1. Who we are
2. The information we process
3. How we obtain information
4. Your rights
Table A – Your Rights
5. Changes to the way we use your information
6. How we use and share your information with other HCA group companies
7. Sharing with third parties
8. Transferring information overseas
9. Marketing information
10. Communications about our services
11. Fraud prevention agencies
12. How long we keep your information
Schedule A – Schedule of Purposes of Processing
A. Contractual necessity
B. Legal obligation
C. Legitimate interests of HCA
1 Who we are
1.1 This privacy notice (the “Privacy Notice”) applies to all personal information processing activities carried out by Hanlon Corporate Advisory Ltd (HCA).
1.2 HCA is a data controller in respect of personal information that we process in connection with our business (including the services that we provide). In this notice, references to “we”, “us” or “our” are references to HCA.
1.3 Our company number is 10530444. Our principal address is Albany House, Dove Cote Close, Weston by Welland, Market Harborough Leicestershire LE16 8HN and our contact details can be found at https://hanloncorporateadvisory.co.uk/contact/
1.4 More details about our service can be found at https://hanloncorporateadvisory.co.uk/services/
1.5 We respect individuals’ rights to privacy and to the protection of personal information. The purpose of this Privacy Notice is to explain how we collect and use personal information in connection with our business. “Personal information” means information about a living individual who can be identified from that information (either by itself or when it is combined with other information). We may update our Privacy Notice from time to time. When we do we will communicate any changes to you and publish the updated Privacy Notice on our website. We would encourage you to visit our website regularly to stay informed of the purposes for which we process your information and your rights to control how we process it.
2 The information we process
2.1 We collect and process various categories of personal information at the start of, and for the duration of, your relationship with us. We will limit the collection and processing of information to information necessary to achieve one or more legitimate purposes as identified in this notice. Personal information may include:
a) basic personal information, including name and address, date of birth and contact details;
b) financial information, including business accounting information and accounting history;
c) c) information about your family, lifestyle and social circumstances (such as dependents, marital status, next of kin and contact details);
d) information about your financial circumstances, including personal wealth, assets and liabilities, proof of income and expenditure, credit and borrowing history and needs and goals;
e) education and employment information;
f) services provided;
g) visual images and personal appearance (such as copies of passports or CCTV images); and
h) online profile and social media information and activity, based on your interaction with us and our websites and applications.
2.2 We may also process certain special categories of information for specific and limited purposes, such as detecting and preventing financial crime or to make our services accessible to clients.
We will only process special categories of information where we’ve obtained your explicit consent or are otherwise lawfully permitted to do so (and then only for the particular purposes and activities set out at Schedule A for which the information is provided). This may include:
a) information about racial or ethnic origin,
b) religious or philosophical beliefs;
c) trade union membership;
d) physical or psychological health details or medical conditions; and
e) biometric information, relating to the physical, physiological or behavioural characteristics of a person, including, for example, using voice recognition or similar technologies to help us prevent fraud and money laundering.
2.3 Where permitted by law, we may process information about criminal convictions or offences and alleged offences for specific and limited activities and purposes, such as to perform checks to prevent and detect crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions. It may involve investigating and gathering intelligence on suspected financial crimes, fraud and threats and sharing data with banks and with law enforcement and regulatory bodies.
3 How we obtain information
3.1 Your information is made up of all the financial and personal information we collect and hold about you/your business and the proprietors, officers and beneficial owners of that business and your transactions. It includes:
a) information you give to us;
b) information that we receive from third parties who provide services to you or us, credit reference, fraud prevention or government agencies, your advisors such as accountant, bank or solicitor (where either permitted by law or with your prior agreement);
c) information that we learn about you through our relationship with you and the way you operate your services;
d) information that we gather from the technology which you use to access our services (for example location data from your mobile phone, or an IP address or telephone number) and how you use it (for example pattern recognition); and
e) information that we gather from publicly available sources, such as the press, the electoral register, company registers and online search engines.
4 Your rights
4.1 We want to make sure you are aware of your rights in relation to the personal information we process about you. We have described those rights and the circumstances in which they apply in the Table A below.
If you wish to exercise any of these rights, if you have any queries about how we use your personal information that are not answered here, or if you wish to complain please contact us at 07899 982877. Email firstname.lastname@example.org.
Please note that in some cases, if you do not agree to the way we process your information, it may not be possible for us to continue to provide certain services to you.
5 Changes to the way we use your information
From time to time we may change the way we use your information. Where we believe you may not reasonably expect such a change we will notify you and will allow a period of at least 30 days for you to raise any objections before the change is made. However, please note that in some cases, if you do not agree to such changes it may not be possible for us to continue to provide certain services to you.
6 How we use and share your information with other HCA group companies
We will only use and share your information where it is necessary for us to lawfully carry out our business activities. Your information may be shared with and processed by other HCA group companies. We want to ensure that you fully understand how your information may be used. We have described the purposes for which your information may be used in detail in a table in Schedule A – Purposes of Processing.
7 Sharing with third parties
7.1 We will not share your information with anyone outside HCA except:
a) where we have your permission;
b) where required in order for us to perform the service we are offering you;
c) where we are required by law and by law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory bodies around the world;
d) with third parties providing services to us, such as market analysis and benchmarking, and agents and sub-contractors acting on our behalf, or parties critical to the HCA operating its business such as our accountants & solicitors as well as use of web-based accounting & reporting services we use with our accountants;
e) with other companies that provide you with benefits or services (such as insurance cover) associated with your service;
f) where required for a proposed sale, reorganisation, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets held by our business;
g) in anonymised form as part of statistics or other aggregated data shared with third parties; or
h) where permitted by law, it is necessary for our legitimate interests or those of a third party,
i) and it is not inconsistent with the purposes listed above.
7.2 If you ask us to, we will share information with any third party that provides you with services that support a specific transaction you have engaged us for. We’re not responsible for any such third party’s use of your account information, which will be governed by their agreement with you and any privacy statement they provide to you.
7.3 In the event that you authorise other parties within your business either by specific authority or through their implied knowledge (e.g. they have been copied in to correspondence / email), you will have given us implied authority to reply to all parties copied in to such correspondence, unless you notify us specifically not to.
We will not share any other information without your approval or where we have a statutory or legal obligation to do so or, it is reasonably implied that we are required to do so in order to satisfy any contract we have with you.
7.5 HCA will not share your information with third parties for their own marketing purposes without your permission.
8 Transferring information overseas
8.1 We may transfer your information to organisations in other countries on the basis that anyone to whom we pass it protects it in accordance with applicable laws. Such instances include but not limited to storing data on cloud based servers. We will only ever use renowned organisations.
8.2 In the event that we transfer information to countries outside of the European Economic Area (which includes countries in the European Union as well as Iceland, Liechtenstein and Norway), we will only do so where:
a) the European Commission has decided that the country or the organisation we are sharing your information with will protect your information adequately;
b) the transfer has been authorised by the relevant data protection authority; and/or
c) we have entered into a contract with the organisation with which we are sharing your information (on terms approved by the European Commission) to ensure your information is adequately protected.
9 Marketing information
Unless you have told us that you do not want to hear from us, we will send you relevant marketing information (including details of other services provided by us or other HCA group companies which we believe may be of interest to you), by mail, phone, email, text and other forms of electronic communication. If you change your mind about how you would like us to contact you or you no longer wish to receive this information, you can tell us at any time by contacting us at:
Hanlon Corporate Advisory Ltd at Albany House, Dove Cote Close, Weston by Welland, Market Harborough, Leicestershire LE16 8HN or contact us at 07899 982877.
10 Communications about our services
10.1 We will contact you with information relevant to the operation and maintenance of our services (including updated information about how we process your personal information), by a variety of means including via email, text message, post and/or telephone.
If at any point in the future you change your contact details you should tell us promptly about those changes.
10.2 We may monitor or record calls, emails, text messages or other communications in accordance with applicable laws for the purposes outlined in Schedule A – Purposes of Processing.
11 Credit reference & fraud prevention agencies.
11.1 We may access and use information from credit reference and fraud prevention agencies you seek to enter into a contract with us and periodically to:
a) manage ad take decisions about the services you require including accessing your or your business’s creditworthiness and checks to avoid our clients from being over-indebted;
b) prevent criminal activity, fraud and money laundering;
c) check your identity and verify the accuracy of the information you provide to us; and
d) trace debtors and recover debts.
11.2 Decisions as to whether or not we will engage with a client may be taken based solely on automated checks of information from credit reference agencies and fraud prevention agencies and internal HCA records.
11.3 If false or inaccurate information is provided and / or if a fraud is identified or suspected, details will be passed to fraud prevention agencies. Law enforcement agencies and other organisations may access and use this information.
11.4 If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services you have requested, or we may stop providing existing services to you.
11.5 A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, opening accounts, financing or employment to you. Fraud prevention agencies can hold your information for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
11.6 Fraud prevention agencies process your information, they do so on the basis that they have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect their business and to comply with laws that apply to them.
11.7 When credit reference and fraud prevention agencies process your information, they do so on the basis they have a legitimate interest in preventing fraud and money laundering, and to verify indentity, in order to protect their business and to comply with laws that apply to them.
11.8 If you would like a copy of your information held by the credit reference and fraud agencies we use, or if you want details of how your information will be used by credit reference agencies, please visit their website. The agencies may charge a fee.
Equifax Limited – equifax.co.uk/Contact-us/Contact_us_Personal_Solutions
Experian Limited – experian.co.uk/consumer/contact-us/index/html
12 How long we keep your information
12.1 By providing you with our services, we create records that contain your information, such as client records, activity records, tax records and credit account records. Records can be held on a variety of media (physical or electronic) and formats.
12.2 We manage our records to help us to serve our clients well (for example for operational reasons, such as dealing with any queries relating to your services) and to comply with legal and regulatory requirements. Records help us demonstrate that we are meeting our responsibilities and to keep as evidence of our business activities.
12.3 Retention periods for records are determined based on the type of record, the nature of the activity, service, the country in which the relevant HCA company is located and the applicable local legal or regulatory requirements. We (and other HCA group companies) normally keep customer account records for up to six years after your relationship with us ends or the last time you contacted us (whichever is the longest period), whilst other records are retained for shorter periods, for example 90 days for CCTV records or 12 months for call recordings. Retention periods may be changed from time to time based on business or legal and regulatory requirements.
12.4 We may on exception retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or our regulators. This is intended to make sure that we will be able to produce records as evidence, if they’re needed.
12.5 If you would like more information about how long we keep your information, please contact us at:
Hanlon Corporate Advisory Ltd at Albany House, Dove Cote Close, Weston by Welland, Market Harborough, Leicestershire LE16 8HN or contact us at 07899 982877
We are committed to ensuring that your information is secure with us and with the third parties who act on our behalf. We use industry renowned internet security and cloud based providers and all other records are kept secure. We limit the paper work we print, store and transport to and from meetings. We have a strict password security policy on all our electronic devices, that is updated regularly.
Table A – Your Rights
Access – You have a right to get access to the personal information we hold about you.
If you would like a copy of the personal information we hold about you, please write to: Hanlon Corporate Advisory Ltd at Albany House, Dove Cote Close, Weston by Welland, Market Harborough, Leicestershire LE16 8HN or, contact us at 07899 982877.
Rectification – You have a right to rectification of inaccurate personal information and to update incomplete personal information.
If you believe that any of the information that we hold about you is inaccurate, you have a right to request that we restrict the processing of that information and to rectify the inaccurate personal information.
Please note that if you request us to restrict processing your information, we may have to suspend the operation of your services we provide to you.
Erasure – You have a right to request that we delete your personal information.
You may request that we delete your personal information if you believe that:
• we no longer need to process your information for the purposes for which it was provided;
• we have requested your permission to process your personal information and you wish to withdraw your consent; or
• we are not using your information in a lawful manner.
Please note that if you request us to delete your information, we may have to suspend the services we provide to you.
Restriction – You have a right to request us to restrict the processing of your personal information.
You may request us to restrict processing your personal information if you
• any of the information that we hold about you is inaccurate;
• we no longer need to process your information for the purposes for which
• it was provided, but you require the information to establish, exercise or defend legal claims; or
• we are not using your information in a lawful manner.
Please note that if you request us to restrict processing your information, we may have to suspend the services we provide to you.
Portability – You have a right to data portability.
Where we have requested your permission to process your personal information or you have provided us with information for the purposes of entering into a contract with us, you have a right to receive the personal information you provided to us in a portable format.
You may also request us to provide it directly to a third party, if technically feasible. We’re not responsible for any such third party’s use of your information, which will be governed by their agreement with you and any privacy statement they provide to you.
If you would like to request the personal information you provided to us in a portable format, please write to or contact us at:
Hanlon Corporate Advisory Ltd at Albany House, Dove Cote Close, Weston by Welland, Market Harborough, Leicestershire LE16 8HN or contact us at 07899 982877.
Objection – You have a right to object to the processing of your personal information.
You have a right to object to us processing your personal information (and to request us to restrict processing) for the purposes described in Section C of Schedule A – Purposes of Processing (below), unless we can demonstrate compelling and legitimate grounds for the processing, which may override your own interests, or where we need to process your information to investigate and protect us or others from legal claims.
Depending on the circumstances, we may need to restrict or cease processing your personal information altogether or, where requested, delete your information. Please note that if you object to us processing your information, we may have to suspend the operation of your services we provide to you.
Marketing – You have a right to object to direct marketing.
You have a right to object at any time to processing of your personal information for direct marketing purposes, including profiling you for the purposes of direct marketing. For more information see Section 9.
Withdraw consent – You have a right to withdraw your consent.
Where we rely on your permission to process your personal information, you have a right to withdraw your consent at any time. We will always make it clear where we need your permission to undertake specific processing activities.
Lodge complaints – You have a right to lodge a complaint with the regulator.
If you wish to raise a complaint on how we have handled your personal information, you can contact us and we will investigate the matter. We hope that we can address any concerns you may have, but you can always contact the Information Commissioner’s Office (ICO). For more information, visit ico.org.uk
Schedule A – Schedule of Purposes of Processing
We will only use and share your information where it is necessary for us to carry out our lawful business activities. Your information may be shared with and processed by other HCA group companies. We want to ensure that you fully understand how your information may be used. We have described the purposes for which your information may be used in the detail below:
A Contractual necessity
We may process your information where it is necessary to enter into a contract with you for the provision of our services or to perform our obligations under that contract. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to provide services to you.
B – Legal obligation
When you apply for a service (and throughout your relationship with us), we may be required by law to collect and process certain personal information about you. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to provide our services to you. This may include processing to:
a) confirm your identity,
b) perform checks and monitor data for the purpose of preventing and detecting crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions. This may require us to process information about criminal convictions and offences, to investigate and gather intelligence on suspected financial crimes, fraud and threats and to share data with law enforcement and regulatory bodies;
c) assess affordability and suitability of credit for initial credit applications and throughout the duration of the relationship, including analysing customer credit data for regulatory reporting;
d) share data with banks & financial institutions, police, law enforcement, tax authorities or other government and fraud prevention agencies where we have a legal obligation, including reporting suspicious activity and complying with production and court orders;
e) deliver mandatory communications to clients or communicating updates to service terms and conditions;
f) investigate and resolve complaints;
g) conduct investigations into breaches of conduct and corporate policies by our employees;
h) manage contentious regulatory matters, investigations and litigation;
i) perform assessments and analyse client data for the purposes of managing, improving and fixing data quality;
j) provide assurance that the HCA has effective processes to identify, manage, monitor and report the risks it is or might be exposed to;
k) investigate and report on incidents or emergencies on the HCA properties and premises;
l) coordinate responses to business-disrupting incidents and to ensure facilities, systems and people are available to continue providing services; and
m) monitor dealings to prevent market abuse.
C – Legitimate interests of HCA
We may process your information where it is in our legitimate interests do so as an organisation and without prejudicing your interests or fundamental rights and freedoms.
a) We may process your information in the day-to-day running of our business, to manage our business and financial affairs and to protect our clients, employees and property. It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating as a business. This may include processing your information to:
(i) monitor, maintain and improve internal business processes, information and data, technology and communications solutions and services;
(ii) ensure business continuity and disaster recovery and responding to information technology and business incidents and emergencies;
(iii) ensure network and information security, including monitoring authorised users’ access to our information technology for the purpose of preventing cyber-attacks, unauthorised use of our telecommunications systems and websites, prevention or detection of crime and protection of your personal data;
(iv) provide assurance on the HCA’s material risks and reporting to internal management and supervisory authorities on whether the HCA is managing them effectively;
(v) perform general, financial and regulatory accounting and reporting;
(vi) protect our legal rights and interests;
(vii) manage and monitor our properties (for example through CCTV) for the purpose of crime prevention and prosecution of offenders, for identifying accidents and incidents and emergency situations and for internal training; and
(viii) enable a sale, reorganisation, transfer or other transaction relating to our business.
b) It is in our interest as a business to ensure that we provide you with the most appropriate services that we continually develop and improve as an organisation. This may require processing your information to enable us to:
(i) identify new business opportunities and to develop enquiries and leads into applications or proposals for new business and to develop our relationship with you;
(ii) send you relevant marketing information (including details of other services provided by us or other HCA group companies which we believe may be of interest to you);
(iii) understand our clients’ actions, behaviour, preferences, expectations, feedback and financial history in order to improve our services, develop new services, and to improve the relevance of offers of services by HCA group companies;
(iv) monitor the performance and effectiveness of services;
(v) assess the quality of our client services and to provide staff training. Calls to our office and communications to our mobile may be recorded and monitored for these purposes;
(vi) perform analysis on client complaints for the purposes of preventing errors and process failures and rectifying negative impacts on clients;
(vii) compensate clients for loss, inconvenience or distress as a result of services, process or failures;
(viii) identify our clients’ use of third-party products and services in order to facilitate the uses of client information detailed above; and
(ix) combine your information with third-party data, such as economic data in order to understand clients’ needs better and improve our services.
(x) We may perform data analysis, data matching and profiling to support decision-making with regards to the activities mentioned above. It may also involve sharing information with third parties who provide a service to us.
c) It is in our interest as a business to manage our risk and to determine what services we can offer and the terms of those services. It is also in our interest to protect our business by preventing financial crime. This may include processing your information to:
(i) carry out financial and credit risk assessments;
(ii) manage and take decisions about the services we are currently or propose to offer;
(iii) carry out checks (in addition to statutory requirements) on clients and potential clients, business partners and associated persons, including performing adverse media checks, screening against external databases and sanctions lists and establishing connections to politically exposed persons;
(iv) share data with credit reference, fraud prevention agencies and law enforcement agencies;
(v) trace debtors and recovering outstanding debt;
(vi) for risk reporting and risk management.
HCA PL MAY 2018