Our Policies
Client Privacy Notice
Background
The London Wall Group (as defined below) understands that your privacy is important to you and that you care about how your personal data (“Personal Data”) is used. We respect and value the privacy of all of our clients and we will only collect and use your Personal Data in ways that are described in this privacy notice (“Privacy Notice”), and in a way that is consistent with our obligations and your rights under the UK General Data Protection Regulations (“GDPR”) and the Data Protection Act 2018 and other applicable law (collectively known as “Data Protection Legislation”).
This Notice applies to LWPO Limited and all its group companies and subsidiaries, as defined under the Companies Act 2006.
1. Information About Us
- Company Name and Number
- London Wall Group (please see attachment 1 for a list of companies within the London Wall Group and their associated company numbers).
- Registered Address
- Interpark House, 7 Down Street, London, W1J 7AJ
- Data Protection Officer
- Evalian Limited
dpo@evalian.co.uk
0333 050 0111
West Lodge, Colden Common, Leylands Business Park, Hampshire SO21 1TH - Legal Department
- legal@london-wall.com
2. What Does This Privacy Notice Cover?
This Privacy Notice explains how we use your Personal Data, how it is collected, how it is stored, and how it is processed. It also explains your rights under the Data Protection Legislation.
3. What Are My Rights?
Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:
- The right to be informed about our collection and use of your Personal Data.
- The right to access the Personal Data we hold about you.
- The right to rectify your Personal Data if any of your Personal Data held by us is inaccurate or incomplete.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your Personal Data that we hold.
- The right to restrict (i.e. prevent) the processing of your Personal Data.
- The right to object to us using your Personal Data for a particular purpose or purposes.
- The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your Personal Data, you are free to withdraw that consent at any time.
- The right to data portability. This means that, if you have provided Personal Data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that Personal Data to re-use with another service or business.
- Rights relating to automated decision-making and profiling. Part 5 explains more about how we use your Personal Data in this manner.
More information about your rights can be found in our Data Subject Rights Policy published on our website.
Alternatively, if you need further information about how we use your Personal Data or exercising your rights as outlined above, please contact us using the details provided in Part 12.
It is important that your Personal Data is kept accurate and up-to-date. If any of the Personal Data we hold about you changes, please keep us informed as long as we have that data.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens’ Advice Bureau.
If you have any cause for complaint about our use of your Personal Data, you have the right to lodge a complaint with the Information Commissioner’s Office. However, we would welcome the opportunity to resolve your concerns ourselves, and would be grateful if you could please contact us first, using the details in Part 11.
4. What Personal Data Do You Collect and How?
| Category of data | Data |
| Personal details |
|
| Contact details |
|
| Family details |
|
| Employment details |
|
| Financial details |
|
| References |
|
| Guarantor information |
|
We will collect any of the above Personal Data from a variety of sources including:
- Directly from you in the ordinary course of our relationship with you;
- Third parties such as professional advisers, consultants and agents; and
- Public sources such as social media.
We may also create Personal Data about you, such as records of your interactions with us and details of your accounts, subject to applicable law.
We do not seek to collect any ‘sensitive’ Personal Data (such as data relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs; trade union membership; genetic data; biometric data, health related data or sex life/sexual orientation) nor Personal Data relating to children, except to comply with a legal obligation.
5. How Do You Use My Personal Data?
Under the Data Protection Legislation, our lawful bases for using your Personal Data, are as follows:
| What We Do | What Data We Use | Our Lawful Basis |
|---|---|---|
| AML/KYC: Fulfilling our regulatory compliance obligations, including ‘Know Your Client’ checks; confirming and verifying your identity (including by using credit reference agencies); and screening against government, supranational bodies and/or law enforcement agency sanctions lists as well as internal sanctions lists and other legal restrictions. |
|
|
| Credit worthiness: Conducting credit reference checks and other financial due diligence. |
|
|
| Creation and management of your account: Administering relationships and related services; performance of tasks necessary for the provision of the requested services; communicating with you in relation to those services. |
|
|
| IT operations: Management of our communications systems; operation of IT security; and IT security audits. |
|
|
| Health and safety: Health and safety assessments and record keeping; and compliance with related legal obligations. |
|
|
| Security: Physical security of our premises (including records of visits to our premises and CCTV recordings); and electronic security (including login records and access details, where you access our electronic systems). |
|
|
| Legal compliance: Compliance with our legal and regulatory obligations under applicable law. |
|
|
| Legal proceedings: Establishing, exercising and defending legal rights. |
|
|
| Risk Management: Audit, compliance, controls and other risk management. |
|
|
| Fraud prevention: Detecting, preventing and investigating fraud. |
|
|
With your permission and/or where permitted by law, we may also use your Personal Data for marketing purposes, which may include contacting you by email with information, news, and offers on our services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection Legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.
We will endeavour to obtain your express opt-in consent before sharing your Personal Data with third parties for marketing purposes and you will be able to opt-out at any time.
We do not use automated systems for carrying out certain kinds of decision-making. Should our position change, we will inform you as soon as reasonably practicable.
If we need to use your Personal Data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so.
In some circumstances, where permitted or required by law, we may process your Personal Data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.
6. How Long Will You Keep My Personal Data?
We take every reasonable step to ensure that your Personal Data will only be processed for the minimum period necessary for the purposes set out in this Privacy Notice. The criteria for determining the duration for which we will retain your Personal Data are as follows:
- We will retain copies of your Personal Data in a form that permits identification only for as long as we maintain an ongoing relationship with you (e.g., where you are a recipient of our services, or you are lawfully included in our mailing list and have not unsubscribed); or
- We will retain copies of your Personal Data as is necessary in connection with the lawful purposes set out in this Privacy Notice;
plus the duration of:
- Any applicable limitation period under applicable law (i.e., any period during which any person could bring a legal claim against us in connection with your Personal Data, or to which your Personal Data may be relevant); and
- An additional twenty-four (24) month period following the end of such applicable limitation period (so that, if a person brings a claim at the end of the limitation period, we are still afforded a reasonable amount of time in which to identify any Personal Data that are relevant to that claim);
and:
- In addition, if any relevant legal claims are brought, we may continue to process your Personal Data for such additional periods as are necessary in connection with that claim.
During the periods noted in paragraphs (c) and (d) above, we will restrict our processing of your Personal Data to storage of, and maintaining the security of, the Personal Data, except to the extent that the Personal Data needs to be reviewed in connection with any legal claim, or any obligation under applicable law.
Once the periods in the paragraphs above, each to the extent applicable, have concluded, we will either:
- Permanently delete or destroy the relevant Personal Data;
- Archive your Personal Data so that it is beyond use; or
- Anonymise the relevant Personal Data.
7. How and Where Do You Manage and Protect My Personal Data?
The security of your Personal Data is essential to us, and to protect your data, we take a number of important measures, including the following:
- limiting access to your Personal Data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality;
- only storing Personal Data which is accurate and absolutely necessary for our legitimate purposes; and
- implementing procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your Personal Data) including notifying you and/or the Information Commissioner’s Office where we are legally required to do so.
If any of the information that we hold about you is wrong, please tell us and we will put it right.
8. Do You Share My Personal Data?
We may use external third parties such as those described below to process your Personal Data on our behalf in accordance with our legitimate purposes.
The Personal Data provided may also be shared with other organisations in order for us to comply with any legal or regulatory requirements (e.g., audit reporting and anti-money laundering checks).
The London Wall Group may communicate your Personal Data to such authorised individuals and entities as are listed in attachment 1, including but not limited to those parties for which you subsequently give us permission to share your Personal Data, or under a legal obligation or any other duty to do so. For the purposes detailed above, your information may be disclosed to:
- any other branches or companies within the London Wall Group;
- any regulatory, supervisory, or governmental authority with authority and jurisdiction over us;
- any agent, contractor or third-party service provider, professional adviser or any other person under a duty of confidentiality to the London Wall Group;
- any credit reference agency and, in the event that payments fall into arrears, any debt collection agency;
- any actual or potential participant or sub-participant in, guarantor(s), assignee, or transferee of, our rights and/or obligations in relation to you; and
- any financial institution with which we have or propose to have dealings.
If any of your Personal Data is shared with a third party, as described above, we will take steps to ensure that your Personal Data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.
If any Personal Data is transferred outside of the UK, we will take suitable steps in order to ensure that your Personal Data is treated just as safely and securely as it would be within the UK and under the Data Protection Legislation. This will include putting International Data Transfer Agreements (IDTAs) in place with the organisations we are providing the information to and carrying Transfer Impact Assessments (TIAs) exercises on the countries the data will be sent to, where this is required. If you wish to receive more information about the safeguards applied to international transfers of Personal Data, please contact us using the contact details provided in Part 11 below.
If we sell, transfer, or merge parts of our business or assets, your Personal Data may be transferred to a third party. Any new owner of our business may continue to use your Personal Data in the same way(s) that we have used it, as specified in this Privacy Notice.
In some limited circumstances, we may be legally required to share certain Personal Data if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
9. Third Party Information
If you provide us with information about another person, you confirm you already have explicit confirmation that such other person has appointed you to act for them to consent to the processing of their Personal Data by us. This means that you have informed them of our identity and the purpose for which their Personal Data will be processed, namely to verify their name and address and otherwise only in connection with you. You agree to keep us or any relevant third party fully indemnified for your not having complied with this paragraph.
10. How Can I Access My Personal Data?
If you want to know what Personal Data we have about you, you can ask us for details of that Personal Data and for a copy of it (where any such Personal Data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 11. To make this as easy as possible for you, a Subject Access Request Form is available for you to use on our website. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.
There is not normally any charge for a subject access request. However, if your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your Personal Data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
11. How Do I Contact You?
To contact us about anything to do with your Personal Data and data protection, including to make a subject access request, please use the following details for the attention of the DPO and the legal department:
Email address: legal@london-wall.com
Postal Address: Interpark House, 7 Down Street, London, W1J 7AJ
12. Changes to this Privacy Notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects Personal Data protection.
Any changes will be made available on our website. This Privacy Notice was last updated on 16th April 2025.
