Update September 2025
At Shard Capital, we take your privacy seriously. This privacy notice explains the personal information (referred to as “personal data” in this notice) we collect about you, how we use it, who we share it with and your rights.
For clarity:
This notice covers:
If you are applying for a role at Shard Capital, please see our Candidate Privacy Notice.
We collect different types of personal information depending on the services we provide you.
This can include:
Much of this information is collected in compliance with our duties under FCA rules. This includes our obligation to verify the identity of clients and to maintain records of regulated business including a record of products you invest in and historical data about investments you have made. If you chose not to provide the information required, we may not be able to provide you with the requested product or service.
If you choose to provide us with any Personal Data relating to a third party (e.g. information relating to your spouse, children, parents, and/or employees) or ask us to share their personal data with third parties, by submitting such information to us, you confirm that they understand the information in this notice about how we will use their personal data.
We obtain this information in several ways, for example through your use of our services or other dealings with us including through the account opening process, enquiry forms, and from information provided in the course of ongoing correspondence.
We may also collect personal data from:
We may record any communications with you including electronic mail, telephone calls, in person or otherwise, which will constitute evidence of the communications between us. This information is collected in compliance with our duties under FCA rules in relation to our record keeping obligations.
Telephone conversations may be recorded without the use of a warning tone or any other further notice. Further, if you visit any of our offices or premises, we may have CCTV which would record your image.
The table below gives an overview:
|
What we do |
Why we do it |
Legal basis |
|
Provide and manage your account and services |
To deliver the products and services you have asked for |
To perform our contract with you
It is in our legitimate interests to make sure that our client accounts are well-managed, so that our clients are provided with a high standard of service, and to protect our business interests and the interests of our clients. |
|
Check your identity, run AML, sanctions and PEP checks and confirm source of wealth/funds |
To comply with the law and protect against financial crime |
Legal obligation; public interest |
|
Assess your suitability and categorise you as a client (e.g. retail, professional) |
To meet our obligations under FCA rules |
Legal obligation |
|
Keep records and report to regulators and tax authorities (including CRS/FATCA) |
Because we are required to do so by law |
Legal obligation |
|
Respond to enquiries or complaints |
To provide a high standard of client service |
Contract; legitimate interest |
|
Monitor calls, emails and meetings |
For training, recordkeeping, and to meet FCA requirements |
Legal obligation; legitimate interest |
|
Prevent fraud and keep your money and information secure |
To protect you, us, and the financial system |
Legal obligation; legitimate interest |
|
Improve our products and services |
To develop our business responsibly |
Legitimate interest |
|
Send you marketing about our services |
To keep you informed of relevant opportunities |
Consent (for individuals, unless soft opt-in applies); legitimate interest (for corporates) |
|
Use health or other sensitive information |
To support you or manage complaints |
Consent; substantial public interest |
|
Use information about criminal offences |
To meet AML and fraud prevention duties |
Legal obligation; substantial public interest |
We may ask you for permission to collect and use certain types of personal data when we must do so by law (for example, when we process sensitive personal data or place cookies or similar technologies on devices or browsers). If we ask you for permission to process your
personal data, you can refuse, or withdraw your permission at any time, by using the contact details at the end of this privacy notice or, if in relation to cookies or similar technologies, by clicking on the ‘C’ logo in the bottom right-hand corner of the webpage (please see here on Cookies).
We will never sell your personal data.
Depending on the service you use, we may share your information with:
We would usually supply aggregated data to tax authorities.
We may be required by law or regulation to share information about your accounts with relevant tax authorities, either directly or through the local tax authority. The tax authority we share the information with could then share that information with other appropriate tax authorities. If we need extra documents or information from you about this, you must provide them. If you don’t, we may need to close your account or, if the law or other regulations require us to do so, we’ll withhold parts of certain payments received into your account and pass the withheld funds to the relevant tax authorities.
Where you (or a third party properly authorised to give instructions on your behalf) ask us to share personal data with (for example, providers of payment initiation or account information services). If we share your personal data with these third parties, we will have no control over how they use it. You (or the person with authority over your account) will need to agree this direct with the third party.
By “authorised third parties” we mean companies that are authorised by the Financial Conduct Authority or another European regulator to provide the relevant service. In the UK, the Financial Conduct Authority’s register (available at https://register.fca.org.uk/) will tell you whether a company is authorised. Before you make your request, we recommend that you (or the person acting on your behalf) consider the data protection practices of that third party by reading their privacy notices or contacting them.
We do not make decisions solely by automated means that have legal or significant effects.
Some checks (e.g. sanctions screening, fraud alerts, credit scoring) use automated tools. Where this could affect you, a staff member will review the result and you may request human intervention.
Safeguarding the privacy of your information is important to us, whether you interact with us personally, by phone, by mail, over the internet or any other electronic medium.
We hold personal data in a combination of secure computer storage facilities and paper-based files and other records. Steps are taken to protect the personal data we hold from misuse, loss, unauthorised access, modification or disclosure.
When we consider that personal data is no longer needed, we will remove any details that will identify you or we will securely destroy the records. However, we may need to maintain records for a significant period of time in line with our regulatory obligations. For example, we are subject to certain anti-money laundering laws which require us to retain verification of identity records for a period of five years after our business relationship with you has ended.
If we hold any personal data in the form of a deed, we will hold this deed in its complete form for a period of 12 years after our business relationship with you has ended.
If we hold any personal data in the form of a recorded communication, by telephone, electronic mail, in person or otherwise in relation to our regulatory obligations as detailed above, this information will be held in line with local regulatory requirements which will generally be between five and seven years after our business relationship with you has ended.
Where you have opted out of receiving marketing communications we will hold your e-mail address on our suppression list so that we know you do not want to receive these communications.
Our services are designed for adults. We do not knowingly provide services directly to children. If we process data about children or vulnerable persons (for example in trusts), we take additional steps to safeguard it.
Different Shard Capital businesses may act for clients with competing interests. We maintain information barriers and strict policies to prevent inappropriate sharing of information across business areas, in line with FCA rules.
To keep your data safe, we use a combination of technical, physical and organisational measures. These include:
|
Right |
What it means |
|
Access |
Get a copy of the data we hold about you |
|
Rectification |
Correct inaccurate or incomplete data |
|
Erasure |
Ask us to delete data when it is no longer needed |
|
Restriction |
Limit how we use your data in certain cases |
|
Objection |
Object to processing, particularly for marketing |
|
Portability |
Ask us to send your data to you or another provider (where applicable) |
|
Withdraw consent |
Stop processing where consent is the basis |
Your ability to exercise these rights will depend on a number of factors and in some instances, we will not be able to comply with your request e.g. because we have legitimate grounds for not doing so or where the right doesn’t apply to the particular data we hold on you. If you would like more information on these rights, please contact compliance@shardcapital.com
Where you have provided consent to our use of your data, you have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent.
Your personal data may be stored in and transferred to countries outside the United Kingdom (UK) or European Economic Area (EEA) including countries where our data centres and third-party services providers are located, for example, the United States. These countries may have data protection laws that are different from those of your country of residence. Where we make such transfers, we will ensure your personal data has an appropriate level of protection and that the transfer complies with applicable legal requirements.
For example, for transfers from the UK and/or EEA to outside the UK/EEA, we ensure a similar level of protection is afforded to personal data by ensuring at least one of the following appropriate safeguards is implemented:
Our sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy notices and that we do not accept any responsibility or liability for how such websites collect and use your data. Please check these notices before you submit any personal data to these websites.
We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Notice, be permitted to use that data only for the purposes for which it was originally collected by us.
If you have any queries regarding privacy issues or the content of this Privacy Notice, you can email compliance@shardcapital.com or write to us at: Shard Capital, 51 Lime Street, London, EC3M 7DQ.
If you have a concern about any aspect of our privacy practices, you can make a complaint. This will be acted upon promptly. To make a complaint, please contact us via compliance@shardcapital.com.
If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with our supervisory authority, the Information Commissioner’s Office (ICO). You can find details about how to do this on the ICO website at https://ico.org.uk/concerns/ or by calling their helpline on 0303 123 1113.
We reserve the right to update this Notice to reflect any legal changes or changes to the way in which we process your personal data. The updated Notice will be published on our website and comes into effect at the time of publication on the website.
In this version, we have:
These changes improve transparency but do not alter how we use your personal information.