Privacy Policy

Introduction

The Laxfield Group takes the privacy and security of your personal data seriously. The purpose of this notification is, amongst other things, to make you aware of how and why we collect and use your personal data both during and after your engagement with us. If you wish to view the website and its Content, this notification should be read in conjunction with the Website Terms & Conditions and Cookie Policy published therein.

This policy applies where we are acting as a data controller with respect to your personal data; i.e., where we determine the purposes and means of the processing of that personal data. We do not rent or sell your personal data to anyone.

Definitions

The following definitions are applicable to this Data Privacy Notice and Cookies Policy:

“Laxfield Group” refers to all companies within the Laxfield Group, including Laxfield Asset Management Ltd, Laxfield Capital Ltd, Laxfield Debt Advisory Ltd, Laxfield Capital Investments Ltd and Laxfield National Ltd.

Content” means commentary and other materials posted or published on our website.

Employee Data” includes Profile Data, Identity Data, information the right to work in the UK/EU, background, criminal convictions (actual or pending) and reference checks, current salary level, including benefits and pension entitlements and Special Categories of Personal Data.

Identity Data” includes name, home address, gender, date of birth, passport and driving licence ID numbers and photocards and/or professional qualifications and/or certifications.

Profile Data” includes name, home and/or work address, telephone number, personal and/or work e-mail addresses, profile pictures, voice, gender, date of birth, relationship status, interests and hobbies, skills, qualifications, experience, copies of qualification certificates, professional memberships and work history with previous employers, including references.

Special Categories of Personal Data” means personal data concerning race, ethnic origin, political opinions or beliefs, religious or other similar beliefs, and physical or mental health.

Usage Data” includes IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and/or pattern of service use, the device used to access our website, including device type, model, screen size, operating system and network carrier.

 

Business Contacts

Our business contacts typically include: (a) current and former clients and associated intermediaries; and (b) prospective clients and associated intermediaries. If you have had contact with us, via e-mail, phone or meeting any of our representatives, we may store some of your Profile Data. Where you have engaged us to perform, or consider performing, certain services, we may store some of your Identity Data. We will process this personal data for the purposes of:

  1. maintaining a record of contacts
  2. providing periodic business updates and Content
  3. inviting you to presentations, events, surveys and any other marketing campaigns as well as organising meetings between you and our representatives
  4. conducting identity checks as part of our client on-boarding process and to fulfil our Know-Your-Customer requirements in relation to our Anti Money Laundering Policy.

Our legal bases for processing your personal data is that such processing is necessary for our legitimate interests in running and promoting our business, the performance of a contract and/or our legal or regulatory obligation to obtain your Identity Data.

We may use your Profile Data to send you periodic updates about our business, activities, services and Content that may be of interest to you and surveys about market-related matters. You can opt out of receiving such communications at any time by contacting the Data Compliance Manager (see below) or by clicking the “Unsubscribe” link in any such e-mail that you receive.

Your personal data is collected either through a business card, you knowing someone who works for or with us, referrals, you having made an enquiry with us or via internet search engines or public databases. The personal data we hold about you may be shared with:

  1. data processors, such as CRM, e-mail and technical service providers
  2. professional advisers, such as accountants, lawyers or other consultants
  3. other companies in our group
  4. third parties in the event of any restructuring, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or shares
  5. a regulatory body, governmental authority, arbitration tribunal or court
  6. third parties where permitted to do so under agreed terms of business and / or through NDA or facility agreements

Please see below further information about how we protect your personal data, how long we keep it, your rights, how to make a complaint and our contact details for any queries or requests, amongst other things.

Prospective Employees

We process much of your Employee Data during the recruitment process collected either directly from you, sometimes from a third party such as an employment agency or via internet search engines or public databases. We may also collect certain Employee Data from other external third parties, such as references from current and former employers, information from background check providers, information from credit reference agencies and criminal record checks from the Disclosure and Barring Service (DBS).

The purposes for processing your personal data, including Special Categories of Personal Data are to:

  1. manage the recruitment process and assess your suitability and fitness for employment
  2. comply with statutory and/or regulatory requirements and obligations
  3. ensure effective HR, personnel management and business administration
  4. monitor equal opportunities

Accordingly, the legal bases for processing your personal data are: (a) such processing is necessary for our legitimate interests in running our business; (b) and our legal obligation to conduct certain pre-employment checks.

Your personal data may be shared internally within our group companies for the purposes of the recruitment exercise. We will not share your personal data with third parties during the recruitment process unless your job application is successful and we make you an offer of employment. Such third parties include:

  1. external organisations for the purposes of conducting pre-employment reference and employment background checks
  2. the DBS, to obtain a criminal record check
  3. former employers, to obtain references
  4. professional advisers, such as lawyers
  5. a regulatory body or governmental authority

If you become an employee, worker, temp or a contractor for us, we will issue you with a further privacy notice setting out, amongst other things, what personal data we process, why we process it and your rights.

Please see below further information about how we protect your personal data, how long we keep it, your rights, how to make a complaint and our contact details for any queries or requests, amongst other things.

Suppliers and professional advisers

If you are a supplier to us, or one of our professional advisers, we will store limited amounts of your Profile Data that you have provided to us during your engagement with us. We will store this personal data for the purposes of administering and maintaining records of services or advice we have received, and commissioning further services.

Accordingly, our legal bases for storing personal data that you provide to us is that such storage is necessary for our legitimate interests in running our business, the performance of a contract and/or a legal obligation.

Such personal data may be shared with:

  1. companies who process personal data on our behalf, such as CRM, e-mail and technical service providers
  2. professional advisers, such as accountants, lawyers or other consultants
  3. other companies in our group
  4. third parties in the event of any restructuring, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or shares
  5. a regulatory body, governmental authority, arbitration tribunal or court

Please see below further information about how we protect your personal data, how long we keep it, your rights, how to make a complaint and our contact details for any queries or requests, amongst other things.

Visitors to our website

If you wish to view our website and its Content, please also read our Website Terms & Conditions and Cookie Policy published therein. We process your Usage Data when you visit our website. We use cookies on our website for the following purposes:

  • to store information about your preferences and to personalise the website for you, help us improve the quality, usability and performance of the services we offer to you. Such information does not reveal your specific identity and cannot reasonably be used to identify any particular individual user;
  • to help us to analyse your use of our website and its Content. We use Google Analytics to gather information about our website’s use by means of cookies. The information gathered relating to our website is used to create reports about its use.

Most browsers allow you to refuse to accept cookies and to delete cookies. If you block cookies, you will not be able to use all the features on our website.

Accordingly, our legal basis for processing your personal data is that such processing is necessary for our legitimate interests in running our business.

We share your personal data with companies who process personal data on our behalf, such as CRM, e-mail and technical service providers.

Please see below further information about how we protect your personal data, how long we keep it, your rights, how to make a complaint and our contact details for any queries or requests, amongst other things.

Visitors to our offices and those making enquiries

If you are visiting our offices for any reason, we may process certain Profile Data you have provided us for the purpose of facilitating the meeting with us. If you are making enquiries by phone or e-mail, we may process certain Profile Data. Accordingly, our legal basis for processing your personal data is that such processing is necessary for our legitimate interests in running and operating our business.

The personal data we hold about you may be shared with the reception team located at our offices or the relevant internal teams.

Please see below further information about how we protect your personal data, how long we keep it, your rights, how to make a complaint and our contact details for any queries or requests, amongst other things.

What if you fail to provide personal data?

If you fail to provide certain personal data when requested or required, we may not be able to perform the contract we have entered into with you, perform services for your benefit or we may be prevented from complying with our legal and/or regulatory obligations. You may also be unable to exercise your statutory or contractual rights.

Change of purpose

We will only use your personal data for the purposes for which we collected it. If we need to use your personal data for a purpose other than that for which it was collected, we will provide you, prior to that further processing, with information about the new purpose. We will explain the legal basis which allows us to process your personal data for the new purpose and we will provide you with any relevant further information. We may also issue a new privacy notice to you.

How do we protect your personal data?

We take all reasonable steps to protect the confidentiality and security of your personal data through physical, technical and administrative safeguards, training, internal policies, procedures and controls in order to prevent your personal data from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. We cannot guarantee the security of any information you disclose online. You accept the inherent security risks of providing information over the internet and will not hold us responsible for any breach of security unless this is due to our negligence or wilful default. In addition, we limit access to your personal data to those employees, workers, directors, officers, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities.

Where your personal data is shared with third-party service providers, we require all third parties to take appropriate technical and organisational security measures to protect your personal data and to treat it subject to a duty of confidentiality and in accordance with applicable laws, rules and regulations. We only allow them to process your personal data for specified purposes and in accordance with our written instructions and we do not allow them to use your personal data for their own purposes.

We also have in place procedures to deal with a suspected or actual data security breach and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and you of a suspected or actual breach where we are legally required to do so.

Your personal data is stored by us on our servers located in the United Kingdom and on the servers of the cloud-based document management services we engage. These third parties do not use or have access to your personal data for any other purpose than cloud storage and retrieval.

For how long do we keep your personal data?

We will only retain your personal data for as long as is necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, tax, reporting or accounting requirements, and in accordance with our record retention & destruction policy.

Any personal data supplied as part of the recruitment process will not be retained if it has no bearing on the ongoing working relationship. Personal data about criminal convictions and offences collected in the course of the recruitment process will be deleted once it has been verified through a DBS criminal record check, unless, in exceptional circumstances, the information has been assessed by us as relevant to the ongoing working relationship. If it has been assessed as relevant to the ongoing working relationship, a DBS criminal record check will nevertheless be deleted after six months or once the conviction is “spent” if earlier (unless information about spent convictions may be retained because the role is an excluded occupation or profession).

For prospective employees, if your application for employment or engagement is unsuccessful, we hold your personal data for six months after the end of the relevant recruitment exercise but this is subject to: (a) any minimum statutory or other legal, tax, health and safety, reporting or accounting requirements for particular data or records, and (b) the retention of some types of personal data for up to six years to protect against legal risk, e.g. if they could be relevant to a possible legal claim. If you have consented to us keeping your personal data on file in case there are future suitable employment opportunities with us, we will hold your personal data for a further year after the end of the relevant recruitment exercise, or until you withdraw your consent if earlier.

If your application for employment or engagement is successful, personal data gathered during the recruitment process will be retained for the duration of your employment or engagement and in accordance with our record retention & destruction policy.

Personal data which is not required to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal data where applicable. However, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Your rights in connection with your personal data

As an individual, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:

  1. Request Access to Your Personal Data, which enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it
  2. Request Rectification of Your Personal Data, to enable any inaccurate or incomplete personal data we hold about you to be corrected. It is important that the personal data we hold about you is accurate and up-to-date. Please keep us informed if your personal data relevant to our engagement changes so that our records can be updated. We cannot be held responsible for any errors in your personal data in this regard unless you have notified us of the relevant change
  3. Request the Erasure of Your Personal Data, to enable you to ask us to delete or remove your personal data where there is no compelling reason for its continued processing; e.g., it is no longer necessary in relation to the purpose for which it was originally collected
  4. Restrict the Processing of Your Personal Data, to enable you to ask us to suspend the processing of your personal data; e.g., if you contest its accuracy and so want us to verify its accuracy
  5. Object to the Processing of Your Personal Data, to enable you to ask us to stop processing your personal data where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your particular situation which makes you decide to object to processing for this reason
  6. Data Portability, which gives you the right to request the transfer of your personal data to another party so that you can reuse it across different services for your own purposes

If you wish to exercise any of these rights, please contact our Data Compliance Manager (see below). We may need to request specific information from you in order to verify your identity and check your right to access the personal data or to exercise any of your other rights. This is a security measure to ensure that your personal data is not disclosed to any person who has no right to receive it.

In the limited circumstances where you have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent, please contact our Data Compliance Manager. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data for the purpose you originally agreed to, unless we have another legal basis for processing.

Complaints

If you believe that we have not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK’s supervisory authority for data protection issues https://ico.org.uk/concerns/.

Transferring your personal data outside the European Economic Area

Laxfield Group currently has operations only in the UK. If we are required to transfer data outside the European Economic Areas, we will ensure that any such transfers take place in accordance with the applicable laws, rules and regulations, including by entering into data transfer agreements with recipients, if applicable.

Changes to this Data Privacy notice and Cookies Policy

We reserve the right to update or amend this policy document at any time. We will issue a new policy document when we make significant updates or amendments.

Data Compliance Manager

Our Data Compliance Manager oversees compliance with, and any queries in relation to, this policy document. If you have any questions about this policy document, your rights or about how we handle your personal data, please contact:

Emma Huepfl

Emma.huepfl@laxfieldcapital.com

Laxfield Group

9 South St, London W1K 2XA

or such other replacement Data Compliance Manager as notified in this policy from time to time.