Last updated September 2025
INTRODUCTION
At Shard Capital, we take your privacy seriously. This privacy notice explains the personal information (referred to as “personal data” in this notice) we collect about you, how we use it, who we share it with and your rights.
For clarity:
- “Shard Capital” is a collective name we use for our businesses listed below.
- Each business is a separate legal entity and is responsible for the data it processes.
- When we say “we”, “us” or “our”, we mean the Shard Capital business you deal with.
This notice covers:
- Shard Capital Partners LLP (trading names: Shard Capital, Shard Capital ECM, Shard Capital Stockbrokers, Shard Capital Investor Visa, Alternative Resource Capital, LeifBridge and Tennyson Securities)
- Shard Capital AIFM LLP
- Shard Capital Limited
If you are applying for a role at Shard Capital, please see our Candidate Privacy Notice.
PERSONAL DATA WE COLLECT
We collect different types of personal information depending on the services we provide you.
This can include:
- Identity details such as your name, date of birth, nationality and identification documents
- Contact details such as your home or business address, phone number and email address.
- Financial details (bank account information, investment and trading history, account balances, custody records)
- Health information but only where relevant, for example to support suitability needs.
- Employment details including your job, qualifications, employer and career history
- Family and associates where needed for compliance, such as beneficial owners or close connections.
- Suitability information including your investment goals, risk tolerance, knowledge and experience, financial position and tax residency.
- Technical data including internet protocol (IP) address, your login data, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
- Information about criminal convictions and offences (where required)
- Marketing preferences
Much of this information is collected in compliance with our duties under FCA rules. This includes our obligation to verify the identity of clients and to maintain records of regulated business including a record of products you invest in and historical data about investments you have made. If you chose not to provide the information required, we may not be able to provide you with the requested product or service.
If you choose to provide us with any Personal Data relating to a third party (e.g. information relating to your spouse, children, parents, and/or employees) or ask us to share their personal data with third parties, by submitting such information to us, you confirm that they understand the information in this notice about how we will use their personal data.
WHERE WE COLLECT YOUR PERSONAL DATA FROM
We obtain this information in several ways, for example through your use of our services or other dealings with us including through the account opening process, enquiry forms, and from information provided in the course of ongoing correspondence.
We may also collect personal data from:
- Employers
- People appointed to act on your behalf
- Law enforcement or government agencies
- Publicly available sources
- Credit reference agencies, fraud prevention databases and sanctions or PEP (politically exposed person) screening providers
- Organisations that provide their own personal data, or personal data from third parties, to help us to improve the personal data we hold, and provide more relevant and interesting products or services to you
- Through our websites/portals via cookies or online forms (please see here on Cookies)
We may record any communications with you including electronic mail, telephone calls, in person or otherwise, which will constitute evidence of the communications between us. This information is collected in compliance with our duties under FCA rules in relation to our record keeping obligations.
Telephone conversations may be recorded without the use of a warning tone or any other further notice. Further, if you visit any of our offices or premises, we may have CCTV which would record your image.
WHAT WE USE YOUR PERSONAL DATA FOR AND THE LEGAL BASIS FOR DOING SO
The table below gives an overview:
| What we do | Why we do it | Legal basis |
|---|---|---|
| Provide and manage your account and services | To deliver the products and services you have asked for | To perform our contract with you It is in our legitimate interests to make sure that our client accounts are well-managed, so that our clients are provided with a high standard of service, and to protect our business interests and the interests of our clients. |
| Check your identity, run AML, sanctions and PEP checks and confirm source of wealth/funds | To comply with the law and protect against financial crime | Legal obligation; public interest |
| Assess your suitability and categorise you as a client (e.g. retail, professional) | To meet our obligations under FCA rules | Legal obligation |
| Respond to enquiries or complaints | To provide a high standard of client service | Contract; legitimate interest |
| Monitor calls, emails and meetings | For training, recordkeeping, and to meet FCA requirements | Legal obligation; legitimate interest |
| Prevent fraud and keep your money and information secure | To protect you, us, and the financial system | Legal obligation; legitimate interest |
| Improve our products and services | To develop our business responsibly | Legitimate interest |
| Send you marketing about our services | To keep you informed of relevant opportunities | Consent (for individuals, unless soft opt-in applies); legitimate interest (for corporates) |
| Use health or other sensitive information | To support you or manage complaints | Consent; substantial public interest |
| Use information about criminal offences | To meet AML and fraud prevention duties | Legal obligation; substantial public interest |
Consent
We may ask you for permission to collect and use certain types of personal data when we must do so by law (for example, when we process sensitive personal data or place cookies or similar technologies on devices or browsers). If we ask you for permission to process your
personal data, you can refuse, or withdraw your permission at any time, by using the contact details at the end of this privacy notice or, if in relation to cookies or similar technologies, by clicking on the ‘C’ logo in the bottom right-hand corner of the webpage (please see here on Cookies).
WHO WE WILL SHARE YOUR PERSONAL DATA WITH
We will never sell your personal data.
Depending on the service you use, we may share your information with:
- Regulators and authorities (e.g. FCA, HMRC, law enforcement, courts).
- Custodians, administrators, registrars and settlement systems.
- Service providers (for IT, communications, secure data storage, mailing).
- Credit reference and fraud prevention agencies.
- Professional advisers (lawyers, auditors, consultants).
- Other Shard Capital businesses (each a separate controller) where necessary for regulatory or operational reasons.
Sharing information about you with tax authorities
We would usually supply aggregated data to tax authorities.
We may be required by law or regulation to share information about your accounts with relevant tax authorities, either directly or through the local tax authority. The tax authority we share the information with could then share that information with other appropriate tax authorities. If we need extra documents or information from you about this, you must provide them. If you don’t, we may need to close your account or, if the law or other regulations require us to do so, we’ll withhold parts of certain payments received into your account and pass the withheld funds to the relevant tax authorities.
Independent third-party service providers
Where you (or a third party properly authorised to give instructions on your behalf) ask us to share personal data with (for example, providers of payment initiation or account information services). If we share your personal data with these third parties, we will have no control over how they use it. You (or the person with authority over your account) will need to agree this direct with the third party.
By “authorised third parties” we mean companies that are authorised by the Financial Conduct Authority or another European regulator to provide the relevant service. In the UK, the Financial Conduct Authority’s register (available at https://register.fca.org.uk/) will tell you whether a company is authorised. Before you make your request, we recommend that you (or the person acting on your behalf) consider the data protection practices of that third party by reading their privacy notices or contacting them.
AUTOMATED DECISIONS AND PROFILING
We do not make decisions solely by automated means that have legal or significant effects.
Some checks (e.g. sanctions screening, fraud alerts, credit scoring) use automated tools. Where this could affect you, a staff member will review the result and you may request human intervention.
HOW LONG WE KEEP YOUR PERSONAL DATA
Safeguarding the privacy of your information is important to us, whether you interact with us personally, by phone, by mail, over the internet or any other electronic medium.
We hold personal data in a combination of secure computer storage facilities and paper-based files and other records. Steps are taken to protect the personal data we hold from misuse, loss, unauthorised access, modification or disclosure.
When we consider that personal data is no longer needed, we will remove any details that will identify you or we will securely destroy the records. However, we may need to maintain records for a significant period of time in line with our regulatory obligations. For example, we are subject to certain anti-money laundering laws which require us to retain verification of identity records for a period of five years after our business relationship with you has ended.
If we hold any personal data in the form of a deed, we will hold this deed in its complete form for a period of 12 years after our business relationship with you has ended.
If we hold any personal data in the form of a recorded communication, by telephone, electronic mail, in person or otherwise in relation to our regulatory obligations as detailed above, this information will be held in line with local regulatory requirements which will generally be between five and seven years after our business relationship with you has ended.
Where you have opted out of receiving marketing communications we will hold your e-mail address on our suppression list so that we know you do not want to receive these communications.
CHILDREN AND VULNERABLE CLIENTS
Our services are designed for adults. We do not knowingly provide services directly to children. If we process data about children or vulnerable persons (for example in trusts), we take additional steps to safeguard it.
CONFLICTS OF INTEREST AND CONFIDENTIALITY
Different Shard Capital businesses may act for clients with competing interests. We maintain information barriers and strict policies to prevent inappropriate sharing of information across business areas, in line with FCA rules.
MANAGEMENT AND SAFEGUARDING OF YOUR DATA
To keep your data safe, we use a combination of technical, physical and organisational measures. These include:
- Encryption of devices and data storage
- Firewalls, antivirus, and anti-malware protection
- Multi-factor authentication for system access
- Regular security patching and vulnerability checks
- Strong physical and network controls around our offices and systems
- Monitoring and detection systems to identify potential threats
- Specialist tools, such as Dark Web monitoring and geo-blocking, to reduce external risks
YOUR RIGHTS
| Right | What it means |
|---|---|
| Access | Get a copy of the data we hold about you |
| Rectification | Correct inaccurate or incomplete data |
| Erasure | Ask us to delete data when it is no longer needed |
| Restriction | Limit how we use your data in certain cases |
| Objection | Object to processing, particularly for marketing |
| Portability | Ask us to send your data to you or another provider (where applicable) |
| Withdraw consent | Stop processing where consent is the basis |
Your ability to exercise these rights will depend on a number of factors and in some instances, we will not be able to comply with your request e.g. because we have legitimate grounds for not doing so or where the right doesn’t apply to the particular data we hold on you. If you would like more information on these rights, please contact compliance@shardcapital.com
Where you have provided consent to our use of your data, you have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent.
TRANSFERS OF PERSONAL DATA OUTSIDE THE UK OR EEA
Your personal data may be stored in and transferred to countries outside the United Kingdom (UK) or European Economic Area (EEA) including countries where our data centres and third-party services providers are located, for example, the United States. These countries may have data protection laws that are different from those of your country of residence. Where we make such transfers, we will ensure your personal data has an appropriate level of protection and that the transfer complies with applicable legal requirements.
For example, for transfers from the UK and/or EEA to outside the UK/EEA, we ensure a similar level of protection is afforded to personal data by ensuring at least one of the following appropriate safeguards is implemented:
Standard Contractual Clauses: For transfers from the UK/EEA to countries not considered adequate, we have put in place adequate measures, such as standard contractual clauses adopted by the relevant authority, to protect your personal data.
Adequacy Decisions: Some countries outside the UK/EEA are recognised by the UK government and/or European Commission as providing an adequate level of protection for personal data. The full list of these countries for the UK is available here: https://ico.org.uk/for-organisations/uk-gdpr-guidance-andresources/international-transfers/international-transfers-a-guide/
LINKS TO EXTERNAL WEBSITES
Our sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy notices and that we do not accept any responsibility or liability for how such websites collect and use your data. Please check these notices before you submit any personal data to these websites.
BUSINESS CHANGES
We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Notice, be permitted to use that data only for the purposes for which it was originally collected by us.
CONTACT US
If you have any queries regarding privacy issues or the content of this Privacy Notice, you can email compliance@shardcapital.com or write to us at: Shard Capital, 51 Lime Street, London, EC3M 7DQ.
If you have a complaint
If you have a concern about any aspect of our privacy practices, you can make a complaint. This will be acted upon promptly. To make a complaint, please contact us via compliance@shardcapital.com.
If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with our supervisory authority, the Information Commissioner’s Office (ICO). You can find details about how to do this on the ICO website at https://ico.org.uk/concerns/ or by calling their helpline on 0303 123 1113.
UPDATES TO THE PRIVACY NOTICE
We reserve the right to update this Notice to reflect any legal changes or changes to the way in which we process your personal data. The updated Notice will be published on our website and comes into effect at the time of publication on the website.
Latest changes to this Privacy Notice
In this version, we have:
- Added more detail on the information we collect for wealth management, including suitability data, risk tolerance, beneficial ownership, source of wealth, and PEP/sanctions checks.
- Strengthened our sections on children, vulnerable clients and conflicts of interest.
- Used tables and summaries in key areas to make the Notice clearer and easier to read.
These changes improve transparency but do not alter how we use your personal information.