OUR PRIVACY POLICY
Our Privacy Policy applies to personal data held by Hawk Digital Consultancy as data controllers and processors, as described below. It explains what information we collect about you, how we will use that information, who we will share it with, the circumstances when we will share it and what steps we will take to make sure it stays private and secure.
Wherever we have said ‘you’ or ‘your’, this means you, any authorised person to handle your affairs or deals with us for you, e.g. recruiters, agencies, trustees or executors, attorneys under a Power of Attorney and other related people including authorised signatories, partners, members and assigns.
When we say ‘we’, we mean Hawk Digital Consultancy. Unless otherwise stated below, the data controller for the purposes of this Policy will be Hawk Digital Consultancy.
What information we collect
We will only collect your information in line with relevant regulations and law. We may collect it from a range of sources and it may relate to any of our services we offer and you are currently using or used in the past. We may also collect information about you when you interact with us, e.g. visit our websites or mobile channels, call us or visit one of our branches, or ask about any of our services.
Some of it will come directly from you. It can also come from your financial adviser, accountant, agency or other intermediary, or other sources you have asked us to obtain information from. We might also get some of it from publicly available sources.
The information we collect may include:
Information that you provide to us, e.g.:
Personal details, e.g. name, previous names, gender, date and place of birth;
Contact details, e.g. address, email address, landline and mobile numbers;
Information concerning your identity e.g. photo ID, passport information, national ID card and nationality;
Next of kin and emergency contact information;
Bank account details;
Payroll records, salary, pension, expenses, travel logs and benefits information and other financial records provided by you;
Employment records (including job titles, work history, working hours, training records and professional memberships).
Other information about you that you give us by filling in forms or by communicating with us, whether face-to-face, by phone, email, online or otherwise.
Information we collect or generate about you, e.g.
Your financial information and information about your relationship with us, including the services you are using, the channels you use and your ways of interacting with us, your payment history, transactions records, including salary details, and information concerning complaints and disputes;
Information we use to identify and authenticate you, e.g. your signature and KYC documentation, and additional information that we receive from external sources that we need for compliance purposes;
Information included in customer documentation, e.g. a record of market analysis or an illustration we may have given you;
Cookies and similar technologies we use to recognise you, remember your preferences and tailor the content we provide to you;
Investigations data, e.g. due diligence checks, sanctions and anti-money laundering checks, external intelligence reports, content and metadata related to relevant exchanges of information between and among individuals, organisations, including emails, voicemail, live chat;
Records of correspondence and other communications between us, including email, live chat, instant messages and social media communications;
Information that we need to support our regulatory obligations, e.g. detection of any suspicious and unusual activity and information about parties connected to you or these activities.
Information from third party providers, e.g. information that helps us to combat fraud or that relates to your social interactions, including your communications via social media, between individuals, organisations, prospects and other stakeholders acquired from companies that collect combined information.
How we will use your information
We will only use your information where we have your consent or we have another lawful reason for using it.
These reasons include where we:
Need to pursue our legitimate interests;
Need to process the information to enter into or carry out an agreement we have with you;
Need to process the information to comply with a legal obligation;
Believe the use of your information as described is in the public interest, e.g. for the purpose of preventing or detecting crime;
Need to establish, exercise or defend our legal rights; or
Where you are a customer, we need to use your information for insurance purposes.
The reasons we use your information include to:
Deliver our services;
Carry out your instructions, e.g. introduce you to a third party or fulfil a service request;
Carry out checks in relation to your creditworthiness;
Manage our relationship with you, including (if opted for) telling you about products and services we think may be relevant for you;
Understand how you use our services;
Support operations of the services we provide you;
Investigate and resolve complaints;
Ensure security and business continuity;
Risk management;
Provide online services and other online product platforms;
Undertake data analytics to better understand your circumstances and preferences so we can make sure we can provide you with the best service and offer you a tailored service;
Protect our legal rights and comply with our legal obligations;
Prevent or detect crime, including fraud and financial crime, e.g. financing for terrorism and human trafficking;
Correspond with introducers, insurers and third-party intermediaries;
Undertake system or product development and planning, audit and administrative purposes.
Tracking or recording what you say or do
We may record details of your interactions with us. We may record and keep track of conversations you have with us, including phone calls, face-to- face meetings, letters, emails, live chats, video chats and any other kinds of communication. We may use these recordings to check your instructions to us, assess, analyse and improve our service, train our people, manage risk or to prevent and detect fraud and other crimes. We may also capture additional information about these interactions, e.g. telephone numbers that you call us from and information about the devices or software that you use.
Compliance with laws and regulatory compliance obligations
We will use your information to meet our compliance obligations, to comply with other laws and regulations, and to share with regulators and other authorities that Hawk Digital Consultancy are subject to. This may include using it to help detect or prevent crime (including terrorism financing, money laundering and other financial crimes). We will only do this on the basis that it is needed to comply with a legal obligation, it is in our legitimate interests and that of others, or to prevent or detect unlawful acts.
Marketing and market research
We may use your information to provide you with details about other products and services from relevant
third parties. We may send you marketing messages by post, email, telephone, text or secure messages. You can change your mind on how you receive marketing messages or choose to stop receiving them at any time. To make that change, please contact us in the usual way.
If you ask us not to send you marketing, it may take us a short period of time to update our systems and records to reflect your request, during which time you may continue to receive marketing messages. Even if you tell us not to send you marketing messages, we will continue to use your contact details to provide you with important information, such as changes to your terms and conditions or if we need to tell you something to comply with our regulatory obligations.
Data controlling, processing and sharing
By engaging us and/or using our services, you expressly consent to the engagement of another data controller and processor unilaterally chosen by Hawk Digital Consultancy for the processing of your personal data. This may be needed where activities are carried out by third- party service providers (including contractors and designated agents) including but not limited to general administration, legal and tax advisory, insurance, IT services or where we have a legitimate business reason for doing so such as change in ownership or business restructure.
Where we engage another controller and processor for carrying out specific controlling and processing activities of your personal data, the same data protection obligations shall be imposed on that other controller and processor by way of a contract or other legal act under EU or governing Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR.
Who we might share your information with
We may share your information with others where lawful to do so, including where we or they:
Need to in order to provide you with products or services you have requested, e.g. fulfilling a service request;
Have a public or legal duty to do so, e.g. to assist with detecting and preventing fraud, tax evasion and financial crime;
Need to in connection with regulatory reporting, litigation or asserting or defending legal rights and interests;
Have a legitimate business reason for doing so, e.g. change in ownership, to manage risk, verify your identity, enable another company to provide you with services you have requested, or assess your suitability for products and services.
In that respect, we may share your information for these purposes with others, including:
Any sub-controllers and processors of data subject information;
Sub-contractors, agents sub-contractors, agents or service providers who work for us or provide services to us (including their employees, sub-contractors, service providers, directors and officers);
Any trustees, beneficiaries, administrators or executors;
People you make payments to and receive payments from where relevant;
Your beneficiaries, intermediaries, correspondent and agent banks, clearing houses, clearing or settlement systems, market counterparties;
Any agencies and other brokers who introduce you to us or deal with us for you;
Any entity that has an interest in the products or services that we provide to you, including if they take on the risk related to them;
Any people or companies where required in connection with potential or actual corporate restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any of our rights or duties under our agreement with you;
Law enforcement, government, courts, dispute resolution bodies, our regulators, auditors and any party appointed or requested by our regulators to carry out investigations or audits of our activities;
Anybody else that we have been instructed to share your information with by either you or operates any of your accounts on your behalf.
Transfers of data outside of the EU
Your information may be transferred to and stored in locations outside of the European Economic Area
(EEA), including countries that may not have the same level of protection for personal information as the EEA do. When we do this, we will ensure it has an appropriate level of protection and that the transfer is lawful. We may need to transfer your information in this way to carry out our contract with you, to fulfil a legal obligation, to protect the public interest and/or for our legitimate interests. In some countries the law might compel us to share certain information, e.g. with tax authorities
We will ensure that, to the extent that any personal data originating from the United Kingdom (UK) or European Economic Area (EEA) is transferred by us to another controller and/or processor in a country or territory outside the UK or EEA that has not received a binding adequacy decision by the European Commission or competent national data protection authority, such transfer will be subject to an appropriate transfer mechanism that provides an adequate level of protection in accordance with GDPR.
Data Retention
We keep your information in line with our data retention policy. We will normally keep your core data for a period of 6 (six) years from the end of our relationship with you. This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes, such as disputes or concerns that may arise.
We may need to retain your information for a longer period, where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate purposes, e.g. to help us respond to queries or complaints, fighting fraud and financial crime, responding to requests from regulators, etc.
If we do not need to retain information for this period of time, we may destroy, delete or anonymise it more promptly.
Transferring your information overseas
Your information may be transferred to and stored in locations outside of the European Economic Area (EEA), including countries that may not have the same level of protection for personal information as the EEA do. When we do this, we will ensure it has an appropriate level of protection and that the transfer is lawful. We may need to transfer your information in this way to carry out our contract with you, to fulfil a legal obligation, to protect the public interest and/or for our legitimate interests. In some countries the law might compel us to share certain information, e.g. with tax authorities.
Your rights
Under certain circumstances, by law you have the right to:
Request access to your personal information (commonly known as a “data subject access request”).
This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. Please refer to our DSAR Procedure for more information.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and
transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.
You can exercise your rights by contacting us.
Credit Reference Checks, Fraud and Money Laundering
Credit Reference Checks
If you apply for new products or services, we may perform credit and identity checks on you with one or more credit reference agencies (CRAs). When you use our services. To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply us with both public (including the electoral register) and shared credit information, financial situation, history and fraud prevention information.
To comply with the law and for our own legitimate interest to enable us to assess and manage risk, we can share details about your financial situation and financial history with CRAs, fraud prevention agencies, etc
Fraud Prevention Agencies
We will carry out checks with fraud prevention agencies for the purposes of preventing fraud and money laundering, and to verify your identity before we provide products and services to you. These checks require us to process personal information about you.
The personal information you provide or which we have collected from you, or received from third parties, will be used to carry out these checks in order to prevent fraud and money laundering, and to verify your identity. We will process personal information, such as your name, address, date of birth, contact details, financial information, employment details, and device identifiers e.g. IP address.
We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering and to verify your identity. This enables us to protect our business and to comply with laws that apply to us. This processing is also a contractual requirement of any of our products or services you use.
Fraud prevention agencies can hold your personal data for different periods of time. If they are concerned about a possible fraud or money laundering risk, your data can be held by them for up to six years.
Consequences of Processing
If we, or a fraud prevention agency, have reason to believe there is a fraud or money laundering risk, we may refuse to provide the services. We may also stop providing existing products and services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services to you. The information we hold about you could make it easier or harder for you to get credit in the future.
How we keep your information secure
We use a range of measures to keep your information safe and secure, which may include encryption and other forms of security. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards, including obligations to protect any information and applying appropriate measures for the use and transfer of information.
Your duty to inform us of changes
You are responsible for making sure the information you give us is accurate and up to date, and you must tell us if anything changes as soon as possible. If you provide information for another person (for example, a Referred Consultant), you will need to direct them to this Policy. If we need that person’s consent, we will ask you to confirm that you have obtained such consent.
Complaints and queries
If you have any questions about this Privacy Policy or how we handle your personal information, please contact us on: info@hawkdc.co.uk
If you are not satisfied by our response you also have the right to make a complaint to the Information
Commissioner’s Office (ICO).
Changes to this Privacy Policy
We reserve the right to update this Privacy Policy at any time, and we will provide you with a new Privacy Policy when we make any material updates. We may also notify you in other ways from time to time about the processing of your personal data.