Privacy Policy

Last updated: [25] May 2018

1. Background

ILLIQUIDX CAPITAL LIMITED (“ILLIQUIDX“, “we” or “us“) collects and processes personal data about you, the client or other individual with whom we interact (“you“).

This Data Protection & Privacy Policy (“Policy“) explains how we use any personal data we collect about you. Personal data (“Personal Data“) means any information personally relating to you as an identifiable individual or that we can otherwise identify you from. 

The Personal Data we collect includes, but is not limited to, your name and contact details, your email address, your correspondence address, your IP address and other personal information you provide to us.

We process Personal Data in accordance with the EU General Data Protection Regulation (“GDPR“) and other applicable laws that regulate protection and privacy of personal data (“Data Protection Law”). ILLIQUIDXis a “controller” of any Personal Data that you submit to us or that we collect from you. This means we decide what Personal Data we collect and what it is used for

2.  How do we collect your Personal Data?

We collect Personal Data that you voluntarily provide to us, for example when:

  1. when you visit or submit information to our website (“Site“), register with us for an account, log in or complete other online forms we provide;
  2. when you otherwise submit personal data to us in the course of your/your employer’s contractual relationship with us;
  3. when you contact us with an enquiry, complaint or regarding an issue related to our services, and we keep a record of that correspondence;

In some cases, your Personal Data may be supplemented by information that we collect from public sources, including searches via search engines, sector-specific newsletters, public registers, social media and your employer’s website, although this is used for the purpose of confirming your current professional position. We may also collect other Personal Data from third party service provider databases when conducting know your client (“KYC“) due diligence checks.

3. How do we use your Personal Data?

We use the Personal Data we collect to:

  1. identify your/you organisation’s requirements, to deliver services and information, and to promote other services we provide which may be of interest to you, subject to applicable law;
  2. contact you for your views on our services and to notify you occasionally about important changes or developments to the Site or to our services;
  3. deal with legal requirements and, in particular, satisfy our regulatory obligations to undertake suitable KYC checks.

4. Why do we process your Personal Data and on what legal basis?

We process your Personal Data for the above purposes relying on one or more of the following lawful grounds:

  1. where we agree to provide any product and/or service to you/your organisation, in order to take any pre‑contract steps at your request and/or to perform our contractual obligations to you/your organisation;
  2. where we need to use your Personal Data for our legitimate interests of being able to market,  provide and administer our financial services and products; to maintain business relationships in connection with these services and products; and to generally manage our business in that regard.  We will always seek to pursue these legitimate interests in a way that does not unduly infringe on your legal rights and freedoms and, in particular, your right of privacy;
  3. where you have freely provided your specific, informed and unambiguous consent to us using your Personal Data for particular purposes, such as sending of electronic marketing communications if you are an individual and where required by applicable law; and/or
  4. where we need to collect, process or hold your Personal Data to comply with a legal or regulatory obligation and/or to deal with legal claims.

5. Where is your Personal Data stored?

ILLIQUIDX is a United Kingdom based company and provides its products and services from its UK offices.

The Personal Data that we collect from you is primarily processed in the UK although it may be transferred to and stored at a destination outside the European Economic Area (EEA).  It may be accessed or processed on our behalf by staff operating outside the EEA or by a supplier with such staff (e.g. providing database or IT support), although in each case they will be acting under our instructions.

Some countries outside the EEA (for example, the United States) are not regarded as having the same legal standards for protection of Personal Data that apply inside the EEA. If we do transfer your Personal Data outside the EEA however, we will take appropriate steps to ensure that adequate measures are taken in accordance with Data Protection Law to safeguard and protect your Personal Data.

6. With whom do we share your personal data?

In the context of the purposes mentioned above, we may share your Personal Data with third party suppliers who only process data on our behalf under our instructions (called “processors“).  These include companies who host customer relationship management (“CRM“) databases or provide CRM services for ILLIQUIDX. It may also include agencies who we use to assist with KYC checks.

We will ensure that, where relevant, contractual safeguards are implemented to protect your Personal Data when we disclose it to third party processors.  For example, we will enter into data processing agreements with restrictions on the use of your Personal Data and obligations with respect to the security of your Personal Data.

7.  How long do we keep your Personal Data?

The period for which we keep your Personal Data usually depends on the purpose(s) for which your information was collected.

We will not keep your Personal Data for longer than necessary for that/those purpose(s) or unless we need to keep data for a longer period to comply with any legal requirements.

ILLIQUIDX has a data retention policy that sets out the different periods we retain Personal Data for in accordance with our duties under Data Protection Law.  The criteria we use for determining our data retention periods are based on:

  1. various legislative requirements (for example, duties to hold transaction details for tax/accounting purposes or KYC data in accordance with financial services regulation);
  2. the purpose for which we collected that Personal Data and, where we have identified a continued legitimate need to hold that Personal Data, to serve such purpose; and
  3. guidance issued by relevant regulatory authorities including, but not limited to, the UK Information Commissioner’s Office (ICO) or Financial Conduct Authority (FCA).

Personal Data that we no longer need is securely disposed of and/or anonymised so you can no longer be identified from it.

8.  Data Security

ILLIQUIDX has implemented appropriate technical and organisational security measures to help protect your Personal Data against loss and to safeguard it against access by unauthorised persons.  However, you should be aware that the sending of any data over public communication networks can never be guaranteed to be 100% secure.

9. Cookies

ILLIQUIDX may track and process information and data in relation to your use of the Site using “cookies”.  A cookie is a small file which is sent to your browser and stored on your computer’s hard disc, which helps us to understand and track your use of the Site and improve the information and services provided. 

We use cookies solely to gather information on IP addresses and pages visited, to analyse trends, administer the Site, track users’ movements on the Site and gather broad demographic information for aggregate use. 

IP addresses will not be used to deliver targeted marketing messages and we do not seek to identify anyone personally using these cookies or disclose this data to any third parties, other than our data processors as referred to above. 

Most internet browsers allow you to stop receiving cookies via options or settings.  You may enable these options or settings, but this may mean that our system cannot recognise your computer when you log in and you may not be able to use or access certain parts of the Site. 

For information about cookies generally, please visit www.allaboutcookies.org or see our ‘Cookies Policy‘.

10. Links to other websites

The Site may contain links to other websites.  This Privacy Policy extends only to data collected on this Site and does not cover the use of data by any website operated by a third party which you may link to by using hypertext links through our Site.  We recommend that you check the relevant privacy policy of each website that you visit and contact the owner or operator of that website if you have any concerns.

11.  Your Rights

Under Data Protection Law, you have a legal right to request information about the Personal Data that we hold about you, what we use that Personal Data for and who it may be disclosed to, as well as certain other information (called a “subject access request“). 

Usually we will have one month to respond to such a subject access request, although in the case of complex requests, we may require a further two months to respond.  We reserve our right to reject or charge for administrative time in dealing with any manifestly unreasonable or excessive requests for access.

We may also ask for further information to locate the specific information you seek and may apply certain legal exemptions to some of the information we disclose when responding to a subject access request.

You also have the following legal rights, which are exercisable by making a request to us in writing:

  1. that we correct Personal Data that we hold about you which is inaccurate or incomplete;
  2. to object to any automated processing (if applicable) that we carry out in relation to your Personal Data, for example if we conduct any automated credit scoring;
  3. to object to our continued use of your Personal Data for direct marketing;
  4. to request that we erase your Personal Data without undue delay and/or to object to its processing and/or request that we restrict the use of your Personal Data for any purpose, unless we have a legitimate reason for continuing to hold or process that data; or
  5. that we transfer your Personal Data to another party where the Personal Data has been collected with your consent or is being used to perform contract with you and we are processing that data by automated means (i.e. computer).

All of these requests may be forwarded on to a third party processor who is involved in the processing of your Personal Data on our behalf.

If you would like to exercise any of the above rights or if you have any concerns about how we use your Personal Data, please contact us at the address below.  Please note that you may be required to provide us with appropriate evidence so that we can verify your identity before we can respond.

If you make a request and are not satisfied with our response, or believe that we are illegally processing your Personal Data, you have the right to complain to the UK Information Commissioner’s Office (ICO) – see: https://ico.org.uk/concerns/.

12. Updates to this Data Protection & Privacy Policy

This Policy was last updated on the date set out at the top. 

We reserve the right to update and change this Policy from time to time in order to reflect any changes to the way in which we process your Personal Data or deal with a change in legal requirements.  In case of any such changes, we will post the modified Policy on our Site and/or publish it otherwise.  Any such changes will take effect as soon as they are posted on the Site. 

13. How to contact us

If you have any questions about how we process your Personal Data or want to exercise your rights as referred to above, please feel free to contact us

by email to: dpo@illiquidx.com or sar@illiquidx.com

by post to: Data Protection Manager, ILLIQUIDX, 346 Kensington High Street, London W14 8NS; or

by telephone: +44 207 832 0181