Who “we” are
This Privacy Notice applies to all personal information processing activities carried out by the Falcon Group Administrative Services (UK) Limited and the notice tells you what we do with information we collect about you prior to, during and after your client relationship with us. It is relevant to anyone who uses our services, including customers, prospective customers, suppliers, contractors, and website users.
We are Falcon Group Administrative Services (UK) Limited (“we”, “us or “our”) and its associated companies (together the Falcon Group) is committed to protecting the privacy and security of your Personal Data.
Our principle address is 60-62 Lombard Street, London EC3V 9EA and our contact details can be located at Contact.
We may update our Privacy Notice from time to time. When we do we will communicate any changes by publishing the updated Privacy Notice on our website. We would encourage you to visit our website regularly to stay informed of the purposes for which we process your information and your rights to control how we process it.
Information collected from others
Where we have collected information directly from you it will usually be obvious what this is, as you will have given it to us. This might not be the case where we have used cookies to collect information from your computer or portable devices. Please see our cookies policy for more information Cookies Policy.
What Personal Data do we collect?
We respect individuals’ rights to privacy and to the protection of personal information. The purpose of the Privacy Notice is to explain how we the data controller collect and use personal data in connection with our business. “Personal Data” means information about a living individual who can be identified from that information (either by itself or when combined with other information). We will collect and process various categories of personal data at the start of and for the duration of, your relationship with us. We will limit the collection and processing of information to information necessary to achieve one or more legitimate purposes as identified in this notice. Personal data may include:
- personal contact information (including your name, home address, personal telephone number(s) and personal e-mail address);
- business contact information (including e-mail address and telephone number);
- date of birth;
- social security, government identification and / or driving licence number;
- marital status;
- copy of your passport, visa or driving licence;
- bank account details, tax residence and tax status information;
- copies of bank statements, utility bills and official correspondence to your residential address;
- asset and liability statements;
- documents gathered during the on-boarding process (including credit history, background vetting information, insurance policies, completed PEP Forms, real estate identification documents);
- information gathered through Falcon’s monitoring of its IT systems, building access records and CCTV recording when you attend meetings in person at our offices;
- passport, national identity card, driving licence, power of attorney and relevant contact information of your lawyers, accountants, advisers, agents, attorneys or other representatives (including their name, address, telephone number(s) and e-mail address(s));
- due diligence materials (including reports, photographs, valuations and analysis) relating to your property, assets, finances or credit-worthiness for the purposes of credit analysis, consideration and approval; transaction structuring, processing and administration/management; and
- Personal Data which you otherwise voluntarily provide, for example when corresponding in writing (including via email or other electronic means), in meetings or during phone conversations or entered into any of the Falcon Group websites.
The majority of the Personal Data provided by you is mandatory in order for us to administer the client relationship and perform our obligations under our contract(s) with you and/or comply with statutory requirements relating to making or receiving payments, sanctions, immigration or taxation. Failure to provide mandatory Personal Data may affect our ability to accomplish the purposes stated in this privacy notice and potentially affect your ongoing client relationship with the Falcon Group.
Where permitted by law, we may process information about criminal convictions or offences and alleged offences for specific and limited activities and purposes, such as to perform checks to prevent and detect crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions. It may involve investigating and gathering intelligence on suspected financial crimes, fraud and threats and sharing data between Falcon Group and with law enforcement and regulatory bodies.
The list set out above is not exhaustive, and there may be other Personal Data which the Falcon Group collects, stores and uses in the context of the client relationship.
How we obtain information
The majority of the Personal Data which we process will be collected directly from you. Your information is made up of all the financial and personal information we collect and hold about you/your business and the proprietors, officers and beneficial owners of that business and your transactions. It includes:
- information you give us;
- information that we receive from third parties – including other Falcon Group companies, third parties who we provide services to you and us, credit reference, fraud prevention or government agencies and financial institutions (where permitted by law);
- information that we learn about you through our relationships with you and the way you operate your account/or services;
- information that we gather from the technology which you use to access our services (for example an IP address or telephone number) and how you use it; and
- information that we gather from publicly available sources, such as the press, the electoral register, company registers and online search engines.
How Do We Use Your Personal Data?
The Falcon Group uses your Personal Data for a variety of purposes in order to perform its obligations under the contracts between you and any member of the Falcon Group, to comply with legal obligations or otherwise in pursuit of its legitimate business interests. We have set out below the purposes for which client Personal Data is processed:
- to enable correspondence with you, your agents, legal and other professional advisers, attorneys and such other representatives appointed to act on your behalf in relation to transactions to be considered or entered into between you and a member of Falcon Group via email, phone, mail or other means of communication;
- to conduct Know Your Customer (KYC), sanctions-screening and other pre-transaction checks necessary in order to consider a client relationship with you;
- to produce legal documentation for transactions between you and a member of the Falcon Group;
- to make payments or confirm the source of receipts of sums due under legal transaction documentation entered into between you and a member of the Falcon Group;
- the day to day processing and management of any transactions between you and a member of the Falcon Group;
- to manage, periodically review and make you aware of the products and/or services we provide to you;
- to consider alternative products and/or services which may be suitable and of interest to you;
- to comply with legal requirements, such as reporting to the local tax authority, ensuring our compliance with sanctions laws, regulations, rules and requirements of the United Nations, United Kingdom, the United States of America (including, but not limited to, those outlined by the Office of Foreign Assets Control (OFAC) of the US Department of Treasury and the Export Administration Regulations of the US Department of Commerce), the European Union and any other applicable jurisdiction which relate to foreign trade control, export control, trade embargoes or international boycotts or sanctions;
- to address any complaints, investigate, review and conclude any complaints made;
- to protect Falcon’s confidential and proprietary information, and intellectual property;
- to prevent fraud against you, third parties or members of the Falcon Group if a business transfer or change of ownership occurs or is planned.
Again, this list is not exhaustive, and we may undertake additional processing of Personal Data in line with the purposes set out above. We will update this privacy notice from time to time to reflect any notable changes in the purposes for which it processes your Personal Data.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Unless you have told us that you do not want to hear from us, we will send you relevant marketing information (including details of other products or services provided by us, companies which we believe may be of interest to you), by mail, phone, email, text and other forms of electronic communication. If you change your mind about how you would like us to contact you or you no longer wish to receive this information, you can tell us at any time by contacting us at Compliance@falcongrp.com.
Transferring information overseas
As a global provider of funding solutions, Falcon Group will share client Personal Data with other group companies and third parties located outside of the EEA from time to time for the purposes set out in this Privacy Notice.
We may transfer your information to organisations in other countries (including to other Falcon Group companies) on the basis that anyone to whom we pass it protects it in the same way we would and in accordance with applicable laws.
In the event that we transfer information to countries outside of the European Economic Area (which includes countries in the European Union as well as Iceland, Liechtenstein and Norway), we will only do so where:
- the European Commission has decided that the country or the organisation we are sharing your information with will protect your information adequately;
- the transfer has been authorised by the relevant data protection authority; and/or
- we have entered into a contract with the organisation with which we are sharing your information (on terms approved by the European Commission) to ensure your information is adequately protected.
What Special Categories of Personal Data Do We Process?
Certain categories of data are considered “special categories” of Personal Data” and are subject to additional safeguards. We do not need your consent if we use special categories of your Personal Data in accordance with our written policy to carry out our legal obligations or exercise specific legal rights. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
When Do We Share Client Personal Data?
The Company will share client Personal Data with other parties only in limited circumstances and where this is necessary for the performance of the contract or to comply with a legal obligation, or otherwise in pursuit of its legitimate business interests as follows:
- where we have your permission;
- where required for your product or service;
- where we are required by law and by law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory bodies around the world;
- with banks, financial institutions and payment services companies when making payment to or receiving payment from you;
- with background vetting specialists as part of the client on-boarding process and periodically thereafter to ensure Personal Data held is up to date;
- accountants, lawyers, notaries and other professional advisers when considering, structuring, documenting, concluding, terminating, varying, amending or renewing a particular transaction already in place with you;
- financiers, insurers, participants and sub-participants in order to consider and/or obtain funding, risk mitigation, insurance or other financial or risk support in relation to an agreement between you and us;
- IT service providers as part of routine testing, maintenance, development and improvement to the safety, security or functioning of our IT systems;
- with debt collection agencies;
- with credit reference and fraud prevention agencies;
- with third-party guarantors or other companies that provide you with benefits or services (such as insurance cover) associated with your product or service;
- where required for a proposed sale, reorganisation, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets held by our business;
- send you relevant marketing information however we will not share your information with third parties for marketing purposes without your permission
- in anonymised form as part of statistics or other aggregated data shared with third parties; or
- where permitted by law, it is necessary for our legitimate interests or those of a third party, and it is not inconsistent with the purposes listed above.
In all cases, the client Personal Data is shared under the terms of a written agreement between Falcon Group and the third party which includes appropriate security measures to protect the Personal Data in line with this privacy notice and our obligations. The third parties are permitted to use the Personal Data only for the purposes which we have identified, and not for their own purposes, and they are not permitted to further share the data without our express permission.
How Long Will My Personal Data Be Retained?
By providing you with products or services, we create records that contain your information. Records can be held on a variety of media (physical or electronic) and formats.
We manage our records to help us to serve our customers well (for example for operational reasons, such as dealing with any queries relating to your account) and to comply with legal and regulatory requirements. Records help us demonstrate that we are meeting our responsibilities and to keep as evidence of our business activities.
Retention periods for records are determined based on the type of record, the nature of the activity, product or service, the country in which the relevant company is located and the applicable local legal or regulatory requirements.
We may on exception retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or our regulators. This is intended to make sure that we will be able to produce records as evidence, if they are needed.
Under some circumstances we may anonymise your Personal Data so that it can no longer be associated with you. We reserve the right to retain and use such anonymous data for any legitimate business purpose without further notice to you.
During the course of your client relationship with the Falcon Group we will review the Personal Data we hold in relation to you approximately every 12 months and any Personal Data which is no longer needed will be deleted.
Following the termination of your client relationship with the Falcon Group, we will typically retain data for the periods set out below:
|General correspondence||6 years|
|Contractual documentation||6 years|
|Legal Deeds relating to transactions between you and us||12 years|
|Tax and accountancy records relating to your transactions||7 years|
|Background check results and related information||6 years|
|Financial and credit-related information||6 years|
|Personal data in archived e-mails or other electronic files||6 years|
|Forms of identification||6 years|
Retention periods may be changed from time to time based on business or legal and regulatory requirements.
How is my Personal Data secured?
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, altered, disclosed, used or accessed in an unauthorised way. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from Data Protection Officer (the “DPO”) by sending an email to DPO@Falcongrp.com.
Third parties will only process your Personal Data on our instructions and where they have agreed to treat the data confidentially and to keep it secure.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We want to make sure that you are aware of your rights in relation to the personal data we process about you. We have described those rights and the circumstances in which they apply in the table below.
|Access – You have a right to get access to the personal information we hold about you.||For more information on how to get access to your information and the documents we need you to submit, please visit our website.|
|Rectification – You have a right to rectification of inaccurate personal information and to update incomplete personal information.||
If you believe that any of the information that we hold about you is inaccurate, you have a right to request that we restrict the processing of that information and to rectify the inaccurate personal information.
Please note that if you request us to restrict processing your information, we may have to suspend the operation of your account and/or the products and services we provide to you.
|Erasure – You have a right to request that we delete your personal information.||
You may request that we delete your personal information if you believe that:
Please note that if you request us to delete your information, we may have to suspend the operation of your account and/or the products and services we provide to you.
|Restriction – You have a right to request us to restrict the processing of your personal information.||
You may request us to restrict processing your personal information if you believe that:
Please note that if you request us to restrict processing your information, we may have to suspend the operation of your account and/or the products and services we provide to you.
|Portability – You have a right to data portability.||
Where we have requested your permission to process your personal information or you have provided us with information for the purposes of entering into a contract with us, you have a right to receive the personal information you provided to us in a portable format.
You may also request us to provide it directly to a third party, if technically feasible. We’re not responsible for any such third party’s use of your account information, which will be governed by their agreement with you and any privacy statement they provide to you.
If you would like to request the personal information you provided to us in
a portable format, please write to us at the details provided above.
If you have any questions about these rights or you wish to exercise your rights of access you should set out your request to the DPO by sending an email to DPO@Falcongrp.com using the relevant form for the type of request from the forms below:
- Data Subject Access Request Form (GDPR)
- Data Subject Data Portability Request Form (GDPR)
- Data Subject Data Processing Objection Form (GDPR)
- Data Subject Erasure Request Form (GDPR)
- Data Subject Processing Restriction Request Form (GDPR)
- Data Subject Rectification Request Form (GDPR)
No fee usually required
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
Where Can I get Further Information?
We have appointed the DPO to oversee compliance with this Notice. If you have any questions about this privacy notice or how we handle your Personal Data, please contact the DPO at the contact details above. Finally, you have the right to raise any concerns about how your Personal Data is being processed with the Information Commissioner’s Office (ICO) by going to the ICO’s website: https://ico.org.uk/concerns/ or contacting the ICO on 0303 123 1113 or email@example.com.