Inceo Asset Management
Privacy Policy
1.About this policy
This policy explains how Inceo Asset Management collects, uses, shares and protects personal data, and the rights that individuals hold in relation to that data. Inceo Asset Management provides strategic oversight, reporting and advisory services for owners and investors who hold United Kingdom property, many of whom are resident outside the United Kingdom. Delivering those services responsibly requires the firm to handle personal data with care.
Inceo Asset Management is committed to handling personal data in accordance with the United Kingdom General Data Protection Regulation and the Data Protection Act 2018. This policy should be read alongside any engagement documentation, client agreement or specific privacy notice that the firm provides.
2.Who is responsible for your data
For the purposes of data protection law, the controller of personal data is Inceo Group, trading as Inceo Asset Management. The firm determines how and why personal data is processed in connection with its services and its website at www.inceoassetmanagement.co.uk.
Controller: Inceo Group, trading as Inceo Asset Management, company registration number [insert company number], whose registered office is at 1 Lyric Square, London W6 0NB, United Kingdom.
Data protection enquiries: Questions about this policy, or any request to exercise the rights described below, can be directed to business@inceo.co.uk, or by post to the address above, marked for the attention of the data protection contact.
Inceo Group is registered with the Information Commissioner's Office under registration reference [insert ICO registration number].
3.The personal data the firm collects
The categories of personal data that Inceo Asset Management may collect and use are set out below. Not every category applies to every individual, and the data held about a client is usually more extensive than the data held about a website visitor or a general enquirer.
| Category | Examples |
|---|---|
| Identity data | Full name, title, date of birth, nationality, photographs, and copies of identity documents such as a passport or national identity card. |
| Contact data | Residential and correspondence addresses, email addresses, and telephone numbers. |
| Financial data | Bank account and payment details, tax identification numbers, and information about assets, income, liabilities and ownership structures. |
| Due diligence data | Information gathered for anti money laundering and know your client purposes, sanctions and politically exposed person screening, source of funds and source of wealth, and beneficial ownership. |
| Portfolio data | Details of the properties and holdings under oversight, leases, valuations, debt and covenant information, and records of instructions and decisions taken. |
| Account data | Login credentials and activity records associated with the Inceo Portal. |
| Communications data | Correspondence by email, telephone and messaging, together with meeting notes and call records where these are kept. |
| Technical data | Internet protocol address, device and browser information, and information about how the website is used, collected through cookies and similar technologies. |
| Marketing data | Preferences in relation to receiving communications from the firm. |
Where personal data relates to a company rather than an individual, data protection law applies only to the information that identifies a living person, such as a named director, beneficial owner or contact.
Sensitive information
In limited circumstances, due diligence and screening can reveal special category data, such as information that indicates a person's political exposure, or information relating to alleged or actual criminal offences. Inceo Asset Management collects and uses such information only where the law permits, in particular for the prevention of fraud and money laundering and for compliance with regulatory obligations, and applies additional safeguards to its handling.
4.How the firm collects personal data
Personal data is collected in three main ways.
- Directly from you. When you enquire through the website, including through contact, consultation request, investor enquiry and newsletter subscription forms, when you correspond with the firm, attend meetings, enter into an engagement, or use the Inceo Portal.
- From third parties. From introducers, agents and advisers acting on your behalf, from identity verification, sanctions and credit reference providers, from banks, lenders, valuers and managing agents, and from public registers and other lawful sources.
- Automatically. When you visit the website, certain technical data is collected through cookies and similar technologies, as described in the section on cookies below.
5.Why the firm uses personal data and the lawful basis
Inceo Asset Management uses personal data only where there is a lawful basis to do so. The principal purposes, and the lawful basis relied upon for each, are summarised below.
| Purpose | Lawful basis |
|---|---|
| Establishing and administering the client relationship and providing oversight, reporting and advisory services. | Performance of a contract, and steps taken at your request before entering into one. |
| Carrying out client due diligence, identity verification, sanctions and politically exposed person screening, and ongoing monitoring. | Compliance with a legal obligation where it applies, and the firm's legitimate interests in preventing financial crime, supported by the substantial public interest basis for any special category or criminal offence data. |
| Meeting tax reporting and record keeping requirements, including those under FATCA and the Common Reporting Standard. | Compliance with a legal obligation. |
| Operating, securing and improving the website and the Inceo Portal. | Legitimate interests, and consent for non essential cookies. |
| Responding to enquiries submitted through the website or by other means. | Legitimate interests, and steps taken at your request before entering into a contract. |
| Sending relevant updates and insights to clients and professional contacts. | Legitimate interests, and consent where it is required. |
| Protecting the firm, managing risk, and establishing, exercising or defending legal claims. | Legitimate interests, and compliance with a legal obligation. |
| Managing a sale, reorganisation or other corporate transaction involving the firm. | Legitimate interests. |
Where the firm relies on legitimate interests, it has considered whether those interests are outweighed by the interests and rights of the individuals concerned, and balances them accordingly. Copies of the firm's legitimate interests assessments are available on request where applicable.
6.Regulatory and anti money laundering obligations
As a standard part of taking on and acting for clients, Inceo Asset Management carries out due diligence on its clients and the people connected with them. This includes collecting identity documents such as a passport or national identity card, verifying the identity of clients and the people connected with them, identifying and verifying beneficial ownership, screening against sanctions and politically exposed person lists, requesting information on the source of funds and source of wealth behind a transaction, and monitoring the relationship on an ongoing basis.
These checks are a condition of the firm acting for a client, and the firm cannot provide its services without completing them. Personal data collected for these purposes may be disclosed to the relevant authorities where the firm is required or permitted to do so, and the firm may be prevented by law from informing an individual that such a disclosure has been made. Where reporting obligations under tax transparency regimes such as FATCA or the Common Reporting Standard apply, the firm processes and shares the information necessary to meet them.
7.Who the firm shares personal data with
Inceo Asset Management does not sell personal data and does not share it for the unrelated marketing purposes of others. Personal data is shared only where it is necessary, and with the following types of recipient.
- Service providers. Trusted suppliers who support the firm, including technology, hosting and the portal platform, communications, document management and professional support, all of whom act on the firm's instructions under contract.
- Professional advisers. Lawyers, accountants, auditors and tax advisers who provide services to the firm or to a client engagement.
- Verification providers. Identity verification, sanctions, screening and credit reference agencies engaged to perform due diligence.
- Counterparties. Banks, lenders, valuers, surveyors, managing agents and other parties where this is necessary to deliver the agreed services.
- Authorities. Regulators, tax authorities including HM Revenue and Customs, law enforcement and other bodies where disclosure is required or permitted by law.
- Group and successors. Other members of Inceo Group, and any purchaser or successor in the context of a corporate transaction involving the firm.
Where it is helpful, the firm can confirm the specific providers it relies upon. These currently include Microsoft 365 and Google Workspace. All such providers are required to keep personal data secure and to use it only on the firm's instructions.
8.International transfers
Many of the firm's clients, and the people connected with them, are resident outside the United Kingdom. Personal data may therefore be transferred internationally where this is necessary to provide the firm's services, to communicate with clients, to coordinate with advisers and counterparties, or to satisfy regulatory obligations.
Inceo Asset Management serves owners and investors located in markets around the world. As a result, personal data may be transferred outside the United Kingdom, for example when the firm communicates with a client or an adviser based overseas, or when a service provider operates from another country.
Where personal data is transferred outside the United Kingdom, the firm ensures that an appropriate level of protection is in place. This means relying on the United Kingdom government's adequacy regulations where the destination country benefits from them, or putting in place approved safeguards such as the International Data Transfer Agreement or the United Kingdom Addendum to the European Commission standard contractual clauses. Where a transfer is necessary to perform a contract requested by the individual, the firm may rely on that basis. Further detail on the safeguards used is available on request.
9.How long personal data is kept
Personal data is retained for as long as it is needed for the purposes set out in this policy, and for as long as the law requires. Records collected for due diligence and anti money laundering purposes are generally kept for at least five years after the end of the business relationship or the completion of a transaction, and longer where another legal obligation, or the need to establish or defend a legal claim, requires it. When personal data is no longer required, it is securely deleted or anonymised.
10.How the firm protects personal data
Inceo Asset Management applies organisational and technical measures designed to protect personal data against unauthorised access, loss, misuse or alteration. These measures include access controls, encryption in transit and at rest where appropriate, secure hosting, confidentiality obligations on the firm's people and suppliers, and the principle that personal data is made available only to those who need it. The Inceo Portal is protected by authentication controls, and clients are responsible for keeping their access credentials confidential.
In the event of a personal data breach, the firm will act in accordance with its obligations under data protection law. This includes assessing the breach, taking steps to contain and remedy it, and notifying the Information Commissioner's Office, and affected individuals, where the law requires.
11.Analysis and automated processing
The firm's platform calculates portfolio metrics, such as yields, loan to value ratios and risk indicators, in order to support the oversight that the firm provides. These calculations inform the recommendations made by the firm's principals, which clients then consider and approve. Inceo Asset Management does not make decisions that produce legal effects, or similarly significant effects, based solely on automated processing without meaningful human involvement.
12.Cookies and website data
The website uses cookies and similar technologies. Strictly necessary cookies allow the website to function and cannot be switched off. Other cookies, used to understand how the website is used and to improve it, and any used for marketing, are set only with consent. Consent can be managed through the controls presented on the website, and most browsers allow cookies to be blocked or deleted. The firm's cookie policy sets out the specific cookies in use, their purposes and durations, and how to manage them.
13.Marketing communications
Inceo Asset Management may send relevant updates, insights and information about its services to clients and professional contacts, in line with the law. Any individual can ask the firm to stop sending such communications at any time, by using the unsubscribe option in a message or by contacting the firm directly. Withdrawing from marketing does not affect communications that relate to the firm's services or its legal obligations.
14.Your rights
Subject to certain conditions and exemptions under data protection law, you have the following rights in relation to your personal data.
- Access. To be told whether your data is being processed, and to receive a copy of it.
- Rectification. To have inaccurate data corrected and incomplete data completed.
- Erasure. To have your data deleted in certain circumstances.
- Restriction. To limit how your data is used in certain circumstances.
- Portability. To receive certain data in a portable format, or have it transferred to another controller.
- Objection. To object to processing based on legitimate interests, and to direct marketing at any time.
- Withdrawal of consent. To withdraw consent where the firm relies on it, without affecting earlier processing.
To exercise any of these rights, please contact the firm using the details in this policy. The firm may need to verify your identity before responding. Requests are usually answered within one month and are generally free of charge. Some rights do not apply where the firm is required by law to retain or process the relevant data, for example records held for anti money laundering purposes.
15.Complaints
If you have a concern about how Inceo Asset Management handles your personal data, please raise it with the firm in the first instance so that it can be addressed. You also have the right to complain to the Information Commissioner's Office, the United Kingdom supervisory authority for data protection.
Information Commissioner's Office. Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Helpline 0303 123 1113. Website ico.org.uk.
16.Children
The firm's services and website are directed at businesses, professional investors and adult individuals. Inceo Asset Management does not knowingly collect personal data relating to children.
17.Changes to this policy
This policy may be updated from time to time to reflect changes in the firm's practices or in the law. The current version is the one published on the website, and the effective date at the top of this policy shows when it was last revised. Material changes will be communicated where appropriate.
18.How to contact the firm
Questions about this policy, or about how Inceo Asset Management handles personal data, are welcome.
Inceo Asset Management
1 Lyric Square, London W6 0NB, United Kingdom
+44 20 8191 3098