SYSC326 may acquire sensitive information concerning your business or affairs in the course of delivering Services. We maintain strict controls over access to information and comply with obligations imposed by The Data Protection Act (DPA) 2018, as amended by The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (providing alignment with requirements of the EU General Data Protection Regulation ('GDPR')).
This policy relates to personal data provided to SYSC326:
- This policy was last updated on 12/08/2021 - Please check this page occasionally to ensure you are aware of its content.
- SYSC326 is registered with the Information Commissioner's Office (Ref: ZB063950) and is the Data Controller of processing activity described below.
- Jon McNally trading as SYSC326 is responsible for data protection.
For all data protection enquiries, including Subject Access Request ('SAR'), please contact our Data Protection Officer ('DPO'):
- By post: SYSC326, Fergusson House, 124 City Road, London, EC1V 2NX.
- Email: firstname.lastname@example.org
- If you would prefer to speak to us by phone, please call 020 7060 2780
What is personal data?
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
What does processing mean?
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
SYSC326 takes privacy seriously and is committed to protecting your data:
- This policy explains when and why we collect personal information, how this information is used, the conditions under which it may be disclosed to others and how it is kept secure.
- Information held (or processed) by SYSC326 is held (or processed) for a specific and legitimate purpose.
- If we transfer information outside of the EEA, we take reasonable steps to ensure the security and privacy of your data.
Where we store personal data
Information is stored securely and usually on encrypted media:
- Our data is hosted in the UK. We also utilise a backup service provided by a third party, where data is held in an encrypted format.
- Occasionally information may be transferred outside the European Economic Area (EEA), to support delivery of a service you have requested.
- Where a country may not have similar data protection laws to the UK we will, where possible, seek to work with service providers whose servers are located within the EEA.
- If we transfer information outside of the EEA, we take steps to require reasonable security, aimed at ensuring your privacy rights are protected.
- We do not routinely share personal data with other parties.
Personal data you provide
This relates to information about you (provided voluntarily), such as, via:
- This website (www.sysc326.com).
- Corresponding with us by email, telephone or otherwise.
- Responding to any enquiry, communication or survey (e.g. as part of recruitment, vetting, personal employment/credential-checking, etc.).
- Meetings or other discussions/interactions, including interviews, etc.
- Also see our Legal page.
Personal data received from other sources
We might receive personal data from a third party or open source:
- Third parties might include current or former employers, persons providing character references, clients and their advisors, etc.
- Open-source includes media and press-reporting, public information published by regulatory bodies, public registries (e.g., Companies House, Land Registry, etc.)
- Information is assessed for relevance to a particular client engagement.
Others who might receive or access personal data
We might disclose personal data to a third party, agent, or sub-contractor, where relevant and reasonable:
- If necessary for the provision of a service to us, or to you on our behalf (e.g. conducting relevant research in another country).
- We use a third party service provider for Basic Criminal Record Checks (for unspent convictions). For some roles this check is a mandatory compliance requirement and is only undertaken with the relevant individual's consent.
- In all circumstances we only disclose information which is reasonable and necessary for an agent or other third party to provide their service.
- We require information to be kept securely and not for use other than in accordance with our specific instructions.
Retention period of personal data before disposal
The following is a general guide. Details applicable to a particular client engagement may differ:
- If civil or criminal proceedings are not anticipated (e.g. industrial tribunal, civil suit or criminal prosecution linked to a data subject) - Data is usually deleted 6 months after completion of service delivery.
- If civil or criminal proceedings are anticipated - Data retention periods may be influenced by the timeframe for concluding proceedings.
- Responding to an information request might also influence normal retention periods (e.g. Client insurers or legal advisors in asset tracing matters).
- Any request to extend the retention period in a particular instance must be submitted in writing to SYSC326, with a relevant supporting rationale.
Accessing your personal information
Data protection law entitles you to ask to see a copy of the personal data that we hold about you, via a Subject Access Request ('SAR') - See above link
Who can submit a SAR
To ensure we only disclose details of data held to the Data Subject (or appointed representatve), applications must be accompanied by proof of identity and address.
Proof of identity & address
To ensure any disclosure of data is to the appropriate person, you will need to provide a copy of identification (e.g. Passport, Driving Licence,etc.) and proof of address (e.g. utility bill).
Our Specialist Focus
- Anti Money Laundering
- Anti Bribery & Corruption
- Fraud Prevention/Response
- Integrity Due Diligence
- Advisory Services
- Regulatory Support (e.g. s166)