This notice explains how Harwick Intelligence collects and uses personal information. It is written in plain English and follows the requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Who we are
Harwick Intelligence is the data controller for the personal information described in this notice. Our postal address is:
Harwick Intelligence
275 New N Rd
#3293
London, N1 7AA
If you have a question about this notice or how we handle your personal information, please contact us.
Information we collect
The personal information we collect depends on how you interact with us. Broadly, we collect:
- Information you give us when you make an enquiry — such as your name, organisation, email address, telephone number, and a description of the matter you wish to discuss.
- Information you give us when we are instructed — including any documents, correspondence, photographs, or other material you provide for the purposes of the investigation.
- Information about subjects of investigation — where we are instructed to investigate a third party, we will process personal information about that individual to the extent necessary and proportionate to the investigation.
- Information collected during an investigation — observation logs, photographs, video, and information obtained from open sources, public records, and other lawful means.
- Information about your use of our website — limited technical information collected automatically by our hosting provider for security and reliability purposes.
How we use your information
We use personal information for the purposes set out below. The lawful basis on which we rely under the UK GDPR is shown alongside each purpose.
- To respond to enquiries — legitimate interests (responding to a request you have made).
- To deliver investigation services to clients — performance of a contract with you, or where instructed by an organisation, the legitimate interests of that organisation as our client.
- To process information about subjects of investigation — legitimate interests of our client, balanced against the rights and freedoms of the subject. We carry out a documented legitimate interests assessment for each engagement.
- To meet our legal and regulatory obligations — including obligations under the Proceeds of Crime Act 2002, anti-money-laundering legislation, and tax law.
- To establish, exercise, or defend legal claims — legitimate interests in protecting our position.
Who we share your information with
We do not sell personal information. We share information only where it is necessary for the purposes set out above, including:
- With our client and their advisers, where you are the subject of an instructed investigation;
- With your solicitor or other professional advisers, where you have asked us to do so or where you have instructed us through them;
- With law enforcement, regulators, or other authorities where we are required to do so by law (including any obligations to file Suspicious Activity Reports under the Proceeds of Crime Act 2002);
- With our service providers (such as our IT and hosting providers) who process personal information on our behalf and under written instructions.
How long we keep your information
We retain personal information only for as long as necessary for the purposes for which it was collected. In practice this means:
- Enquiries that do not lead to instruction — typically retained for up to 12 months, then securely destroyed.
- Investigation case files — typically retained for six years from the conclusion of the engagement, in line with limitation periods under English law and the requirements of insurers and regulators. Specific retention periods are set out in our engagement letter.
- Records required by law — retained for the period required (for example, tax records for six years from the end of the financial year).
International transfers
We aim to keep personal information in the United Kingdom or the European Economic Area. Where information must be transferred outside these areas (for example, to a service provider), we will ensure that an appropriate transfer mechanism is in place — such as an adequacy regulation or the UK International Data Transfer Agreement.
Your rights
Under the UK GDPR you have a number of rights in relation to your personal information. These include:
- The right to be informed about how your information is used (this notice);
- The right of access to the personal information we hold about you;
- The right to have inaccurate personal information corrected;
- The right to have personal information erased in certain circumstances;
- The right to restrict processing in certain circumstances;
- The right to object to processing carried out on the basis of legitimate interests;
- The right to data portability in certain circumstances.
Some of these rights are not absolute and may be subject to exemptions, particularly where complying with a request would prejudice an ongoing investigation or interfere with the rights of others. The Data Protection Act 2018 contains specific provisions for circumstances of this kind.
To exercise any of these rights, please contact us.
Cookies
This website does not use tracking cookies, advertising cookies, or third-party analytics that profile visitors. Limited technical information may be processed by our hosting provider for security and reliability purposes.
How to complain
If you are unhappy with how we have handled your personal information, please contact us first so that we have an opportunity to put things right. You also have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection.
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk ↗
Changes to this notice
We may update this notice from time to time to reflect changes in our practices, the law, or guidance from the ICO. The version date at the top of this page indicates when the notice was last reviewed.