1. Our approach
2. What information do we hold about you?
We may collect personal information when you use one of our services, or in the course of providing you with one of our services. We will also collect personal information if you apply to become an ‘elective professional’ client of SP Angel or when we carry out our compliance due diligence checks on you (in your capacity as a director, principal, officer, employee etc. of a customer).
3. What do we do with your personal information?
3.1 We will use your personal information, and may share your personal information with other third parties acting on our behalf, for one or more of the following purposes:
3.1.1 to carry out our services with or for you or to respond to any enquiry or complaint you may make to us;
3.1.2 to prevent or detect fraud or abuse of our service, for example, by requesting you complete a questionnaire so that we can verify who you are;
3.1.3 to enable our service providers or agents to carry out certain functions on our behalf, for example, verification, settlement or IT support or telecommunications or other relevant functions;
3.1.4. for regulatory and legal compliance purposes, including your suitability to be a director or senior manager of a public company; and
3.1.5. for our own administrative purposes, including training our staff, conducting internal audits or transferring assets as part of a sale, purchase or investment.
Sensitive Personal Information
3.2 In certain circumstances, we may need to collect sensitive personal information about you, which may include information about:
3.2.1 your physical or mental health condition, or the physical or mental health condition of members of your family; and
3.2.2 any criminal offence or alleged criminal offence committed by you, or members of your family.
3.3 We will only use such sensitive personal information:
3.3.1 to administer or carry out our obligations under our service to you;
3.3.2 to fulfil our legal or regulatory obligations, for example, by requesting you complete a questionnaire so that we can verify if you have a criminal record; and
3.3.3 to assess and respond to a complaint you might make relating to our services.
3.4 We do not sell, rent, trade or otherwise derive income from your data.
3.5 We do not use automated means to process your data or make decisions regarding you.
4. Grounds for processing your information
To process your personal information lawfully we need to rely on one or more valid legal grounds. Our primary legal grounds for processing your personal information are to fulfil our contract with you and comply with our regulatory obligations (principally, our obligations as an AIM Nominated Adviser and FCA regulated firm). Please note that if you fail to provide your personal information, we may not be able to accept you as a customer or perform the contract we have entered into with you. In some circumstances, we may also rely on other legal grounds such as:
4.1 our legitimate interests as a business (except where your interests or fundamental rights override these). For example, it is within our legitimate interests to use your personal information to prevent or detect fraud or abuses of our service, send you information or research which you have requested or keep our records up to date;
4.2 our compliance with a legal or regulatory obligation to which SP Angel is subject; or
4.3 your consent, where we process your sensitive personal information (such as your medical history).
5. Disclosure of your personal information
There are circumstances where we may wish to disclose or are compelled to disclose your personal information to third parties. This will only take place in accordance with the law or our regulatory obligations and for the purposes listed above.
6. Retention of personal information
7. International transfer of personal data
We may transfer your personal information to a third party in countries outside the country in which it was originally collected for further processing in accordance with the purposes set out above. In these circumstances we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organisational, contractual or other lawful means.
8. Third parties personal information
9. Data subject rights
9.1 Data protection law provides data subjects with numerous rights, including the right to: access, rectify, erase, restrict, transport, and object to the processing of their personal information. Data subjects also have the right to lodge a complaint with the relevant data protection authority if they believe that their personal information is not being processed in accordance with applicable data protection law.
9.2 Right to make a subject access request (SAR).
Data subjects may, where permitted by applicable law, request copies of their personal information (by way of a SAR). If you would like to make a SAR, i.e. a request for a copy of the personal information we hold about you, you may do so by writing to Tim Jenkins (firstname.lastname@example.org). The request should make clear that a SAR is being made. You may also be required to submit a proof of your identity and a fee (if your request may reasonably be considered to be unfounded, excessive or repetitive).
9.3 Right to rectification.
You may request that we rectify any inaccurate and/or complete any incomplete personal information.
9.4. Right to withdraw consent.
You may, as permitted by applicable law, withdraw your consent to the processing of your personal information at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent or processing based on other permitted grounds (e.g. our regulatory obligations or legitimate interests). Please note that if you withdraw your consent, you may not be able to benefit from certain service features for which the processing of your personal information is essential.
9.5 Right to object to processing.
You may, as permitted by applicable law, request that we stop processing your personal information
9.6 Right to erasure.
You may request that we erase your personal information and we will comply, unless there is a lawful or regulatory reason for not doing so. For example, there may be an overriding legitimate ground for keeping your personal information (e.g. if retention is necessary for us to comply with our legal and regulatory obligations).
9.7 Your right to lodge a complaint with the supervisory authority.
We suggest that in the first instance you contact us if you have any questions or if you have a complaint in relation to how we process your personal information. However, you do have the right to contact the relevant supervisory authority directly. To contact the Information Commissioner’s Office in the United Kingdom, please visit the ICO website for instructions.