Financial Crime Risk Management

Privacy policy
FCRM Logo

Privacy policy

General

This policy relates to personal data provided to FCRM Ltd:

Enquiries

For all data protection enquiries, including Subject Access Request ('SAR'), please contact our Data Protection Officer ('DPO'):

  • Our registered address is FCRM Ltd, Kemp House, 152 City Road, London, EC1V 2NX.
  • Our email address for a data protection enquiry is admin@fcrm.co.uk 
  • If you would prefer to speak to us by phone, please call 020 7060 2780

What is personal data?
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

What does processing mean?
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Useful links
What is personal data? - ICO Guidance
Data Protection Register - FCRM Ltd
Subject Access Request - Form

Confidentiality

FCRM takes privacy seriously and is committed to protecting your data:

Where we store personal data

Information is stored securely and usually on encrypted media:


Personal data you provide

This is information about you (provided voluntarily), such as, via:

Personal data received from other sources

We might receive personal data from a third party or open source:

  • Examples of third parties include current or former employers, persons providing character references, clients and their advisors, etc.
  • Example open-sources include press-reporting, information published by regulatory bodies and data from public registry, such as, UK Companies House, Land Registry, etc.
  • Information is assessed for relevance to a particular client engagement before being deleted from our records or retained for a specific purpose.

Others who might receive or access personal data

We may disclose personal data to a third party, agent, or sub-contractor, where this is relevant and reasonable:

Retention period of personal data before disposal

The following is a general guide, where detail applicable to a particular client engagement may differ:

  • If no civil or criminal proceedings anticipated (e.g. industrial tribunal, civil suit or criminal prosecution relating to a person about whom data is held) - 6 months after service delivery and receipt of final invoice payment.
  • If civil or criminal proceedings are anticipated (e.g. industrial tribunal, civil suit or criminal prosecution relating to a person about whom data is held) - Retention may be determined by the timeframe for concluding proceedings.
  • Responding to some third party requests may also influence normal retention periods (e.g. Client insurers or legal advisors in asset tracing matters).

Accessing your personal information
Data protection law entitles you to ask to see a copy of the personal data that we hold about you, via a Subject Access Request ('SAR') - See above link

Who can submit a SAR
To ensure we only disclose details of data held to the Data Subject (or appointed representatve), applications must be accompanied by proof of identity and address.

Proof of identity & address
You will need to provide a copy of identification (e.g. Passport, Driving Licence,etc.) and proof of address (e.g. utility bill).

Our Specialist Focus

We may acquire sensitive information concerning your business or affairs in the course of delivering Services. We maintain strict controls over access to information and comply with obligations imposed on us by English law and where applicable, the General Data Protection Regulation ('GDPR'). 

FCRM Logo