The “Data Protection Laws and Regulations” means all laws and regulations, including laws and regulations of the European Union (“EU”), the European Economic Area (“EEA”) and their member states, and the United Kingdom (“UK”), including the General Data Protection Regulation 2016/679/EU (“GDPR”), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”), the Data Protection Act 2018 (“DPA”) and their respective successors, applicable to the protection of natural persons with regard to the processing of Personal Data (as defined under the GDPR) and on the free movement of such data.
We have obligations to our colleagues, our clients and, our counterparties and third-party business partners to observe the highest standards of integrity and fair dealing and to act with due skill, care and diligence.
We recognise the importance of individuals’ Personal Data. At all times such data will be treated responsibly and with special care and in a way which protects the rights of those individuals to whom that data relates.
We are committed to maintaining, protecting and respecting your privacy and the confidentiality, integrity and security of personal information about yourself or others that you may provide. If you do give us any personal information about yourself or others, we are committed to treating it securely, fairly and lawfully.
THE DATA CONTROLLER AND PROCESSOR
LWF Consulting Limited is a Private Limited Company, incorporated under the laws and regulations of England and Wales, with registered address at Brockbourne House, 77 Mount Ephraim, Tunbridge Wells, Kent TN4 8BS.
LWF does not have any affiliated entities.
Further information can be obtained by contacting us, please see the “Contact Us” section below.
LWF is registered as a data controller with the Information Commissioner’s Office (the “ICO”), ICO registration number: Z9041175.
Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it.
We may collect, record and process the following categories of Personal Data:
This covers any Personal Data relating to our clients and their related contacts. The data that we may collect, record and process may include contact details (including name, title, address, telephone and mobile numbers, business and personal email address), date of birth, copies of passport, driving licences and utility bills, national insurance number, customer due diligence, bank account and corporate financial details and details relating to investment activity.
BUSINESS CONTACT INFORMATION
This covers any Personal Data relating to our business contacts. The data that we may collect, record and process may include data about contacts provided including name, date of birth, address, business and personal email address, telephone and mobile numbers, the place of work and job title.
The data that we may collect, record and process may include name, date of birth, address, email address, telephone and mobile numbers, technical data (including internet protocol (“IP”) address, source of access to the website, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices used to access our website, usage data (including information about how the website is used) and marketing and communications preferences (including preferences in receiving marketing and other communication preferences).
We do not collect, record and process "special categories" of sensitive Personal Data from our website. This includes details about race or ethnicity, religious or philosophical beliefs, criminal convictions and offences.
For more details, please see “Cookies” below.
This means that Personal Data may also include the following: personal details; family and lifestyle details; education and training information; medical details; employment details; financial details; and contractual details.
Personal Data does not include data from which you can no longer be identified such as anonymised aggregate data.
WHAT PERSONAL DATA WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
It is in your sole discretion to provide Personal Data to us. If you do not provide us with all or some of the Personal Data we request, we may not be able to accept an engagement from you, to provide all or some of our services, to enter into a contract with you or to send you the requested information.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, in which case it is no longer Personal Data.
INFORMATION WE MAY COLLECT ABOUT YOU
The kinds of Personal Data we may collect include your contact details (such as your address, email address and telephone number) and information such as your job title which we will request from you. For more details, please see sections “Client Information, Business Contact Information and Website Information” above.
LWF may also receive Personal Data through your use of this Site. Each time you visit our Site we may automatically collect the following information:
- Technical information including the internet protocol (“IP”) address used to connect your computer to the internet, your log-in information, browser type and version, browser plug-in types and versions, time zone setting, operating system and platform; and
- Information about your visit, including the Uniform Resource Locators (“URL”) clickstream to, through and from our site (including date and time); items you searched for; page response times; download errors, length of time spent on pages, page interaction information (such as scrolling, clicks and mouse-overs) and methods used to browse away from the page and any phone number used to call us.
For more details, please see “Cookies” below.
INFORMATION YOU MAY GIVE US
In addition, we collect the Personal Data you may choose to provide to us. You may give us information about you by filling in forms on our site or documents that we have given to you to complete (for example the “Engagement Letter: Consultancy and Advisory Agreement”, which is your agreement with us), or if you would like to take advantage of the specific services that LWF offers.
You may also give us information by corresponding with us via letter, telephone and/or mobile, email, facsimile or any other means of electronic or personal communication.
This may also include information you provide when you report an issue with our Site and/or you subscribe to a service provided by LWF.
The information you give us may include: your name; your email address; your telephone number; your date of birth; your gender; your financial information; the information about your investment strategies, objectives and risk tolerances; your credit card information and/or your bank account details; your medical information; and any further personal information required as part of the provision of our services or required as part of a product application or which you share through our site.
LWF undertakes to use your Personal Data solely for the purposes of the provision of the services requested by you.
INFORMATION WE MAY RECEIVE FROM OTHER SOURCES
We may receive Personal Data from third parties from time to time. Such third-parties may include, for example, business partners, sub-contractors, credit reference agencies, and criminal records check agencies).
LWF may combine this information with information you give to us and information we collect about you. We may use this information and combined information for the purposes set out below (depending on the types of information we receive).
PERSONAL DATA ABOUT OTHER INDIVIDUALS
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
- Give consent on his/her behalf to the processing of his/her personal data;
- Receive on his/her behalf any data protection notices; and
- Give consent to the processing of his/her personal data which may include all of the information listed above.
HOW WE USE YOUR PERSONAL DATA
We use the Personal Data which you have given to us and we have collected and hold about you in the following ways:
- To carry out our obligations arising from any contracts entered into between you and LWF and to provide you with the information and services that you request from us;
- To comply with our legal obligations to carry out identity and anti-money laundering checks;
- To maintain our statutory registers;
- To provide you with information about other services that we may offer that are similar to those that you have already subscribed to or enquired about;
- To provide you, or permit selected third parties to provide you with information about services we feel may interest you;
- To notify you about changes to our service;
- To allow you to participate in interactive features of our service, when you choose to do so;
- To ensure that content from our Site is presented in the most effective manner for you and for your computer;
- To administer our Site;
- As part of our efforts to keep our Site safe and secure;
LEGAL BASIS FOR PROCESSING
LWF will only process your Personal Data if and to the extent applicable law provides a lawful basis for us to do so. We will therefore process your Personal Data only:
i. If you have “Consented” to us doing so;
ii. If we need it to perform the “Contract” we have entered into with you;
iii. If we need it to comply with a “Legal Obligation”; or
iv. If we (or a third party) have a “Legitimate Interest”, which is not overridden by your interests or fundamental rights and freedoms.
Such legitimate interests will be the provision of compliance consultancy services by us, administrative or operational processes within LWF and where applicable, direct marketing.
We will use your Personal Data to deliver our services to you and/or the company you work or act for. We may also use your Personal Data to inform you about new services that we may offer and new regulatory developments that we believe would be of benefit to you.
Some of the reasons for processing will overlap and there may be several grounds which justify our use of your Personal Data. We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
We do not anticipate being required to obtain your consent for the processing of your Personal Data. If we consider it necessary to use your Personal Data for other purposes which do require your consent, we will contact you to request this consent in writing.
In such circumstances, we will provide you with full details of the Personal Data that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.
Providing your consent is not a condition of any contractual agreement with us. If you decide to provide your consent, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processes based on consent before its withdrawal.
To withdraw your consent, at any time, please see “Contact Us” section below.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
A “cookie” is a small file of letters and numbers that a website can store on the browser or hard drive of your computer. Some cookies are deleted when you close down your browser. These are known as “session cookies”. Others remain on your device until they expire or you delete them from your cache. These are known as “persistent cookies” and enable us to remember things about you as a returning visitor.
For further information about how to control and disable cookies in your browser please visit: www.aboutcookies.org.uk.
Alternatively, you can search the internet for other independent information on cookies. Cookies may be required to allow you to access and participate in certain areas of our Site. The cookies we use do collect or not contain any personally identifiable information. There are different types of cookies used for different purposes.
The cookies our Site uses are listed below under the cookie categories recommended by the International Chamber of Commerce.
STRICTLY NECESSARY COOKIES
These are cookies that are required for the operation of our Site. They include, for example, cookies that may enable you to log into secure areas of our Site or to fulfil an action requested by you when you are logged on. Without these cookies we are unable to provide some services that you might request. Other strictly necessary cookies keep our Site secure. Even if you say no to cookies on this Site, we will continue to use these essential cookies.
PERFORMANCE OR ANALYTICAL COOKIES
LWF does not use any performance and/or analytical cookies on its Site.
Cookies We Use
LWF Website: www.lwfconsulting.com
Preserves user session state across page requests on the LWF Site.
This cookie is essential for functions such as forms that depend on visiting pages or taking actions in a particular sequence. It will be deleted when you close your browser, or after a period of inactivity.
More information on sessions is available at: http://www.php.net/
This cookie is used when you click on the link to our industry body for regulatory compliance consultants in the United Kingdom, the Association of Professional Compliance Consultants (the “APCC”) and a warning notice pops up before you decide to proceed or not.
MANAGING AND BLOCKING COOKIES
If you want to remove any cookies already set, you can do so from your browser. You can find out how to do this by going to the help menu in your browser or by visiting www.aboutcookies.org.uk or by searching the internet for other independent information on cookies. You can also block cookies from your browser. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access all or parts of our Site.
ELECTRONIC COMMUNICATIONS AND DIRECT MARKETING
We would like to send you information by post, email, telephone, or other electronic means about our services and/or news which we believe may be of interest to you. We will only ask whether you would like us to send you marketing communications when you tick the relevant boxes or when you signed an agreement with us or you filled out a form provided by us or on our Site.
You can change your preferences for receiving marketing communications and other information from us at any time. You can unsubscribe at any time by contacting us, please see “Contact Us” section below.
If you have consented to such receive marketing communications from us, you can opt out at any time. See the “Your Rights” section below for further information.
Please note that we may use your marketing and preferences, and other information you provide to us in order to build a profile for you. We may supplement this profile with information about how you interact with us. We would use this profile to try and ensure that you only receive information that you are likely to find of interest.
IDENTITY, CREDIT AND ANTI-MONEY LAUNDERING CHECKING
We may do an identity and/or credit check on you:
- So that we can verify your identity; and/or
- To prevent and detect fraud and money laundering.
Our search will be recorded on the files of the credit reference agency. We may also disclose information about how you conduct your account to credit reference agencies and your information may be linked to records relating to other people living at the same address with whom you are financially linked.
Other credit businesses may use your information to:
- Make credit decisions about you and the people with whom you are financially associated;
- Trace debtors; and
- Prevent and detect fraud and money laundering.
If you provide false or inaccurate information to us and we suspect fraud, we will record this.
If you want to see your identity check and/or credit file, please contact us using the contact information below and we will provide you with the details of the agencies which we use so that you can contact them directly to obtain the relevant information.
DISCLOSURE OF YOUR INFORMATION
We may also disclose your Personal Data to another corporate entity for the purposes of outsourcing one or more of the services provided by us; or, to confirm or update information provided by you; or to provide you with information about our services, and other important information, or for other purposes disclosed at or before the time the information is collected.
Please note that we may use, share or disclose Personal Data if we are required by law to do so or if we reasonably believe that use or disclosure is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.
We may share your personal information with:
- Our service providers (for example, our IT service providers);
- Credit reference agents – see “Identity, Credit and Anti-Money Laundering Checking” section above;
- Our business partners in accordance with the “Electronic Communications/Direct Marketing” section above;
- Suppliers and sub-contractors for the performance of any contract we enter into with them or you;
- Law enforcement agencies in connection with any investigation to help prevent unlawful activity;
- If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, where requested by regulatory agencies, or in order to enforce or apply our Terms and Conditions and other agreements or to protect the rights, property or safety of LWF. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
- Financial institutions and other similar organisations that we deal with in the course of the services we offer; and
- Auditors, accountants, legal counsel or contractors or other advisers auditing, assisting with or advising on any of our business purposes, in any jurisdiction where we operate.
When we share your information with third parties they will process your information either as a data controller or as our data processor and this will depend on the purpose of our sharing the Personal Data.
We will only share your Personal Data in compliance with the applicable Data Protection Laws and Regulations.
A list of our selected third parties with whom we may share your information is available, please see “Contact Us” section below.
WHERE WE STORE YOUR PERSONAL DATA
All information you provide to us is stored on our secure servers located in the United Kingdom or in Member States of the European Economic Area (“EEA”).
RETENTION PERIOD FOR YOUR PERSONAL DATA
We will only retain your Personal Data for as long as necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.
To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, in which case it is no longer Personal Data. Upon expiry of the applicable retention period we will securely destroy your Personal Data in accordance with applicable laws and regulations.
We have put in place what we consider to be appropriate security measures against unlawful or unauthorised processing of the Personal Data we hold about you, and against the accidental loss of, or damage to, such Personal Data. We use both technical and procedural methods to maintain the integrity and security of our databases, including firewalls. But please be aware though that no security measures are perfect or impenetrable.
While we will use all reasonable efforts to safeguard your Personal Data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any Personal Data that are transferred from you or to you via the internet.
We will not be responsible or liable for any damages, losses or causes of action arising out of or in connection with the disclosure of your personally identifiable information.
If you have any particular concerns about your information, please contact us (see “Contact Us” section below).
You are responsible for keeping your password, user name and other log-in identity details secure and confidential. If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
ACCURACY OF PERSONAL DATA
It is important that the Personal Data we hold about you is accurate and current. We try to ensure that the information we hold about you is accurate and kept up-to-date by contacting you at regular intervals and asking you to confirm that this is the case, or if not, to provide us with updated details.
However, if at any time you believe that any information we are holding about you is inaccurate, out-of-date or incomplete, please notify us as soon as possible (please see “Contact Us” section below). We will promptly correct or delete any information found to be incorrect.
TRANSFERS OF YOUR INFORMATION OUT OF THE EEA
When using your Personal Data for the purposes and on the legal basis described above we may share your Personal Data with the services providers we work with. We may also have to share your Personal Data with regulators, public institutions, courts or other third parties.
For the purposes described above, we may also transfer your personally identifiable information to our business partners, agents and/or delegates outside of the United Kingdom and the European Economic Area ("EEA") where this is necessary for the provision of our services to you. LWF will ensure that such transfers will be made on the basis that anyone to whom it transfers such Personal Data provides an equivalent level of protection in that jurisdiction by means of a determination of adequacy by the European Commission (“EC”), or under EU-US Privacy Shield self-certification framework or equivalent or through entry into the European Union (“EU”) Standard Contractual Clauses.
Such information may be accessed by law enforcement agencies and other authorities in other countries in accordance with relevant legislation to prevent and detect financial crime and comply with legal obligations.
Rest assured that we will always ensure any transfer is subject to appropriate security measures to safeguard your Personal Data including entering into the aforementioned approved contracts that that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach.
On request made by you, we will provide a list of those parties located outside of the United Kingdom and EEA to whom we may transfer your Personal Data. We will inform you if there are any changes to this list and you shall have ten days to object on reasonable and objective grounds to any such change.
In the event of your reasonable objection on objective grounds, we will work with you to find a solution whereby your Personal Data is not transferred to those parties to whom you have objected.
We do not transfer your information outside of the EEA other than in accordance with an agreement you have with us.
ACCESS AND YOUR RIGHTS
Please be aware that we may need to request specific information from you to help us confirm your identity (including, where applicable, certification of your identity from a third-party) and ensure your right to access Personal Data (or to exercise any of your other rights).
This is another appropriate security measure to ensure that your Personal Data is not disclosed to any person who has no right to receive it.
Under the GDPR, you have the following rights.
THE RIGHT TO ASK US TO STOP CONTACTING YOU WITH DIRECT MARKETING
Even if you have accepted the processing of your Personal Data for marketing communication purposes (by ticking the relevant box), you have the right to ask us to stop processing your Personal Data for such purposes.
Let us know what method of contact you are not happy with if you are unhappy with certain ways of contacting you only (for example, you may be happy for us to contact you by email but not by telephone).
You can exercise this right at any time by contacting us, please see the “Contact Us” section below.
THE RIGHT TO REQUEST A COPY OF YOUR INFORMATION
You can request a copy of your information which we hold (this is known as a “Data Subject Access Request” or “DSAR”).
If you would like a copy of some or all of your information, please see the “Contact Us” section below; and let us know the specific information you want a copy of.
Any data subject access request may be subject to a reasonable fee to cover the administration cost of providing you with details of the information we hold about you.
THE RIGHT TO CORRECT ANY MISTAKES IN YOUR INFORMATION
You can require us to correct any mistakes in your information which we hold free of charge. If you would like to do this, please see the “Contact Us” section below; and let us know the specific information that is incorrect and the specific information you want it replaced with.
THE RIGHT TO REQUEST WE CEASE PROCESSING YOUR INFORMATION
You may request that we cease processing your Personal Data. If you make such a request, we shall retain only the amount of Personal Data pertaining you that is necessary to ensure that no further processing of your Personal Data takes place.
THE RIGHT TO REQUEST DELETION OF YOUR INFORMATION
You can ask us to erase all your Personal Data (also known as the “right to be forgotten”) in the following circumstances:
- It is no longer necessary for us to hold that Personal Data with respect to the purpose for which it was originally collected or processed;
- You wish to withdraw your consent to us holding and processing your Personal Data;
- You object to us holding and processing your Personal Data (and there is no overriding legitimate interest to allow us to continue doing so);
- The Personal data has been processed unlawfully; or
- The Personal data needs to be erased in order for us to comply with a particular legal obligation.
Unless we have reasonable grounds to refuse to erase your Personal Data, all requests for erasure shall be complied with.
If you are not satisfied with our response to any queries or complaints you raise with us or believe we are not processing your Personal Data in accordance with the Data Protection Laws and Regulations you have the right to lodge a complaint at the ICO (https://ico.org.uk/), the UK supervisory authority for data protection issues, or, as the case may be, any other competent supervisory authority of an EU Member State.