last updated 21st June 2022
We are committed to protecting the information we hold about you. This Privacy Notice applies to the processing activities of the Shard Capital Group (‘Shard Capital’), which includes the following entities;
- Shard Capital Partners LLP
- Shard Capital Limited
- SCSB Limited
- Shard Capital AIFM LLP
- LeifBridge Capital Management Limited
- Shard Credit Partners Limited,
Any reference to ‘us’, ‘our’, ‘we’ in this Privacy Notice is a reference to Shard Capital. Similarly, any reference to ‘you’, ‘your’, ‘yours’ or ‘yourself’ in this Privacy Notice is a reference to any of our past, prospective or current ‘clients’ or intermediaries.
If you are applying for a role at Shard Capital, please see our Candidate Privacy Notice.
Our Privacy Notice will be reviewed from time to time to take account of new obligations and technology, changes to our operations and practices and to make sure it remains appropriate to the changing environment.
WHAT KIND OF PERSONAL DATA DO WE COLLECT?
We collect information necessary to fulfil our obligations to our clients in the course of providing a range of financial services.
We may collect the following types of information about you:
- Your personal details (for example, your name, date of birth, passport information or other identification information)
- Your contact details (for example, your postal address, phone number, email address or mobile number)
- Financial information (for example, your bank account numbers, financial history, account balances, trading and financial statements)
- Details about your physical or mental health and lifestyle
- Employment details including employment history
- Family details
- Location data
- Technical data including internet protocol (IP) address, your login data, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
- Information about criminal convictions and offences
- Your marketing preferences
On occasion the following sensitive personal data may be obtained: physical or mental health details, political opinion, racial or ethnic origin and religious beliefs. We will only obtain and process this information with your consent (permission) or in situations where it is in the wider public interest.
We also keep records of your trading behaviour, including:
- a record of; products you trade with us and their performance
- products we trade on your behalf and their performance; and
- historical data about the trades and investments you have made.
Much of this information is collected in compliance with our duties under FCA rules. This includes our obligation to verify the identity of clients and to maintain records of regulated business including a record of products you invest in and historical data about investments you have made. If you chose not to provide the information required, we may not be able to provide you with the requested product or service.
If you choose to provide us with any Personal Data relating to a third party (e.g. information relating to your spouse, children, parents, and/or employees) or ask us to share their personal data with third parties, by submitting such information to us, you confirm that they understand the information in this notice about how we will use their personal data.
HOW IS THE PERSONAL DATA OBTAINED?
We obtain this information in several ways, for example through your use of our services or other dealings with us including through the account opening process, enquiry forms, and from information provided in the course of ongoing correspondence.
We may also collect personal data from:
- People appointed to act on your behalf
- Publicly available sources
- Credit reference agencies
- Organisations that provide their own personal data, or personal data from third parties, to help us to improve the personal data we hold, and provide more relevant and interesting products or services to you
Additionally, we may obtain personal data about you through your use of our websites, by recording your activity and which pages you look at on our websites (please see here on Cookies)
We may record any communications with you including electronic mail, telephone calls, in person or otherwise, which will constitute evidence of the communications between us. This information is collected in compliance with our duties under FCA rules in relation to our record keeping obligations.
Telephone conversations may be recorded without the use of a warning tone or any other further notice. Further, if you visit any of our offices or premises, we may have CCTV which may record your image.
WHAT LAWFUL BASIS DO WE RELY ON?
We must have a legal basis (lawful reason) to process your personal data. In most cases, the legal basis will be one of the following:
- To allow us to take actions that are necessary for us to provide you with the product or service you want;
- To allow us to meet our legal obligations (for example, getting proof of your identity to meet our anti-money laundering obligations);
- To protect our legitimate interests (for example, to understand how clients use our services so we can develop new services and improve the services we currently provide)
- where we obtain your consent;
- to protect your interests; and
- where something is done in the public interest.
The table below sets out what we use your personal data for and our legal basis for doing so. Where our legal basis is a legitimate interest (that is, where our interests do not outweigh our clients’ interests), those interests are also set out in the table.
SENSITIVE PERSONAL DATA
Some of the information we collect is sensitive personal data (also known as special categories of data). We may process personal data that relates to your health (such as your medical history) and any criminal convictions and offences. If we use sensitive personal data, we will usually do so on the legal basis that it is in the wider public interest, to establish, take or defend any legal action or, in some cases, that we have your permission.
In any case, we will keep to all laws that apply
We may ask you for permission to collect and use certain types of personal data when we must do so by law (for example, when we process sensitive personal data or place cookies or similar technologies on devices or browsers). If we ask you for permission to process your personal data, you can refuse, or withdraw your permission at any time, by using the contact details at the end of this privacy notice or, if in relation to cookies or similar technologies, by clicking on the ‘C’ logo in the bottom right-hand corner of the webpage. (please see here on Cookies)
DISCLOSURE OF YOUR PERSONAL DATA
We may share the personal data we hold about you across Shard Capital to enable us to better understand your needs and run your accounts in the efficient way that you expect. Your personal data may also be used for customer modelling, statistical and trend analysis, with the aim of developing and improving our products and services.
We will never sell, trade, or rent your Personal Data to others; however, we may share your information with selected third parties including:
- our service providers, suppliers and sub-contractors for the performance of any contract we have entered into with them. They may then process this data on our behalf to help run some of our internal business operations such as IT services;
- governmental or judicial bodies or agencies to comply with our legal and regulatory obligations;
- fraud prevention agencies, other companies and organisations to prevent or detect financial and other crime;
- non-affiliated companies may sometimes be used to provide certain services such as preparing and mailing prospectuses, reports, account statements and other information, conducting research on client satisfaction, and gathering shareholder proxies;
- advertisers and advertising networks that require the data to select and serve adverts about our services to you and others. It will only be passed to third party advertisers to provide services on behalf of Shard Capital;
- data, service and software providers that assist us in the improvement and optimisation of our sites;
- Credit reference agency or a verification company to conduct checks on you to verify the information you have provided;
Where we share your data with third parties we ensure that your data is held securely.
SHARING INFORMATION ABOUT YOU WITH TAX AUTHORITIES OUTSIDE THE UK
We would usually supply aggregated data to tax authorities.
We may be required by law or regulation to share information about your accounts with relevant tax authorities, either directly or through the local tax authority. The tax authority we share the information with could then share that information with other appropriate tax authorities. If we need extra documents or information from you about this, you must provide them. If you don’t, we may need to close your account or, if the law or other regulations require us to do so, we’ll withhold parts of certain payments received into your account and pass the withheld funds to the relevant tax authorities.
DO WE MAKE AUTOMATED DECISIONS CONCERNING YOU?
We do not carry out automated profiling on you; however we may send your details on to a reference agency necessary for compliance with a legal obligation – for example in connection with fraud prevention or anti-money laundering.
HOW WE STORE PERSONAL DATA
Safeguarding the privacy of your information is important to us, whether you interact with us personally, by phone, by mail, over the internet or any other electronic medium.
We hold personal data in a combination of secure computer storage facilities and paper-based files and other records. Steps are taken to protect the personal data we hold from misuse, loss, unauthorised access, modification or disclosure.
When we consider that personal data is no longer needed, we will remove any details that will identify you or we will securely destroy the records. However, we may need to maintain records for a significant period of time in line with our regulatory obligations. For example, we are subject to certain anti-money laundering laws which require us to retain verification of identity records for a period of five years after our business relationship with you has ended.
If we hold any personal data in the form of a deed, we will hold this deed in its complete form for a period of 12 years after our business relationship with you has ended.
If we hold any personal data in the form of a recorded communication, by telephone, electronic mail, in person or otherwise in relation to our regulatory obligations as detailed above, this information will be held in line with local regulatory requirements which will generally be between five and seven years after our business relationship with you has ended.
Where you have opted out of receiving marketing communications we will hold your details (e-mail address) on our suppression list so that we know you do not want to receive these communications.
MANAGEMENT AND SAFEGUARDING OF PERSONAL DATA
Our approach to information security does not rely solely upon a written security policy or standards. We also maintain the confidentiality, integrity and availability of information through the protection of our technology resources and assets.
Measures include, but are not limited to:
- Desktop and laptop full disk encryption
- Removable media encryption tools
- Desktop and laptop firewalls
- Antivirus and anti-malware software
- Multifactor authentication approaches
- Automated patching and security vulnerability assessments
- Strong physical, environmental, network and perimeter controls
- Intrusion detection and prevention technologies
- Monitoring and detection systems
- Dark Web monitoring
- Brand exploitation detection
- Geo blocking
In addition, we invest considerable time and resources into future state security technologies. We align our information security strategy to our technology product road map and maintain a close association with our technology service offerings. This properly positions us to address security issues that might otherwise threaten the confidentiality, integrity or availability of our technology resources. Our teams offer tools designed to help us collaborate with Shard Capital clients and to securely and reliably transfer and store data.
YOUR RIGHTS AS A DATA SUBJECT
The data protection laws give you certain rights in relation to the data we hold on you. These include the following rights to:
- request a copy of the personal data we hold about you;
- request that we supply you (or a nominated third party) with a copy of the personal data that you provided to us;
- inform us of a correction to your personal data
- exercise your right to restrict our use of your personal data
- exercise your right to erase your personal data; or
- object to the ways in which we are using your personal data.
Your ability to exercise these rights will depend on a number of factors and in some instances, we will not be able to comply with your request e.g. because we have legitimate grounds for not doing so or where the right doesn’t apply to the particular data we hold on you. If you would like more information on these rights, please contact firstname.lastname@example.org
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent.
TRANSFERS OF PERSONAL DATA OUTSIDE THE UK OR EEA
When we or fraud prevention agencies share information with organisations in another jurisdiction, we will ensure they agree to apply equivalent levels of protection for personal data. If this is not possible – for example because we are required by law to disclose information – we will ensure the sharing of that information is lawful. Also, if they are not in a jurisdiction that is regarded as having “adequate” levels of protections for personal data, we will put in place appropriate safeguards (such as contractual commitments), in accordance with applicable legal requirements, to ensure that your data is adequately protected.
If you ask us to share information with third parties who provide payment initiation or account services (either in the UK or in another country), we will rely on your request (whether direct or indirect) to share the relevant information. We don’t have control over such third-party practices. We recommend that you (or the person(s) with authority over your account) consider the information-handling practices of that third party before requesting their services by reading their privacy notices or contacting them to ensure you are comfortable with how they will handle your information.
LINKS TO EXTERNAL WEBSITES
Our sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or how such websites collect and use your data. Please check these policies before you submit any personal data to these websites.
UPDATES TO THE PRIVACY NOTICE
We reserve the right to update this Notice to reflect any legal changes or changes to the way in which we process your personal data. The updated Notice will be published on our website and comes into effect at the time of publication on the website.
If you have any queries regarding privacy issues or the content of this Privacy Notice, you can email us on email@example.com, write to us at: 20 Fenchurch Street, London, EC3M 3BY or call us +44 (0)207 186 9900.
WHAT IF YOU HAVE A COMPLAINT?
If you have a concern about any aspect of our privacy practices, you can make a complaint. This will be acted upon promptly. To make a complaint, please contact us via one of the methods set out above. If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with our supervisory authority, the Information Commissioner’s Office (ICO). You can find details about how to do this on the ICO website at https://ico.org.uk/concerns/ or by calling their helpline on 0303 123 1113.