Otterbear Advisory logo
Otterbear
Advisory
Menu
Book a Meeting Client Login

Privacy Policy

1. Who We Are

Otterbear Advisory Ltd is a company registered in England and Wales.

Registered address: Star House, 8 Star Hill, Rochester, England, ME1 1UX Website: otterbearadvisory.com ICO Registration Number: ZC105488

We are registered with the Information Commissioner's Office (ICO) as a data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Protection Officer: Jamie Jarrett Email: [email protected]

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

Identity & Contact Data

  • Full name, date of birth

  • Email address, telephone number, postal address

Identity Verification Documents (KYC/AML)

  • Passport or government-issued photo ID

  • Proof of address (e.g. utility bill, bank statement dated within 3 months)

  • Any additional documentation required to satisfy our legal obligations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017

Financial & Business Data

  • Source of funds and wealth information

  • Business ownership and corporate structure details

  • Bank account details where relevant to our services

Technical Data

  • IP address, browser type and version, time zone, browser plug-in types

  • Pages visited, referral sources, session duration (via cookies and analytics tools)

3. How We Collect Your Personal Data

We collect personal data in the following ways:

  • Directly from you when you enquire about or engage our services

  • Through our website contact forms or email correspondence

  • Via third-party identity verification platforms used to conduct KYC/AML checks

  • From publicly available sources (e.g. Companies House, sanctions lists) as part of our due diligence obligations

4. Why We Process Your Personal Data

We process your personal data on the following legal bases:

Purpose

Legal Basis

Providing our advisory services

Performance of a contract (Art. 6(1)(b) UK GDPR)

KYC and AML identity verification

Legal obligation (Art. 6(1)(c) UK GDPR)

Fraud prevention and sanctions screening

Legal obligation / Legitimate interests

Sending service communications

Performance of a contract

Marketing communications (where opted in)

Consent (Art. 6(1)(a) UK GDPR)

Improving our website and services

Legitimate interests (Art. 6(1)(f) UK GDPR)

KYC and AML obligations specifically: We are required by law to verify the identity of our clients before providing certain services. This includes collecting and retaining copies of identity documents such as passports and proof of address. Failure to provide these documents may mean we are unable to engage with you.

5. Special Category Data

We do not routinely collect special category data (e.g. health, ethnicity, political opinions). If this becomes necessary for a specific engagement, we will seek your explicit consent at that time.

6. How We Share Your Personal Data

We do not sell your personal data. We may share it with:

  • Regulators and law enforcement where required by law, including HMRC and the National Crime Agency in connection with our AML obligations

  • Third-party KYC/identity verification providers who process data on our behalf under appropriate data processing agreements

  • Professional advisers (e.g. lawyers, accountants) bound by confidentiality obligations

  • IT and cloud service providers who host or support our systems, acting as data processors under our instruction

All third parties are required to handle your data in accordance with UK GDPR.

7. International Transfers

Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as the UK's International Data Transfer Agreement (IDTA) or transfers to countries with an adequacy decision from the UK Secretary of State.

8. How Long We Keep Your Data

We retain personal data only for as long as necessary:

  • KYC/AML documents (including passport copies and proof of address): retained for a minimum of 5 years from the end of our business relationship, as required by the Money Laundering Regulations 2017

  • Client and contractual records: 6 years following the end of the engagement, in line with the Limitation Act 1980

  • Website analytics data: up to 26 months

  • Marketing preferences: until you withdraw consent or request erasure

9. Your Rights

Under UK GDPR, you have the following rights:

  • Right of access – to request a copy of the personal data we hold about you

  • Right to rectification – to have inaccurate data corrected

  • Right to erasure – to request deletion of your data in certain circumstances

  • Right to restriction – to ask us to limit how we use your data

  • Right to data portability – to receive your data in a structured, machine-readable format

  • Right to object – to object to processing based on legitimate interests or for direct marketing

  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact our DPO: [email protected]

We will respond within one calendar month. There is no charge for most requests, though we may charge a reasonable fee for manifestly unfounded or excessive requests.

Please note: some rights are subject to limitations where we have overriding legal obligations — for example, we cannot erase KYC/AML records before our statutory retention period has elapsed.

10. Cookies

Our website (otterbearadvisory.com) may use cookies and similar tracking technologies for analytics and functionality purposes. You can control cookie preferences through your browser settings or our cookie consent tool. For full details, please see our Cookie Policy.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include encrypted data storage, access controls, and regular security reviews. In the event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and you without undue delay.

12. Complaints

If you are unhappy with how we handle your personal data, please contact us in the first instance at [email protected].

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk

  • Helpline: 0303 123 1113

  • ICO reference for Otterbear Advisory Ltd: ZC105488

13. Changes to This Policy

We may update this Privacy Policy from time to time. The current version will always be available at otterbearadvisory.com. Where changes are material, we will notify you by email or a prominent notice on our website.

14. Contact Us

For any queries about this Privacy Policy or how we handle your data:

Otterbear Advisory Ltd Star House, 8 Star Hill, Rochester, England, ME1 1UX

DPO: Jamie Jarrett Email: [email protected]

Website: otterbearadvisory.com