How the law protects you

​

Bronzewood Capital Ltd ( ‘Bronzewood Capital’), registered in England and Wales with company number 16280443, is committed to protecting and respecting your personal data and privacy. This privacy policy relates to our use of any personal data we collect from you from any of our services. Whenever you provide such information, we are legally obliged to use your information in line with all applicable laws concerning the protection of personal data.

​

As well as this Privacy Policy, your privacy is protected by law. The General Data Protection Regulation (‘GDPR’) ensures that we use your personal information only if we have a proper reason to do so.

The law states we must have one or more of these reasons for using your data:

• To fulfil a contract we have with you to provide our services

• Where it is our legal duty

• When it is in our legitimate interest

• When you consent to the use of the data

A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.

​

Your rights

Under the GDPR your rights are:

• To be informed – we must make available this privacy notice with the emphasis on transparency over how we process your data

• Access – you are entitled to find out what details we may hold about you and why

• Rectification – we are obliged to correct or update your details

• Erasure of information we hold – also known as the right to be forgotten

• Restrict processing – you have the right to ‘block’ or suppress the processing by us of your personal data

• Data portability – you have the right to obtain and reuse your personal data that you have provided to us

• Object – you have the right to object to us processing your data in relation to direct marketing and or profiling

​

Use of personal information

At Bronzewood Capital, we may process information held by our clients (‘Clients’) which relate to an identified or identifiable natural person (a Data Subject) when carrying out our work as specialist insolvency practitioners.

Should it arise, Bronzewood Capital will refer any Subject Access Requests it receives to the Client concerned without undue delay.

​

The data we may process

The personal data that may be processed by Bronzewood Capital will in most cases be basic details, which may identify an individual and will typically be sufficient to allow us to carry out our review work, but may often include information about employees, directors, consumer debtors and creditors on insolvency cases.

  Whilst we may have access to such data when reviewing files, it is not our practice to retain or process such data and if this is provided in electronic format during a review, we will take appropriate steps to safeguard any sensitive data and to destroy it at the end of the review.  In short, data of this nature will not be retained by us.

 

Sharing information

Although it is unlikely that Bronzewood Capital will hold personal information from our client review work, we confirm that we will only share information which may contain personal data with our Client’s express written permission, unless we are under a legal duty to disclose this to another third party, for example, to lawfully assist the police or other law enforcement agencies, with the prevention and detection of crime, where disclosure is necessary to protect the safety or security of any persons and/or otherwise as permitted by law. We also embrace the use of social media and may wish to process any comments made public by you.

​

We also use third party service providers to help us provide services to you. These would include:

• cloud accounting and payroll providers including IPS (Insolvency Practitioner Software)

• Xero, and associated payroll processing services

• email and secure document exchange

• Mailchimp and mailing houses

• Off-site storage services.

​

All of our third party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data.  We only permit our third party service providers to process your personal data for specified purposes and in accordance with our instructions.

As part of the services offered to you, we may send your data outside of the European Economic Area (EEA).  Where this is the case, we will take reasonable steps to ensure that your data is protected in the same way as if it was being used in the EEA.

 

Data deletion

Under GDPR you have the right to erasure under specific circumstances. A request for your personal data to be deleted will be decided on a case by case basis and must be submitted in writing to the contact details provided in this policy.

 

Data correction

We will correct or update your data at the earliest opportunity provided you make the request in writing to the contact details provided in this policy, clearly specifying which data is incorrect or out of date.

 

Security

The security and confidentiality of client data and information made available to us during our compliance work matters to us.  For this reason, we will ensure appropriate safeguards are in place to protect the data we may hold from time to time.

In the unlikely event of a Data Breach involving client data which may lead to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any client data, Bronzewood Capital will promptly notify the Client concerned and provide the Client with details of the Data Breach.

 

How long will we hold data?

Bronzewood Capital will, at its Client’s written request, delete (or return as appropriate) any relevant data within a reasonable period of time after the end of either the performance of the relevant services to that Client, or once the processing of any client data is no longer required for the purpose of our agreement for services with the Client in question.

 

What are your rights?

You have the right to request access to, or to rectify or erase, any personal data which may be held by Bronzewood Capital as part of our agreement for services with you.  A Subject Access Request under the GDPR is your right to request a copy of the information that we hold about you. Insofar as we hold personal data relating to a Client rather than relating to work the Client undertakes (such as names and email addresses of staff), this is held in order that we may provide regulatory support as part of our service offering, such as newsletters, technical updates, etc.   Personal data of this nature in support of Bronzewood Capital's service offering, will be held so long as we consider a client relationship exists between us.

​

Individuals have the right to request that incorrect or incomplete data is corrected and in certain circumstances, they may request that we erase any personal data we hold.

​

Should you have any complaints about how we handle personal data, please contact at info@bronzewood-capital.com so that we may address the issue. You also have the right to lodge a complaint about the use any of personal data held by Bronzewood Capital with the Information Commissioners Office (ICO), the UK data protection regulator.