London Skyline with square mile South and West London Aerial View

Guest City Consulting – Privacy Policy

Guest City Consulting (“GCC” or “we”) provides services to businesses in the financial services and property sectors. It has its office at 155 Sheen Road, Richmond, Surrey, TW9 1YS.

GCC is a Data Controller under the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This Privacy Policy describes how we use your personal information and for which purpose. There may be times when we use your information for reasons not set out herein, in which case we will clearly explain the reason(s) for doing so at the time of collecting the data.

The collection and use of your personal information will depend on the particular relationship and arrangements in place between GCC and yourself. We would only use and share information where it is necessary for GCC to meet its legitimate interests as described below.

I. Security

The protection of personal data is a fundamental right. Access to this information is limited and we have systems and procedures in place to protect this information and keep it confidential. We monitor and revise the appropriateness of these security measures on a regular basis.

We process personal data in relation to:
• _Staff,
• _Consultants and Service Providers,
• _Business Contacts,
• _Corporate Clients

and the individuals associated with these entities.

II. What type of personal data is collected and processed by GCC, and on what basis?

We limit the collection of personal data to information which we can process pursuant to a lawful basis, namely a contractual necessity, a legal obligation, to meet GCC’s legitimate interests or express consent (where applicable). Depending on the nature of GCC’s relationship with you and the purpose for collecting the information in accordance with the data policy below, personal data may include:
• _Name,
• _Date of birth,
• _Contact details (work/personal email address, mobile or telephone numbers)
• _Work/home address,
• _Financial information such as bank account information, income and savings,
• _Source of wealth,
• _Whether the individual is a politically exposed person or not,
• _Education and employment information,
• _Photographic representations (through passport copies and other types of identification paperwork),

Unless required to do so under specific regulation or for a particular purpose not already described in this Privacy Policy, we collect or process limited special categories of personal data, which would include information on racial or ethnic origin, political opinion, religion or beliefs, trade union membership, genetic or health status or sexual orientation or biometric.

a. Staff

We collect personal information on our employees, interns, prospective employees and other staff for the purpose of administering payroll, meeting GCC’s regulatory requirements and/or managing the business. For further information, members of staff should refer to GCC’s Compliance Manual.

b. Consultants and Service Providers

GCC enters into contracts to receive or provide professional services from/ to various consultants and third-party entities. At the start and throughout the duration of the contractual arrangement, we collect personal information on the directors, persons with significant control, signatories and other officers and beneficial owners of the relevant business and any of its associated companies, as applicable and in accordance with the laws and regulations. We collect and process this information to meet GCC’s business and contractual obligations under the various contracts.
GCC is also subject to applicable laws and regulations. For example, we need to carry out anti-money laundering checks on a company’s executives prior to initiating a business relationship with a new corporation. The personal data mentioned above forms part of these records.
Overall, personal data belonging to Consultants and/or individuals associated with Services Providers is used to:
• _meet contractual obligations and other arrangements,
• _operate, evaluate and improve GCC’s business,
• _carry out auditing, accounting and other internal functions,
• _meet due diligence requirements and exercise fraud prevention,
• _monitor compliance with applicable laws and regulations,
• _maintain GCC’s security procedures, and
• _comply with applicable laws and regulations.

c. Business Contacts

GCC maintains records of the names, work emails, telephone numbers of individuals from within the financial services industry. We collect this information directly from the individuals concerned who willingly provide their details to us during conferences, networking events, private meetings and/or through our existing relationships. Alternatively, we use resources publicly available online, such as company or association websites.


We process this information:
• _to set up meetings and assess potential interest in relation to a particular business arrangement under consideration,
• _to operate, evaluate and improve GCC’s business,
• _to carry out auditing, accounting and other internal functions,
• _to prevent fraud,
• _to monitor compliance with applicable laws and regulations,
• _to carry out security maintenance over GCC’s systems, and
• _to comply with applicable laws and regulations.

Whilst processing this information does not override your rights, we have a legitimate interest in using it as it could potentially assist GCC to further develop its business, raise interest from professional investors, increase its assets under management and keep existing investors and other interested parties appraised of new developments.

d. Corporate Clients

GCC’s client-base is composed of Professional Clients. Most of them are corporate entities. We therefore collect and process personal data on the individuals associated with GCC’s corporate clients.

Due to the legal requirements, we ask to see certified copies of passport and other identification documents. Personal data collected for this purpose includes date of birth, place of birth, passport number and home address. Data collection also includes contact details (telephone/mobile numbers, email addresses, office address).
The processing of this information is to:
• _meet contractual obligations and other arrangements,
• _operate, evaluate and improve GCC’s business,
• _carry out auditing, accounting and other internal functions,
• _meet due diligence requirements and exercise fraud prevention,
• _monitor compliance with applicable laws and regulations,
• _maintain the firm’s security procedures, and
• _comply with applicable laws and regulations.

Any information we process for our clients is to meet out professional services.

e. Visitors to GCC’s Website

GCC uses cookies on its website, which records IP addresses, date, time, page visited and the duration of the visit on the site. This type of data is limited and only used for system administration and statistical purposes to evaluate and manage the use of our website.
Overall, we may collect and use personal information in other ways than the ones described above. However, we will provide specific notice at the time of collecting the relevant data and request express consent, if applicable. If we decide to change the purpose for which your data is processed and we do not believe that you would expect the use of your information for such a purpose, we would contact you in advance to notify you of the change.

III. How does GCC obtain Personal Data?

We collect personal data in a number of ways:
• _information provided directly from the individual,
• _information received from third-party suppliers in relation to services, including but not limited to fraud prevention or employment or other background checks,
• _data collected automatically from GCC’s systems when someone visits the firm’s website,
• _from publicly available sources, such as company websites, press and online engines.

IV. Transferring Information Overseas

Personal data stored locally is held at GCC’s registered office. Electronically-stored information may be transferred overseas as the firm’s clients are based outside of the European Economic Area (which includes countries in the European Union, as well as Iceland, Liechtenstein and Norway). When such transfers take place, we ensure to transfer the information to:
• a country or organisation which has been categorised as adequate by the European Commission and/or meets the same standards of data protection as the UK, or
• an organisation pursuant to a contract between GCC and the third-party on terms that contain data privacy provisions approved by the European Commission.


V. Sharing Information with Third Parties

We share personal data with third parties pursuant to the legitimate interests or contractual obligations described above unless we are required to do so by law, in connection with any legal proceedings or in response to an enforcement action or investigation carried out by an authority or regulator. We do not transfer such information to third parties for their own marketing purposes without requesting your express consent. We do not sell or buy personal data from other providers.

VI. How long will the information be stored?

We retain the personal data for as long as it is considered necessary for the purpose for which it was collected, subject to the applicable laws and regulations. The retention period is determined on the type of information, the nature of the activity and the rules and regulations applicable at the time. In general, we have policies and procedures in place to keep records for up to seven years.

We may have to retain personal data for longer periods, especially were the firm has been ordered to withhold destruction of the information by the Courts, the regulator or other enforcement agency as evidence.

VII. What are your rights?

Should you wish to contact us in relation to any of your rights under the GDPR, you can either write to GCC’s registered office address as 155 Sheen Road, Richmond TW9 1YS, UK, or send an email to info@guestcityconsulting.co.uk quoting GDPR in the subject heading.


Irrespective of the nature of your GDPR request, we will respond to you within 30 days of receipt of your initial notification to confirm whether we can take any action. If we believe that we have good grounds not to meet your request, we will notify you and explain the reasons for not doing so.

a. The right to access your data

If you would like to receive a copy of the personal information that we hold on you, you can contact us as per the above instructions. We may need to verify your identify before we can take any further steps in response to your request.

b. The right to rectify your data

If you believe that GCC holds inaccurate information on you, you can request us to rectify and update it. We may have to withhold the processing of your personal data until the new information has been verified and updated on GCC’s systems.

c. The right to erase your data

If you believe that GCC is processing your data unlawfully, at a time when it no longer needs to or for the purpose for which it was provided, you can request for your personal data to be erased. However, this request is not absolute under the GDPR and depending on the circumstances, GCC may not be able to meet your request.

d. The right to restrict the processing of your data

You may wish to ask GCC to limit the processing of your data if you believe that the information is being unlawfully processed and/or we no longer need it for a particular purpose. This request is not absolute under the GDPR and GCC’s ability to meet it will depend on the circumstances.

e. The right to data portability

You have the right to receive a copy of the personal data that GCC holds on you, and/or ask us to transfer your personal data to someone else. Either way, we will seek to provide you with the information on a portable format which is safe and machine-readable.

f. The right to object to the processing of your data and/or direct marketing

You have the right to object to the processing of your personal data by GCC. However, please note that this right is not absolute as we may be processing your information for contractual, legal obligations or for legitimate reasons. It is therefore subject to certain record-keeping requirements. Applicable laws and regulations may restrict our ability to meet any request to stop processing your information. Should wish you to notify us of such a request, please contact us using the details set out above. In the event that we rely on your permission to use your information for a particular purpose, you retain the right to withdraw your consent at any time.

g. The right to withdraw your consent

As set out in this Privacy Policy and depending on the nature of our relationship with you, GCC relies on its legitimate interests in order to process personal information. We do not rely on express consents as defined under the GDPR. However, should you wish to act on your right to object to the processing of your data for direct marketing, you can send us your request and we will stop using your data for that purpose.

h. The right to lodge a complaint with the regulator

Should you wish to complain about the way we use your personal data or handled your request pursuant to your rights under the GDPR, please contact our Data Compliance Officer in the first instance. He will investigate the matter and aim to address your concerns. You can also lodge a complaint with the Information Commissioner’s Office (ICO). For more information, please visit ico.org.uk.

Contact Information
If you have any questions in relation to this Privacy Policy or how GCC processes personal data, please contact our Data Compliance Officer at:

Guest City Consulting
155 Sheen Road
Richmond, Surrey,
TW9 1YS

T: +44 (0) 208 940 6922

Guest City Consulting - Privacy Policy with effect from 1 February 2023