Privacy and Data Protection Notice

1. Who we are

BlackCores and Partners LLP is a limited liability partnership registered in England and Wales (company number OC459454). Our registered office is at First Floor Office, 3 Hornton Place, London, W8 4LZ, United Kingdom.

For data protection purposes, BlackCores and Partners LLP is the data controller for personal data collected through this website and in connection with enquiries about our services.

2. What personal data we collect

We may collect the following categories of personal data:

Website enquiries and contact

• Name and job title
• Email address
• Organisation name
• Message content, including details about the services you require

Client and engagement data

• Contact details for client representatives
• Business information provided for scoping and conflict checks
• Documents and records provided during engagements (e.g. CDD/EDD evidence, governance documentation, policy files)
• Correspondence and meeting notes

Technical data

• IP address (anonymised where possible)
• Browser type and version
• Pages visited and time spent on site

3. How we use your data

We use personal data for the following purposes:

• Responding to enquiries about our services
• Assessing scope and preparing proposals
• Conducting preliminary conflict or client-acceptance checks
• Delivering AML review, due diligence, governance and compliance services
• Maintaining professional engagement records
• Complying with legal and regulatory obligations
• Improving our website and services

4. Lawful bases for processing

We process personal data under the following lawful bases:

• Contract: Processing necessary to perform a contract with you or take steps at your request before entering into a contract (e.g. preparing proposals, delivering services).
• Legitimate interests: Processing necessary for our legitimate business interests, such as responding to enquiries, maintaining professional records, and improving our services, where these interests are not overridden by your rights.
• Legal obligation: Processing necessary to comply with legal or regulatory requirements, including AML record-keeping obligations.

5. Special category and criminal offence data

In the course of AML/CFT review, due diligence and financial crime engagements, we may process information that includes:

• Politically exposed person (PEP) status
• Sanctions screening results
• Adverse media or criminal record information

This processing is carried out under applicable legal obligations and substantial public interest conditions, including the prevention or detection of unlawful acts and compliance with regulatory requirements. We implement appropriate safeguards to protect this data.

6. Who we share data with

We do not sell personal data. We may share data with:

• Service providers who support our operations (e.g. cloud hosting, email, document management), under appropriate confidentiality and data processing agreements
• Professional advisers (e.g. legal, accounting) where necessary
• Regulatory authorities or law enforcement where required by law

7. International data transfers

Some of our service providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement or adequacy decisions.

8. How long we keep data

We retain personal data for as long as necessary for the purposes described in this notice:

• Enquiry data: If no engagement proceeds, we retain enquiry data for up to 2 years for business development and to respond to any follow-up contact.
• Engagement records: We retain engagement files for at least 6 years after completion, or longer where required by law, regulation or professional standards (e.g. AML record-keeping requirements).
• Technical data: Analytics data is aggregated and anonymised or deleted within 26 months.

9. Your rights

Under UK data protection law (UK GDPR), you have the following rights:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your data in certain circumstances
• Restriction: Request that we limit how we use your data
• Portability: Request a copy of your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests

To exercise these rights, please contact us at privacy@blackcores.co.uk. We will respond within one month.

10. Cookies

For information about how we use cookies and similar technologies, please see our Cookie Notice.

11. Complaints

If you are not satisfied with how we handle your personal data, you have the right to complain to the Information Commissioner's Office (ICO):

12. Contact us

For questions about this notice or how we handle your personal data, please contact:

13. Changes to this notice

We may update this notice from time to time. The current version will always be available on this page with the "Last updated" date shown at the top.