and when we are in contact with you by other means, such as on social media, by email or in person.

TOPICS:

This Privacy Policy is divided into the following sections:

  • About this Privacy Policy
  • About CCF
  • Contacting us
  • Personal data we collect
  • How we use your personal data
  • Who we share your personal data with
  • International transfers
  • Security of your personal data
  • How long we keep your personal data
  • Your rights
  • Links
  • Complaints
  • Changes to this Privacy Policy

ABOUT THIS PRIVACY POLICY

This Privacy Policy applies when you use our website www.cavendish.com (and any mobile site or applications that link to this Privacy Policy) (collectively, the “Sites”), and where we interact with you in other ways for business purposes.

This Privacy Policy does not apply to personal data you might provide to us, or we might collect, in the context of our providing corporate finance services. Where we are engaged to provide such services, our Client Data Protection Policy will apply (see below).

ABOUT CAVENDISH CORPORATE FINANCE LLP

We are Cavendish Corporate Finance LLP, a limited liability partnership registered in England and Wales under number OC333044, with its registered office at 1 Bartholomew Close, London, EC1A 7BL (“CCF”, “we”, “our”, and “us”).

We are part of the Cavendish Financial plc group of companies (“Cavendish”), which includes Cavendish Corporate Finance LLP. Our parent company is Cavendish Financial plc.

We are the controller of personal data obtained via this website, meaning we are the organisation legally responsible for deciding how and for what purposes it is used. We are registered with the UK Information Commissioner’s Office (“ICO”) under registration number Z1276551.

Cavendish Corporate Finance LLP is authorised and regulated by the Financial Conduct Authority (“FCA”) with Firm Reference Number 474794.

CONTACTING US

If you have any questions about this Privacy Policy or your personal data, or to exercise any of your rights as described in this Privacy Policy or under data protection laws, you can contact us:

By post: The Privacy Manager, Cavendish Corporate Finance LLP, 1 Bartholomew Close, London, EC1A 7BL
By telephone: +44 (0)20 7220 0500
By email: PrivacyManager@cavendish.com

 

PERSONAL DATA WE COLLECT

Personal data you provide us

You may provide us with personal data when you are introduced to us, when we meet you in person, or when we are in contact by phone, email, via the Sites and when you register on the Sites or otherwise.

The categories of personal data you may provide includes:

  • first and last name;
  • job title and company name;
  • email address;
  • phone number;
  • postal address;
  • demographic information;
  • any information, feedback or other matters you give to us by phone, email, post or via social media;
  • password to register and use restricted parts of the Sites.

Personal data we collect from third parties

We collect most of this personal data from you directly. We also work in conjunction with third parties (including, for example, business partners, professional advisors, search information providers, credit reference agencies) and may receive information about you from them.

We also collect personal data about you:

  • from publicly accessible sources, e.g. Companies House;
  • from third party sources of information, e.g. client due diligence providers;
  • which you have made public on websites associated with you or your company or on social media platforms such as LinkedIn;
  • from a third party, e.g. a person who has introduced you to us or other professionals (such as solicitors) you may engage.

Personal data we collect online

If you interact with us via the Sites, we use cookies and other technological tools to collect information about your device and your use of the Sites, such as your device’s IP address, your user ID and session identifiers, what pages your device visited, and the time that your device visited our Sites.

For more information on cookies and similar technologies, please see our Cookies Policy below.

Special category personal data

Certain personal data we collect is treated as a special category to which additional protections apply under data protection law. This includes personal data revealing a person’s racial or ethnic origin, religious or philosophical beliefs, or data concerning health.

We do not generally seek to collect special category personal data on the Sites, but this may be collected if you provide it to us or in the context of us providing our services (for information on this, please see out Client Data Protection Policy). If we collect any special category personal data, we will ensure we are permitted to do so under data protection laws, such as by asking for your explicit consent to our proposed use of that special category personal data at the time of collection or where the processing is necessary to establish, exercise or defend legal claims.

Children

The Sites are not intended for or directed at children under the age of 16 years and we do not knowingly collect data relating to children under this age.

HOW WE USE YOUR PERSONAL DATA

Under data protection law, we can only use your personal data if we have a proper reason, eg:

  • where you have given consent;
  • to comply with our legal and regulatory obligations;
  • for the performance of a contract with you or to take steps at your request before entering into a contract; or
  • for our legitimate interests or those of a third party.

A legitimate interest is when we have a business reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.

The purpose for which we use and process your personal data (excluding special category personal data) and the legal basis on which we carry out each type of processing is explained below.

To enter into and perform contracts with you.

  • It is necessary for us to process your personal data in this way in order to enter into a contract with you and to fulfil our contractual obligations to you.

To provide you with information and services that you request from us.

  • It is in our legitimate interest to respond to your queries and provide any information requested in order to generate and develop business. To ensure we offer a good and responsive service, we consider this use to be proportionate and will not be prejudicial or detrimental to you.

To enable you to register on the Sites and access restricted areas, and sign up to our e- newsletters and blogs.

  • It is in our legitimate interest to provide our services to you and to register you at your request.

To send you e-newsletters, blogs and other marketing communications concerning Cavendish, market developments or notifications we believe may be of interest to you (including inviting you to seminars, events, or other functions we believe may be of interest to you).

  • For email marketing to an individual subscriber (that is, a non-corporate email address) with whom we have not previously engaged as a client, we need your consent to send you unsolicited email marketing. Where you provide consent, you can withdraw your consent at any time, but without affecting the lawfulness of processing based on consent before its withdrawal.
  • Where consent is not required under applicable law (for example, email marketing to a corporate email address, or where we have previously provided services to you and you have not opted out of receiving our marketing communications), it is in our legitimate interests to market our services. We consider this use to be proportionate and will not be prejudicial or detrimental to you.
  • You can always opt-out of receiving direct marketing-related email communications or text messages by sending us an email or by following the unsubscribe link.

To populate our database which we use for marketing purposes.

  • It is in our legitimate interest to ensure that the contacts in our database are relevant and up-to-date. We consider this use to be proportionate and will not be prejudicial or detrimental to you.

To enforce the terms and conditions and any contracts entered into with you.

  • It is in our legitimate interests to enforce our terms and conditions of service. We consider this use to be necessary for our legitimate interests and proportionate.

To send you information regarding changes to our policies, other terms and conditions and other administrative information.

  • It is in our legitimate interest to ensure that any changes to our policies and other terms are communicated to you. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you.

To administer the Sites including troubleshooting, data analysis, testing, research, statistical and survey purposes; to improve the Sites to ensure that content is presented in the most effective manner for you and your computer, mobile device or other item of hardware through which you access the Sites; and to keep the Sites safe and secure.

  • For all these categories, it is in our legitimate interest to continually monitor and improve our services and your experience of the Sites and to ensure network security. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you.

To occasionally monitor emails which you send to us or which we send to you.

  • It is in our legitimate interest to carry out occasional spot checks or audits of such emails to ensure compliance with applicable law and regulation, professional standards and our internal compliance policies.

If you do not wish to provide us with your personal data and processing such personal data is necessary for the performance of a contract with you, we may not be able to perform our obligations under the contract between us.

CCF will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you in a timely manner and we will explain the legal basis which allows us to do so.

WHO WE SHARE YOUR PERSONAL DATA WITH

We respect your privacy and will not share your personal data with third parties except as provided in this Privacy Policy.

We share your personal data where required to allow us to provide the services that you have requested, in particular:

  • to enable you to gain access to restricted parts of the Sites;
  • to enable us to provide or for you to receive and/or pay for a service;
  • to enable you to receive information you have requested to be sent to you;
  • in order to fulfil a request you may have made.

We share your personal data with the following third parties:

  • with our directors, staff and consultants and with other companies for the time being within the Cavendish group of companies, as necessary to carry out the purposes for which the personal data was provided or collected;
  • with our auditors, lawyers, insurance brokers and other professional advisors;
  • with our third party data processors and service providers who assist with the running of the Sites or who provide other services including marketing and IT support services such as website hosts, data storage/back up services and disaster recovery. Our third party processors and service providers are subject to security and confidentiality obligations and are only permitted to process your personal data for specified purposes and in accordance with our instructions.

In addition, CCF may disclose personal data about you in the following circumstances:

  • if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation. For instance, we may disclose personal data to the FCA and to any other regulatory authority to which we are subject and to any investment exchange on which we may deal or to its related Clearing House (or to auditors, inspectors or agents appointed by them), or to any person in power to require such information pursuant to any applicable law;
  • in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets, in which event the recipient of any of your personal data will be bound by confidentiality obligations;
  • if all or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets;
  • if necessary to protect the vital interests of a person; and
  • to enforce or apply our terms and conditions or to establish, exercise or defend our rights or those of our staff, customers or others.

INTERNATIONAL TRANSFERS

To deliver services to you, it is sometimes necessary for us to transfer and store your personal data outside the UK or the European Economic Area (“EEA”) as follows:

  • with our service providers located outside the UK or the EEA;
  • if you are based outside the UK or the EEA;
  • where there is an international aspect to the Services we have been asked to provide.

Where personal data is transferred to and stored outside the UK or the EEA, we take steps to provide appropriate safeguards to protect your personal data, including:

  • transferring your personal data to a country, territory, sector or international organisation which the UK Government has determined ensures an adequate level of protection, as permitted under applicable data protection laws;
  • entering into standard contractual clauses approved by the UK Government, obliging recipients to protect your personal data as permitted under applicable data protection laws;
  • if we cannot or choose not to rely on either of those mechanisms at any time, we will not transfer your personal data outside the UK or the EEA unless we can do so on the basis of an alternative mechanism or exception provided by applicable data protection laws.

If you would like further information about transfers of your personal data out of the UK or the EEA, please contact our Privacy Manager using the details set out under Contacting Us above.

SECURITY OF YOUR PERSONAL DATA

We use industry standard physical and procedural security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. This includes encryption, firewalls, access controls, policies and other procedures to protect personal data from unauthorised access.

We limit access to your personal data to those who have a genuine business need to access it.

Where data processing is carried out on our behalf by a third party, we take steps to ensure that appropriate security measures are in place to prevent unauthorised disclosure of personal data.

Despite these precautions, however, CCF cannot guarantee the security of personal data transmitted over the internet or that unauthorised persons will not obtain access to personal data. We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

HOW LONG WE KEEP YOUR PERSONAL DATA

Your personal data will not be kept for longer than is necessary for the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

The criteria we use for retaining different types of personal data, includes the following:

  • General queries – when you make an enquiry or contact us by email or telephone, we will retain your personal data for as long as necessary to respond to your queries. After this period, we will not hold your personal data for longer than 5 years if we have not had any active subsequent contact with you.
  • Direct marketing – where we hold your personal data on our database for direct marketing purposes, we will retain your personal data for no longer than 5 years if we have not had any active subsequent contact with you.
  • Legal and regulatory requirements – we may need to retain personal data for up 7 years after we cease providing services and products to you where necessary to comply with our legal obligations, resolve disputes or enforce our terms and conditions.

YOUR RIGHTS

Access to your personal data

You have the right to access the personal data which we hold about you. If you so request, we shall provide you with a copy of your personal data which we are processing (“data subject access request”).

Data portability

You have the right to receive any personal data which you provided to us in a structured and commonly used format so that it can be transferred to another data controller in certain circumstances.

Right to object

Direct marketing – you have the right to object at any time to our processing of your personal data for direct marketing purposes.

Where we process your personal data based on our legitimate interests – you also have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on our legitimate interests. Where you object on this ground, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Rectification

We want to make sure that your personal data is accurate and up to date. You have the right to have inaccurate personal data rectified, or completed if it is incomplete.

You can update your details or change your privacy preferences by contacting us as provided in “Contacting us” above.

Erasure (also known as the right to be forgotten)

In certain situations, you can request the erasure of your personal data that we hold.

Restriction of processing

You can request that we restrict the processing of your personal data to processing in certain circumstances.

Right to not be subject to automated individual decision making

You have the right to not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. We do not make any such decisions based on data collected by our Sites.

Exercising your rights

You can exercise any of your rights as described in this Privacy Policy and under data protection laws by contacting our Privacy Manager as provided in “Contacting us” above.

Please note that the above rights are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply.

Save as described in this Privacy Policy or provided under data protection laws, there is no charge for the exercise of your legal rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or (b) refuse to act on the request.

Where we have reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity.

LINKS

The Sites may, from time to time, contain links to and from third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and Cavendish does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

COMPLAINTS

If you have any questions or concerns regarding our Privacy Policy or practices, please contact our Privacy Manager as provided in “Contacting Us” above. We hope we will be able to resolve any issues you may have.

You also have the right to make a complaint at any time to the UK Information Commissioner’s Office who can be contacted using the details at https://ico.org.uk/make-a-complaint or by telephone on 0303 123 1113.

CHANGES TO OUR PRIVACY POLICY

From time to time, we may change this Privacy Policy and so you should review this page periodically. The current version of this Policy will always be available from us in hard copy or on the Sites.

If we make any material changes to this Privacy Policy, we may notify you by email or by means of a prominent notice on the Sites to notify you of any such changes to this Policy or update you by other appropriate means.

Updated and effective as of 8 September 2023.

 

 

Client Data Protection Policy

 

Data privacy is important to CCF and maintaining your trust is our priority. This Policy explains how we collect, store, use and share personal data that we obtain when providing our services to our actual or prospective clients.

  1. ABOUT THIS POLICY
  • In the course of our acting for you, we may receive information relating to you, your directors, shareholders, beneficial owners, employees, agents, associates and family members. In this Policy, we refer to this information as “personal data”. References in this Policy to “you” or “your” are references to our actual or prospective client and the individuals whose personal data we process in connection with providing our services.
  • This Policy also applies to our processing of personal data of individuals who could be (or could be the employees or staff of) counterparties in transactions involving our actual or prospective clients.
  • This Policy describes the personal data that we collect and sets out the basis on which we will process this personal data. Please read the Policy carefully to understand our practices regarding personal data and how we will use it.
  • This Policy can be accessed on our website but is not our Website Privacy Policy or Cookie Policy. Our Website Privacy Policy and Cookie Policy are accessible below and at Privacy & Cookie Policy | finnCap Cavendish

 

  1. ABOUT CAVENDISH CORPORATE FINANCE LLP
  • We are Cavendish Corporate Finance LLP, a limited liability partnership registered in England and Wales under number OC333044, with its registered office at 1 Bartholomew Close, London, EC1A 7BL.
  • We are also known as CCF and we are part of the Cavendish group of companies, which includes Cavendish Capital Markets Limited and Cavendish Securities plc. Our parent company is Cavendish Financial plc.
  • We are the controller of your personal data, meaning we are the organisation legally responsible for deciding how and for what purposes it is used. We are registered with the UK Information Commissioner’s Office (“ICO”) under registration number Z1276551.
  • Cavendish Corporate Finance LLP is authorised and regulated by the Financial Conduct Authority (“FCA”) with Firm Reference Number 474794.
  • References in this Policy to “CCF”, “we”, “our” and “us” are references to Cavendish Corporate Finance LLP.
  1. CONTACTING US
  • If you have any questions about this Policy or your personal data, or to exercise any of your rights as described in this Policy or under applicable data protection laws, you can contact us as follows:

By post:   The Privacy Manager, Cavendish Corporate Finance LLP, 1 Bartholomew Close, London, EC1A 7BL

By email: PrivacyManager@cavendish.com

By telephone:         +44 (0)20 7220 0500

  1. PERSONAL DATA WE COLLECT
  • We collect the personal data as necessary to enable us to carry out your instructions, to manage and operate our business and to comply with our legal and regulatory obligations.
  • The personal data that we collect includes, but is not limited to, the following:
  • your name;
  • home and business address;
  • contact details (such as telephone numbers and email address);
  • date of birth;
  • gender;
  • marital status;
  • copies of passport, national identity card, driving licence, utility bills, bank statements and similar documents;
  • business and professional qualifications and experience;
  • immigration status and work permits;
  • financial details;
  • other personal data contained in correspondence and documents which you may provide to us;
  • data from building access controls; and
  • information we obtain from our IT and communications monitoring.

 

  • If you do not provide any personal data that we ask for and that we need to enable us to carry out your instructions, it may delay or prevent us from providing our services to you.
  • Where you provide personal data relating to your directors, shareholders, beneficial owners, employees, agents, associates or family members you confirm that you are authorised to provide this personal data to us. It is not always reasonably practicable for us to provide to these individuals the information set out in this Policy. Accordingly, where appropriate, you are responsible for providing this information to any such individuals.
  1. HOW YOUR INFORMATION IS COLLECTED
  • We collect your personal data:
    • directly from you when you interact with us in connection with the services that we provide; or
    • from your company or other third parties with whom we deal in order to provide our services.
  • However, we also collect personal data:
    • from publicly accessible sources, e.g. Companies House, social media for professional networking such as LinkedIn;
    • directly from a third party, e.g. client due diligence providers;
    • from a third party with your consent, e.g.:
  • your bank or building society, or other financial institution or advisor;
  • consultants and other professionals you may engage; and
  • your employer, professional body or pension administrators.

 

  • via our website, mobile sites, or applications – we use cookies on our website and mobile sites and applications (for more information on cookies, please see our cookie policy below and https://www.finncapcavendish.com/cookie-policy).
  • via our information technology systems, e.g.:
  • online customer relationship and document management systems; and
  • building access control systems and reception logs.

 

  1. HOW AND WHY WE USE YOUR PERSONAL DATA
  • Our use of your personal data is subject to your instructions, data protection laws and our professional duty of confidentiality. We will only process your personal data if we have a legal basis for doing so, including where:
    • processing is necessary for the performance of our contractual engagement with you: this relates to all personal data we reasonably need to process to carry out your instructions and provide our services to you;
    • processing is necessary for compliance with a legal obligation to which we are subject: this relates to our legal obligations in relation to, for example, anti-money laundering; and
    • processing is necessary for the purposes of the legitimate interests pursued by us, our client or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms: this relates to our processing for marketing purposes, for our management, accounting and administration purposes and for data security.
  • The table below further explains the purposes for which CCF will use your personal data (excluding special categories of personal data) and our legal basis for doing so:
Purposes for which we will process the personal data Legal basis for the processing
To provide our services to you and to carry out associated administration and accounting in connection with our services. Where you are the client, for the performance of our contract with you or to take steps at your request before entering into a contract.

Where you are not the client, it is in our legitimate interests to carry out our client’s instructions and perform our contract with our client.

To comply with our legal and regulatory obligations.

In connection with the provision of our services, other processing necessary to comply with our professional, legal and regulatory obligations. For the performance of our contract with you or to take steps at your request before entering into a contract.

To comply with our legal and regulatory obligations.

To comply with our anti-money laundering requirements, relevant anti-money laundering regulations, and preventing money laundering, terrorist financing and market abuse. To comply with our legal and regulatory obligations.
To comply with our internal business policies. It is in our legitimate interests or those of a third party to adhere to our own internal procedures so that we can deliver an efficient service to you. We consider this use to be necessary for our legitimate interests and proportionate.
For operational reasons, such as improving efficiency, training and quality control. It is in our legitimate interests to be as efficient as we can so we deliver the best service for you.
To prevent unauthorised access and modifications to our systems. It is in our legitimate interests to prevent and detect criminal activity that could be damaging for CCF and for you.

To comply with our legal and regulatory obligations.

For updating client records. For the performance of our contract with you or to take steps at your request before entering into a contract.

To comply with our legal and regulatory obligations.

For marketing our services, and notifying you by email, telephone, post or SMS about important financial developments and services which we think you may find valuable, for sending you newsletters, invitations to seminars and similar marketing. We may also disclose personal data to third parties providing marketing services to us, or with whom we are conducting joint marketing exercises. It is in our legitimate interests to market our services. We consider this use to be proportionate and will not be prejudicial or detrimental to you.

You have the right to opt out of receiving direct marketing communications from us at any time – see further section 9 below.

To carry out credit reference checks. It is in our legitimate interests to carry out credit control and to ensure our clients are likely to be able to pay for our services.
External audits and quality checks, e.g. the audit of our accounts.

 

It is in our legitimate interests to carry out quality checks and audit to ensure that we operate at the highest standards.

To comply with our legal and regulatory obligations.

Monitoring of emails and telephone calls with us as well as Teams and Bloomberg messages. We also record telephone calls as evidence of your orders or instructions. It is in our legitimate interest to carry out occasional spot checks or audits of such emails and telephone calls to ensure compliance with professional standards and our internal compliance policies and for training and quality control.

To comply with our legal and regulatory obligations including in relation to prevention of market abuse.

 

  • Where we request personal data to identify you for compliance with anti-money laundering regulations, we shall process such information only for the purposes of preventing money laundering or terrorist financing, or as otherwise set out in this Policy or permitted by law.
  • A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. Where we rely on legitimate interests as a lawful basis, we will carry out a balancing test to ensure that your rights and interests do not override our legitimate interests.
  • Where you provide consent, you can withdraw your consent at any time and free of charge, but without affecting the lawfulness of processing based on consent before its withdrawal. You can update your details or change your privacy preferences by contacting our Privacy Manager as provided in “Contacting us” above.
  • CCF will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you in a timely manner and we will explain the legal basis which allows us to do so.
  • CCF acts as a data controller in relation to the processing of personal data as set in this Policy. However, in some circumstances we may process personal data on behalf of our client as a data processor for the purposes of data protection laws. Where we process any personal data on behalf of our client as data processor, the terms set out in our data processing addendum, a copy of which is available on request from our Privacy Manager (see Contacting Us above), shall apply.
  1. SPECIAL CATEGORIES OF PERSONAL DATA
  • Certain personal data we collect is treated as a special category to which additional protections apply under data protection law. This includes personal data revealing a person’s racial or ethnic origin, religious or philosophical beliefs, or data concerning health.
  • We do not generally seek to collect special category personal data, but this may be collected if you provide it to us or where necessary in the context of us providing our services.
  • We process special categories of personal data for the purposes as set out in the table at section 6.2 above, which also details the corresponding legal basis we rely on to process the personal data for each purpose. In addition, we are required under data protection laws to meet a further condition to have the right to use certain special categories of personal data, such as:
    • by asking for your explicit consent to our proposed use of that special category personal data at the time of collection, or
    • where the processing is necessary for reasons of substantial public interest (such as compliance with regulatory requirements relating to unlawful acts and dishonesty), or
    • where the processing is necessary to establish, exercise or defend legal claims.
  1. DATA RELATING TO CRIMINAL CONVICTIONS & OFFENCES
  • We also collect, store and otherwise process personal data relating to criminal convictions and offences (including the alleged commission of offences).
  • We process this data for the purposes as set out in the table at section 6.2 above, which also details the corresponding legal basis we rely on to process the personal data for each purpose. In addition, we are required under data protection laws to meet a further condition to have the right to use personal data relating to criminal convictions and offences, such as:
    • by asking for your explicit consent to our proposed use of personal data relating to criminal convictions and offences at the time of collection, or
    • where the processing is necessary for reasons of substantial public interest (such as compliance with regulatory requirements relating to unlawful acts and dishonesty), or
    • where the processing relates to personal data which is in the public domain, or
    • where the processing (a) is necessary for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings), (b)is necessary for the purpose of obtaining legal advice, or (c) is otherwise necessary for the purposes of establishing, exercising or defending legal rights.
  1. MARKETING
  • We have a legitimate interest in using your personal data for marketing purposes (see above ‘How and why we use your personal data’ at section 7 above). This means we do not usually need your consent to send you marketing information. However, for email marketing to an individual subscriber (that is, a non-corporate email address) with whom we have not previously engaged as a client, we need your consent to send you unsolicited email marketing. Where you provide consent, you can withdraw your consent at any time, but without affecting the lawfulness of processing based on consent before its withdrawal.
  • You have the right to opt out of receiving direct marketing communications from us at any time by:
  • contacting our Privacy Manager (see Contacting Us above); or
  • using the “unsubscribe” link in emails; or
  • sending us an email.

 

  1. THIRD PARTY PROCESSORS
  • Our information technology systems are operated by Cavendish but some data processing is carried out on our behalf by a third party (see section 11 on Disclosure of Personal data). Details regarding these third party data processors can be obtained from our Privacy Manager (see Contacting Us above).
  • Where processing of personal data is carried out by a third party data processor on our behalf we endeavour to ensure that appropriate security measures are in place to prevent unauthorised use or disclosure of the personal data.
  1. DISCLOSURE OF PERSONAL DATA
  • Personal data will be retained by us and will not be shared, transferred or otherwise disclosed to any third party, save as set out in this Policy.
  • We may disclose and share personal data with the following third parties:
    • with our directors, staff and consultants and with other companies for the time being within the Cavendish group of companies, as necessary to carry out the purposes for which the personal data was provided or collected;
    • with our auditors, lawyers, insurance brokers and other professional advisors;
    • with our third party data processors and service providers who provide services to us including marketing, IT and compliance support services such as website hosts, data storage/back up services, disaster recovery, monitoring for prevention of market abuse. Our third party processors and service providers are subject to security and confidentiality obligations and are only permitted to process your personal data for specified purposes and in accordance with our instructions.
  • In addition, we may disclose personal data about you in the following circumstances:
    • if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation. For instance, we may disclose personal data to the FCA and to any other regulatory authority to which we are subject and to any investment exchange on which we may deal or to its related Clearing House (or to auditors, inspectors or agents appointed by them), or to any person in power to require such information pursuant to any applicable law;
    • in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets, in which event the recipient of any of your personal data will be bound by confidentiality obligations;
    • if all or substantially all of our assets are transferred to a third party, in which case personal data held by us about our clients will be one of the transferred assets. If this happens, we shall ensure that you are notified of the transfer and we shall secure a commitment from the firm or company to which we transfer personal data to comply with applicable data protection laws;
    • if necessary to protect the vital interests of a person; and
    • to enforce or apply our Client Agreement or to establish, exercise or defend our rights or those of our staff, clients or others.
  • Certain laws (for example, those relating to money laundering and tax fraud) give power to authorities such as the police or the tax authorities to inspect clients’ personnel’s personal data and take copies of documents. It is possible that, at any time, we may be requested by those authorities to provide them with access to your personal data in connection with the work we have done for you. If this happens, we will comply with the request only to the extent that we are bound by law and, in so far as it is allowed, we will notify you of the request or provision of personal data.
  • We may transfer personal data to a successor firm or company which acquires the business carried on by us
  1. YOUR RIGHTS
  • Access to your personal data

You have the right to access personal data which we hold about you. If you so request, we shall provide you with a copy of your personal data which we are processing (“subject access request”).

  • Data portability

You also have the right to receive your personal data in a structured and commonly used format so that it can be transferred to another data controller in certain circumstances.

  • Right to object

You have the right to object at any time to our processing of your personal data for direct marketing purposes.

Where we process your personal data based on our legitimate interests, you also have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on our legitimate interests. Where you object on this ground, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

  • Rectification

We want to make sure that your personal data is accurate and up to date. You have the right to have inaccurate personal data rectified, or completed if it is incomplete. You can update your details or change your privacy preferences by contacting us as provided in “Contacting us” above

  • Erasure (also known as the right to be forgotten)

In certain situations, you can request the erasure of your personal data that we hold.

  • Right to not be subject to automated individual decision making

You have the right to not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. We do not make any decisions based solely on automated processing.

  1. EXERCISING YOUR RIGHTS
  • You can exercise any of your rights as described in this Policy and under data protection laws by contacting our Privacy Manager (see Contacting Us above).
  • Please note that the above rights are not absolute, and we may be entitled to refuse requests, wholly or partly, where exceptions under applicable law apply.
  • Save as described in this Policy or provided under applicable data protection laws, there is no charge for the exercise of your legal rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or (b) refuse to act on the request.
  • Where we have reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity.
  1. SECURITY OF YOUR PERSONAL DATA
  • We use industry standard physical and procedural security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. This includes encryption, firewalls, access controls, policies and other procedures to protect personal data from unauthorised access.
  • We limit access to your personal data to those who have a genuine business need to access it.
  • Where data processing is carried out on our behalf by a third party, we take steps to ensure that appropriate security measures are in place to prevent unauthorised disclosure of personal data.
  • Despite these precautions, however, we cannot guarantee the security of personal data transmitted over the Internet or that unauthorised persons will not obtain access to personal data. We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
  1. INTERNATIONAL TRANSFERS
  • To deliver services to you, it is sometimes necessary for us to transfer and store your personal data outside the UK or the European Economic Area (“EEA”) as follows:
    • with our service providers located outside the UK or the EEA;
    • if you are based outside the UK or the EEA;
    • where there is an international aspect to the services which we have been instructed on.
  • Where personal data is transferred to and stored outside the UK or the EEA, we take steps to provide appropriate safeguards to protect your personal data, including:
    • transferring your personal data to a country, territory, sector or international organisation which the UK Government has determined ensures an adequate level of protection, as permitted under applicable data protection laws;
    • entering into standard contractual clauses approved by the UK Government, obliging recipients to protect your personal data as permitted under applicable data protection laws; or
    • if we cannot or choose not to rely on either of those mechanisms at any time, we will not transfer your personal data outside the UK or the EEA unless we can do so on the basis of an alternative mechanism or exception provided by applicable data protection laws.

 

  • If you would like further information about transfers of your personal data out of the UK or the EEA, please contact our Privacy Manager using the details set out under Contacting Us above.
  1. HOW LONG WE KEEP YOUR PERSONAL DATA
  • Personal data received by us will only be retained for as long as necessary to fulfil our engagement. To determine the appropriate retention period for personal data, we consider (i) the amount, nature, and sensitivity of the personal data; (ii) the potential risk of harm from unauthorised use or disclosure of your personal data; (iii) the purposes for which we process your personal data; (iv) whether we can achieve those purposes through other means; and (v) the applicable legal, regulatory, tax, accounting, or other requirements. Following the end of the of the relevant retention period, we will delete or anonymise your personal data.
  • Following the end of our engagement we will retain your personal data:
    • to enable us to respond to any queries, complaints or claims made by you or on your behalf; and
    • to the extent permitted for legal, regulatory, fraud and other financial crime prevention and legitimate business purposes.
  • After this period, when it is no longer necessary to retain your personal data, we will securely delete or anonymise it in accordance with our Data Retention Policy. Further details regarding our data retention policy can be obtained from our Privacy Manager using the details set out under Contacting Us above.
  1. COMPLAINTS
  • If you have any questions or concerns regarding our Privacy Policy or practices, please contact our Privacy Manager as provided in “Contacting Us” above. We hope we will be able to resolve any issues you may have.
  • You also have the right to make a complaint at any time to the UK Information Commissioner’s Office who can be contacted using the details at https://ico.org.uk/make-a-complaint or by telephone on 0303 123 1113.
  1. CHANGES TO THIS POLICY
  • We may change this Policy from time to time. The current version of this Policy will always be available from us in hard copy or on our website. If we make any material changes to this Policy, we may notify you by email or update you by other appropriate means.

This Policy was last updated on 8 September 2023.

 

 

Cookie Policy

HOW WE USE COOKIES ON OUR WEBSITE

We use cookies and similar tools across our websites to improve their performance and enhance your user experience. This policy explains how we do that.

WHAT ARE COOKIES?

Cookies are small text files which a website may put on your computer or mobile device when you first visit a site or page. The cookie will help the website, or another website, to recognise your device the next time you visit. Web beacons or other similar files can also do the same thing. We use the term “cookies” in this policy to refer to all files that collect information in this way.

 

HOW WE USE COOKIES ON OUR WEBSITE?

There are many functions cookies serve. For example, they can help us to remember your username and preferences, analyse how well our website is performing, or even allow us to recommend content we believe will be most relevant to you.

Certain cookies contain personal information – for example, this website uses a cookie that stores your Member ID to avoid asking for login info each time you visit. Most cookies won’t collect information that identifies you, and will instead collect more general information such as how users arrive at and use our websites, or a user’s general location.

 

WHAT COOKIES DO WE USE?

Generally, our cookies perform one of three different functions:

  1. Essential cookies

Some cookies are essential for the operation of our website. For example, some cookies allow us to identify customers and ensure they can access any customer only pages. If a subscriber opts to disable these cookies, the user will not be able to access all of the content that they are entitled to.

  1. Performance Cookies

We utilise other cookies to analyse how our visitors use our websites and to monitor website performance. This allows us to provide a high quality experience by customising our offering and quickly identifying and fixing any issues that arise. For example, we might use performance cookies to keep track of which pages are most popular, which method of linking between pages is most effective, and to determine why some pages are receiving error messages. We might also use these cookies to highlight articles or site services that we think will be of interest to you based on your usage of the website.

  1. Functionality Cookies

We use functionality cookies to allow us to remember your preferences. For example, cookies save you the trouble of typing in your username every time you access the site, and recall your customisation preferences, such as which regional edition of the website you want to see when you log in.

We also use functionality cookies to provide you with enhanced services such as allowing you to watch a video online or comment on a blog.

We use cookies for analytics. We like to keep track of, for example, what information and links are popular and which ones don’t get used as much. This helps us keep our information relevant and up to date. It’s also useful to be able to identify trends of how people find their way through our information as well as when and where an error message may originate from.

Analytics cookies are used to gather this information. The information collected is grouped with the information from everyone else’s cookies. We can then see the overall patterns of usage rather than any one person’s activity. These ‘analytics’ cookies are used to improve how a website and its pages work.

We use or allow third parties to serve cookies that fall into the categories above. For example, like many companies, we use outside vendors (e.g. Google Analytics, Lead Forensics) to help us monitor our website traffic. We may also use third party cookies to help us with market research, revenue tracking, improving site functionality and monitoring compliance with our terms and conditions and copyright policy.

 

CHANGES AND UPDATES TO OUR COOKIE POLICY

We reserve the right to amend this Cookies Notice at any time, for any reason, without notice to you, other than the posting of the amended Cookies Notice at our site. We will make all reasonable endeavours to notify you of any changes. We may also e-mail periodic reminders of notices to our registered customer database. Nevertheless, you should check here regularly to see the current Cookies Notice that is in effect and any changes that may have been made to it.

 

CONTACTING CAVENDISH ABOUT THIS COOKIE POLICY

Cavendish has appointed a Privacy Manager to ensure we protect personal data of our customers. If you have any questions, please contact our Privacy Manager at PrivacyManager@cavendish.com and we will do our best to help.

 

This document was last updated on 8 September 2023

 

 

Get in touch

Thank you. We will be in touch soon

There was an error with the form. Please check and try again.