Privacy statement

1. Why do we collect data including personal data
2. Which types of data do we collect?
3. How do we collect the data?
4. How we use the data
5. International transfers
6. Data retention and security
7. Your legal rights
8. General

1. Why do we collect and process data including personal data?

There are a number of reasons why we might collect your personal data and the lawful basis for processing it will depend on the specific purpose.

• To register you as a new client
• Manage fees/charges and recover money owed to us
• Notifying you about changes to our terms of business or privacy statement
• To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data)
• To use data analytics to improve our website, services, marketing, customer relationships and experiences
• To make suggestions and recommendations to you about services which may be of interest to you

2. Which types of data do we collect?

Personal data is any information capable of identifying an individual and does not include anonymised data. We may process certain types of personal data about you including:

• Identity Data may include your first name, surname, date of birth, gender, national insurance number, or photograph
• Contact Data may include your home, work and/or billing address, email address, and telephone numbers
• Financial Data may include your bank account and payment card details
• Transaction Data may include details about payments between us and other details of purchases made by you
• Technical Data may include your login, internet protocol addresses, browser type and version, social media handles, browser plug-in types and versions, time zone setting and location, operating system and platform, and other technology on the devices you use to access this website
• Profile Data may include your username and password, previously used services, your interests, preferences, feedback and survey responses
• Usage Data may include information about how you use our website, services, and operating systems
• Marketing and Communications Data may include your preferences in receiving marketing communications from us and our third parties and your communication preferences

We do not collect any sensitive data about you including details about your race or ethnicity, religious beliefs, sexual orientation, political opinions, trade union membership, health, criminal convictions and offences.

Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract.

3. How do we collect the data?

We will obtain personal data about you whenever you;

• Purchase a service
• Interact with us as a professional intermediary i.e. solicitor, banker, or IFA
• Subscribe to our mailing list or communicate with us by phone, email, or post
• Complete and submit a form on our website
• Attend one of our events
• Request resources or marketing be sent to you
• Enter a competition, prize draw, promotion, or survey
• Provide feedback

We may monitor your use of this website, however we will not able to identify you individually. Take a look at our cookies notice for more information.

We may receive personal data about you from various third parties and public sources, such as:

• Analytics providers such as Google based outside the EEA
• Search information providers such as Google based outside the EEA
• Contact, financial and transaction data from providers of technical services based inside the EEA
• Identity and contact data from publicly available sources such as Companies House and the Electoral Register based inside the EEA
• Identity and contact data from provides to enable us to comply with anti-money laundering regulations

4. How we use the data

We will use your personal data for any one or more of the following purposes:

• Where we need the perform the contract between us
• Where it is necessary for our legitimate interests
• For marketing purposes
• Where we need to comply with a legal or regulatory obligation

Generally, where this is required or permitted by law, we do not rely on your knowledge or consent to process your personal data, other than in relation to sending you marketing communications. You have the right to withdraw consent to marketing at any time by emailing us at privacy@pemcf.com. Where you opt out of receiving our marketing communications, this will not apply to personal data provided to us as a result of a service experience.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Should the purpose change, we will notify you and explain the legal grounds for processing.

We may have to share your personal data with third parties including:

• Providers of IT and system administration services
• Professional advisers including solicitors, bankers, auditors, insurance, independent financial advisers, and other  corporate finance advisers who provide legal, financial, accounting, insurance, and consultancy services
• HM Revenue & Customers, regulators, and other authorities base in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances
• Third parties to whom we sell, transfer, or merge parts of our business or our assets

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We only allow third parties to process your personal data for specific purposes and in accordance with our instructions.

5. International transfers

Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.

As some of our third party service providers are based outside the EEA, their processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to counties that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
• Where we use certain providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in the EEA; or
• Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between EEA countries and the United States

If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.

6. Data retention and security

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

By law we have to keep basic information about our clients (including contact, identity, financial, and transaction data) for six years after they cease being clients for tax purposes. In some circumstances, you can ask us to delete your data: see “Your legal rights” below for further information.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

7. Your legal rights

Under certain circumstances, you have rights as an individual under the General Data Protections Regulation (GDPR) in relation to your personal data. These include the right to:

• Request access
• Request correction
• Request erasure
• Object to processing
• Request restriction of processing
• Request transfer of your data
• Right to withdraw consent

If you wish to exercise any of the rights set out above, please email privacy@pemcf.com

You will not have to pay a fee to access your personal data (or to exercise any of the other rights) should the request be reasonable in its scope and not unfounded, repetitive or excessive.  We may need to request specific information from you to help us confirm your identity and ensure your right to access the data.

If you are unhappy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO) however we would be grateful if you would contact us in the first instance so that we can try to resolve it. PEM Corporate Finance is an ICO Tier 1 fee payer, registration number Z6800102.

8. General

We keep our privacy statement under regular review and we will place any updates on this web page. This privacy statement was last updated on 11th January 2019.