Privacy Notice - Heim Advisory UK Limited

How Heim processes your personal data under the UK GDPR and the Data Protection Act 2018.

1Introduction

Heim Advisory UK Limited (“Heim”) is committed to your right to privacy. This privacy notice contains information about how Heim processes personal data about you under the UK GDPR and the Data Protection Act 2018.

As part of Heim’s business, Heim processes personal data about contact persons of Heim’s clients, prospective clients, suppliers and other business partners.

2How does Heim use your personal data?

The table below lists the personal data that Heim typically processes about you, the purposes for which Heim processes it, Heim’s typical sources of such data, and the lawful basis on which Heim relies.

Purpose Categories of data Source Legal basis
PurposeTo establish customer relationships and carry out due diligence where applicable. Categories of dataName, address, date of birth, place of birth, nationality, gender, tax identification number, government-issued identity documents, proof of address, proof of source of funds, source of wealth or income, and related due diligence information where applicable. Heim may also collect additional data if you are a politically exposed person, subject to sanctions screening, or linked to any such person. SourceFrom you and public sources. Legal basisHeim relies on its legitimate interest in conducting proportionate due diligence and managing legal, financial crime and reputational risk.
PurposeTo monitor Heim’s relationship with counterparties and mitigate legal and financial crime risks in transactions. Categories of dataName, address, date of birth, place of birth, nationality, gender, tax identification number, government-issued identity documents, proof of address, proof of source of funds, source of wealth or income, sanctions screening results, politically exposed person information and other due diligence information where applicable. SourceFrom you and public sources. Legal basisHeim’s legitimate interest in ensuring compliance with applicable law and standards of proper business conduct, and in mitigating legal, financial crime and reputational risk.
PurposeTo conduct ongoing monitoring of Heim’s customer and counterparty relationships where applicable. Categories of dataPersonal data collected in connection with ongoing monitoring, such as transaction data, updated identification information, sanctions screening information, politically exposed person information and changes to previously provided due diligence information. SourceFrom you and public sources. Legal basisHeim relies on its legitimate interest in conducting proportionate ongoing monitoring and managing legal, financial crime and reputational risk.
PurposeTo manage and administer relationships with Heim’s customers, prospective customers, suppliers, and other business partners. Categories of dataContact data such as name, phone number, email address, position and employer. SourceFrom you. Legal basisTo perform and fulfil contracts Heim has with its customers and other business partners. Where you act on behalf of a customer, supplier or other business partner, Heim relies on its legitimate interest in maintaining and developing its relationship with you, providing its services and administering its business.
PurposeTo respond to requests submitted through email, telephone or other contact channels. Categories of dataContact data such as name, email address and phone number, and any personal data included in the request or attached documents. SourceFrom you. Legal basisHeim’s legitimate interest in following up customer requests and other enquiries concerning Heim’s business.
PurposeTo market Heim’s services, including issuing newsletters, offers and event invitations. Categories of dataName, email address and phone number. SourceFrom you. Legal basisYour consent. Heim may also rely on its legitimate interest in marketing its services where Heim has an existing customer or business relationship with you or your business. You may withdraw your consent or opt out at any time by using the unsubscribe feature or by contacting Heim.
PurposeTo identify prospective business contacts. Categories of dataName, email address, phone number, position, employer and publicly available professional information. SourceFrom public sources. Legal basisHeim’s legitimate interest in marketing Heim’s business and identifying relevant prospective business contacts.
PurposeTo recruit employees. Categories of dataName, contact information, CV, education and certifications, information from references, information from background checks and results from personality and qualification tests where applicable. SourceFrom you, your references and public sources. Legal basisHeim’s legitimate interest in recruiting employees and assessing whether you are qualified. Where Heim has no available positions and you have applied prospectively, Heim may ask for your consent to continue storing your contact details and application data so that Heim may consider you for future positions within Heim.

Heim may also collect or receive other types of data if required to fulfil the purposes listed above.

On a case-by-case basis, Heim may also use your personal data for certain purposes that are not incompatible with the purpose for which the data was originally collected or received, such as audits, analytics, reporting, innovation, dispute resolution and mergers and acquisitions.

3How does Heim share your personal data?

Heim relies on a number of third-party service providers as part of its normal course of business and may disclose your personal data to the following categories of recipients, to the extent necessary for the purposes described above:

  • To Heim’s service providers, including providers of IT systems, website services, hosting, accounting, payroll, compliance, legal, audit, insurance and other administrative services. Where a service provider processes personal data on Heim’s behalf, Heim will put appropriate contractual arrangements in place.
  • To public authorities, regulators, courts, tribunals, tax authorities, law enforcement bodies, financial institutions or other third parties where disclosure is required by law or necessary to establish, exercise or defend legal claims.
  • To Heim’s professional advisers, owners, auditors, insurers, banks and business partners, where this is necessary for the operation, administration, financing, audit, insurance or legal protection of Heim’s business.
  • To third parties involved in any actual or proposed restructuring, sale, transfer, merger, financing or other transaction relating to Heim’s business, provided that such disclosure is necessary and subject to appropriate confidentiality and data protection safeguards.

4Transfer of personal data outside the UK/EEA

As some of Heim’s suppliers and business partners may be located outside the UK or the EEA, Heim may transfer your personal data outside the UK or the EEA where necessary. Heim will ensure that such transfers are made in accordance with the UK GDPR, including by using adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or another appropriate safeguard where required. Heim will provide you with further details about such international data transfers upon request. If you want to obtain a copy of the relevant safeguards, please use the contact details below.

5How long does Heim keep your personal data?

Heim retains your personal data for as long as necessary for the purposes for which Heim collected it, and in accordance with its internal retention guidelines. Personal data may be retained for a longer period where this is necessary to comply with legal obligations, resolve disputes, or establish, exercise or defend legal claims.

6Your privacy rights

You have several rights as regards the processing of your personal data. Such rights include:

Right Description
RightInformation DescriptionTo receive further information on how Heim processes your personal data.
RightAccess DescriptionTo receive a copy of the information Heim has on you.
RightRectification DescriptionTo request rectification and completion of the information Heim has on you.
RightErasure DescriptionTo request erasure of information if there are no applicable legal grounds for processing such information.
RightRestriction DescriptionTo ask that Heim restrict the processing of your information.
RightData portability DescriptionTo ask that your information is transferred to you in a structured, commonly used, and machine-readable format.
RightObjection DescriptionTo object to Heim’s processing of your personal data. You also have the right to object to being subject to a decision based solely on automated processing.

Please note that these rights are subject to conditions and limitations by law. If you would like to exercise your rights or would like more information about the conditions/limitations, please contact Heim.

If you consider that Heim uses your personal data in violation of applicable law, you may file a complaint with the Information Commissioner’s Office. Heim encourages you to contact us before making a complaint, so that Heim may consider your objection and clarify any misunderstandings.

7Changes to this privacy notice

Heim may change this privacy notice from time to time, when deemed necessary or appropriate to ensure Heim’s compliance with the UK GDPR, the Data Protection Act 2018 and other applicable UK data privacy law. Heim will notify you if it makes significant changes. Heim recommends visiting privacy.heimam.co.uk, where you will find the latest version.

8Contact information

Please contact Heim if you have any questions, comments or would like to exercise your rights, including the right to withdraw your consent. Heim will respond to your enquiry as soon as possible and typically within one month, unless a shorter response period applies or the UK GDPR permits an extension. Use the following contact details:

heim@heimam.co.uk

This Privacy Notice was last updated: June 2026 ↑ Back to top