Privacy Notice

Privacy Policy Information

Introduction

Novera Advisors Ltd (“Novera”, “we”, “our”, or “us”) is committed to protecting your privacy and handling personal data responsibly.

As a regulatory compliance consultancy, we recognise the importance of managing personal data with care, integrity and professionalism. This Privacy Notice explains how we collect, use, store and protect personal data when you:

  • Visit our website.
  • Contact us.
  • Engage us to provide services.
  • Receive communications from us.
  • Interact with us in a professional capacity.

We process personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

If you have any questions about how we use your personal data, we encourage you to contact us using the details at the end of this notice.

Who we are

Novera is a UK-based financial services compliance consultancy.
For the purposes of data protection law, we may act as a ‘data controller’ when determining how and why personal data is processed. In certain circumstances, we may also act as a ‘data processor’ where we process personal data on behalf of a client under a services agreement.

Novera is registered in England and Wales under company number 16829159. Our registered office is 20 Market Place, Kingston Upon Thames, Surrey, United Kingdom, KT1 1JP. We are registered with the Information Commissioner’s Office under registration number ZC092022.

The legal bases we rely on

Under UK GDPR, we must have a lawful basis for processing personal data. Depending on the nature of our relationship with you and the purpose of the processing, we rely on one or more of the following legal bases:

  • Contract: We process personal data where it is necessary to perform a contract with you, or to take steps at your request before entering into a contract. This includes delivering consultancy services and managing our client relationships.
  • Legal obligation: We may process personal data where it is necessary for us to comply with legal or regulatory requirements. This may include, for example, obligations relating to financial regulation, anti-money laundering, fraud prevention and statutory record retention requirements.
  • Legitimate interests: We may process personal data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This may include improving our services, managing our operations, maintaining business relationships and protecting the security of our systems.
  • Consent: In limited circumstances, we rely on your consent to process personal data, for example when sending certain marketing communications. You have the right to withdraw your consent at any time.

The personal data we collect

The personal data we collect depends on our relationship with you and the nature of the services we provide. This may include, but is not limited to:

  • Identity information: your name, title, date of birth, identification details, professional role and related verification documentation.
  • Contact information: your business or personal address, email address and telephone numbers.
  • Financial information: your bank details, payment information and billing records.
  • Regulatory and due diligence information: information required to carry out Know Your Customer checks, regulatory assessments or statutory obligations.
  • Technical and usage information: your IP address, browser type, device information and details about how you use our website.
  • Recruitment information: your employment history, qualifications and information provided as part of an application process.

We may receive personal data directly from you, from clients who engage us, from professional advisers, from regulators or from publicly available sources where appropriate.

How we use personal data

We use personal data in a measured and proportionate way to support our professional services and business operations. This may include:

  • Delivering regulatory consultancy and compliance support.
  • Managing client engagements and contractual relationships.
  • Meeting legal and regulatory obligations.
  • Conducting due diligence and supporting compliance with anti-money laundering and financial crime requirements.
  • Administering billing and financial processes.
  • Responding to enquiries.
  • Improving our services and website functionality.
  • Considering applications for employment.

If you would like to understand more about how your personal data is used, or to change how we communicate with you, please refer to the “Your Rights” section below.

In some cases, if we do not have the information necessary to meet regulatory, legal or contractual requirements, this may limit the services we are able to provide or how we can respond to your request.

Sharing of personal data

We may share personal data with trusted third parties where necessary in connection with the delivery of our services and the operation of our business. These may include professional advisers such as accountants, insurers and legal advisers. We may also share information with IT and secure cloud service providers, payment processors, regulators or law enforcement authorities where required, and third parties involved in a corporate transaction such as a merger or business sale.

All third-party providers are required to process personal data securely and in accordance with our instructions.

International transfers

Where personal data is transferred outside the United Kingdom, we ensure that appropriate safeguards are in place to protect that information.

This may include transferring data to countries that have been deemed to provide an adequate level of protection under UK data protection law or implementing approved contractual safeguards with the relevant service providers.

We take reasonable steps to ensure that personal data remains appropriately protected wherever it is processed.

Data retention

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected.

When determining the appropriate retention period, we consider the nature and sensitivity of the information, the purpose for which it was obtained, our legal and regulatory obligations, applicable statutory and regulatory record retention requirements, and the need to resolve disputes or enforce agreements.

Once personal data is no longer required, it is securely deleted or anonymised in accordance with our internal data management procedures.

Data security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse or disclosure.

These measures include the use of secure cloud-based systems, access controls on a strict need-to-know basis, encryption and firewall protection, internal policies governing the handling of information, and defined procedures for responding to suspected data breaches.

We regularly review our security arrangements to ensure they remain appropriate to the nature of the information we hold and the risks involved.

Cookies

Our website uses cookies to improve functionality and to understand how visitors interact with our content.

Cookies are small text files placed on your device when you visit a website. They allow the website to recognise your device and store certain information about your preferences or past actions.

We use cookies to support the effective operation of our website, to monitor performance, to improve user experience and to analyse traffic patterns. Some cookies may be set by third-party service providers, for example analytics providers where we use such services, to help us understand how our website is used.

You can control or disable cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that if you choose to disable cookies, certain features of the website may not function as intended.

Links to other websites

Our website may contain links to third-party websites. This Privacy Notice does not apply to those external websites, and we are not responsible for their privacy practices.

If you access a third-party website through a link on our website, you should review their privacy notice to understand how your personal data will be handled.

Your rights

Under UK GDPR, you have a number of rights in relation to your personal data. These include the right to:

  • Request access to the personal data we hold about you.
  • Request correction of inaccurate or incomplete information.
  • Request erasure of your personal data in certain circumstances.
  • Restrict or object to the processing of your personal data.
  • Request the transfer of your data to another organisation, where applicable.
  • Withdraw consent where we rely on it as a lawful basis.

You may exercise your rights by contacting us using the details set out below.

We aim to respond to all valid requests without undue delay and in any event within one month. In some cases, where a request is particularly complex or where multiple requests are made, we may require additional time. If this applies, we will notify you and keep you informed.

If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection. We would, however, welcome the opportunity to address your concerns directly in the first instance.

Changes to the notice

We may update this Privacy Notice from time to time to reflect changes in our practices or legal requirements. The most current version will always be available on our website.

Contact us

If you have any questions about this Privacy Notice or wish to exercise your rights, please email us at info@noveraadvisors.com.

Alternatively, you may write to us at: 

40 Gracechurch Street
London
EC3V 0BT