Our Policies
Client Privacy Notice
Last updated: 1st December 2025
Introduction
LWPO Ltd and its group companies and subsidiaries, as defined under the Companies Act 2006 (“LWPO”, “we”, “us”, “our”) are a company registered in England and Wales, company number 10302364, with our registered address at Interpark House, 7 Down Street, London, United Kingdom, W1J 7AJ. We are the Controller of the Personal Data we process, registered in the UK with the Information Commission (“IC”), registration number ZB322112.
Our Data Protection Officer (“DPO”) is Evalian Limited, West Lodge, Leylands Business Park, Colden Common, Hants, SO21 1TH. Email – dpo@evalian.co.uk. Tel – 03330 500 111.
This Privacy Notice (“this Notice”) explains how we use your Personal Data, how it is collected, how it is stored and how it is processed. It also explains your rights under the UK General Data Protection Regulation and the Data Protection Act 2018, together referred to throughout this Notice as the “Data Protection Legislation”.
We place great importance on ensuring the quality, confidentiality, integrity, and availability of the data we hold, and in meeting our data protection obligations. We are committed to protecting the security of your Personal Data. We use a variety of technical and organisational measures to help protect your Personal Data from unauthorised access, use or disclosure.
We update this Notice from time to time in response to changes in applicable laws and regulations, to our processing practices and to the products and services we offer. When changes are made, we will update the date at the top of this document.
What Personal Data do we process?
Personal Data means any information about an individual from which that person can be identified, therefore does not include data where the identity of the person has been removed (anonymous data). There are also special categories of more sensitive Personal Data which require a higher level of protection.
We may collect and hold some or all of the Personal Data and non-Personal Data set out in the table below:
| Category of data | Data |
| Personal details | · Name(s)
· Gender · Date of birth and age · Marital status · Passport number(s) · Other Government issued numbers (tax identification number, social security number, green card number(s) or driving licence number) · Nationality |
| Contact details | · Address
· Telephone number(s) · E-mail address(s) |
| Family details | · Personal details and contact details (as defined above) of family members. |
| Employment details | · Work email address
· Work-related social media profile details. |
| Financial details | · Billing address(s)
· Bank account number(s) · Credit card number(s) · Cardholder or accountholder name and detail(s) · Instruction records · Transaction details · Bank statement(s) · Financial statement and counterparty details · Company ownership details, (corporate name, individual names, and percentage holding) · Sole trader accounts or partnership accounts |
| References | Reference information from banks or other companies and institutions. |
| Guarantor information | Personal details, contact details and financial details (as defined above) relating to any guarantors. |
We will collect any of the above Personal Data from a variety of sources including:
- Directly from you in the ordinary course of our relationship with you;
- Third parties such as professional advisers, consultants and agents; and
- Public sources such as social media.
We may also create Personal Data about you, such as records of your interactions with us and details of your accounts, subject to applicable law.
We do not seek to collect any special category Personal Data (such as data relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health related data or data relating to sex life/sexual orientation), nor Personal Data relating to children, except to comply with a legal obligation.
Purposes and bases for using your Personal Data
We will process your personal information for the following purposes and under the following lawful bases:
| What We Do | What Data We Use | Our Lawful Basis |
| AML/KYC:
Fulfilling our regulatory compliance obligations, including ‘Know Your Client’ checks; and confirming and verifying your identity (including by using credit reference agencies); and screening against government, supranational bodies (including but not limited to the European Union and the United Nations Security Council) and/or law enforcement agency sanctions lists as well as internal sanctions lists and other legal restrictions. |
· Personal details
· Family details · Contact details · Employment details |
The processing is necessary for compliance with a legal obligation.
|
| Credit worthiness: Conducting credit reference checks and other financial due diligence.
|
· Personal details
· Contact details · Financial details · References |
We have a legitimate interest to conduct financial due diligence (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms). |
| Creation and management of your account:
Administering relationships and related services; performance of tasks necessary for the provision of the requested services; communicating with you in relation to those services.
|
· Personal details
· Family details · Contact details · Employment details · Financial details · Guarantor information
|
The processing is necessary in connection with any contract that you may enter into with us, or to take steps prior to entering into a contract with us.
We have a legitimate interest to provide services to you (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms). |
| IT operations:
Management of our communications systems; operation of IT security; and IT security audits.
|
· Personal details
· Contact details
|
We have a legitimate interest to manage and operate our IT systems and ensure the security of those systems (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms). |
| Health and safety:
Health and safety assessments and record keeping; and compliance with related legal obligations. |
· Personal details
· Family details · Contact details · Employment details |
The processing is necessary for compliance with a legal obligation
|
| Security:
Physical security of our premises (including records of visits to our premises and CCTV recordings); and electronic security (including login records and access details, where you access our electronic systems). |
· Personal details
· Family details · Contact details · Financial details
|
We have a legitimate interest to ensure the physical and electronic security of our business and our premises (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms).
|
| Legal compliance: Compliance with our legal and regulatory obligations under applicable law.
|
· Personal details
· Family details · Contact details · Employment details · Financial details · References · Guarantor information |
The processing is necessary for compliance with a legal obligation.
|
| Legal proceedings: establishing, exercising and defending legal rights.
|
· Personal details
· Family details · Contact details · Employment details · Financial details · References · Guarantor information |
The processing is necessary for compliance with a legal obligation.
We have a legitimate interest to establish, exercise or defend our legal rights (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms). |
| Risk Management:
Audit, compliance, controls and other risk management. |
· Personal details
· Family details · Contact details · Employment details · Financial details · References · Guarantor information |
The processing is necessary for compliance with a legal obligation.
We have a legitimate interest to manage the levels of risk to which our business is exposed (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms). |
| Fraud prevention:
Detecting, preventing and investigating fraud. |
· Personal details
· Family details · Contact details · Employment details · Financial details · References · Guarantor information
|
The processing is necessary for compliance with a legal obligation.
We have a legitimate interest to detect and protect against fraud (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms). |
With your permission or where permitted by law, we may also use your Personal Data for marketing purposes, which may include contacting you by email with information, news and offers regarding our products and services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection Legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.
We will endeavour to obtain your express opt-in consent before sharing your Personal Data with third parties for marketing purposes and you will be able to withdraw your consent at any time.
We do not use automated systems for carrying out certain kinds of decision-making. Should our position change, we will inform you as soon as reasonably practicable.
If we need to use your Personal Data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so.
In some circumstances, where permitted or required by law, we may process your Personal Data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.
Sharing your information
We may use external third parties such as those described below to process your Personal Data on our behalf in accordance with our legitimate purposes.
The Personal Data provided may also be shared with other organisations in order for us to comply with any legal or regulatory requirements (e.g., audit reporting and anti-money laundering checks).
LWPO may communicate your Personal Data to such authorised individuals and entities as are listed below, including but not limited to those parties for which you subsequently give us permission to share your Personal Data, or under a legal obligation or any other duty to do so.
For the purposes detailed above, your information may be disclosed to:
- any other branches or companies within the London Wall Group;
- any regulatory, supervisory, or governmental authority with authority and jurisdiction over us;
- any agent, contractor or third-party service provider, professional adviser or any other person under a duty of confidentiality to the London Wall Group;
- any credit reference agency and, in the event that payments fall into arrears, any debt collection agency;
- any actual or potential participant or sub-participant in guarantor(s), assignee, or transferee of our rights and/or obligations in relation to you; and
- any financial institution with which we have or propose to have dealings.
If any of your Personal Data is shared with a third party, as described above, we will take steps to ensure that your Personal Data is handled safely, securely and in accordance with your rights, our obligations and the third party’s obligations under the Data Protection Legislation.
If any Personal Data is transferred outside the UK, we will take suitable steps to ensure it is treated as safely and securely as it would be within the UK and under the Data Protection Legislation. This will include putting International Data Transfer Agreements (IDTAs) in place with the organisations we are providing the information to and carrying out Transfer Impact Assessments (TIAs) where required. If you wish to receive more information about the safeguards applied to international Personal Data transfers, please contact us using the contact details provided below.
If we sell, transfer, or merge parts of our business or assets, your Personal Data may be transferred to a third party. Any new owner of our business may continue to use your Personal Data in the same way(s) that we use it, as specified in this Notice.
In some limited circumstances, we may be legally required to share certain Personal Data if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
Third Party Information
If you provide us information about another person, you confirm you already have explicit confirmation that such other person has appointed you to act for them to consent to the processing of their Personal Data. This means you have informed them of our identity and the purpose for which their Personal Data will be processed, namely to verify their name and address and otherwise only in connection with you. You agree to keep us or any relevant third party fully indemnified for your not having complied with this paragraph.
How long will we retain your information?
We take every reasonable step to ensure your Personal Data will only be processed for the minimum period necessary for the purposes set out in this Notice. The criteria for determining the duration for which we will retain your Personal Data are as follows:
- we will retain copies of your Personal Data in a form that permits identification only for as long as we maintain an ongoing relationship with you (e.g., where you are a recipient of our services, or you are lawfully included in our mailing list and have not unsubscribed); or
- we will retain copies of your Personal Data as is necessary in connection with the lawful purposes set out in this Notice; plus, the duration of:
- any applicable limitation period under applicable law (i.e., any period during which any person could bring a legal claim against us in connection with your Personal Data, or to which your Personal Data may be relevant); and
- an additional twenty-four (24) month period following the end of such applicable limitation period (so that, if a person brings a claim at the end of the limitation period, we are still afforded a reasonable amount of time in which to identify any Personal Data that are relevant to that claim); and
- in addition, if any relevant legal claims are brought, we may continue to process your Personal Data for such additional periods as are necessary in connection with that claim.
During the periods noted above, we will restrict our processing of your Personal Data to storage of, and maintaining the security of, the Personal Data, except to the extent that the Personal Data needs to be reviewed in connection with any legal claim, or any obligation under applicable law.
Once the periods in the paragraphs above, each to the extent applicable, have concluded, we will either:
- permanently delete or destroy the relevant Personal Data;
- archive your Personal Data so that it is beyond use; or
- anonymise the relevant Personal Data.
Protecting your Personal Data
The security of your Personal Data is essential to us and to protect your data, we take a number of important measures, including:
- limiting access to your Personal Data to those employees, agents, contractors and other third parties with a legitimate need to know and ensuring they are subject to duties of confidentiality;
- only storing Personal Data which is accurate and absolutely necessary for our legitimate purposes; and
- implementing procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your Personal Data) including notifying you and/or the relevant supervisory authority where we are legally required to do so.
If any of the information that we hold about you is wrong, please tell us and we will put it right.
Your rights
There are certain fundamental rights that you have in respect of your Personal Data:
| Rights | Description |
| Right to be informed
|
Individuals have the right to be informed about the collection and use of their Personal Data |
| Right of access | Individuals have the right to receive a copy of their Personal Data, and other supplementary information |
| Right to rectification | Individuals have the right to have inaccurate Personal Data rectified or completed if it is incomplete |
| Right to erasure | Individuals have the right to request their personal information to be erased, in certain circumstances |
| Right to restrict processing | Individuals have the right to request the restriction or suppression of their Personal Data, in certain circumstances, in particular:
· if your data is not accurate; · if your data has been used unlawfully but you do not want us to delete it; · if your data is no longer needed, but you want us to keep it for use in legal claims; or · if you have already asked us to stop using your data but you are waiting to receive confirmation from us as to whether we can comply with your request |
| Right to data portability | Individuals have the right to obtain and reuse their Personal Data, in a machine-readable format, for their own purposes across different services, in certain circumstances |
| Right to object | Individuals have the right to object to the processing of their Personal Data, in certain circumstances
Where we are using your Personal Data because it is in our legitimate interests to do so, you can object to us using it this way
Where we are using your Personal Data for direct marketing, including profiling for direct marketing purposes, you have an absolute right to ask us to stop doing so |
| Rights with respect to automated decision-making and profiling | Individuals have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you |
In addition to the above, an individual also has the following rights:
| Rights | Description |
| Right to withdraw consent | Where we are using your Personal Data based on your consent, you can withdraw your consent at any time |
| Right to register a complaint with the Controller | In the UK, you have the right to raise a complaint about how we handle your personal information to us directly. |
| Right to lodge a complaint with a supervisory authority | You have the right to raise a complaint about how we handle your personal information with a relevant supervisory authority. |
Exercising your data protection rights
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances
Contact us
If you would like to exercise your statutory data protection rights, or if you have any concerns or questions about how we handle your Personal Data, please contact us at legal@london-wall.com or write to LWPO Ltd, Interpark House, 7 Down Street, London, W1J 7AJ, marking your correspondence for the attention of the Data Protection Officer
Raising a complaint with the UK Information Commission
If you believe you have exhausted all possible avenues for resolving your data protection concerns with us, you may lodge a complaint with the IC by calling their Helpline on 0303 123 1113.
You can also send your postal correspondence to:
Information Commission
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Alternatively, you can contact them at https://ico.org.uk/make-a-complaint/
Changes to this Notice
We may change this Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects our Personal Data processing. When changes are made, we will amend the ‘Last updated’ date at the top of this Notice.
