1.1. We, C and F Partners Limited, an English private Limited Company (Registration No: 11720511) with its principal place of business at 1st Floor, 64 Baker Street, London W1U &GB ('C&F', 'we', 'our' or 'us' being interpreted accordingly) are committed to protecting any personal information we receive.
1.2. Personal information relating to you that either identifies you or from which you can be identified is called personal data ('Personal Data')
3. What Personal Data do we collect and use?
3.1. The Personal Data about you that we collect and use includes the following:
a. name, address, phone; email and other contact details that you provide to us, for example if you make an enquiry about our services;
b. information you provide about yourself, when you submit a comment to us;
c. any Personal Data contained in correspondence between you and us, which we may retain on file;
d. information obtained through 'cookies' or other tracking technology, including your IP address, when you browse this Website (see below) as well as any other Personal Data that you may provide to us from time to time.
4. How your Personal Data is collected
a. We collect Personal Data about you in various ways as follows:
b. when you provide your details as a C&F client, prospective client or client contact to us;
c. you sign up to receive information from us or you register to attend an event that we hold; and/or
d. through your relationship and communications with us from time to time.
4.1. In some cases, your Personal Data may be supplemented by information that we collect from public sources, including searches via search engines, sector-specific newsletters, and public registers such as Companies House, although this is used for the purposes of confirming your identity and helping us to get to know you so that we can suggest and tailor our services accordingly. We may also collect other Personal Data from third party service provider databases when conducting identity and background checks.
5. What we use your Personal Data for.
Other than as stated above, we may use your Personal Data for one or more of the following purposes:
a. to provide our services;
b. to update you as one of our clients or contacts with news about C&F or its services;
c. to deal with any comments, enquiries or requests that you submit to us;
d. to enforce and/or defend any of our legal claims or rights; and/or
e. for any other purpose required by applicable law, regulation, the order of any court or regulatory authority, such as the Financial Conduct Authority (FCA).
6. The lawful grounds on which we collect and process your Personal Data
6.1. C&F will process your Personal Data for the above purposes relying on one or more of the following lawful grounds:
a. where we agree to provide any goods or services to you, in order to take any pre-contract steps at your request and/or to perform our contractual obligations to you;
b. where we need to use your Personal Data for legitimate purposes relevant to C&F being able to efficiently and effectively provide services to clients and to manage our business affairs. We will always seek to pursue these legitimate interests in a way that does not unduly infringe on your other legal rights and freedoms and, in particular, your right of privacy;
c. where you have freely provided your consent for particular purposes, such as to receive electronic direct marketing in the future; and/or
d. where we need to collect, process or hold your Personal Data to comply with a legal or regulatory obligation.
7. Our Legal Obligations regarding your data
7.1. We collect and process your Personal Data in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation, the EU General Data Protection Regulation (2016/679) ('GDPR') and the UK Data Protection Act 2018 ('DPA') (together, 'Data Protection Law').
8. Disclosing your Personal Data to third parties
8.1. We may need to disclose your Personal Data to certain third party organisations who are handling that data only on our behalf and in accordance with our instructions under contract (called 'data processors') in the following circumstances:
a. companies and/or organisations that act as our service providers (e.g. consultants, IT suppliers, data hosting companies and identity checking service providers) or our professional advisers;
b. companies and/or organisations who assist us in processing and/or otherwise fulfilling transactions that you enter into with us (e.g. payment processors). In relation to these data processors, we will make sure that they act only in accordance with our instructions and that adequate safeguards are put in place by them to protect your Personal Data in accordance with Data Protection Law.
8.2. We may also disclose your Personal Data to and/or obtain certain Personal Data about you from third party service providers. These third parties will make their own determination as to how they process your Personal Data and for what purpose(s) (and are therefore called 'data controllers'). For example, if we make travel arrangements on your behalf, we may disclose your Personal Details to the relevant airline. The third party data controllers we use will handle your Personal Data in accordance with their own chosen procedures and you should check the relevant privacy policies of these companies or organisations to understand how they may use your Personal Data. Since these controller organisations are acting outside of our control, we have no responsibility for their data processing practices.
8.3. Other than as described above, we will treat your Personal Data as private and will not disclose your Personal Data to third parties without you knowing about it. The exceptions are in relation to legal proceedings or where we are legally required to do so and cannot tell you.
8.4. In all cases we always aim to ensure as far as possible that your Personal Data is only used by third parties for lawful purposes and in compliance applicable Data Protection Law.
9. International Transfers
9.1. The Personal Data that we collect from you is primarily processed in the UK although it may be transferred to and stored at a destination outside the European Economic Area (EEA). It may be accessed or processed on our behalf by staff operating outside the EEA or by a supplier with such staff (e.g. IT suppliers or data hosting companies), although in each case they will be acting under our instructions. We may also be transferring your Personal Data to a destination outside the EEA to your service providers, or to you if you are based outside the EEA.
9.2. Some countries outside the EEA (for example, the United States) are not regarded as having the same legal standards for protection of Personal Data that apply inside the EEA. If we do transfer your Personal Data outside the EEA however, we will take appropriate steps to ensure that adequate measures are taken in accordance with Data Protection Law to safeguard and protect your Personal Data.
11. How long we retain your Personal Data for
11.1. C&F only retains Personal Data identifying you for as long as you have a relationship with us; or as necessary to perform our obligations to you (or to enforce or defend contract claims); or as is required by applicable law.
11.2. The criteria we use for determining how long we retain Personal Data is based on:
a. various legislative requirements, such as requirements to hold transaction records and related information under tax law;
b. the potential need to refer back to that data if there is a future claim or legal dispute; and
c. guidance issued by relevant regulatory authorities including but not limited to the UK Information Commissioner's Office (ICO) or FCA.
11.3. Personal Data we no longer need is securely disposed of and/or anonymised so you can no longer be identified from it.
12.1. We employ appropriate technical and organisational security measures to protect your Personal Data from being accessed by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.
12.2. We also endeavour to take all reasonable steps to protect Personal Data from external threats such as malicious software or hacking. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of all data sent to us (including Personal Data).
13. Your personal data rights
13.1. In accordance with your legal rights under applicable law, you have a 'subject access request' right under which can request information about the Personal Data that we hold about you, what we use that Personal Data for and who it may be disclosed to as well as certain other information.
13.2. Usually we will have a month to respond to such as subject access request. We reserve the right to verify your identity if you make such a subject access request and we may, in case of complex requests, require a further two months to respond.
13.3. Usually we will not charge for responding to a subject access request although we may charge a fee for dealing with (or reject) any manifestly unreasonable or excessive requests for access.
13.4. We may also require further information to locate the specific information you seek before we can respond in full and apply certain legal exemptions when responding to your request.
13.5. Under Data Protection Law you also have the following rights, which are exercisable by making a request to us in writing:
a. that we correct Personal Data that we hold about you which is inaccurate or incomplete;
b. that we erase your Personal Data without undue delay if we no longer need to hold or process it;
c. to object to any automated processing (if applicable) that we carry out in relation to your Personal Data, for example if we conduct any automated credit scoring;
d. to object to our use of your Personal Data for direct marketing;
e. to object to and/or restrict the use of your Personal Data for purposes other than those set out above unless we have a legitimate reason for continuing to use it; or
f. that we transfer Personal Data to another party where the Personal Data has been collected with your consent or is being used to perform contact with you and is being carried out by automated means.
13.6. If you would like to exercise any of the rights set out above, please contact us at the address below.
13.7. If you make a request and are not satisfied with our response, or believe that we are illegally processing your Personal Data, you have the right to complain to the Information Commissioner's Office (ICO) – see https://ico.org.uk/.