Privacy & Cookies
GDPR requires data controllers to provide individuals with a privacy notice containing information about how and why their personal data is processed. The purpose of a privacy notice is to enable you to make an informed decision about how your personal data will be used in your dealings with us or someone else acquiring, using and/or processing your personal data.
A privacy notice must be:
i concise, transparent, intelligible, and easily accessible
ii written in clear and plain language; and
iii free of charge
2 BASIS OF PROCESSING
GDPR requires data controllers to establish the lawful basis(es) for processing your personal data. The following bases have been established:
iii legal obligation
iv legitimate interests
3 HOW WILL YOUR PERSONAL DATA BE SOURCED?
(a) At our heart we are people’s business who use technology to enhance face-to-face communication and record keeping. We anticipate sourcing your personal data from:
i business/v-cards you have given to us
ii online questionnaires you have accessed via our website or social media content
iii face-to-face or telephone meetings
iv internet searches and social media platforms such as LinkedIn, Facebook, Twitter or Lead Forensics
v details provided to us by event promoters and/or professional trade bodies
vi third party due diligence reference agencies and referees
vii personal/business introductions from referrers and/or our associates and partners
4 HOW WILL YOUR PERSONAL DATA BE USED?
(a) Your basic personal data may be used for marketing purposes which will include:
i direct communication about our services, products, events and seminars
ii newsletters and updates about us and our associates
iii newsletters and updates about financial services and regulatory matters
(b) Your personal data may be provided to third party marketing support vendors with a view to ensure compliance with GDPR and generally for functionality and performance purposes.
(c) Your personal data may be shared with our associates and other professional service providers on a case-by-case basis when you have indicated to us that you would like us to help you in this regard. You can ask us to not share your personal data at any time.
(d) We will not rent or sell your personal data to any third party.
(e) We will keep your basic personal data for marketing purposes until you notify us that you no longer wish to receive this information.
(a) If you provide (or we receive) your personal data with a view to us providing you (or your business associates) with a financial or regulatory service, your information may be used for due diligence and compliance purposes which will include:
i verifying your identity and address, financial and professional standing, experience and competence
ii assessing and monitoring your fitness and probity
(b) Your personal data may be provided and/or otherwise shared with:
i regulatory authorities, law enforcement agencies, by request or order of a court, a government authority
ii third party vendors undertaking administrative, legal, audit, debt collection, due diligence and compliance work on our behalf
iii where necessary for our legitimate interest such as investigating fraud and other criminal behaviour
iv defending or prosecuting a legal claim
v protecting your safety and the safety of others
vi maintaining compliance with applicable laws, regulations and/or professional obligations; and
vii other financial services firms where the primary purpose of their processing of your personal data is for legitimate due diligence and compliance purposes.
(c) We will keep detailed personal data for legitimate regulatory purposes for no less than the minimum period prescribed by each relevant regulatory body, plus a period of 12 months thereafter.
4.3 No Sensitive Data
Our business does not require us to ask for or need “sensitive” or “special” categories of personal data, such as information about your health, political opinions, racial origins or sex life. We also do not provide products or services to persons under 16 years of age. Please do not provide this type of information to us.
4.4 No automated decision-making
We do not employ automated decision-making or profiling systems.
4.6 Transfers Out of the EEA
We may transfer your personal data outside the EEA for the purposes set out in this privacy notice. We will put in place appropriate measures to safeguard your personal data in such circumstances.
5 YOUR RIGHTS
(a) Under the GDPR you have a number of rights over our use of your personal data. You have the right to:
i request from us access to and obtain a copy of your personal data;
ii rectification of incorrect or incomplete data;
iii erasure of your personal data where there is no legitimate basis for it be held;
iv restrict processing;
v object to processing as well as, in certain circumstances, the right to data portability.
(b) If you have provided consent for us to process your personal data, you have the right (in certain circumstances) to withdraw consent at any time which will not affect the lawfulness of the processing before consent was withdrawn.
(c) You have the right to complain to the Information Commissioner’s Office if you think that we have not complied with the relevant requirements of the GDPR.
Access to your personal data is limited to authorised personnel and those personnel authorised by our data processor vendors. Data access is controlled by senior management.
7 IDENTITY AND CONTACT DETAILS
7.1 Data Controller
Met Facilities LLP, our principal place of business is: 40-44 Newman Street, London, W1T 1QD. firstname.lastname@example.org
7.2 Data Protection Officer
We have opted not to appoint a Data Protection Officer, which is permissible under the GDPR.
7.3 Data Protection Leader
Any matters or complaints relating to our processing of your personal data may be raised with our Data Protection Leader, who is the Head of Compliance.
8.1 To the Data Protection Leader:
Telephone: 020 7604 5759
8.2 To the Information Commissioner’s Office
if you remain dissatisfied about the way we have dealt with your complaint, you may apply to the Information Commissioner for a decision:
Version 2 – August 2018