This privacy notice is set out to inform you how we use your personal information. This notice covers personal information relating to you that we may collect through any medium, including specifically in relation to the professional services we provide to you, via our partners and service providers, or through our website. This notice describes how you can access and make certain choices about how we use your personal information. This is a requirement of new privacy laws under the General Data protection Regulation (GDPR). This privacy notice is separate, and in addition to, any contractual confidentiality obligations we may owe you – please refer to our mutual terms and conditions for further details.

1. What personal information are we processing?

We may collect and process your personal details including:

Individuals connected with our professional services We may collect and process your: personal details, including your name, address, email and telephone/fax numbers, date of birth, nationality; employment details, including your employers name, your position or title and your corporate contact details; information on your financial circumstances, including your profession, income, assets and liabilities, as well as sensitive and/or criminal data. We may also need to collect and process information about persons related to a client. In such circumstances, it is your responsibility to ensure that you have permission from that third-party for us to collect their information and you remain responsible for ensuring that the third-party understands how their information is being used. You may refer to this privacy notice in explaining to third parties how their information is being used.

Individuals connected with our partners and service providers

We may collect and process your: contact information, including your name, address, position, email and telephone/fax numbers; financial details, including relevant details for invoicing and billing; and KYC documentation, if and where required under relevant Anti-Money Laundering or Counter Terrorism Financing (“AML/CTF”) legislation.

Individuals connected with our website

We may collect and process your: personal details, including your name, address, email and telephone/fax numbers, as well as your login identification and password details; and technical information, including your IP address, browser information, and details relating to your visit behavior on our website. Further details are provided under our ‘Cookie Policy’ heading below. Personal information may be collected directly from you, or from other publicly available sources, in order that we may provide services as directed or agreed. In processing any personal data, we will ensure that the information we collect is proportionate to our contracted, legitimate interest and stated purposes.

2. Legal basis for processing personal data

Unless specifically stated otherwise, we use personal information in the following ways and based upon the following lawful bases:

a) In order to achieve our legitimate interests. In doing so, we ensure that: your rights and interests are considered and protected and it has a minimal privacy impact upon you; we are able to demonstrate that we use your data in a proportionate manner and you would not likely be surprised or likely to object to our usage; we may lawfully disclose personal data to a third-parties where we can demonstrate that this disclosure is justified;

b) In order to fulfil our contractual obligations. This includes where you have asked us to do something before entering into a contract, for example to provide a quote;

c) With explicit consent to do so. For example to provide you with updates about our services or forthcoming events but clients will have to opt in to receive this information;

d) To comply with our legal or regulatory obligations. For instance, where we are required to notify the FCA of something.

e) Based upon reasons of substantial public interest.


3. How and where we store personal information

We take appropriate technical and organisational measures in order to keep your personal information safe and secure. These measures are set out in our internal policies and procedures. We may store your personal information in hard copy securely in our UK offices or electronically. We use IT ‘cloud’ systems which have servers in located in the USA for our electronic storage. Where information is held outside the UK we have contractual arrangements in place which ensure that the information is held securely and in line with the requirements of GDPR. It should be noted that where you choose to transmit your personal data to us via the internet, we do not guarantee the security of the personal information transmitted and therefore any transmission is at your own risk.

4. Sharing personal information collected

We may share personal information with the following category of recipients, based upon the legal bases and purposes set-out above:

a) The Financial Conduct Authority in order to make applications on your behalf May 2018

b) Our staff and any contracted consultants we may use in order to provide our services to our clients.

c) Any law enforcement, court, regulator or other government authority in order for us to comply with a legal obligation laid down by UK or EU law.

All organisations, staff and contractors with whom we share personal information are contractually required to ensure an adequate level of protection for your personal data at all times.

5. Retention and deletion of personal information

All personal data held by PortAll is deleted when it is no longer required or at the latest 6 years after a client contract with PortAll has ended. PortAll will delete personal information relating to an individual upon the request of that individual, provided that information is not being used to carry out work we have been instructed to do under contract. If we cannot delete personal information on request we will tell you why.

6. Your rights in respect of your personal information

We may contact you in order to market our services to you but you will be asked for your consent for us to do this at the outset. If, at any time, you wish to withdraw your consent for us to contact you in this way please notify us at . Generally though, you provide personal information to us when it is in your interests for us to process your data.

You have a legal right to find out what information we hold about you, this is known as a subject access request. If you wish to make a subject access request please contact us:; or by phone on 0207 2052249

We will require evidence of identity prior to disclosing any personal information.

7. Our responsibilities when we make changes to our Privacy Policy

This privacy notice will be reviewed on an annual basis but we may make changes to it at any time and may do so without expressly notifying you of these changes. However, should the legal bases or purpose(s) for processing your personal information changes then we shall expressly notify you.

8. Our Cookie Policy

A cookie is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing. We only use cookies that are required for the essential operation of our website. These cookies are typically deleted from your device once the browsing session is terminated.

You can choose to block cookies that we may deliver to your device through settings on your webbrowser; however, in doing so you may not be able to access or utilise all aspects of our website.