Privacy Policy

Greenbrook Communications Limited (“Greenbrook”, “we”, “our”) is a London-based financial communications firm.   We are committed to safeguarding the privacy of the personal information that is provided to us or collected by us during the course of our business, as well as the personal information we receive from visitors to our website at www.greenbrookadvisory.com (our “Website”).  Greenbrook is the data controller of any personal information provided to us.

This Privacy Policy explains how we may collect and use any personal information that we obtain about you, and your rights in relation to that information.  It also sets out how to contact us if you have any questions about this Privacy Policy or want to make a complaint to us about how we handle your personal information.

We may provide you with additional privacy notices where we think that it is appropriate to do so.  Those additional notices supplement and should be read together with this Privacy Policy.

The EU General Data Protection Regulation (GDPR) as well as the UK Data Protection Act 2018 (together the “Data Protection Laws”) give you various rights regarding the way in which we store and use your information.  These are set out below in the section “Your rights under the Data Protection Laws”.  You can also get further information about data protection and privacy laws by visiting the Information Commissioner’s web site at: https://ico.org.uk/.

If you have any questions about this Privacy Policy, our practices, or your dealings with Greenbrook, please contact our Privacy Officer at privacy@greenbrookadvisory.com.

‍

This Privacy Policy applies in the following circumstances:

• when we carry out due diligence searches on you in connection with our business development or business acceptance processes;
• when we agree to provide financial communications services to you or the organisation you work for;
• when you or the organisation you work for have business dealings with our clients;
• when you request information from us or provide information to us;
• when you apply for a role or work experience opportunity;
• when you visit our Website;
• when you attend our seminars or other hosted events; and
• when you are included in our mailing lists to receive our newsletter and other marketing communications.

‍

Business development
We collect personal information about prospective clients and/or directors as part of business development activities and our business acceptance processes.  The types of personal information we may collect includes name, address, nationality, business interests and employment history. We obtain this information from publicly available open sources either directly or through a third party.

Providing financial communications services, our newsletter and other marketing
The type of personal information that we may collect includes current and historical information including your name and contact details (such as your address, email address and telephone numbers) and identifiers such as your organisation, employment history and positions held.  We will also collect personal information you choose to provide to us and information about your other dealings with us and our clients, including contact we have with you in person, by telephone, letter, email or online.   We obtain personal information from your IP address and the operating system and web browser that you use to access our Website, which we use to compile statistical data on the use of our Website for the purpose of improving visitors’ experiences.

We collect personal information directly from you, or from our clients and their authorised representatives.  We may also collect personal information from third parties such as your employer, regulators, government agencies, publicly available records, information or service providers and other financial communications firms or professional advisers.  We may store your personal information in our contact database, and then use your information to send you emails about our services and to invite you to Greenbrook events.  If you no longer wish to receive marketing communications from us by email or post, you can unsubscribe at any time by using the “Unsubscribe” option on the email footer or by contacting privacy@greenbrookadvisory.com.

Recruitment
If you apply for a position or work experience opportunity with us you may need to provide personal information, including special categories of personal information.  Your application, whether directly to us or via a recruitment agency, constitutes your consent to our use of this information.  We will use the information to consider your application.  We may also use the information to carry out checks to verify the information provided by you (including reference, background, identity, suitability and criminal record checks).

We use a third party service provider to store this information.  We may also disclose the information to recruiters, medical professionals, your referees, and your current and previous employers.

‍

We may share your personal information with third parties who provide services on our behalf, for example a technology supplier may have access to your personal information when providing software support, or a third party service provider may store and process your contact details in order to send out newsletters or other marketing communications.  If Greenbrook sells or buys any business or assets we may disclose your personal information to any prospective seller or buyer of such business or assets.  If Greenbrook or substantially all of its assets are acquired by a third party, your personal information will be transferred to that third party.  We may also have to share your personal information with regulators, government agencies, courts and other third parties.

Your personal information may be accessed by these third parties in countries whose laws provide varying levels of protection for personal information.  In addition, some of your personal information may be stored in a private cloud located within or outside of the European Economic Area (the EEA) and managed by a third party hosting provider.  If we transfer your personal information outside the EEA we will take implement and maintain, and ensure that our service providers implement and maintain, appropriate technical and organisational measures to ensure that your personal information is treated securely and in accordance with this Privacy Policy.
We may share your personal information with third parties where:

• you have consented to us doing so or the organisation that you work for has obtained your consent for us to do so, in each case where necessary; or
• we are under a legal, regulatory or professional obligation to do so, for example to comply with anti-money laundering requirements); or
• it is necessary for the purpose of, or in connection with, legal proceedings or in order to exercise or defend legal rights; or

‍

We will only use your personal information if, and to the extent that, we are allowed to under Data Protection Laws.  We will therefore only process your personal information if:

• it is necessary for the performance of a contract with you or the organisation you work for; or
• it is necessary in connection with a legal obligation; or
• where necessary, you have given your consent to such use or the organisation you work for has obtained your consent to share your information with us.

We may use your personal information:

• to carry out verification and other background checks;
• to provide financial communications and other services to you and/or the organisation you work for;
• to carry out day-to-day administrative or operational processes, including invoicing and recruitment; and
• to develop our business relationship with you, including sending you newsletters and other marketing communications

We will only retain your personal information for as long as is necessary for the purpose for which it was collected, including for the purposes of complying with any legal, regulatory, accounting or reporting requirements.  

‍

We implement and maintain up to date security measures to protect your personal information from unauthorised access, improper use or disclosure, unauthorised modification or unlawful destruction, or accidental loss, including:

• for data stored on the Greenbrook network, 256-bit Advanced Encryption Standard (AES) encryption; and
• for data in transit, 128-bit (or higher) AES encryption using Secure Sockets Layer (SSL)/Transport Layer Security (TLS).

Our staff and third party service providers who have access to personal information are subject to confidentiality obligations.

‍

You have certain rights under the Data Protection Laws, including:

1. The right at any time to withdraw your consent to our processing of your personal information.
2. The right to be told what personal information we hold about you on our database and how we process that data.  
3. The right to request that we provide you with a copy (in a commonly used electronic format) of all the personal information that we hold about you.  Unless you make repeated requests, we will not charge a fee for providing you with a copy of this data.
4. The right to request that we correct any inaccurate or incomplete personal information that we hold about you.
5. The right to request that we irretrievably delete all personal information that we hold about you (the so-called “right to be forgotten”).  Note that there are limited circumstances in which we are legally entitled to refuse to comply with this request.
6. The right to request that we transmit all the personal information that we hold about you (in a structured, commonly used and machine-readable form) to another organisation’s IT environment.  Note that we are only legally obliged to comply with this request if it is technically feasible for us to do so.

Should you wish to exercise any of the above rights, please contact us by post at:
Privacy Officer
1 Vere Street
London
W1G 0DF

or by email at privacy@greenbrookadvisory.com.
If you exercise any of the above rights, then we will action your request as soon as reasonably practical and, in any event, within one month.

We are confident that our Privacy Officer can resolve any query or concern you have about our use of your personal information, but if you feel that we have not handled your query or concern to your satisfaction you can contact the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues at https://ico.org.uk/concerns or telephone 0303 123 1113.

‍