This Privacy Notice sets out how Giltspur (“we”, “us” or “our”) collects and records personal information and what we do with that information. It also includes a description of your data protection rights. We do not have a Data Protection Officer. We reserve the right to modify this Privacy Notice at any time.
If you have any queries, comments or requests in relation to your personal information or this Privacy Notice, you can contact us at firstname.lastname@example.org
Information we collect
We collect, receive, store and process (either electronically or on a manual basis) the following information about you:
Contact details – e.g. name, address, landline and mobile numbers, email address
Identity information – e.g. date and place of birth, photo ID, passport information, nationality, national insurance number and taxpayer identification number
Financial information – e.g. bank account details, subscription or investment amounts
Other information and records about you that are collected from you or from third parties (e.g. identity or reference checks) via correspondence, filling in forms or communicating with us, whether face-to-face, by phone, email, online, or otherwise;
Cookies and similar technologies we use to recognise you, remember your preferences and tailor the content we provide to you
Use of your information
We record and use your personal information for the following purposes:
To perform or carry out any agreement (including any subscription or investment, or any service or employment contract) between you and us, including general communication and the management or administration of your and our respective rights and obligations under any such agreement
Where relevant, to meet legal, regulatory and compliance requirements to which we are subject (e.g. any obligation as to the prevention or detection of money laundering or other financial crime, and any requirement of financial regulators)
To pursue our legitimate interests (e.g. any due diligence requirements on persons we may seek to employ, work with or engage in business with, direct marketing purposes, administrative and relationship management purposes, ensuring cyber security, reporting possible criminal acts or threats to public security)
To provide you with information that you have specifically requested or that we have asked if you would like to receive
To deal with enquiries and complaints made by or about you
Where relevant, for the establishment, exercise or defence of legal claims
To prevent, investigate and/or report crime or suspicions of crime (including fraud)
To protect the rights, property, or safety of us, our customers, or others
Sharing your information
We disclose or transfer personal information to other parties as follows:
To Giltspur companies
To third party service providers that perform functions on our behalf, including website hosting, IT and infrastructure provision, money laundering or other due diligence, legal and other professional advisors
To third parties undertaking money laundering or other due diligence in relation to us
If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, to enforce or apply any agreement or its terms and conditions or to protect the rights, property, or safety of Giltspur companies, our customers, or others
To government authorities, and to other third parties when compelled to do so by government and law enforcement authorities or otherwise as required or permitted by law, including but not limited to in response to court orders and subpoenas. We also disclose user information when we have reason to believe that someone is causing injury to or interference with our rights or property, or anyone else that could be harmed by such activities. Additionally, we cooperate with law enforcement inquiries and other third parties to enforce laws, intellectual property rights and other rights
To prospective sellers or buyers as part of a sale or merger of our business or assets
We take reasonable steps to protect your personal information from loss, misuse, unauthorised access, disclosure, alteration or destruction. Unfortunately no data transmission or storage can be guaranteed to be 100% secure. As a result we cannot warrant the security of any information you provide to us and you do so at your own risk.
We may transfer personal information to countries outside the European Economic Area (“EEA”), including to countries which have different data protection standards to those which apply in the EEA.
For countries deemed adequate by the European Commission, we rely on the European Commission’s decision to protect your personal information. For other countries, we use standard contractual clauses or rely on a service provider’s Privacy Shield certification or a service provider’s (EU data protection authority approved) corporate rules that are in place to protect your personal information. You have a right to ask us for a copy of the standard contractual clauses or a copy of the other methods used.
Personal information will be retained only as long as necessary for the fulfilment of the purposes for which it was collected, unless otherwise required by law. Personal information that is no longer required to fulfil the identified purposes will be destroyed, erased or made anonymous.
Legal basis for processing
We process your personal information when it is necessary for the performance of a contract to which you are the party or in order to take steps at your request prior to entering into a contract. If you do not provide the personal information that we need, we may not be able to perform the relevant contract.
We process your personal information when we are required to do this by law, including in response to requests by government or law enforcement authorities conducting an investigation or court orders.
We also process your personal information when it is necessary for the purposes of a legitimate interest pursued by us or a third party (when these interests are not overridden by your data protection rights).
You may ask us for a copy of your information and, where applicable, to correct it, erase it or to transfer it to other organisations at your request. Where we process your personal information because we have a legitimate interest in doing so (as explained above), you also have a right to object to this. These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your personal information.
We hope that we can satisfy queries you may have about the way we process your personal information. However, if you have unresolved concerns you also have the right to complain to data protection authorities. You can bring the complaint in your member state of residence, place of work or where an alleged infringement of data protection law occurred.
To protect your privacy and security we will take reasonable steps to verify your identity when dealing with requests.