Privacy Policy

Privacy Policy

Our privacy policy explains how and why we collect, store, use and share personal information. It also explains your rights in relation to your personal information that we collect, store, use and share.

What is personal information?

“Personal information” is any information relating to an identified or identifiable individual.

“Special category personal information” is personal information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data, or data concerning health, sex life or sexual orientation.

Who we are

“We”, “us”, “our” refers to IW Capital Ltd. When we collect, store and use personal information we are subject to the General Data Protection Regulation as the controller of that personal information.

Personal information we collect

We may collect and use the following personal information:

  • Your name and contact information, including email address and telephone number and company details;
  • Information to enable us to check and verify your identity;
  • Your billing information, transaction and payment card information;
  • Information to enable us to undertake credit or other financial checks on you;
  • Your gender information;
  • Location data;


Personal information is required to provide services to you. If you do not provide personal information we ask for, it may delay or prevent us from being able to do so.

How we collect personal information

We will collect personal information directly from you in person, by telephone, text or e-mail and via our website.

We may also collect information from publicly accessible sources; or directly from a third party; or from a third party with your consent; from cookies on our website See our cookies policy on our website; via our IT systems, for example automated monitoring of our websites and other technical systems, such as our computer networks and connections, access control systems, communications systems, email and instant messaging systems;

How we use personal information

Under data protection law, we can only use your personal information if we have a lawful reason for doing so. This can be:

  • To comply with our legal and regulatory obligations;
  • For the performance of our contract with you or to take steps at your request before entering into a contract;
  • For our legitimate interests or those of a third party. A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests; or
  • Where you have given consent.


Our lawful reasons for using personal information

  • To provide you with services;
  • To prevent and detect fraud against you or us;
  • Conducting checks to identify our customers and verify their identity;
  • Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business;
  • Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies
  • Ensuring business policies are adhered to, for example, policies covering security and internet use;
  • Operational reasons, such as improving efficiency, training and quality control;
  • Ensuring the confidentiality of commercially sensitive information;
  • Statistical analysis to help us manage our business;
  • Preventing unauthorised access and modifications to systems;
  • Updating customer records;
  • Statutory returns;
  • Ensuring safe working practices, staff administration and assessments;
  • Marketing our services to third parties who have previously expressed an interest in our services;
  • Credit reference checks via external credit reference agencies.


Use of special category personal information

The reasons listed above do not apply to special category personal information, which we will only process with your explicit consent.

Marketing or promotional communications

We may use your personal information to send you updates by e-mail, text message, telephone or post about our services.

We have a legitimate interest in processing your personal information for marketing or promotional purposes, so we usually do not need your consent. However, where consent is needed, we will ask for consent separately and clearly.

You have the right to opt out of receiving marketing or promotional communications from us at any time.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

How we share personal information


We will share personal information with:

  • Third parties we use to help deliver our services to you, such as payment service providers;
  • Other third parties we use to help us run our business;
  • Third parties approved by you, such as social media sites you choose to link your account to or third party payment providers;
  • Credit reference agencies;
  • Our insurers and brokers;
  • Our bank;


We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers relating to ensure they can only use your personal information to provide services to us and to you. We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

Where we store personal information

Information may be kept at our offices, and those of our group companies, third party agencies, service providers, representatives and agents.

How long we retain personal information

We will retain your personal information while we are providing services to you.

After that, we will keep your personal information for as long as is necessary to respond to any questions, complaints or claims made by you or on your behalf; to show that we treated you fairly, and to keep records required by law.

We will not retain your personal information for longer than necessary for the purposes set out in this policy.

Transfer of personal information out of the EEA

We will not share your personal information outside the European Economic Area (EEA).


Your rights under data protection law

You have the following rights under data protection law:

  • The right to be provided with a copy of your personal information (the right of access);
  • The right to require us to correct any mistakes in your personal information;
  • The right to require us to delete your personal information in certain circumstances;
  • The right to require us to restrict processing of your personal information in certain circumstances;
  • The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain circumstances;
  • The right to object at any time to your personal information being processed for direct marketing (including profiling); and in certain other situations to our continued processing of your personal information;
  • The right not to be subject to automated individual decision-making.


If you would like to exercise any of your rights, please contact us.

How we keep personal information secure

We have appropriate security measures to prevent personal information from being lost or used or accessed unlawfully. Only those who have a genuine business need to access personal information can see it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures to deal with a suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How to contact us

If you have any questions or concerns about use of personal information, please contact our Data Protection Officer by emailing

How to make a complaint

We hope that we will be able to resolve any questions or concerns you may have about use of your information.

The supervisory authority for data protection complaints in the UK is the Information Commissioner who may be contacted at their website:, or by telephone on 0303 123 1113.