WHO WE ARE
Strand Hanson Limited ('we' or 'us' or 'our') gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.
Our registered office is at 26 Mount Row, London W1K 3SQ and we are a company registered in England and Wales under company number 02780169.
We are registered on the Information Commissioner's Office Register; registration number Z724093X, and act as the data controller when processing your data.
We are authorised and regulated by the Financial Conduct Authority; registration number 161661.
Our designated Data Protection Officer is Richard Evans, who can be contacted at 26 Mount Row, London W1K 3SQ, tel: 020 7409 3494, email: firstname.lastname@example.org.
INFORMATION THAT WE COLLECT
We process your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice. The personal data that we collect from you may include:
- contact information, such as your name, job title, postal address, including your home address, where you have provided this to us, business address, telephone number, mobile phone number, fax number and email address;
- further business information necessarily processed in a project or client contractual relationship with us or voluntarily provided by you, such as instructions given, payments made, requests and projects;
- information collected from publicly available resources, integrity data bases and credit agencies;
- if required by relevant laws or regulations, personal information such as:
- your date of birth,
- passport number or driving license number;
- your membership of a professional or trade association or union;
- information about relevant and significant litigation or other legal proceedings against you or a third party related to you; or
- details of any criminal record you may have.
- payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
- other personal data regarding your preferences where it is relevant to advice or services that we provide;
- details of your visits to our premises; and
- special categories of personal data in connection with the registration for and provision of access to an event or seminar, where we may ask for information about:
- your health for the purpose of identifying and being considerate of any disabilities; or
- special dietary requirements you may have; where any use of such information is based on your consent, but if you do not provide any such information about disabilities or special dietary requirements, we will not be able to take any respective precautions.
HOW WE COLLECT YOUR PERSONAL INFORMATION
We may collect personal information about you in a number of circumstances, including:
- When you or your organisation seek advice or services from us;
- When you or your organisation browse, make an enquiry or otherwise interact on our website;
- When you attend a seminar or another event or sign up to receive personal data from us; or
- When you or your organisation offer to provide or provide services to us.
In some circumstances, we collect personal data about you from a third party source. For example, we may collect personal data from your organisation, other organisations with whom you have dealings, government agencies, a credit-reporting agency, an information or service provider or from a publicly available record.
HOW WE USE YOUR PERSONAL INFORMATION (LEGAL BASIS FOR PROCESSING)
We take your privacy very seriously and will never disclose, share or sell your data without your consent; unless required to do so by law or regulation. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time. The purposes and reasons for processing your personal data are detailed below.
We may use your personal data for the following purposes only ("Permitted Purposes"):
- providing advice or other services or things instructed or requested by you or your organisation;
- managing and administering your or your organisation's business relationship with us, including processing payments, accounting, auditing, billing and collection, support services;
- compliance with our legal or regulatory obligations (such as record keeping obligations), compliance screening or recording obligations (e.g. trade sanction and embargo laws, for anti-money laundering, financial and credit check and fraud and crime prevention and detection purposes), which may include automated checks of your contact data or other information you provide about your identity against applicable sanctioned-party lists and contacting you to confirm your identity in case of a potential match or recording interaction with you which may be relevant for compliance purposes;
- to analyse and improve our services and communications to you;
- protecting the security of and managing access to our premises, IT and communication systems, online platforms, websites and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities;
- for insurance purposes;
- for monitoring and assessing compliance with our policies and standards;
- to identify persons authorised to trade on behalf of our clients, customers, suppliers and/or service providers;
- to comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies;
- to comply with court orders and exercises and/or defend our legal rights; and
- for any purpose related and/or ancillary to any of the above or any other purpose for which your personal data was provided to us.
Where you have expressly given us your consent, we may process your personal data also for the following purposes:
- communicating with you through the channels you have approved to keep you up to date on the latest market developments, announcements, and other information about our services and products as well as our hospitality or other events;
- customer surveys, marketing campaigns, market analysis, sweepstakes, contests or other promotional activities or events; or
- collecting information about your preferences to create a user profile to personalise and foster the quality of our communication and interaction with you (for example, by way of website analytics).
With regard to marketing-related communication, we will - where legally required - only provide you with such information after you have opted in and provide you the opportunity to opt out anytime if you do not want to receive further marketing-related communication from us. We will not use your personal data for taking any automated decisions affecting you or creating profiles other than described above.
Depending on for which of the above Permitted Purposes we use your personal data, we may process your personal data on one or more of the following legal grounds:
- because processing is necessary for the performance of a client instruction or other contract with you or your organisation;
- to comply with our legal obligations (e.g. to keep pension records or records for tax purposes); or
- because processing is necessary for purposes of our legitimate interest or those of any third party recipients that receive your personal data, provided that such interests are not overridden by your interests or fundamental rights and freedoms.
In addition, the processing may be based on your consent where you have expressly given that to us.
You have the right to access any personal information that we process about you and to request information about:
- what personal data we hold about you
- the purposes of the processing
- the categories of personal data concerned
- the recipients to whom the personal data has/will be disclosed
- how long we intend to store your personal data for
- if we did not collect the data directly from you, information about the source
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
SHARING AND DISCLOSING YOUR PERSONAL INFORMATION
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. We use third-parties to provide the below services and business functions; however, all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.
We disclose and share personal information:
- with our directors, staff, agents and consultants based in the UK;
- to other professional advisers and third parties in accordance with your instructions;
- to our professional indemnity insurers, our auditors and payroll service providers;
- to third party processors, service providers, representatives and agents that we use to make our business more efficient, including for our IT services, data storage/back-up and marketing;
- with companies providing services for money laundering checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such personal information is shared;
- if we, acting in good faith, consider disclosure to be required by law or the rules of any applicable governmental, regulatory or professional body including the FCA and the London Stock Exchange; and
- we may also use aggregated personal data and statistics for the purpose of monitoring website usage in order to help us develop our website and our services.
Certain laws (for example, those relating to money laundering and tax fraud) give power to authorities such as the police or the tax authorities to inspect clients’ information and take copies of documents. It is possible that, at any time, we may be requested by those authorities to provide them with access to your information in connection with the work we have done for you. If this happens, we will comply with the request only to the extent that we are bound by law and, in so far as it is allowed, we will notify you of the request or provision of information.
We may transfer personal data to a successor firm or company, which acquires the business carried on by us. If this happens, we shall ensure that you are notified of the transfer and we shall secure a commitment from the firm or company to which we transfer personal data to comply with applicable data protection laws.
We take your privacy seriously and take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including:
- hard copy information files are restricted to authorised individuals
- we use, as appropriate, encryption, firewalls, access controls, policies and other procedures to protect information from unauthorised access.
- where appropriate, we use pseudonymisation and / or encryption to protect your information.
We will take appropriate technical and organisational measures to keep your personal data confidential and secure in accordance with our internal procedures covering the storage, disclosure of and access to personal data. Personal data may be kept on our personal data technology systems, those of our contractors or in paper files.
TRANSFERS OUTSIDE THE EU
Personal data in the European Union is protected by the General Data Protection Regulation (GDPR) but some other countries may not necessarily have the same high standard of protection for your personal data.
To deliver services to you, it is sometimes necessary for us to transfer and store your personal data outside the European Economic Area (“EEA”) as follows:
- with our service providers located outside the EEA;
- if you are based outside the EEA;
- where there is an international aspect to the services, which we have been instructed on. Where personal data is transferred to and stored outside the EEA, we take steps to provide appropriate safeguards to protect your personal data, including:
- transferring your personal data to a country, territory, sector or international organisation which the European Commission has determined ensures an adequate level of protection, as permitted under Article 45(1) GDPR;
- entering into standard contractual clauses approved by the European Commission, obliging recipients to protect your personal data as permitted under Article 46(2)(c) GDPR;
- under the EU-U.S. Privacy Shield Framework which enables U.S. business to self-certify as a means of complying with EU data protection laws;
In the absence of an adequacy decision or of appropriate safeguards as referenced in 17.2 above, we will only transfer personal data to a third country where one of the following applies (as permitted under Article 49 GDPR)):
- the transfer is necessary for the performance of our contractual engagement with you;
- the transfer is necessary for the establishment, exercise or defence of legal claims; or
- you have provided explicit consent to the transfer.
If you want further information on the specific mechanism used by us when transferring your personal data out of the EEA, please contact our Privacy Manager using the details set out above.
As noted in the ‘How We Use Your Personal Data’ section of this notice, we occasionally process your personal information under the legitimate interests’ legal basis. Where this is the case, we have carried out a thorough Legitimate Interests’ Assessment (LIA) to ensure that we have weighed your interests and any risk posed to you against our own interests; ensuring that they are proportionate and appropriate.
HOW LONG WE KEEP YOUR DATA
We only ever retain personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed.
Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
LODGING A COMPLAINT
We only process your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority.
CHANGES TO THIS POLICY
We may change this Policy from time to time. The current version of this Policy will always be available from us in hard copy or on our website. We will post a prominent notice on our website to notify you of any significant changes to this Policy or update you by other appropriate means.
This Policy was last updated on 25 May 2018.