top of page
Privacy Policy

Effective Date


From 25 May 2018




Starmark Investment Management Limited (in this Data Policy and Privacy Notice, “us”, “we” and “our”) is or may become a data controller of Personal Data relating to you and is subject to the EU General Data Protection Regulation 2016/679 (the “GDPR”).


This Data Policy and Privacy Notice supersedes any previous Data Policy and/or Privacy Notice or equivalent which we may have provided to you prior to the Effective Date (stated above).  It is a statement of our policy and does not amend or alter any written agreement we have entered into with you concerning the collection, holding and use of Personal Data.


The GDPR defines ‘Personal Data’ as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


Your rights


Under the GDPR you have the following rights:


  • to obtain access to, and copies of, the Personal Data that we hold about you;


  • to require that we cease processing your Personal Data if the processing is causing you damage or distress;

  • to require us not to send you marketing communications;

  • to require us to erase your Personal Data;

  • to require us to restrict our data processing activities;

  • to receive from us copies of the Personal Data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that Personal Data to another data controller; and

  • to require us to correct the Personal Data we hold about you if it is incorrect.


Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.  These exceptions include the right to refuse to act on a request if a legal obligation imposed on us precludes us from doing so, including those imposed on us by our regulator the Financial Conduct Authority.


You can find out more about your rights at the Information Commissioner’s Office with whom we are registered.


All queries relating to GDPR, any questions about how we use your Personal Data, or your wish to exercise any of the rights set out above should be referred to our central point of contact for data queries whose contact details are:

Email –

Telephone – +44 203 9118200


By post - Data Protection Queries, Starmark Investment Management Limited, Dawson House, 5 Jewry Street, London, EC3N 2EX


If you are not satisfied with how we are processing your Personal Data, you can make a complaint to the Information Commissioner’s Office.


How we collect your Personal Data


We collect your Personal Data in a number of ways, for example:


  • from the information you provide to us;

  • from information about you provided to us by others with whom you are or intend to be associated;

  • when you communicate with us by telephone, fax, email or other forms of electronic communication.  Please be aware that we may monitor, record and store any such communication;

  • when you complete (or we or your company complete on your behalf) client on-boarding, FCA application or other forms;

  • from our affiliates, associates and other companies with whom we have a relationship including but not limited to brokers, administrators, depositories, custodians, banks and other financial institutions we may have appointed or whose services we may use;

  • from your or our agents, advisers, intermediaries; and

  • from publicly available sources or from third parties, most commonly where we need to conduct background checks about you.


Collection of your Personal Data


We may collect some or all of the following categories of Personal Data about you:


  • given name(s); preferred name(s); nickname(s); gender; date of birth; age; marital status; national insurance (or social security) number; passport number(s); other government issued number(s) (tax identification number(s); driving licence number(s)); nationality; lifestyle and social circumstances; images of passports, driving licences and signatures; authentication data (passwords, mother's maiden name, challenge/response questions and answers, PINs, facial and voice recognition data); photographs; visual images; and personal appearance and behaviour;

  • names and contact details of family members and dependents;

  • addresses; telephone numbers; email addresses; and social media profile details;

  • employment history; role; business activities; names of current and former employers; work address; work telephone number; work email address; and work-related social media profile details;

  • details of your education and qualifications;

  • bank account numbers; credit card numbers; cardholder or account holder name and details; instruction records; transaction details; and counterparty details;

  • any views and opinions that you choose to send to us, or publish about us (including on social media platforms); and

  • IP addresses; cookies; activity logs; online identifiers; unique device identifiers; and geolocation data.


Sensitive Personal Data


The GDPR categorises some types of data as Sensitive Personal Data (such as information about any criminal record you may have, your ethnicity and religious beliefs etc.).  We would not normally seek to collect or process your Sensitive Personal Data but will do so, to the extent permitted by applicable law and regulation, where it is necessary:


  • for our compliance with a legal obligation (for example, to comply with any relevant diversity reporting obligations);

  • for the detection or prevention of crime (including the prevention of fraud);

  • is legitimately in the public domain;

  • is necessary for the establishment, exercise or defence of legal rights;

  • we have obtained your explicit consent prior to doing so; or

  • for reasons of substantial public interest and occurs on the basis of an applicable law that is proportionate to the aim pursued and provides for suitable and specific measures to safeguard your fundamental rights and interests.


Processing your Personal Data


We will process your Personal Data (without your consent) for:


  • preparing a proposal regarding the services we offer and/or entering into or performing a contract to provide those services to you, someone associated with you, a company or other corporate entity which you own, control or are associated;

  • fulfilling our regulatory compliance obligations, and confirming and verifying your identity (including by using credit reference agencies), screening against government, supranational bodies (including but not limited to the European Union, the Office of Foreign Assets Control and the United Nations Security Council) and/or law enforcement agency sanctions lists, internal sanctions lists and other legal restrictions;

  • on-boarding new clients and compliance with our internal compliance requirements, policies and procedures;

  • conducting credit reference checks and other financial due diligence;

  • administering relationships and related services; performance of tasks necessary for the provision of the requested services: communicating with you in relation to those services, including dealing with complaints by you;

  • communicating with you via any means (including via email, telephone, text message, social media, post or in person) subject to ensuring that such communications are provided to you in compliance with applicable law: and maintaining and updating your contact information where appropriate;

  • operation and management of our systems; providing content to you: displaying advertising and other information to you: and communicating and interacting with you via our systems;

  • management of our communications systems, operation of IT security/IT security audits;

  • engaging with you for the purposes of obtaining your views on our products and services;

  • physical security of our premises (including records of visits to our premises and CCTV recordings); and electronic security (including login records and access details, where you access our electronic systems);

  • detecting, investigating and preventing breaches of policy, and criminal offences, in accordance with applicable law;

  • compliance with our legal and regulatory obligations under applicable law, including the recording of telephone lines where required;

  • establishing, exercising and defending legal rights;

  • identifying issues with existing products and services: planning improvements to existing products and services; and creating new products and services; and

  • compliance, controls and other risk management.


Sharing your Personal Data


We may disclose your Personal Data for legitimate business purposes (including providing services to you, someone associated with you, a company or other corporate entity which you own, control or are associated and operating our systems), in accordance with applicable law.  In addition, we may disclose your Personal Data to:


  • you and where appropriate, your family;

  • brokers, administrators, depositories, custodians, banks and other financial institutions with whom we do business;

  • clients and customers of our businesses;

  • credit reference agencies;

  • anti-fraud services;

  • data aggregation services;

  • accreditation bodies;

  • governmental, legal, regulatory, or similar authorities, ombudsmen, and central and/or local government agencies, upon request or where required, including for the purposes of reporting any actual or suspected breach of applicable law or regulation;

  • our accountants, auditors, lawyers and other outside professional advisors, subject to binding contractual obligations of confidentiality;

  • debt-collection agencies and tracing agencies;

  • any relevant party, claimant, complainant, enquirer, law enforcement agency or court, to the extent necessary for the establishment, exercise or defence of legal rights in accordance with applicable law;

  • any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and the prevention of threats to public security in accordance with applicable law;

  • any relevant third-party acquirer(s) if we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganisation, dissolution or liquidation);

  • the press and the media.

Transferring your Personal Data Overseas

Because of the nature of our business, we may need to transfer your Personal Data to third parties in other countries that may have different laws and data protection compliance requirements, including data protection laws of a lower standard to those that apply in the UK or the country in which you are located.  We may also transfer your Personal Data to other countries, in accordance with our regulatory requirements.


Whenever we transfer your Personal Data outside the EU we will have regard to relevant EU requirements in and wherever possible to a country that is approved by the European Commission as providing an adequate level of protection for Personal Data.  In the case of transfer of your Personal Data to a recipient in the United States of America only to someone who has registered under the EU/US Privacy Shield.


Security of your Personal Data


We have put in place security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access in accordance with applicable law and regulation.  You are responsible for ensuring that any Personal Data that you send to us is sent securely.


Retention of your Personal Data


We will retain and process your Personal Data for the minimum period necessary for the purposes set out in this Data Policy and Privacy Notice.


This will normally be during such period as we have an ongoing relationship with you and we have a legitimate interest in processing your Personal Data for the purposes of operating our business and fulfilling our obligations under a contract with you or someone associated with you, a company or other corporate entity which you own, control or are associated; or where we have a legal or regulatory obligation to retain your Personal Data.


We may also retain your Personal Data for such additional periods:


  • as may necessary or required by applicable law and regulation; or

  • any applicable limitation period during which under applicable law or regulation any person could bring a legal claim against us in which your Personal Data may be relevant and if such a claim should arise until such claim is finally resolved.


We will retain your Persona Data (but not process or refer to it) in our back up and business continuity systems for such periods as are reasonably necessary to ensure the recovery of the relevant systems.


At the end of the periods in question we will within a reasonable time destroy and/or permanently delete your Personal Data.


Important Information


This Data Policy and Privacy Notice is a statement of our policy relating to Personal Data, it is not intended to and does not impose any liability on us beyond that imposed by applicable law.

bottom of page