82-84 Berwick Street,
Soho, London, W1F 8TP.
Directions
FundraisingPlacefirst

Matter welcomes UBS Asset Management as anchor investor in new UK Single Family Rental housing fund

DealsVelkomn

Matter establishes new platform 'Velkomn' for a single family residential rental strategy in Denmark targeting a DKK 2.0bn portfolio

DealsUntold

Matter Real Estate backs new later living operator ‘Untold Living’ to target £300m+ GDV

Staff updates

Matter Real Estate expands team with two senior appointments

Privacy Statement

Matter Real Estate LLP (referred to “Matter Real Estate”, “we”, “us” or “our” in this privacy policy) is committed to protecting the privacy and security of your personal data. This policy sets out how Matter Real Estate as data controller uses and protects your personal data.

1. Important information

1.1  Matter Real Estate acts as the data controller and is responsible for your personal data in the circumstances set out in this policy. This means that we are responsible for deciding how we hold and use personal data about you. We are required under data protection legislation to notify you of the information contained in this policy. Our use of your personal data will be in accordance with this policy and in line with data protection legislation and guidance.

1.2  Matter Real Estate invests in businesses and may from time to time nominate one or more persons to act as directors of its portfolio companies. From time to time portfolio companies may provide Matter Real Estate (or its nominated directors acting on behalf of Matter Real Estate) with personal data relating their customers, staff and other data subjects as part of their reporting obligations to Matter Real Estate, and Matter Real Estate may share personal data in respect of its nominated director(s) with the relevant portfolio company. In sharing such personal data, the relevant portfolio company and Matter Real Estate act as joint data controllers of such personal data. Usually such sharing of personal data will be governed by a data sharing agreement entered into by the portfolio company and Matter Real Estate. This policy does not cover Matter Real Estate’s use of personal data that it receives as data processor.

1.3  This policy is separated into four parts as follows:

Part 1 – applicable to visitors to our website and persons (other than Team Members (as defined below)) who provide us with personal data for other reasons;

Part 2 – applicable to circumstances where we are joint controller of personal data with any of our portfolio companies;

Part 3 – applicable to Team Members; and

Part 4 – applicable to everyone.

1.4   This policy was last updated on 6 December 2024.

 

2. Data protection principles

2.1  We will comply with data protection legislation including without limitation the Data Protection Act 2018 and the UK implementation of the General Data Protection Regulation (EU) 2016/679. This says that the personal data we hold about you must be:

(a) used lawfully, fairly and in a transparent way;

(b) collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;

(c) relevant to the purposes we have told you about and limited only to those purposes;

(d) accurate and kept up to date;

(e) kept only as long as necessary for the purposes we have told you about; and

(f) kept securely.

2.2  Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (“anonymised data”).

2.3  There are certain types of more sensitive personal data which require a higher level of protection, such as information about a person’s health or sexual orientation. Information about criminal convictions also warrants this higher level of protection.

 

PART ONE: OUR OBLIGATION TO YOU IF YOU ARE A VISITOR TO OUR WEBSITE OR PROVIDE PERSONAL DATA TO US FOR OTHER REASONS

3. The types of personal data we may collect about you

3.1  We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

(a) “Identity Data” includes first name, last name, passport and identification information and date of birth;

(b) “Contact Data” includes address, email address and telephone numbers;

(c) “Financial Information” includes information about your source of wealth and funds;

(d) “Technical Data” includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this website; and

(e) “Marketing and Communications Data” includes your preferences in receiving marketing from us and our third parties and your communication preferences.

4. How is your personal data collected?

4.1  We use different methods to collect data from and about you including:

(a) Information you voluntarily provide to us: When you contact us using the contact box on our website, send us an email, or communicate with us in any other way, you are voluntarily giving us information that we collect. That information may include any of the personal data described above. By giving us your personal data, you consent to this information being collected, used, disclosed, and stored by us, as described in this Policy;

(b) Information we collect automatically: When you visit our website we may collect information about your visit and your web browsing. That information may include your IP address, your operating system, your browser ID, your browsing activity, and other information about how you interacted with the website. We may collect this information as part of log files as well as through the use of cookies or other tracking technologies. Our use of cookies and other tracking technologies is described below.

(c) Cookies and tracking: We may use various technologies to collect and store information when you use our services, including third party services such as Google Analytics, or other Google products in addition to using cookies and similar tracking technologies on our website, such as pixels and web beacons, to analyse trends, administer our website and track users’ movements around our website.

(d) Information from other sources: From time to time we may obtain information about you from third party sources, such as public databases, social media platforms, third party data providers and joint marketing partners, to the extent we use them. As and when we use third parties, we take steps to ensure that such third parties are legally permitted or required to disclose such information to us. Examples of the information we may receive from other sources include: device information (such as IP addresses), location, and online behavioural data (such as information about your use of social media websites, page view information and search results and links). We use this information, alone or in combination with other information (including sometimes personal data where relevant) we collect, to enhance our ability to provide relevant marketing and content to you and to develop and provide you with more relevant product features, and services.

5. Our use of your Personal data

5.1    The law requires us to have a legal basis for collecting and using your personal data. We rely on one of more of the following legal bases:

(a) Performance of a contract with you: Where we need to perform the contract we have entered into or are about to enter into with you

(b) Legal Obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.

(c) Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

6. Purposes for which we will use your personal data

6.1   We have set out below, in a table format a description of all the ways we plan to use the various categories of personal data we may collect from you, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

 

Purpose/Use Type of data Legal basis
To respond to queries from you Identity

Contact

 Performance of a contract with you

Necessary for our legitimate interests (to support visitors to our website)
To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) Identity

Contact

Technical

 Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
To deliver relevant website content and online advertisements to you and measure or understand the effectiveness of the advertising we serve to you Identity

Contact

Marketing and Communications

 Necessary for our legitimate interests (to study how visitors to our website use our website, to develop our website, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, customer relationships and experiences and to measure the effectiveness of our communications and marketing Technical

 

 Necessary for our legitimate interests (to define types of website visitors, to keep our website updated and relevant and to develop our business)
To send you relevant marketing communications and make personalised suggestions and recommendations to you about goods or services that may be of interest to you based on your Profile Data Identity

Contact

Technical

Marketing and Communications

 Necessary for our legitimate interests (to carry out direct marketing, develop our products/services and grow our business)

 
To evaluate, invest in and exit portfolio companies Identity

Contact

 

 Performance of a contract with you

Necessary for our legitimate interests (to manage our funds effectively for the benefit of our investors)

Necessary to comply with a legal obligation

 
To comply with our “know your client” and customer due diligence obligations Identity

Contact

Financial

Transaction

Technical

 Necessary for our legitimate interests (to manage our portfolio effectively for the benefit of our investors)

Necessary to comply with a legal obligation

 
To comply with legal, regulatory, tax, reporting, filing, anti-bribery, anti- money laundering, anti- proliferation financing and other obligations Identity

Contact

Financial

Transaction

Technical

 Performance of a contract with you

Necessary to comply with a legal obligation

 
To provide advice and assistance to help our portfolio companies grown Contact

Identity

 

 Necessary for our legitimate interests (to enable our portfolio companies to grow)
To deal with queries, complaints or claims Identity

Contact

Financial

Technical

 

 Performance of a contract with you

Necessary for our legitimate interests (to provide customer support and to establish, exercise or defend our legal rights for the purposes of proceedings or dispute resolutions in connection with our management and administration of our investments and/or the conduct of our business).

Necessary to comply with a legal obligation

 

7. How we share your personal data

7.1  We may disclose your personal data to the third-parties for the purposes described throughout this Policy, as follows:

(a) to third-party service providers and affiliates, who help us provide and support our services. For example, if it is necessary to provide you something you have requested we may share your and your personal data with such third parties and affiliates for that purpose. Examples of third parties, service providers and affiliates include but are not limited to, payment processors, hosting services, content delivery services, property agents, property service providers and property owners;

(b) with our regulators, law enforcement authorities and with courts, tribunals and arbitrators as may be required from time to time in order to comply with our regulatory and legal obligations and to defend any claim brought against us;

(c) with third-party lenders as is necessary to allow us to fulfil our obligations to you, to raise finance and to properly manage and advise you on your investments; and

(d) where you engage with our investment management services we may process your personal data to maintain a register of investment holdings in order to comply with our legal and regulatory requirements.

8. Disclosures of your personal data

8.1  We may share your personal data where necessary for the purposes set out above with external parties such as:

(a) A managed accounting services provider: this data processor processes our payroll information;

(b) IT Services Provider: this data processor manages our IT systems;

(c) financial or fraud investigation authorities;

(d) insurance companies, brokers or other intermediaries;

(e) professional or legal advisors;

(f) regulatory authorities

(g) external auditors;

(h) organisations we are legally obliged to share personal data with;

(i) previous employers;

(j) suppliers and service providers; and

(k) professional consultants.

8.2  We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

 

PART TWO: CIRCUMSTANCES WHERE WE ARE JOINT DATA CONTROLLER WITH A PORTFOLIO COMPANY

9. The types of personal data we may collect about you

9.1  Our portfolio companies are expressly prohibited from providing us with personal data relating to their data subjects when providing us with reporting information. From time-to-time directors appointed by us to a portfolio company’s board may receive personal data about a portfolio company’s customer, supplier, employee or visitor due to a material matter relating to that person being discussed at a board meeting. The relevant director may disclose such information to Matter Real Estate.

9.2  Personal data disclosed to us in this way may include Identity, Financial, Marketing and Communications and Service Data with Service Data including personal data relating to the terms of any goods of services provided to the data subject by the portfolio company, the details of any dispute and information by which the portfolio company may be able to defend itself in the event of a legal claim.

9.3  We may disclose personal information about any Team Member who is nominated to become (or is already) a director of a portfolio company so that the portfolio company can comply with their regulatory obligations. Part 3 of this policy sets out how our approach to such disclosure.

10. How is your personal data collected?

10.1  Personal data will be provided by or on behalf of a portfolio company to Matter Real Estate or to a director acting on our behalf.

11. Our use of your Personal data

11.1  We will such personal data to monitor risks to our investments, to advise the relevant portfolio company on how to deal with any dispute, to prosecute any claim against another person and/or to defend ourselves against any claim.

11.2  We may rely on one of more of the following legal bases:

(a) Performance of a contract with you: Where we need to perform the contract we have entered into or are about to enter into with you

(b) Legal Obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.

(c) Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and to protect the value of our investments. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

 

PART THREE: OUR OBLIGATIONS TO YOU IF YOU HAVE APPLIED FOR A ROLE WITH MATTER REAL ESTATE, ARE A CURRENT, PROSPECTIVE OR FORMER DIRECTOR, EMPLOYEE, CONTRACTOR, WORKER OR FREELANCER OF MATTER REAL ESTATE (REFERRED TO COLLECTIVELY AS A “TEAM MEMBER”)

12. The kind of information we hold about you

12.1  We may collect, store, and use the following categories of personal data about you:

(a) personal contact details such as name, title, addresses, telephone numbers, and email address;

(b) date of birth;

(c) next of kin and emergency contact information;

(d) National Insurance number;

(e) photographic ID (such as a driving licence or passport copy);

(f) bank account details, payroll records and tax status information;

(g) salary, annual leave, pension and benefits information;

(h) start date and, if different, the date of your continuous employment;

(i) leaving date and your reason for leaving;

(j) recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process);

(k) employment records (including job titles, work history, working hours, holidays, training records and professional memberships);

(l) performance information;

(m) disciplinary and grievance information;

(n) information about your use of our information and communications systems;

(o) photographs;

(p) results of HMRC employment status check, details of your interest in and connection with any intermediary through which your services are supplied;

(q) we may also collect, store and use the following more sensitive types of personal data:

(r) information about your health, including any medical condition, health and sickness records, including:

    • where you leave employment and under any share plan operated by a group company the reason for leaving is determined to be ill-health, injury or disability, the records relating to that decision;
    • details of any absences (other than holidays) from work including time on statutory parental leave and sick leave; and
    • where you leave employment and the reason for leaving is related to your health, information about that condition needed for pensions and permanent health insurance purposes, and

(s) information about criminal convictions and offences.

13. How is your personal data collected?

13.1  We collect personal data about Team Members through the application and recruitment process, either directly from candidates or sometimes from a recruitment agency or background check provider. We may sometimes collect additional information from third parties including former employers, credit reference agencies or other background check agencies.

13.2  We will collect additional personal data in the course of job-related activities throughout the period of you working for us.

14. How we will use information about you

14.1  We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

(a) where we need to perform the contract we have entered into with you;

(b) where we need to comply with a legal obligation; and

(c) where it is necessary for a legitimate interest pursued by us or a third party and your interests and fundamental rights do not override those interests;

14.2 We may also use your personal data in the following situations, which are likely to be rare:

(a) where we need to protect your interests (or someone else’s interests); and

(b) where it is needed in the public interest or for official purposes.

15. Situations in which we will use your personal data

15.1  We need all the categories of information in the list above primarily to allow us to perform our contract with you [*] and to enable us to comply with legal obligations [**]. In some cases, we may use your personal data to pursue legitimate interests [***], provided your interests and fundamental rights do not override those interests. The situations in which we will process your personal data are listed below. We have indicated by asterisks the purpose or purposes for which we are processing or will process your personal data, as well as indicating which categories of data are involved. Where a legitimate interest is involved, we state what the legitimate interest is.

  • Making a decision about your recruitment or appointment.*
  • Determining the terms on which you work for us.*
  • Checking you are legally entitled to work in the UK.**
  • Paying you and, if you are an employee or deemed employee for tax purposes, deducting tax and National Insurance contributions (NICs).*
  • Enrolling you in a pension arrangement in accordance with our statutory automatic enrolment duties.**
  • Liaising with the trustees or managers of a pension arrangement operated by a group company, your pension provider and any other provider of employee benefits.*
  • Administering the contract we have entered into with you.*
  • Business management and planning, including accounting and auditing.***
  • Conducting performance reviews, managing performance and determining performance requirements.***
  • Making decisions about salary reviews and compensation.***
  • Assessing qualifications for a particular job or task, including decisions about promotions.***
  • Gathering evidence for possible grievance or disciplinary hearings.***
  • Making decisions about your continued employment or engagement.***
  • Making arrangements for the termination of our working relationship.***
  • Education, training and development requirements.*
  • Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work.***
  • Ascertaining your fitness to work.***
  • Managing sickness absence.***
  • Complying with health and safety obligations.**
  • To prevent fraud.***
  • To comply with our anti-money laundering obligations to any portfolio company where you act as a director or officer of such company **
  • To monitor your use of our information and communication systems to ensure compliance with our IT policies.***
  • To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.***
  • To conduct data analytics studies to review and better understand employee retention and attrition rates.***
  • Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal data.

16. If you fail to provide personal data

16.1  If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).

17. How we use particularly sensitive personal data 

17.1  “Special categories” of particularly sensitive personal data require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal data. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data. We may process special categories of personal data in the following circumstances:

(a) in limited circumstances, with your explicit written consent;

(b) where we need to carry out our legal obligations or exercise rights in connection with employment;

(c) where it is needed in the public interest, such as for equal opportunities monitoring or in relation to our occupational pension scheme; and

(d) less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

17.2  We will use your sensitive personal data in the following ways:

(a) we will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws; and

(b) we will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits including statutory maternity pay, statutory sick pay, pensions and permanent health insurance

17.3  We do not need your consent if we use special categories of your personal data in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

18. Information about criminal convictions

18.1  We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with this policy.

18.2  Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

18.3  We may also process such information about members or former members in the course of legitimate business activities with the appropriate safeguards.

18.4  We envisage that we will hold information about criminal convictions.

18.5  We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so.

19. Automated decision-making

19.1  Automated decision-making takes place when an electronic system uses personal data to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:

(a) where we have notified you of the decision and given you 21 days to request a reconsideration;

(b) where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights; and

(c) in limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.

19.2  If we make an automated decision on the basis of any particularly sensitive personal data, we must have either your explicit written consent or it must be justified in the public interest, and we must also put in place appropriate measures to safeguard your rights.

19.3  You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

19.4  We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

20. Data sharing

20.1  We may have to share your data with third parties, including third-party service providers and other entities in the group.

20.2  We require third parties to respect the security of your data and to treat it in accordance with the law.

20.3  We may transfer your personal data outside the EU.

20.4  If we do, you can expect a similar degree of protection in respect of your personal data.

20.5  We will share your personal data with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

21. Which third-party service providers process my personal data?

21.1  “Third parties” includes third-party service providers (including contractors and designated agents) and other entities within our group. The following third-party service providers process personal data about you for the following purposes:

(a) providers of payroll services;

(b) providers of bank account services through which we pay you; and

(c) third party software providers to whom you provide your personal data in connection with your employment.

21.2  We will share personal data regarding your participation in any pension arrangement operated by a group company with the trustees or scheme managers of the arrangement in connection with the administration of the arrangements.

22. How secure is my information with third-party service providers and other entities in our group?

22.1  All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

23. When might you share my personal data with other entities in the group?

23.1  We will share your personal data with other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data.

24. What about other third parties?

24.1   We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business. In this situation we will, so far as possible, share anonymised data with the other parties before the transaction completes. Once the transaction is completed, we will share your personal data with the other parties if and to the extent required under the terms of the transaction.

24.2  We may also need to share your personal data with a regulator or to otherwise comply with the law. This may include making returns to HMRC and disclosures to shareholders such as directors’ remuneration reporting requirements.

 

PART FOUR: PROVISIONS APPLICABLE TO ALL DATA SUBJECTS

25. Data security

25.1  We have put in place measures to protect the security of your information. These measures are reviewed from time to time.

25.2  Third parties will only process your personal data on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

25.3 We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

25.4  We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

26. Data retention

26.1  We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

26.2  In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee, worker or contractor of the company we will retain and securely destroy your personal data in accordance with our data retention policy.

27. Rights of access, correction, erasure, and restriction

27.1  It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your working relationship with us.

27.2  Under certain circumstances, by law you have the right to:

(a) request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it;

(b) request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;

(c) request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below);

(d) object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes;

(e) request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it; and

(f) request the transfer of your personal data to another party.

27.3  You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

27.4  We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

27.5  In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

28. Change of purpose

28.1  We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

28.2  Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

29. Changes to this privacy notice

29.1 We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal data.

30. Sharing Information outside of the UK

30.1  Where necessary, we may transfer personal data service providers that carry out certain functions on our behalf. This may involve transferring personal data outside the UK to countries which have laws that do not provide the same level of data protection as the UK law.

30.2  Whenever we transfer your personal data out of the UK. When doing so, we comply with the UK GDPR, making sure a similar degree of protections is afforded to it by ensuring the following safeguards are in place:

30.3  We will only transfer your personal data to countries that have been deemed by the UK to provide an adequate level of protection for personal data, namely the European Economic Area Countries.

30.4  For further information or to obtain a copy of the appropriate safeguard for any of the transfers please contact us using the contact information provided above.

31. Links to third-party websites

31.1  Our website may have links to other websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to carefully read the privacy policy of any website you visit.

32. Location of servers

32.1  Our website servers are located in the United Kingdom. When you use the Website your personal data is stored and processed in the United Kingdom.

33. Accuracy and retention of personal data

33.1  We do our best to keep your data accurate and up to date, to the extent that you provide us with the information we need to do so. If your data changes (for example, if you have a new email address) then you are responsible for notifying us of those changes.

33.2  We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

33.3  We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

33.4  To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

33.5  By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.

33.6  In some circumstances you can ask us to delete your data: see paragraph 34 below for further information.

34. Complaints

34.1  You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

35. Contact us

35.1  If you have any questions, comments or concerns, about this policy or about the use of your personal data or you want to exercise your privacy rights, please contact us in the following ways:

  • Email Address: [email protected]
  • Postal Address: 82-84 Berwick Street, Soho, London, W1F 8TP
  • Telephone Number: +44(0)2045309870