LWF Consulting: Privacy Policy

PURPOSE

This Privacy Policy Notice sets out the basis of how your Personal Data that LWF Consulting Limited (“LWF”, “we”, “us”, “our”) collects or you provide to us, will be used by us, or shared by us and/or otherwise processed by us in connection with your relationship with us as a LWF client, acting for a client, or being generally interested in our services. For the purposes of this Privacy Policy Notice, LWF shall also mean its directors, officers and employees, as the context requires.

This Privacy Policy sets out how LWF complies with its responsibilities under applicable data protection laws and regulations, (the "Data Protection Laws and Regulations").

The “Data Protection Laws and Regulations” means all laws and regulations, including laws and regulations of the European Union (“EU”), the European Economic Area (“EEA”) and their member states, and the United Kingdom (“UK”), including the General Data Protection Regulation 2016/679/EU (“GDPR”), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”), the Data Protection Act 2018 (“DPA”) and their respective successors, applicable to the protection of natural persons with regard to the processing of Personal Data (as defined under the GDPR) and on the free movement of such data.

Please read this Privacy Policy Notice carefully. LWF may provide supplemental Privacy Policy Notices on specific occasions when we collect or process Personal Data about you so that you are fully aware of how and why we are using your Personal Data. Those supplemental Notices should be read together with this Privacy Policy Notice.

Should you have any questions about this Privacy Policy Notice, please see the “Contact Us” section below.

OUR COMMITMENT

We have obligations to our colleagues, our clients and, our counterparties and third-party business partners to observe the highest standards of integrity and fair dealing and to act with due skill, care and diligence.

We recognise the importance of individuals’ Personal Data. At all times such data will be treated responsibly and with special care and in a way which protects the rights of those individuals to whom that data relates.

We are committed to maintaining, protecting and respecting your privacy and the confidentiality, integrity and security of personal information about yourself or others that you may provide. If you do give us any personal information about yourself or others, we are committed to treating it securely, fairly and lawfully.

THE DATA CONTROLLER AND PROCESSOR

LWF Consulting Limited is a Private Limited Company, incorporated under the laws and regulations of England and Wales, with registered address at Brockbourne House, 77 Mount Ephraim, Tunbridge Wells, Kent TN4 8BS.

LWF does not have any affiliated entities.

For the purpose of the Data Protection Laws and Regulations, this Privacy Policy Notice is issued by LWF, and where applicable, we will be either the data controller and/or the data processor of the Personal Data you provide. We are responsible for, and control the processing of, your personal information.

Further information can be obtained by contacting us, please see the “Contact Us” section below.

LWF is registered as a data controller with the Information Commissioner’s Office (the “ICO”), ICO registration number: Z9041175.

SCOPE

This Privacy Policy Notice (together with our site’s Terms of Use and any other agreements referred to in it) sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be processed and used by us.

This Privacy Policy Notice covers the LWF website at www.lwfconsulting.com.

This website refers to LWF Consulting Limited ("LWF") and to the website www.lwfconsulting.com only. The term "LWF", "we", "us" refers to the owner of this website. The term "you" refers to the viewer or user of this website. This Privacy Policy Notice also covers the home page and all other pages under the domain name www.lwfconsulting.com (our “Site”) and all content contained on those pages.

Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it.

If you do not agree with the terms of this Privacy Policy Notice, please do not use our Site, www.lwfconsulting.com.

We may collect, record and process the following categories of Personal Data:

CLIENT INFORMATION

This covers any Personal Data relating to our clients and their related contacts. The data that we may collect, record and process may include contact details (including name, title, address, telephone and mobile numbers, business and personal email address), date of birth, copies of passport, driving licences and utility bills, national insurance number, customer due diligence, bank account and corporate financial details and details relating to investment activity.

BUSINESS CONTACT INFORMATION

This covers any Personal Data relating to our business contacts. The data that we may collect, record and process may include data about contacts provided including name, date of birth, address, business and personal email address, telephone and mobile numbers, the place of work and job title.

WEBSITE INFORMATION

The data that we may collect, record and process may include name, date of birth, address, email address, telephone and mobile numbers, technical data (including internet protocol (“IP”) address, source of access to the website, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices used to access our website, usage data (including information about how the website is used) and marketing and communications preferences (including preferences in receiving marketing and other communication preferences).

We do not collect, record and process "special categories" of sensitive Personal Data from our website. This includes details about race or ethnicity, religious or philosophical beliefs, criminal convictions and offences.

For more details, please see “Cookies” below.

CONFIDENTIALITY

We acknowledge that the information you provide us may be confidential. We will maintain the confidentiality of and protect your information in accordance with our Privacy Policy Notice and all applicable Data Protection Laws and Regulations. LWF undertakes to keep all personal information confidential except to the extent that LWF, or its personnel, is required by law, a court of competent jurisdiction, HM Revenue & Customs ("HMRC") or other HM Government ("HMG") bodies or regulatory authorities to disclose the personal information.

LWF does not sell, rent, distribute, lease or otherwise make your Personal Data commercially available to any third party and will not do so without your expressed prior written authority or is required by law. LWF will not use your personal information to send you promotional information about any third parties. LWF may disclose any personal information to its personnel who may have a need to know the Personal Data for the purposes of the provision of services requested. We may also share information with our service providers for the purposes set out in this Privacy Policy Notice.

PERSONAL DATA

The term “Personal Data” as used in this Privacy Policy Notice means “any information relating to an identified or identifiable natural person”. An “identifiable natural person” is one who can be identified, directly or indirectly, in particular by reference to a series of identifiers such as: a name; or an identification number; or location data; or an online identifier (i.e. an IP address); or by reference to one or more factors specific to the physical; physiological; genetic; mental; economic; cultural; or social identity of that natural person.

This means that Personal Data may also include the following: personal details; family and lifestyle details; education and training information; medical details; employment details; financial details; and contractual details.

Personal Data does not include data from which you can no longer be identified such as anonymised aggregate data.

WHAT PERSONAL DATA WE COLLECT ABOUT YOU AND HOW WE COLLECT IT

It is in your sole discretion to provide Personal Data to us. If you do not provide us with all or some of the Personal Data we request, we may not be able to accept an engagement from you, to provide all or some of our services, to enter into a contract with you or to send you the requested information.

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, in which case it is no longer Personal Data.

INFORMATION WE MAY COLLECT ABOUT YOU

The kinds of Personal Data we may collect include your contact details (such as your address, email address and telephone number) and information such as your job title which we will request from you. For more details, please see sections “Client Information, Business Contact Information and Website Information” above.

LWF may also receive Personal Data through your use of this Site. Each time you visit our Site we may automatically collect the following information:

Technical information including the internet protocol (“IP”) address used to connect your computer to the internet, your log-in information, browser type and version, browser plug-in types and versions, time zone setting, operating system and platform; and
Information about your visit, including the Uniform Resource Locators (“URL”) clickstream to, through and from our site (including date and time); items you searched for; page response times; download errors, length of time spent on pages, page interaction information (such as scrolling, clicks and mouse-overs) and methods used to browse away from the page and any phone number used to call us.

For more details, please see “Cookies” below.

INFORMATION YOU MAY GIVE US

In addition, we collect the Personal Data you may choose to provide to us. You may give us information about you by filling in forms on our site or documents that we have given to you to complete (for example the “Engagement Letter: Consultancy and Advisory Agreement”, which is your agreement with us), or if you would like to take advantage of the specific services that LWF offers.

You may also give us information by corresponding with us via letter, telephone and/or mobile, email, facsimile or any other means of electronic or personal communication.

This may also include information you provide when you report an issue with our Site and/or you subscribe to a service provided by LWF.

The information you give us may include: your name; your email address; your telephone number; your date of birth; your gender; your financial information; the information about your investment strategies, objectives and risk tolerances; your credit card information and/or your bank account details; your medical information; and any further personal information required as part of the provision of our services or required as part of a product application or which you share through our site.

LWF undertakes to use your Personal Data solely for the purposes of the provision of the services requested by you.

INFORMATION WE MAY RECEIVE FROM OTHER SOURCES

We may receive Personal Data from third parties from time to time. Such third-parties may include, for example, business partners, sub-contractors, credit reference agencies, and criminal records check agencies).

LWF may combine this information with information you give to us and information we collect about you. We may use this information and combined information for the purposes set out below (depending on the types of information we receive).

PERSONAL DATA ABOUT OTHER INDIVIDUALS

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:

Give consent on his/her behalf to the processing of his/her personal data;
Receive on his/her behalf any data protection notices; and
Give consent to the processing of his/her personal data which may include all of the information listed above.

HOW WE USE YOUR PERSONAL DATA

We use the Personal Data which you have given to us and we have collected and hold about you in the following ways:

To carry out our obligations arising from any contracts entered into between you and LWF and to provide you with the information and services that you request from us;
To comply with our legal obligations to carry out identity and anti-money laundering checks;
To maintain our statutory registers;
To provide you with information about other services that we may offer that are similar to those that you have already subscribed to or enquired about;
To provide you, or permit selected third parties to provide you with information about services we feel may interest you;
To notify you about changes to our service;
To allow you to participate in interactive features of our service, when you choose to do so;
To ensure that content from our Site is presented in the most effective manner for you and for your computer;
To administer our Site;
As part of our efforts to keep our Site safe and secure;

LEGAL BASIS FOR PROCESSING

LWF will only process your Personal Data if and to the extent applicable law provides a lawful basis for us to do so. We will therefore process your Personal Data only:

i. If you have “Consented” to us doing so;

ii. If we need it to perform the “Contract” we have entered into with you;

iii. If we need it to comply with a “Legal Obligation”; or

iv. If we (or a third party) have a “Legitimate Interest”, which is not overridden by your interests or fundamental rights and freedoms.

Such legitimate interests will be the provision of compliance consultancy services by us, administrative or operational processes within LWF and where applicable, direct marketing.

We will use your Personal Data to deliver our services to you and/or the company you work or act for. We may also use your Personal Data to inform you about new services that we may offer and new regulatory developments that we believe would be of benefit to you.

Some of the reasons for processing will overlap and there may be several grounds which justify our use of your Personal Data. We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

We do not anticipate being required to obtain your consent for the processing of your Personal Data. If we consider it necessary to use your Personal Data for other purposes which do require your consent, we will contact you to request this consent in writing.

In such circumstances, we will provide you with full details of the Personal Data that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.

Providing your consent is not a condition of any contractual agreement with us. If you decide to provide your consent, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processes based on consent before its withdrawal.

To withdraw your consent, at any time, please see “Contact Us” section below.

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

COOKIES

Our Site uses cookies to make the Site work more efficiently.

A “cookie” is a small file of letters and numbers that a website can store on the browser or hard drive of your computer. Some cookies are deleted when you close down your browser. These are known as “session cookies”. Others remain on your device until they expire or you delete them from your cache. These are known as “persistent cookies” and enable us to remember things about you as a returning visitor.

For further information about how to control and disable cookies in your browser please visit: www.aboutcookies.org.uk.

Alternatively, you can search the internet for other independent information on cookies. Cookies may be required to allow you to access and participate in certain areas of our Site. The cookies we use do collect or not contain any personally identifiable information. There are different types of cookies used for different purposes.

The cookies our Site uses are listed below under the cookie categories recommended by the International Chamber of Commerce.

STRICTLY NECESSARY COOKIES

These are cookies that are required for the operation of our Site. They include, for example, cookies that may enable you to log into secure areas of our Site or to fulfil an action requested by you when you are logged on. Without these cookies we are unable to provide some services that you might request. Other strictly necessary cookies keep our Site secure. Even if you say no to cookies on this Site, we will continue to use these essential cookies.

PERFORMANCE OR ANALYTICAL COOKIES

LWF does not use any performance and/or analytical cookies on its Site.

Cookies We Use

Function

Cookie Name(s)

Further Information

LWF Website: www.lwfconsulting.com

Preserves user session state across page requests on the LWF Site.

PHPSESSID

This cookie is essential for functions such as forms that depend on visiting pages or taking actions in a particular sequence. It will be deleted when you close your browser, or after a period of inactivity.

More information on sessions is available at: http://www.php.net/

This cookie is used when you click on the link to our industry body for regulatory compliance consultants in the United Kingdom, the Association of Professional Compliance Consultants (the “APCC”) and a warning notice pops up before you decide to proceed or not.

MANAGING AND BLOCKING COOKIES

If you want to remove any cookies already set, you can do so from your browser. You can find out how to do this by going to the help menu in your browser or by visiting www.aboutcookies.org.uk or by searching the internet for other independent information on cookies. You can also block cookies from your browser. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access all or parts of our Site.

ELECTRONIC COMMUNICATIONS AND DIRECT MARKETING

We would like to send you information by post, email, telephone, or other electronic means about our services and/or news which we believe may be of interest to you. We will only ask whether you would like us to send you marketing communications when you tick the relevant boxes or when you signed an agreement with us or you filled out a form provided by us or on our Site.

You can change your preferences for receiving marketing communications and other information from us at any time. You can unsubscribe at any time by contacting us, please see “Contact Us” section below.

If you have consented to such receive marketing communications from us, you can opt out at any time. See the “Your Rights” section below for further information.

Please note that we may use your marketing and preferences, and other information you provide to us in order to build a profile for you. We may supplement this profile with information about how you interact with us. We would use this profile to try and ensure that you only receive information that you are likely to find of interest.

IDENTITY, CREDIT AND ANTI-MONEY LAUNDERING CHECKING

We may do an identity and/or credit check on you:

So that we can verify your identity; and/or
To prevent and detect fraud and money laundering.

Our search will be recorded on the files of the credit reference agency. We may also disclose information about how you conduct your account to credit reference agencies and your information may be linked to records relating to other people living at the same address with whom you are financially linked.

Other credit businesses may use your information to:

Make credit decisions about you and the people with whom you are financially associated;
Trace debtors; and
Prevent and detect fraud and money laundering.

If you provide false or inaccurate information to us and we suspect fraud, we will record this.

If you want to see your identity check and/or credit file, please contact us using the contact information below and we will provide you with the details of the agencies which we use so that you can contact them directly to obtain the relevant information.

DISCLOSURE OF YOUR INFORMATION

We may also disclose your Personal Data to another corporate entity for the purposes of outsourcing one or more of the services provided by us; or, to confirm or update information provided by you; or to provide you with information about our services, and other important information, or for other purposes disclosed at or before the time the information is collected.

Please note that we may use, share or disclose Personal Data if we are required by law to do so or if we reasonably believe that use or disclosure is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.

We may share your personal information with:

Our service providers (for example, our IT service providers);
Credit reference agents – see “Identity, Credit and Anti-Money Laundering Checking” section above;
Our business partners in accordance with the “Electronic Communications/Direct Marketing” section above;
- Suppliers and sub-contractors for the performance of any contract we enter into with them or you;
Law enforcement agencies in connection with any investigation to help prevent unlawful activity;
If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, where requested by regulatory agencies, or in order to enforce or apply our Terms and Conditions and other agreements or to protect the rights, property or safety of LWF. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
Financial institutions and other similar organisations that we deal with in the course of the services we offer; and
Auditors, accountants, legal counsel or contractors or other advisers auditing, assisting with or advising on any of our business purposes, in any jurisdiction where we operate.

When we share your information with third parties they will process your information either as a data controller or as our data processor and this will depend on the purpose of our sharing the Personal Data.

We will only share your Personal Data in compliance with the applicable Data Protection Laws and Regulations.

A list of our selected third parties with whom we may share your information is available, please see “Contact Us” section below.

WHERE WE STORE YOUR PERSONAL DATA

All information you provide to us is stored on our secure servers located in the United Kingdom or in Member States of the European Economic Area (“EEA”).

RETENTION PERIOD FOR YOUR PERSONAL DATA

We will only retain your Personal Data for as long as necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.

To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, in which case it is no longer Personal Data. Upon expiry of the applicable retention period we will securely destroy your Personal Data in accordance with applicable laws and regulations.

SECURITY

We have put in place what we consider to be appropriate security measures against unlawful or unauthorised processing of the Personal Data we hold about you, and against the accidental loss of, or damage to, such Personal Data. We use both technical and procedural methods to maintain the integrity and security of our databases, including firewalls. But please be aware though that no security measures are perfect or impenetrable.

While we will use all reasonable efforts to safeguard your Personal Data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any Personal Data that are transferred from you or to you via the internet.

We will not be responsible or liable for any damages, losses or causes of action arising out of or in connection with the disclosure of your personally identifiable information.

If you have any particular concerns about your information, please contact us (see “Contact Us” section below).

You are responsible for keeping your password, user name and other log-in identity details secure and confidential. If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

ACCURACY OF PERSONAL DATA

It is important that the Personal Data we hold about you is accurate and current. We try to ensure that the information we hold about you is accurate and kept up-to-date by contacting you at regular intervals and asking you to confirm that this is the case, or if not, to provide us with updated details.

However, if at any time you believe that any information we are holding about you is inaccurate, out-of-date or incomplete, please notify us as soon as possible (please see “Contact Us” section below). We will promptly correct or delete any information found to be incorrect.

TRANSFERS OF YOUR INFORMATION OUT OF THE EEA

When using your Personal Data for the purposes and on the legal basis described above we may share your Personal Data with the services providers we work with. We may also have to share your Personal Data with regulators, public institutions, courts or other third parties.

For the purposes described above, we may also transfer your personally identifiable information to our business partners, agents and/or delegates outside of the United Kingdom and the European Economic Area ("EEA") where this is necessary for the provision of our services to you. LWF will ensure that such transfers will be made on the basis that anyone to whom it transfers such Personal Data provides an equivalent level of protection in that jurisdiction by means of a determination of adequacy by the European Commission (“EC”), or under EU-US Privacy Shield self-certification framework or equivalent or through entry into the European Union (“EU”) Standard Contractual Clauses.

Such information may be accessed by law enforcement agencies and other authorities in other countries in accordance with relevant legislation to prevent and detect financial crime and comply with legal obligations.

Rest assured that we will always ensure any transfer is subject to appropriate security measures to safeguard your Personal Data including entering into the aforementioned approved contracts that that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach.

On request made by you, we will provide a list of those parties located outside of the United Kingdom and EEA to whom we may transfer your Personal Data. We will inform you if there are any changes to this list and you shall have ten days to object on reasonable and objective grounds to any such change.

In the event of your reasonable objection on objective grounds, we will work with you to find a solution whereby your Personal Data is not transferred to those parties to whom you have objected.

We do not transfer your information outside of the EEA other than in accordance with an agreement you have with us.

ACCESS AND YOUR RIGHTS

Please be aware that we may need to request specific information from you to help us confirm your identity (including, where applicable, certification of your identity from a third-party) and ensure your right to access Personal Data (or to exercise any of your other rights).

This is another appropriate security measure to ensure that your Personal Data is not disclosed to any person who has no right to receive it.

Under the GDPR, you have the following rights.

THE RIGHT TO ASK US TO STOP CONTACTING YOU WITH DIRECT MARKETING

Even if you have accepted the processing of your Personal Data for marketing communication purposes (by ticking the relevant box), you have the right to ask us to stop processing your Personal Data for such purposes.

Let us know what method of contact you are not happy with if you are unhappy with certain ways of contacting you only (for example, you may be happy for us to contact you by email but not by telephone).

You can exercise this right at any time by contacting us, please see the “Contact Us” section below.

THE RIGHT TO REQUEST A COPY OF YOUR INFORMATION

You can request a copy of your information which we hold (this is known as a “Data Subject Access Request” or “DSAR”).

If you would like a copy of some or all of your information, please see the “Contact Us” section below; and let us know the specific information you want a copy of.

Any data subject access request may be subject to a reasonable fee to cover the administration cost of providing you with details of the information we hold about you.

THE RIGHT TO CORRECT ANY MISTAKES IN YOUR INFORMATION

You can require us to correct any mistakes in your information which we hold free of charge. If you would like to do this, please see the “Contact Us” section below; and let us know the specific information that is incorrect and the specific information you want it replaced with.

THE RIGHT TO REQUEST WE CEASE PROCESSING YOUR INFORMATION

You may request that we cease processing your Personal Data. If you make such a request, we shall retain only the amount of Personal Data pertaining you that is necessary to ensure that no further processing of your Personal Data takes place.

THE RIGHT TO REQUEST DELETION OF YOUR INFORMATION

You can ask us to erase all your Personal Data (also known as the “right to be forgotten”) in the following circumstances:

It is no longer necessary for us to hold that Personal Data with respect to the purpose for which it was originally collected or processed;
You wish to withdraw your consent to us holding and processing your Personal Data;
You object to us holding and processing your Personal Data (and there is no overriding legitimate interest to allow us to continue doing so);
The Personal data has been processed unlawfully; or
The Personal data needs to be erased in order for us to comply with a particular legal obligation.

Unless we have reasonable grounds to refuse to erase your Personal Data, all requests for erasure shall be complied with.

FEES

You will in general not have to pay a fee to exercise any of your individual rights mentioned in this Privacy Policy Notice. However, we may charge a reasonable fee if your request to exercise your individual rights is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

CHANGES

We may change this Privacy Policy Notice from time to time. Any changes to our Privacy Policy Notice in the future will be posted on our Site (www.lwfconsulting.com) and where appropriate notified to you in writing or by email. Please refer back frequently to our Site to see any updates or changes to our Privacy Policy Notice.

CONTACT US

If you have any questions about this Privacy Policy Notice or the information we hold about you, or you wish to submit a Data Subject Access Request or raise a complaint about the way your Personal Data has been handled, please send an email to privacy@lwfconsulting.com or write to us at the Privacy Compliance Officer at LWF Consulting Limited, The Old Farmhouse, Mountfield Park Farm, Mountfield, Near Robertsbridge, East Sussex, TN32 5LE, United Kingdom; or call us on +44 (0) 7767 445 432.

COMPLAINTS

If you are not satisfied with our response to any queries or complaints you raise with us or believe we are not processing your Personal Data in accordance with the Data Protection Laws and Regulations you have the right to lodge a complaint at the ICO (https://ico.org.uk/), the UK supervisory authority for data protection issues, or, as the case may be, any other competent supervisory authority of an EU Member State.