Who we are
Luc Capital Limited (referred to here as ‘we’, ‘us’ or ‘our Firm’) is a Company Registered in England and Wales under Company Registration Number 09251575.
What do we mean by Your Personal Data?
Your Personal Data means any information that describes or relates to your personal circumstances. In the context of our relationship with you, Your Personal Data may include:
- Title, names, date of birth, gender, nationality, civil/marital status, contact details, addresses and documents that are necessary to verify your identity and comply with anti-money laundering legislation
- Employment and remuneration information, (including salary/bonus schemes/overtime/sick pay/other benefits), employment history
- Bank account details, tax information, loans and credit commitments, credit history, sources of income and expenditure, family circumstances and details of dependents
- Details and information relating to companies or businesses you are or have been associated with, including, for example, financial information
- Any pre-existing investments, mortgages, finance and insurance arrangements and the terms and conditions relating to these
- Online identifiers, location data and website log information, including information such as Internet Protocol (IP) addresses, pages accessed, date and time of requests, source of access, browser version and operating system
- Identification numbers
- Any feedback you give to us
- Details relating to our relationship with you including, for example, file notes and copies of our correspondence with you such as via email or social media
- Details about whether or not you have consented to us contacting you for marketing purposes
- Other information which, when alone or combined, may be sufficient to identify an individual
The content of Your Personal Data processed by us will depend upon the nature and stage of your relationship with us.
Why do we process Your Personal Data?
We must have a lawful basis in order to process Your Personal Data, the legal basis we rely on include:
Consent: You have agreed to us processing Your Personal Data for a specific purpose, for example, if you have expressly consented to us contacting you for marketing purposes
Performance of a contract: If we enter into a contract with you, in order to perform our obligations under the contract, we would need to process Your Personal Data
Legal obligation: For example, this may include processing Your Personal Data to comply with the Financial Conduct Authority’s regulatory requirements’ or for wider compliance with other legal or regulatory obligation to which we are subject
Vital interests: If the processing of Your Personal Data is necessary to protect you or someone else’s life
Legitimate interests: We may need to process Your Personal Data in certain circumstances where it is in our legitimate interest to do so provided your rights do not override our interests, including, for example:
- Either in the course of initial discussions with you or when any contract between us has come to an end for whatever reason, we may need to process Your Personal Data. Including, for example, to respond to requests from lenders and our compliance service provider relating to any advice we have given to you, or to make contact with you to seek feedback on the service you received
- For providing access to our website, such as to enable the website to load in web browsers used to visit it and website error indication
- To obtain services essential to the conduct of our business, such as IT Support
- To contact you regarding finance products that are in line with our previous dealings
- To establish, exercise or defend legal claims or whenever courts are acting in their judicial capacity
- For fraud prevention, security or indication of possible criminal acts or threats to public security
How do we collect Your Personal Data?
We will collect and record Your Personal Data from a variety of sources, but mainly directly from you. You may provide information to us verbally and in writing, including email. We may also obtain some information from third parties, for example, searches of information in the public domain (such as Companies House website) and electronic ID check providers. With regards to electronic ID checks, we would not require your consent but will inform you of the purpose for which it is used.
How do we use Your Personal Data?
How we use Your Personal Data will depend upon the nature and stage of your relationship with us.
If you have enquired regarding our professional services or are a client who entered into a contract for our services: In the course of handling Your Personal Data, we may record and store Your Personal Data in our paper files, mobile devices and on our computer systems (websites, email, hard drive and cloud facilities). This information can only be accessed by employees and service providers/consultants acting for our Firm and only when it is necessary to discuss your enquiry or provide our service to you and to perform any tasks associated with or incidental to that and/or associated with the conduct of our business, including, for example, compliance with regulatory obligations.
We may submit and share Your Personal Data to third parties verbally, in paper form and electronically. The provision of this information to a third party may be essential in providing any services to you, in progressing any enquiry or application made on your behalf, dealing with any additional questions or administrative issues that arise and to perform any tasks associated with or incidental to that and/or associated with the conduct of our business, including, for example, compliance with regulatory obligations.
These third parties may include, but may not be limited to: lenders, product providers, product specialists, brokers, packagers, estate agents, providers of legal services such as estate planners, conveyancing, surveyors and valuers, our compliance service providers/advisers, electronic identity check providers, government bodies, regulators (e.g. Information Commissioner’s Office, Financial Conduct Authority), the Chartered Institute of Management Accountants (CIMA) and companies who supply services to our business (for example IT service providers, legal and other professional services).
In each case we will share Your Personal Data where we believe this to be required due to your particular circumstances (for example, to progress your finance application) and because it is incidental to providing any services to you and conducting our business.
We may also use Your Personal Data to respond to any queries you may have or to inform you of any relevant developments of which we might become aware.
Please note that this sharing of Your Personal Data does not entitle any third parties to send you marketing or promotional messages.
If you are a third party (for example client representatives, lenders, suppliers and business associates): In the course of any interactions with you, we may record and store Your Personal Data in our paper files, mobile devices and on our computer systems (websites, email, hard drive and cloud facilities). This information can only be accessed by employees and service providers/consultants acting for our Firm and only when it is necessary to conduct our business and to perform any tasks associated with or incidental to that.
We may also submit and share Your Personal Data with third parties verbally, in paper form and electronically. The provision of this information to a third party may be essential in allowing us to conduct our business and deal with any administrative issues that may arise.
These third parties may include, but may not be limited to: individuals enquiring about our professional services, our clients, lenders, product providers, our compliance service providers/advisers, product specialists, brokers, packagers, estate agents, providers of legal services such as estate planners, conveyancing, surveyors and valuers, electronic identity check providers, government bodies, regulators (e.g. Information Commissioner’s Office, Financial Conduct Authority), the Chartered Institute of Management Accountants (CIMA) and companies who supply services to our business (for example IT service providers, legal and other professional services).
We may use Your Personal Data to respond to any queries you may have or to inform you of any relevant developments of which we might become aware.
Please note that this sharing of Your Personal Data does not entitle any third parties to send you marketing or promotional messages.
International Data Transfers
We process Personal Data inside and outside of the United Kingdom (UK).
Our processes and our use of 3rd party service providers may result in your Personal Data being transferred to and processed in:
- the European Economic Area (EEA), there are UK “adequacy regulations” in place regarding UK to EEA transfers; and
- other countries outside of the UK for which UK “adequacy regulations” may not be in place, and these transfers are based on other transfer mechanisms, for example, the Information Commissioner’s Office (ICO) International data transfer agreement (ITDA), the European Commission’s standard contractual clauses (EC SCCs) combined with the ICO international data transfer addendum to the EC SCCs, or Binding Corporate Rules (BCRs).
Please note that, when you access the website/services of a 3rd party service provider, you may be doing so as an end user of their services in your own capacity independent of us and, for example, the processing of your personal information by that provider may depend on your own actions including, for example, the location you choose to register your account with the provider or to access the provider’s website/services from.
Security of Your Personal Data
Your privacy is important to us and we will keep Your Personal Data secure in accordance with our legal responsibilities. We will take reasonable steps to safeguard Your Personal Data against it being accessed unlawfully or maliciously by a third party.
We also expect you to take reasonable steps to safeguard your own privacy when transferring information to us, such as not sending confidential information over unprotected email, ensuring email attachments are password protected or encrypted and only using secure methods of postage when original documentation is being sent to us.
Retention of Your Personal Data
We retain Your Personal Data both electronically and/or in paper format.
If you enquire regarding engaging our professional services and provide us with Your Personal Data in respect of this, but we do not consider that we have provided you with advice and/or we do not consider that we have entered into a contract with you for our services, then we will generally store Your Personal Data for a period of one year to allow us to re-open the enquiry should you contact us during that time.
If we provide you with advice and/or enter into a contract with you, Your Personal Data will be retained by us for a minimum of fifteen years, or in instances whereby we have the legal right to do so (for example, due to legal and regulatory obligation and/or the potential need to establish, exercise or defend legal claims, including, but not limited to, defending complaints made to the Financial Ombudsman Service), we may retain Your Personal Data indefinitely.
If you are a third party, Your Personal Data will be retained in accordance with the nature of our relationship with you and the aspects of our business to which our dealings relate. If, for example, Your Personal Data is in any way related to a client enquiry or contract it may be retained for the retention periods applicable to the enquirer/client as outlined above.
If you are a third party who supplies (including employees and sub-contractors of a supplier) a service and/or product to us or we are considering using your service and/or product, we may keep a record of our correspondence with you and related records, collated in order to understand your offering and as part of our due diligence processes (including for example, responses to our enquiries about the nature of the product and/or service and enquiries as to your data protection processes) for internal assessment purposes and in order to demonstrate compliance with our legal and regulatory obligations. If we decide to proceed with the product and/or service under consideration, Your Personal Data will be retained by us for a minimum of fifteen years, or in instances whereby we have the legal right to do so (for example, due to legal and regulatory obligation and/or the potential need to establish, exercise or defend legal claims), we may retain Your Personal Data indefinitely. If after our assessment we decide not to proceed with the product and/or service under consideration, Your Personal Data will be deleted by us after a period of one year or, in instances whereby we have the legal right to do so (for example, due to legal and regulatory obligation and/or the potential need to establish, exercise or defend legal claims), from fifteen years up to an indefinite period.
Your rights in relation to Your Personal Data
- request copies of Your Personal Data that is under our control
- ask us to further explain how we use Your Personal Data
- ask us to correct, delete or require us to restrict or stop using Your Personal Data (details as to the extent to which we can do this will be provided at the time of any such request)
- ask us to send an electronic copy of Your Personal Data to another organisation should you wish. This only applies to the information which you personally provide to us
How to make contact with our Firm in relation to the use of Your Personal Data
If we feel we have a legal right not to deal with your request, or to action it in a different way to how you have requested, we will inform you of this at the time.
You should also make contact with us as soon as possible on you becoming aware of any unauthorised disclosure of Your Personal Data, so that we may investigate and fulfil our own regulatory obligations.
If you have any concerns or complaints as to how we have handled Your Personal Data you may lodge a complaint with the UK’s data protection regulator, the ICO, who can be contacted through their website at https://ico.org.uk/global/contact-us/ or by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.