Please read this Privacy Notice carefully before providing us with any information about you or any other connected person. Where you provide information about another person, you should first obtain their consent to do so.
We have developed this Privacy Notice in accordance with the Data Protection Act 1998 and Regulation (EU) 2016/679, commonly known as the General Data Protection Regulation or GDPR. Its purpose is to advise you of the personal information we may collect, for what purpose(s), how we will use it, the lawful basis under which we may do this and your rights under the GDPR.
1.The categories of data subject to the provisions of the GDPR
‘Personal data’ (Article 4 of the GDPR) by which we mean information which identifies you as an individual, or is capable of doing so.
2. Contact details and person responsible for Data Protection at Longspur Capital.
Longspur Capital Limited is registered with the Information Commissioner’s Office as a Data Controller, reference number ZA778488. We have a responsibility to ensure that your personal information is processed in accordance with this Privacy Notice and the above Regulations.
If you would like to discuss anything in this Privacy Notice, please contact the Compliance Director who is the person responsible for Data Protection within the firm. You may contact her in writing at 20 North Audley Street, London W1K 6WE, by telephone on +44(0)131 357 6770, or by email to info@longspur.com.
3. The personal data we may collect and the purposes for this.
We may collect and process different types of personal data in the course of operating our business and providing our services. These include:
We may collect or receive your personal data in a number of different ways:
We process the following personal data on the legal basis of Legal Obligation, and the information below sets out further details on this processing.
To meet our obligations to the UK Money Laundering Regulations, we may use the following personal data
4. Data Sharing
We may share information with third parties where this is necessary to enable us to provide our services to you or to allow us to comply with our legal or regulatory obligations. We will not share your data with any third party for marketing purposes. The classes of third parties with whom we will share your personal data, and the reasons for this, are as follows.
We outsource our IT hardware and systems support. Certain operating and record keeping systems are provided by third parties. These third parties may have access to data for support, service, backup and trouble-shooting purposes. We have agreements in place with these third parties to restrict their access to and use of this data.
Financial services regulators, Financial Ombudsman, government and law enforcement agencies
These entities have a legal right to access our records and we have a legal obligation to disclose any information we hold in certain circumstances.
Credit reference agencies, fraud prevention agencies and related service providers
In order to meet our obligations in respect of The UK Money Laundering and Proceeds of Crime Regulations we may, with your consent, use a third party electronic verification system to verify your identity. This is undertaken as part of the initial client appointment, and may be repeated at any time for the duration of the service(s) we provide to you.
Tax authorities
We may have to share information with tax authorities, either directly with overseas authorities or via Her Majesty’s Revenue and Customs who may share that information with the appropriate tax authorities abroad.
Our professional advisers and insurers
Our appointed auditors, lawyers, accountants, other professional advisers and insurers may require access to the client information we hold in order to provide us with advice or insurance.
Your professional advisers and representatives
We may share information with your lawyers, accountants and other professional advisers if you request this. We may also share information with persons such as a Power of Attorney, Trustee, Executor or personal representative.
Web analytics
Analysis of traffic using our website may be undertaken by selected third parties on our behalf.
Business transfers
We may transfer our records to a third party as part of a sale or transfer of some or all of the business to a regulated third party.
5. The lawful basis upon which we process personal data and what this means
Part 3 includes the lawful basis upon which we process personal data and the following is a brief explanation of what this means.
The Lawful basis under EU directive 2014/65/EU Article 6, 1(f) Legitimate Interests means the processing is necessary, without your explicit consent, for the legitimate business interests of Longspur Capital, unless these interests are overridden by your interests or fundamental rights. Our legitimate business interests are explained in Part 2 of this privacy notice.
You have the right to object to us processing your personal data on the lawful basis of legitimate interests, but to do so may mean that we are unable to provide services to you. If you wish to object, please use the contact details in Part 1 to do so.
6. The retention periods for personal data
The retention period for personal data varies, depending on our regulatory obligations and complaints time barring rules. The table below shows the various retention periods, and relates to all forms of records such as paper, electronically stored records, emails and recorded telephone calls.
Records relating to: Retention Period
7. Your rights as a data subject
The GDPR provides you with the following rights in relation to your personal data processed by us:
The right to be informed
You have the right to be informed how your data will be processed and of your rights. The required information is provided in this Privacy Notice.
The right of access
You have the right to obtain confirmation that your personal data is being processed and have access to this. When requested by you, we must provide you with a copy of the information free of charge within one month. However, we can charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive. We may also charge a reasonable fee to comply with requests for further copies of the same information. Data access requests should be submitted using the contact details in Part 1 of this Privacy Notice.
The right to rectification
You are entitled to have personal data rectified if it is inaccurate or incomplete. We must respond to a request for rectification within one month. This can be extended by two months where the request for rectification is complex. Data rectification requests should be submitted using the contact details in Part 1 of this Privacy Notice.
The right to erasure
You may request the deletion or removal of your personal data where there is no compelling reason for its continued processing. We may, however, decline the request where we have a legal or regulatory obligation to retain the data, or where it is being used in the exercise or defence of a legal claim. In such circumstances we will write to you explaining our reasons for declining your request for the data to be erased. Data erasure requests should be submitted using the contact details in Part 1 of this Privacy Notice.
The right to restrict processing
You have a right to ‘block’ or suppress the processing of your personal data. When processing is restricted, we are permitted to store the personal data, but not to further process it. Data suppression requests should be submitted using the contact details in Part 1 of this Privacy Notice.
The right to data portability
Individuals generally have the right to data portability. However, this only applies to personal data where the processing is based on the legal basis of consent or for the performance of a contract; and it is carried out by automated means. This right does not apply to your personal data that we process, as this is processed on the legal basis of Legitimate Interests and processing is not carried out by automated means.
The right to object to processing or withdraw consent
You have the right to object to your data being processed on the legal basis of Legitimate Interests and the right to object to direct marketing and data profiling. You also have the right to withdraw consent for us to process your information concerning health. Objections to, or withdrawal of consent for, data processing should be submitted using the contact details in Part 1 of this Privacy Notice.
The right to remedies, liabilities and penalties
You have the right to report any concerns you have about the way we have processed your personal data to the Information Commissioner’s Office. You may do this online at https://ico.org.uk/concerns/handling or in writing to Information Commissioner’s Offices at Wycliffe House’ Water Lane’ Wilmslow, Cheshire, SK9 5AF (telephone 0303 123 1113) or 45 Melville Street, Edinburgh, EH3 7HL (telephone 0303 123 1115).
8. The GDPR Principles
The GDPR Principles apply to all entities that control or process personal data and form the basis for this privacy notice. The Principles require that personal data shall be:
Leo RegTech Limited, incorporated and registered in England and Wales with company number 04829021, acting through its French branch located at 128 rue de la Boétie 75008, Paris, France, is a designated representative of Longspur Capital Limited (the “Company”) in the European Union, in accordance with article 27 of the EU General Data Protection Regulation (2016/679/EU) (the “GDPR”).
The Company has mandated Leo and its branch to be the EU Representative of the Company with regards to any communications or enquiry from the Supervisory Authority and/or data subjects on all issues related to the processing of personal data.
If you are in the EU, please contact Leo at the following details:
Email: eurorep@leo.tech
Address: FAO EuroRep, c/o Leo, 128 rue de la Boétie 75008, Paris, France
When contacting Leo regarding the Company, please quote the name of the Company and the Ref: 0086.
If you would like to discuss anything in this Privacy Notice, please contact the Compliance Director who is the person responsible for Data Protection within the firm. You may contact them in writing at 20 North Audley Street, London W1K 6WE, by telephone on 020 3940 6607, or by email to info@longspur.com.