The General Data Protection Regulation (“GDPR”) governs the controlling and processing, such as the use or holding, of personal data, which is essentially any information about identifiable living individuals, and also gives those individuals certain rights and remedies in respect of that information.
The purpose of this notice is to supply you with the required information at the time of providing us with your personal data. This will lay out the essentials such as the what; where; when; and how in relation to the personal information collected. This should help you feel more confident about the privacy and the security of your personal information.
Please read this Privacy Notice carefully. By visiting our website or using any of our services, you indicate your agreement to our use of your personal information as set out in this Privacy Notice.
Newgate Compliance Limited (company number 8795416) whose registered office is at 20 Ropemaker Street, London, EC3R 9AR is the Data Controller and is committed to protecting the rights of individuals in line with the GDPR.
Newgate has appointed Matthew Hazell as Data Protection Officer who can be contacted through firstname.lastname@example.org. This individual has oversight responsibility for the usage and processing of personal data. Any questions relating to data security should be directed to the Data Protection Officer.
We will collect information from you when you register with us, apply to use any of our services, become our client, or contact us in person, by telephone, by email or by post. We also collect information from you when you provide feedback or complete a contact form on our website.
We may collect information about you from fraud prevention agencies and other organisations when we undertake checks such as identification verification checks, as explained further below.
We may collect the following information depending on the service provided:
In some cases, you are not obliged to provide any personal data to us, but if you have requested information or a service from us, we will not be able to provide it without certain information, such as your contact details. Before we can begin providing you with our services, we need to obtain certain information about you, so that we can verify your identity in order for us to meet our obligations under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 and any other applicable legislation and for the purposes of crime prevention and fraud prevention. You are obliged to provide this information and if you do not provide it, we will be unable to provide you with our services.
We also collect information from you when you voluntarily complete customer surveys, provide feedback or complete a contact form on our website.
Newgate does not make use of automated processing or decision making.
We use information held by you in the following ways:
Unless otherwise stated in this Privacy Notice, the legal basis for our use of your personal data will be that this information is required for one or more of the legitimate interests described above.
We take appropriate security measures (including physical, electronic and procedural measures) to help protect the confidentiality, integrity and availability of your personal information from unauthorised access and disclosure.
We may disclose your information to:
We will not lend or sell your information to third parties.
We are committed to only keeping your personal data for as long as we need to in order to fulfil the relevant purpose(s) it was collected for, as set out above in this notice, and for as long as we are required or permitted to keep it by law.
We retain copies of our customer contracts in order to enable us to deal with any legal issues and the information provided to us for identification verification checks, financial crime and anti-money laundering checks (as required by law) for 5 years after termination or expiry of our contract with you. We retain details of complaints for 5 years from the date of receipt.
We shall keep records of the following for 5 years:
Newgate retain copies of all records aforementioned for a maximum of 7 years.
We may share your personal information with our service providers and this may involve transferring it to countries outside the European Economic Area (EEA) whose data protection laws may not be as extensive as those which apply to us. Where we do so, we will ensure that we do this in accordance with the Acts and take appropriate measures to ensure that the level of protection which applies to your personal information processed in these countries is similar to that which applies within the EEA. Such measures may include only transferring your data to jurisdictions in respect of which there is a European Commission adequacy decision or, where this is not the case, by using model clauses which have been approved by the European Commission.
You have a key right to learn and have access to what personal information is held by Newgate and able to ask us for details on this.
When we receive such a request we will endeavour to provide you with these details without delay and at the latest within one month of receipt. We may extend the period of compliance by a further two months where requests are complex or numerous. In such instances Newgate will inform you within one month of the receipt of the request and explain why the extension is necessary.
When Newgate receives a subject access request we will provide a copy of the information held free of charge. Newgate may charge a reasonable fee to comply with requests for further copies of the same information. This does not mean that we will charge for all subsequent access requests rather that the Newgate reserves the right to charge a fee based on the administrative cost of providing the information.
If the after reviewing a request the Data Protection Officer believes a request is manifestly unfounded or excessive, particularly if it is repetitive, then Newgate may charge a ‘reasonable fee’ which will be decided on a case by case basis. In certain circumstances Newgate may even refuse to respond to such requests.
You also have the following rights (unless exemptions apply), which can be exercised by contacting us using the details provided below.
When you contact us to exercise any of the rights above, we may ask you to provide some additional information in order to verify your identity, such as your name, your address and proof of identity.
If you would like to lodge a complaint or exercise any of your rights set out above, you can contact us at:
Post: United Kingdom: Data Protection Officer, 20 Ropemaker Street, London EC2Y 9AR
Alternatively, if you would like to contact your Data Protection Authority, please use the contact details below.
United Kingdom: Information Commissioner’s Office
Where we rely on your consent to use your personal data, you have the right to withdraw that consent at any time.