RESPONSIBILITY FOR YOUR PERSONAL DATA
Beaumont Cornish Limited, located at Bowman House, 29 Wilson Street, London, EC2M 2SJ (further referred to as “BCL”) is the data controller relating to any personal information we collect of our customers in the European Union (“User” or “you”).
WHEN DOES BCL COLLECT YOUR PERSONAL DATA?
BCL may collect personal information at some stage either prior to or during the course of providing you with one of its services. BCL will also collect personal information if you apply to become an ‘elective professional’ client of BCL or when we carry out our compliance due diligence checks on you (in your capacity as a director, principal, officer, employee etc. of a customer).
technical information, which may include your IP address, your login information, browser type and version, device identifier, location and time zone setting, browser plug-in types and versions, operating system and platform, page response times, and download errors; and
length of visits to certain pages, page interaction information (such as scrolling and clicks) and methods used to browse away from the page.
WHY DOES BCL COLLECT YOUR PERSONAL DATA?
BCL will use your personal information, and may share your personal information with other third parties acting on its behalf, for one or more of the following purposes.
to carry out our services with or for you or to respond to any enquiry or complaint you may make to BCL;
to prevent or detect fraud or abuse of its service, for example, by requesting you complete a questionnaire so that BCL can verify who you are;
to enable its service providers or agents to carry out certain functions on its behalf, for example, verification;
for regulatory and legal compliance purposes, including your suitability to be a director senior manager of a public company; and
for our own administrative purposes, including staff training or conducting internal audits.
Sensitive Personal Information
In certain circumstances, BCL may need to collect sensitive personal information about you, which may include information about:
your physical or mental health condition, or the physical or mental health condition of members of your family; and
any criminal offence or alleged criminal offence committed by you, or members of your family.
BCL will only use such sensitive personal information:
to administer or carry out our obligations under our service to you;
to fulfil our legal or regulatory obligations, for example, by requesting you complete a questionnaire so that BCL can verify if you have a criminal record; and
to assess and respond to a complaint you might make relating to its services.
BCL will not sell, rent, trade or otherwise derive income from your data.
BCL will not use automated means to process your data or make decisions regarding you.
GROUNDS FOR BCL PROCESSING YOUR PERSONAL DATA
To process your personal information lawfully BCL will need to rely on one or more valid legal grounds. Our primary legal grounds for processing your personal information are to fulfil our contract with you and comply with our regulatory obligations (principally, our obligations as an AIM Nominated Adviser and FCA regulated firm). Please note that if you fail to provide your personal information, we may not be able to accept you as a customer or perform the contract we have entered into with you. In some circumstances, we may also rely on other legal grounds such as:
our legitimate interests as a business (except where your interests or fundamental rights override these). For example, it is within our legitimate interests to use your personal information to prevent or detect fraud or abuses of our service, send you information or research which you have requested or keep our records up todate;
our compliance with a legal or regulatory obligation to which BCL is subject;or
your consent, where we process your sensitive personal information (such as your medical history).
DISCLOSURE OF YOUR PERSONAL DATA
There are circumstances where we may wish to disclose or are compelled to disclose your personal information to third parties. This will only take place in accordance with the law or our regulatory obligations and for the purposes listed above.
RETENTION OF PERSONAL DATA
We only collect the data we need and will ensure we have appropriate physical and technological security measures to protect your personal data.
INTERNATIONAL TRANSFER OF PERSONAL DATA
We may transfer your personal information to a third party in countries outside the country in which it was originally collected for further processing in accordance with the purposes set out above. In these circumstances we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organisational, contractual or other lawful means.
THIRD PARTIES PERSONAL INFORMATION
YOUR GENERAL RIGHTS AS A DATA SUBJECT
Data protection law provides persons, known as data subjects, with individual rights, including the right to: be informed, access, rectify, erase, restrict, transport, and object to the processing of their personal information. Data subjects also havetherighttolodgeacomplaintwiththerelevantdataprotectionauthorityiftheybelievethattheir personal information is not being processed in accordance with applicable data protectionlaw.
Right of access – data subjects may, where permitted by applicable law, request copies of their personal information (by way of Data Subject Access Request (“DSAR”). If you would like to make a DSAR, i.e. a request for a copy of the personal information we hold about you, you may do so by writing to Felicity Geidt (firstname.lastname@example.org). The request should make clear that a DSAR is being made. You may also be required to submit a proof of your identity.
Right to rectification – data subjects can request that we rectify any inaccurate and/or complete any incomplete personal information. We may ask you to verify your identity and for more information about your request.
Right to erasure – data subjects can request that we erase your personal information and we will comply, unless there is a lawful or regulatory reason for not doing so. For example, there may be an overriding legitimate ground for keeping your personal information (e.g. if retention is necessary for us to comply with our legal and regulatory obligations). We may ask you to verify your identity and for more information about your request.
Right to restrict processing – data subjects can, as permitted by applicable law, withdraw consent to the processing of personal information at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent or processing based on other permitted grounds (e.g. our regulatory obligations or legitimate interests). Please note that if you withdraw your consent, you may not be able to benefit from certain service features for which the processing of your personal information is essential.
Right to data portabilility – data subjects can, as permitted by applicable law, request that we stop processing your personal information
Right to data portability – data subjects can have the personal data you have given us transferred to another company, and we will make every reasonable effort to comply with your request.
Your right to lodge a complaint with the supervisory authority. We suggest that in the first instance you contact us if you have any questions or if you have a complaint in relation to how we process your personal information. However, you do have the right to contact the relevant supervisory authority directly. To contact the Information Commissioner’s Office in the United Kingdom, please visit the ICO website for instructions.
Your general rights relating to data access are subject to BCL’s obligations when performing regulatory activities to safeguard the prevention, investigation, detection and prosecution of breaches of ethics for regulated professions.