Kirkoswald Capital Partners LLP (‘Kirkoswald’, ‘Firm’ or ‘we’) is a company registered in England and Wales with company number OC387588. The Firm is authorised and regulated by the Financial Conduct Authority (‘FCA’) with Firm Reference Number 607529. This Privacy Notice is provided by Kirkoswald on behalf of itself and its affiliates (collectively, ‘Kirkoswald Group’).
This Privacy Notice is being provided in accordance with the requirements of data privacy laws, including the EU General Data Protection Regulation 2016/679 (‘EU GDPR’), as well as the UK’s retained version of the EU GDPR (‘UK GDPR’) (collectively, ‘GDPR’). Natural persons from the European Economic Area (‘EEA’) and the UK should refer to the section on your rights under GDPR in this Privacy Notice.
Additionally, this Privacy Notice has incorporated required aspects of the Standing Committee of China’s National People’s Congress’s Personal Information Protection Law (the ‘PIPL’), not covered by GDPR. The PIPL extends its territorial scope to the processing of personal information conducted outside of China, provided that the purpose of the processing is: (i) to provide products or services to individuals in China, (ii) to ’analyze’ or ’assess’ the behaviour of individuals in China, or (iii) for other purposes to be specified by laws and regulations.
California residents should refer to the separate ‘California Privacy Notice’ on the website. Please also refer to any additional disclosures, notices and/or policies relating to data privacy laws, or equivalent, that may be provided to you separately. References to ‘you’ in this Privacy Notice has the meaning of any natural person, or any natural person connected with an entity that is a legal person (each such natural person, a ‘data subject’), as applicable.
For the purposes of GDPR, Kirkoswald will be the ‘data controller’ and for purposes of PIPL, the Firm will be ’personal information processing entity’ of the personal data you provide. Please read the following information carefully in order to understand the Firm’s practices in relation to the treatment of your personal data. Should you have any questions, please email us at email@example.com.
What data privacy principles does the Firm adhere to?
- The Firm will process all personal data in a lawfully, fair and transparent manner;
- The Firm will only collect personal data where it is necessary;
- For the Firm to provide a service to you;
- For you to provide a service to the Firm;
- For the Firm to keep you informed of its products and services; or
- For the Firm to comply with its legal and regulatory obligations;
- The personal data collected by the Firm will be adequate, relevant and limited to what is necessary in relation to the specific purpose for which your data will be processed;
- The Firm will take all reasonable steps to ensure that personal data is accurate and, where necessary, kept up‐to‐date;
- The Firm will maintain personal data in a form that permits identification no longer than is necessary for the purposes for which the personal data has been collected for processing, in accordance with the Firm’s record retention requirements as mandated by the FCA;
- The Firm will hold and process person data in a manner that ensures appropriate security;
- The Firm will only share personal data where it is necessary to provide the agreed service or where it is necessary for the Firm to comply with its legal and regulatory requirements; and
- The Firm will only utilise a service provider based outside of the UK for the processing of personal data where this is strictly necessary to facilitate our services to you. In all cases, we will ensure service providers are fully compliant with GDPR, or deemed equivalent, ahead of transferring any personal data.
What personal data does the Firm collect and why?
In the course of providing products/services to you, the Firm may collect information that is considered personal information (e.g., name, contact details, address, passport number, driving licence).
As a client, contact or employee of Kirkoswald, we will require some personal information to verify your identity and have the applicable relationship with you. Some of this information may be required to satisfy legal obligations (e.g., to comply with obligations arising under the money laundering regulations whereas other information may be required in connection with the provision of services to you). The information collected will vary depending on the service the Firm provides to you or you provide to the Firm, but typically includes:
- Personal information: Such as your name, date of birth, passport number or national insurance number; and
- Contact information: Including your address, telephone number and email address.
On what basis does the Firm have to process my personal data?
The Firm must have a lawful basis (consent) to process personal information or the following non-consent basis:
- To enter into or perform a contract where you are a party;
- To conduct human resources management according to lawfully formulated internal labor policies and lawfully concluded collective labor contracts;
- To perform legal responsibilities or obligations;
- To respond to a public health emergency, or in an emergency to protect the safety of health and property or for purposes of carrying out news reporting and media monitoring for public interests;
- Processing of personal information that is already disclosed or otherwise lawfully disclosed;
- Other circumstances as required by laws.
Are any other consents required?
The Firm will have a separate consent for certain processing activities, namely if it (i) shares personal information with other processing entities; (ii) publicly discloses personal information; (iii) processes sensitive personal information; or (iv) transfers personal information overseas.
Where does the Firm store my personal data?
The Firm has comprehensive policies and procedures in place to ensure your personal data is kept safe and secure, with these including:
- Data encryption;
- Intrusion detection;
- 24/7 physical protection of the facilities where your data is stored (e.g., Microsoft’s UK data
- Background checks for personnel that access physical facilities; and
- Security procedures across all service operations.
How long does the Firm retain personal data?
As a regulated entity, the Firm is required to maintain its books and records for a prescribed period(five years from either the ceasing of a business relationship, or, in the case of non‐clients, from the making of a record – or alternatively, for seven years, where specifically requested to do so by the FCA). As such, information that falls in scope of either of these requirements is retained in line with the mandated timeframe.
Any information that is outside the scope of this requirement will be retained whilst relevant and useful, and destroyed where this ceases to be the case or where the data subject specifically requests this.
How have I been categorised in accordance with GDPR?
GDPR requires the Firm to inform you of the legal basis on which we maintain your personal data.Typically, the Firm will reach out to you personally to confirm this; however, as a general rule the following is applicable.
- Clients – Information is maintained on the basis of contractual obligation, legitimate interest and/or legal obligation (where relevant);
- Service providers – Information is maintained on the basis of contractual obligation and/or legal obligation (where relevant); and
- Database/marketing contacts – Information is maintained on the basis of legitimate interest.
What are my rights?
Once you have provided your details to the Firm, you have certain rights which apply, depending on your relationship with the Firm, the information you have shared with us and the Firm’s legal and regulatory obligations.
- You have the right to request a copy of the information that we hold about you. If you would like a copy of some, or all, of your personal information, please email the Firm. The Firm will provide this information to you within one month (with the ability to extend this by an additional two months where necessary), free of charge.
- You have the right to request that the information the Firm holds about you is erased under certain circumstances including where there is no additional legal and/or regulatory requirement for the Firm to retain this information.
- As a client, you have the right to request that any information the Firm holds about you be provided to another company in a commonly used and machine‐readable format, otherwise known as ‘data portability’.
- You have the right to ensure that your personal information is accurate and up to date, or where necessary rectified. Where you feel that your personal data is incorrect or in accurate and should therefore be updated, please email the Firm.
- You have the right to object to your information being processed, for example for direct marketing purposes.
- You have the right to restrict the processing of your information, for example limiting the material that you receive or where your information is transferred.
- You have the right to object to any decisions based on the automated processing of your personal data, including profiling.
- You have the right to lodge a complaint with the Information Commissioner’s Office (https://ico.org.uk/concerns/ if you are not happy with the way that we manage or process personal data.
Will I be notified of changes to this policy?
The Firm may, from time to time, review and update this policy. The Firm will maintain the latest version of this policy on its website, and where the changes are deemed material, it will make you are aware of these.
Who should I direct questions to?
If you have any questions, concerns or complaints about the practices contained within this document or how the Firm has handled your data, please email: firstname.lastname@example.org.
Alternatively, you may write to:
Kirkoswald Capital Partners LLP
4th Floor, 39 Sloane StreetLondon
Last updated: August 2022