Data Protection and Privacy Policy

Your personal data – what is it? 

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”).

Who are we?

Sucden Financial Limited (“Sucden Financial”) is the data controller (contact details below).
This means it decides how your personal data is processed and for what purposes.

How do we process your personal data?

Sucden Financial complies with its obligations under the GDPR by:

  • keeping personal data up to date;
  • by storing and destroying it securely;
  • by not collecting or retaining excessive amounts of data; and
  • by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. 

Purposes for collecting and using personal data

Prospective employees of Sucden Financial

Types of information held to assess your suitability for employment with Sucden Financial:

  • your application form, if you were requested to complete one;
  • your references;
  • your curriculum vitae; and
  • any interview notes.

Employees of Sucden Financial

Types of information and purposes held (where not obvious):

  • as above for prospective employees;
  • date of birth, gender and marital status;
  • copy of passport or driving licence;
  • your contract of employment;
  • correspondence with or about you, for example letters to you about a pay rise, or at your request, a letter to your mortgage company confirming your salary;
  • information needed for payroll, benefits and expenses purposes e.g national insurance number and bank details;
  • contact and emergency contact details;
  • records of holiday, sickness and other absence;
  • CCTV footage and other information obtained through electronic means such as security pass access records;
  • photographs;
  • records relating to your career history, such as training records, appraisals, other performance measures and, where appropriate disciplinary and grievance records;
  • where relevant, you may be mentioned in certain company documents such as the business continuity plan;
  • monitoring of employees to prevent and detect crime and misconduct. For further information, please refer to Sucden Financial’s Policy on Telephone and Electronic Communications which is available on Sucden Financial’s Intranet; and
  • we also have the ability to view the Plantation Place site access records which could be used to monitor your hours of work.

We may also collect, store and use the following “special categories” of more sensitive personal information:

  • information about your health, including any medical condition, health and sickness records; and
  • information about criminal convictions and offences.

The situations in which we will process employee personal information are listed below:

  • making a decision about recruitment or a new appointment;
  • checking that you are legally entitled to work in the UK;
  • paying you and reducting tax and national insurance contributions;
  • providing benefits to you;
  • liaising with your pension provider;
  • business management, planning, accounting and auditing;
  • performance reviews;
  • education, training and development;
  • dealing with legal disputes;
  • determining your fitness to work and managing sickness absence;
  • complying with health and safety obligations;
  • to prevent fraud;
  • to monitor our communication systems and ensure compliance with our IT policies; and
  • to ensure network and information security.

The situations in which we may process particularly sensitive personal information are listed below:

  • we will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws; and
  • we will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and provide appropriate workplace adjustments;
  • we will use information about criminal convictions and offences to assess your fitness and propriety to work in the financial services industry.

Data sharing

The following activities are carried out by third-party service providers: payroll, pension administration, benefits provision and administration, IT services.

We may transfer the personal information that we collect about you outside the EAA in order to perform our contract with you. Where we do this, we will ensure that the data receives an adequate level of protection for your personal information. If the country to which we transfer your data is not deemed to have equivalent data privacy laws then we will use contracts to ensure an adequate level of protection is given to your data.

Clients and prospective clients of Sucden Financial

Types of information

The following information is usually collected from directors and beneficial owners of our institutional clients:

  • proof of identification (for example, copies of passports or identification cards);
  • proof of address (for example, copies of bank statements);
  • tax information (for example, personal tax identifiers); 

In addition to the above, in the small number of cases where we seek to onboard clients who are individuals we would also collect their bank details, personal e-mail addresses and personal telephone numbers.

Purposes held:

  • for the purposes of complying with applicable regulations (for example those which aim to prevent money laundering or financial crime);
  • for the purposes of administering and operating your account;
  • to inform clients and prospective clients (who are natural persons) of news, events, activities or services running at Sucden Financial; and
  • to contact clients and prospective clients (who are natural persons) via surveys to conduct research about their opinions of current services or of potential new services that may be offered.

Use of CCTV on Sucden Financial’s premises

Our processing also includes the use of CCTV systems for the prevention of crime and to ensure the safety of everyone on our premises.

 

What is the legal basis for processing your personal data?

Sucden Financial relies on the following legal grounds for processing your personal data:

Prospective employees of Sucden Financial

  • processing is necessary for the legitimate interests of the data controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject. The legitimate interests are as follows:
    • assessing a prospective employee’s candidacy for a position at Sucden Financial; and
  • processing is necessary for compliance with a legal obligation, particularly screening prospective employees where this is required by a regulatory authority.

Employees of Sucden Financial

  • processing is necessary for the performance of the contract of employment that is in place with the data subject or to take steps to enter into this contract;
  • processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement;
  • processing is necessary for the legitimate interests of the data controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject. The legitimate interests are as follows:
    • reviewing the performance of employees;
    • paying employees (bank details);
    • for the purposes of contacting employees in case of an emergency or a disaster recovery incident; and
  • processing is necessary for compliance with a legal obligation, particularly screening employees where this is required by a regulatory authority.

Clients and prospective clients of Sucden Financial

  • Explicit consent of the data subject:
    • to keep you informed about news, events, activities and services; and
    • to contact you with surveys about current events;
  • processing is necessary for compliance with a legal obligation, particularly: anti-money laundering legislation (such as the UK Money Laundering Regulations), tax legislation (such as the US Foreign Account Tax Compliance Act (“FATCA”) and UK implementing regulations) and the second Markets in Financial Instrument Directive / Regulation (“MIFID / R II”) and the European Markets Infrastructure Regulation (“EMIR”); and
  • processing is necessary for the establishment, exercise or defence of legal claims or where courts are acting in their judicial capacity.

Use of CCTV on Sucden Financial’s premises

Processing is necessary for the legitimate interests of the data controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject. The legitimate interests are as follows:

  • for the prevention of crime and to ensure the safety of everyone on our premises.

Consequences of not providing, or objecting to the processing of, personal data

Prospective employees

  • We would not be able to assess your candidacy for a role at Sucden Financial.

Employees

  • We would not be able to perform our obligations that exist in the contract of employment that is in place between us. For example, if you objected to us holding your bank details then we would not be able to pay you.
  • We may not be able to comply with our legal or regulatory obligations which may make it difficult for us to continue to employ you in a particular role. For example, if you are employed in a position that requires approval from the FCA and you objected to us conducting screening searches using personal data that you had previously provided, we may not be able to obtain (or maintain) your approval.

Clients and prospective clients of Sucden Financial

  • If you do not provide consent to us marketing to you we would not be able to provide you with the latest information about activities and services.
  • We would not be able to open an account for you (or keep an account open) if you refused to provide us with certain personal data (for example proof of identity or tax code) where this is required in order for us to comply with applicable laws and regulations. 

Sharing your personal data

Your personal data will be treated as strictly confidential, and will be shared only with:

  • other companies in our group;
  • those who provide services to us or act as our agents;
  • to credit reference agencies or other organisations that help us and others make credit decisions and reduce the incidence of fraud or in the course of carrying out identity, fraud prevention or credit control checks;
  • to regulators and governmental agencies, in any jurisdiction, where we are required to do so by applicable laws and regulations;
  • there is a public duty to disclose or our interests require disclosure; and
  • at your request or with your consent. 

How long do we keep your personal data?

We keep your personal data for no longer than reasonably necessary for a period of no longer than seven years (or, if possible, for shorter) in order to:

  • meet applicable legal and regulatory requirements;
  • exercise or defend legal claims; or
  • in the case that we use your personal data for marketing purposes, until you have withdrawn your consent for us to process your personal data for these purposes.

Note re: prospective clients

Sucden Financial will delete any personal data that is held about a prospective client if that prospective client does not become a client of Sucden Financial within six months of the date that Sucden Financial first received the personal data.

Note re: prospective employees

Sucden Financial will delete any personal data that is held about a prospective employee if that prospective employee does not become an employee of Sucden Financial within six months of the date that Sucden Financial first received the personal data.

Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -

  • the right to request a copy of your personal data which Sucden Financial holds about you;
  • the right to request that Sucden Financial corrects any personal data if it is found to be inaccurate or out of date;
  • the right to request your personal data is erased where it is no longer necessary for Sucden Financial to retain such data;
  • the right to withdraw your consent to the processing at any time (note: this right would only be available if Sucden Financial is relying upon consent as a processing condition);
  • the right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability) (note: this right would only be available if the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means. Sucden Financial does not process data by automated means, see below);
  • the right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • the right to object to the processing of personal data (note: this would only apply where Sucden Financial is processing based on legitimate interests or to conduct direct marketing); and
  • the right to lodge a complaint with the Information Commissioners Office (the “ICO”).

Transfer of Data Abroad

In limited and necessary circumstances, your information may be transferred outside of the European Economic Area (“EEA”) to comply with our legal or contractual requirements or because one of our service providers is based outside the EEA. We have put in place European Union (“EU”) Model Contracts to ensure the security of your data. A copy of these Model Contracts can be obtained from the Data Protection Officer (please see the contact details below).

Automated Decision Making

Sucden Financial does not use any personal data that it obtains for the purposes of making automated decisions.

Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

Contact Details

To exercise all relevant rights, queries or complaints please in the first instance contact the Data Protection Officer on: +44(0) 20 3207 5407 or at: Compliance Department, Sucden Financial Limited, 60 Great Tower Street, London, EC3R 5AZ or via email on: compliance@sucfin.com

You can contact the Information Commissioners Office on: 0303 123 1113 or via email: https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

 

Use of Cookies

Sucden Financial Limited’s (“SFL”, “we”, “our”, “us”) website uses cookies.

What is a cookie?

Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device.

You can find more information about cookies at:

Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.

The cookies used on this website have been categorised based on the categories found in the International Chamber of Commerce (“ICC”) UK Cookie guide. A list of all the cookies used on this website by category is set out below.

Categories of cookie we use

The categories of cookies we use are:

(1)   ‘strictly necessary’ cookies: these cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. This category cannot be disabled.

(2)   ‘analytical’ / ‘performance’ cookies: these cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies do not collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works. By using our website, you agree that we can place these types of cookies on your device.

(3)   ‘functionality’ cookies: these cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites. By using our website, you agree that we can place these types of cookies on your device.

 

List of cookies in use on this website:

Cookies Stored

Category(ies)

preferedLanguage

Functionality

ASP.NET_SessionId

Functionality
Cookies Toolbar Functionality

XSRF-TOKEN

Website security. Strictly necessary

XSRF-V

Website security. Strictly necessary

NID

Analytical / Performance.

PHPSESSID

Analytical / Performance.

PFCE

Analytical / Performance.

PFCT

Analytical / Performance.

ApplicationGatewayAffinity Analytical / Performance.

_ga

Analytical / Performance.*

_gat

Analytical / Performance.*

_gid

Analytical / Performance.*

__utma

Analytical / Performance.*

__utmb

Analytical / Performance.*

__utmc

Analytical / Performance.*

__utmt

Analytical / Performance.*

__utmz

Analytical / Performance.*

 

*Google Analytics cookie. For more detailed information, please refer to the following website: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.

Setting your cookie preferences

You can control how cookies are placed on your device from within your own browser. You can also delete existing cookies from your browser. However, refusing and/or deleting cookies may mean some sections of our site will not work properly.

How to make a complaint

If you have a complaint about the way in which your personal data is being processed, please email compliance@sucfin.com. In the event that you are not satisfied with our handling of your complaint, you have the right to report your concern to the Information Commissioner at https://ico.org.uk/concerns.