In this Policy, the terms “personal data”, “processing”, “data controller” and “data processor” shall have the meaning ascribed to them in the General Data Protection Regulation ((EU) 2016/679) (“GDPR”).
City is committed to protecting and respecting your privacy.
This Policy contains information about what data we collect and store about you and why. It also tells you who we share this data with, the security mechanisms we have put in place to protect your data and how to contact us.
Please read this Policy carefully to understand our practices regarding personal data and how we will treat it.
City is defined as a data processor under the GDPR. A data processor is a natural or legal person, public authority, agency or another body which processes personal data on behalf of the data controller.
Any questions regarding this Policy and our privacy practices should be sent by email to firstname.lastname@example.org or by writing to The City Partnership (UK) Limited, 110 George Street, Edinburgh EH2 4LH. Alternatively, you can telephone 0131 243 7210.
Who are we?
City is a provider of corporate and fund services. City is a private limited company registered in Scotland with company number SC269164. The company's registered office and principal place of business is 110 George Street, Edinburgh EH2 4LH.
What do we do with your data?
Data processed by us
When carrying out activities that are contractually or legally required when providing our corporate and fund services we process the following personal data:
- Contact details that enable communication with you; and
- Data to carry out corporate and fund services.
Depending on the activity, this may include contact details, facts about you to enable confirmation of your identity, detail to support reporting to the authorities and data required for transactions with you.
City's website, https://city.uk.com, which is maintained by City, does not collect any data from its visitors, nor does it engage in any tracking activity.
Users of City's website should always adopt a policy of caution before clicking any external web links mentioned throughout the website. Websites assocaited with external web links have their own privacy policies and City does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Use of personal data
We process your data for the following purposes:
- Communicating with you;
- To provide contracted corporate and fund services; and
- To comply with applicable legal requirements.
Sharing personal data
We may share your data with third party service providers. The third parties would either be contractors or service providers that help us to meet our contractual obligations or identity checking organisations that help us to comply with legal requirements.
We will share personal data with regulatory bodies, HMRC and law enforcement agencies if required by applicable regulations or law.
We will not share your data with any other third parties without your consent.
Personal data transfers outside of Europe
We will not transfer your data outside the EU. Should this change and we commence work with a third party who is or has some of its activities outside of the EU we will update this Policy and inform the clients this activity will affect. Any future transfer of data outside of the EU, if applicable, will be subject to appropriate security measures to ensure that your privacy rights continue to be protected as outlined in this Policy.
Personal data retention
We hold your data following legal and regulatory requirements including rules specific to the financial services industry.
The retention period for your data is dependent on many factors, including but not limited to:
- The sensitivity of the data we have collected;
- The legal obligations we may have to store data for specified periods;
- The time a data subject is entitled to raise a complaint or claim; and
- Any specific instructions provided by you.
Personal data security
Once we have received personal data relating to you, we use strict procedures and security features to try to prevent unauthorised access.
The security of personal data regarding you is a high priority. We take such steps as are reasonable to securely store your data to protect it from unauthorised use or access, misuse, loss, modification or unauthorised disclosure (incl. physical and electronic security measures). Examples include the use of passwords, locked storage cabinets and secured storage rooms. Other features include:
- Storing data on secured networks consistent with industry standards, which are only accessible by those employees who have special access rights to such systems;
- Using industry-standard encryption technologies when transferring or receiving personal data, such as SSL technology;
- Restrictions on the electronic transfer of files; and
- Our IT networks undergo necessary monitoring and testing to identify and remediate potential opportunities for unauthorised data access.
We take steps to destroy or de-identify personal data when we no longer require the data for any purpose for which it may be used or disclosed by us, and we are no longer required by law to retain the data.
Data protection laws give you the right to access personal data held relating to you. To protect your privacy, we may take steps to verify your identity before taking any action in response to any request.
We also want to make sure that any personal data relating to you that we hold is accurate and up to date. You may ask us to correct or remove any personal data you think is inaccurate.
You also have the right, in certain circumstances, to:
- The erasure of personal data relating to you that we hold;
- The restriction of processing of personal data relating to you that we hold; and
- Object to our processing of personal data relating to you that we hold.
Your ability to exercise these rights will depend on several factors and in some instances, we will not be able to comply with your request (e.g. where the right does not apply to the particular data we hold on you).
Should you exercise certain rights, we may be unable to continue to provide some or all of our services to you – e.g. where we require your data to comply with a statutory requirement or is necessary for us to perform our obligations to you.
If you would like to exercise any of these rights or if you have any questions about our processing of personal data relating to you, please contact us by email to email@example.com, or write to us at The City Partnership (UK) Limited, 110 George Street, Edinburgh EH2 4LH. Alternatively, you can telephone 0131 243 7210.
We will respect and provide you with all rights concerning your data that we hold, and to which you are entitled, under applicable law.
If you have a concern about the way we are collecting or using personal data relating to you, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/.
Review of this Policy
We keep this Policy under regular review. This Policy was last updated in October 2019.