3 Margaret Square, Hill Street, Newry, BT34 1JA
+44 (0) 28 3025 7000

Privacy Statement

About us
Shelbourne Financial Solutions Ltd (also referred to as “SFS”, “we”, “us”, or “our”) are a registered
company in the UK (company registration number NI 633778).

Our registered address is:
67/69 Hill Street
Newry,
Co Down,
BT34 1DG

Update
This privacy statement was last updated Thursday 30th Septmeber 2023.

SFS keep this privacy statement under regular review and may update it on occasion without notice.
Please refer to this document periodically to make sure you are happy with any updates that SFS may
have made.

Purpose of this statement
This statement is designed to help you understand what kind of information SFS collect in connection
with our products and services, as well as, how we will process and use this information. In the
course of providing you with products and services, we will collect and process information that is
commonly known as personal data.

This statement describes how we collect, use, share, retain and safeguard personal data.

This statement also sets out your individual rights, which we explain later; these rights include your
right to know what data is held about you, how this data is processed, and how you can place
restrictions on the use of your data.

Data Controller

Shelbourne Financial Solutions Ltd
3 Margaret Square
Newry
BT34 1JA
Tel: 028 3025 7000
Email: info@shelbournefinancial.com

What is personal data?
Personal data is information relating to an identified or identifiable natural person. Examples include
an individual’s name, age, address, date of birth, gender and contact details.

Personal data may contain information which is known as special categories of personal data. This
may be information relating to an individual’s health, racial or ethnic origin, political opinions,
religious or philosophical beliefs, trade union membership, genetic and biometric data, or data
relating to sexual orientation.

Personal data may also contain data relating to criminal convictions
and offences. For the purposes of safeguarding and processing criminal convictions or offences
responsibly, this data is treated in the same manner as special categories of personal data, where we
are legally required to comply with specific data processing requirements.

What data we collect
For SFS to provide you with our services as an MSB (Money Service Business) and a SPI (Small
Payment Institution), we will collect and process personal data about a person that is specifically
identifiable such as name, address, email, telephone number and details of financial affairs.

This is collected alongside KYC (Know Your Customer) documentation of ID, proof of address, bank/credit
card statement, invoices, or all possible documentary evidence for any underlying transaction its
source of funds and/or the reason for transaction.

You may provide SFS with personal data when signing up to our services, through application forms,
when completing contact forms, when you contact us via the telephone, when writing to us directly
or we complete forms in conjunction with you.

We may also need to collect personal data relating to others when providing you with our products
and/or performing due diligence checks, in most circumstances you will provide us with this
information.

Where you disclose the personal data of others, you must ensure that you are entitled
to do so. We may also collect personal data from publicly available sources (e.g. the internet) which
is lawfully obtained and is available with permission.

What data is used for
The processing and screening of data is carried out for identity verification, anti-fraud, anti-money
laundering, counter -terrorist financing measures and crime prevention/prosecution. CCTV
surveillance is used to gather evidence in the event of a robbery, to prevent financial crime, and
identify any person suspected of criminal activity.

It may also be used as evidence in a legal claim or
as a defence in the event of a litigation. Call tracking/recording and website marketing attribution is
used to monitor customer enquiries, analyse customer orders, and overall review the most effective
avenues in which customers can contact us or place an order.

Additionally, to the above, personal contact information provided by you may also be used by us to
provide you with further news and information about the services and initiatives that are available.
Lastly SFS reserves the right to use your data to contact you should there be any issue with your
payment.

In accordance with the Data Protection Act 2018 and GDPR; SFS applies the following lawful bases for
processing your personal data.

1) Processing is necessary for compliance with our legal obligation to which we are subject
2) Legitimate Interests: processing is necessary for our legitimate interests or the legitimate
interests of a third party, provided that individual data subject rights are not overriding

SFS is legally obligated to gather and use certain information when entering into a business
relationship with another company. These can include customers, suppliers, business contacts,
employees, and other people the company has a business relationship with or may need to contact.
As a financial institution, we are required to conform to all laws of the UK and EU regulations
(wherever applicable). Further, we are guided by the regulatory bodies such as HMRC, the Financial
Conduct Authority (FCA) and the Information Commissioner`s Office (ICO).
Marketing

If you register with SFS you will be asked to provide your email address on our registration form. This
information may be used to contact you about offers, products or services provided by us which we
believe may be of interest to you. If you do not wish to receive any further information, there is an
unsubscribe option in our emails which will cancel any further correspondence. SFS will never
contact you via post, telephone, or any other mediums of communication for marketing purposes
other than email.

SFS also perform market research using an external, visitor level call tracking and online marketing
attribution vendor.

Obligation of customers to provide data

SFS is statutorily obligated by UK and EU legislation to verify the identity of its customers, and by
extension request identifying documentation before entering into a business relationship. If you
refuse to provide us with the necessary information and/or documentation when asked, then by law
we will not be allowed to carry out any transactions with you or establish any type of business
relationship.

Data protection risks
This policy is here to make sure that SFS is compliant with the law and provide protection from

possible security risks such as:
• Breaches of confidentiality – Information being inappropriately released
• Reputational damage – Hackers gain access to company’s computer systems and acquire
sensitive data
• Fraud – Sensitive data used by an individual to commit fraud

Responsibilities
All employees of SFS have a responsibility for ensuring that all data collected is stored and handled in
accordance with the Data Protection Act 2018, GDPR and PSD2. The senior members of staff will have
a larger responsibility of not only the handling the data, but also making sure all employees, systems,
services, and equipment meet acceptable security standards.

General staff guidelines
• All data collected is for SFS to remain compliant with AML and CTF regulations, only staff
members who require this data have access to the systems
• All data is considered confidential, employees need to share data in order to be able to work
effectively; however, data is not to be shared informally or outside of the company
Shelbourne Financial Solutions Ltd Privacy Statement v1.7 4
• All employees receive compliance training when they first join, as well as annual refresher
training which includes the responsibilities of handling data
• No data should be taken, emailed, or posted outside the office and under no circumstances
should the company website be accessed by any other computer other than one belonging
to SFS or its contractors
• All authorised staff are trained in confidentiality and the handling of personal data adhering
to an internal data protection policy, as well as, signing an NDA

Protecting your data
SFS will take all appropriate technical and organisational steps to protect the confidentiality, integrity,
availability, and authenticity of your data, including when sharing your data within our group of
companies, and authorised third parties.

Statement scope
This statement applies to:
• All branches of SFS
• All staff of SFS
• All contractors, suppliers and other people working on behalf of SFS

Information sharing
SFS does not share your information with any unauthorised parties under any circumstances; nor will
it be sold, rented, or loaned to any third parties. Certain systems that SFS use for data storage are not
maintained in house, but rather outsourced to our IT specialists and web administrators; some of the
data may not be stored on site, but is accessed via the company website, or uploaded onto the cloud
each evening for retrieval in the event of data loss/damage; all data stored off site is encrypted and
only accessible to SFS.

Any vendor that deals with our data undergoes a Data Protection Impact
Assessment (DPIA) for verification purposes and will be evaluated annually.
SFS uses collected data alongside an electronic identity verification software, and in conjunction with
credit reference agencies to carry out regulatory compliance checks, this software is hosted by one of
the world’s leading risk management service providers.

Credit reference agencies may place a search
‘footprint’ on the electronic file of the subject and their personal details may be accessed by third
parties for the specific purpose of anti-money laundering, credit assessment, identity verification, debt
collection, asset reunification, tracing, and fraud prevention; please note that these ‘footprints’ have
no effect on your credit rating.

Checks may also be used in conjunction with our internal monitoring,
and customers may on occasion be checked if their transactions are under due diligence amounts;
these spot checks are at random with the sole goal to monitor our risk-based approach and determine
if transaction limits need to be moved.

Disclosing data
On occasion the Data Protection Act 2018 obligates us to disclose personal data with law
enforcement agencies for crime prevention/detection, statutory authorities (HMRC, FCA and ICO),
and government bodies provided that individual data subject rights are not overriding. Data may also
be used in a legal claim or defence for any possible litigation.

SFS as a regulated MSB is subject to compliance reviews from either its statutory regulators or its
wholesalers. During these reviews we are obliged to allow them access to our systems to
demonstrate our due diligence processes, as well as any data/documentation we have on randomly
selected customers.

These reviews are for both our statutory regulators and wholesalers to make
certain that SFS is consistently upholding to UK and EU regulations.

Both our regulators and wholesalers are held accountable to the Data Protection Act 2018, GDPR, PSD2 and all other UK/EU
legislation regarding data protection.

Data accuracy
AML and CTF regulations state that all data handled and stored by SFS must be as accurate as
possible. To make sure that SFS is as accurate as possible with customer data the following guidelines
have been put in place:
• Data should be reviewed regularly to make certain that it is accurate
• It has been made easy for customers to update us on any changes
• Customer files are updated upon discovery

Data retention period
In compliance with HMRC Money Laundering Regulations 2017, all data stored for the reason of
compliance must be retained for no less than five years from either the last transaction or end of
business relationship. However, unless requested otherwise this data may be stored for longer as
part of a customer’s outgoing record.

If a customer enacts their ‘right to erasure’, their data will be
moved to a secure, access controlled server where it will be deleted after the five year period.

Disposing of data
Upon disposal, all soft data is deleted, and all documents/hard data is shredded by SFS staff in house
or by a professional shredding service under the supervision of SFS staff, after which a certificate will
be obtained.

Your Individual Rights

Individuals are provided with legal rights governing the use of their personal data. These grant
individuals the right to understand what personal data relating to them is held, for what purpose,
how it is collected and used, with whom it is shared, where it is located, to object to its processing,
to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its
processing. Individuals can also request the deletion of their personal data.

These rights are known

as ‘Individual Rights’ under GDPR which are as follows:
• The right to be informed about the personal data being processed
• The right of access to your personal data
• The right to object to the processing of your personal data
• The right to restrict the processing of your personal data
• The right to rectification of your personal data
• The right to erasure of your personal data
• The right to data portability (to receive an electronic copy of your personal data)
• Rights relating to automated decision making including profiling

Customers can exercise their individual rights at any time, as mandated by law, SFS will not charge a
fee to process these requests; however, if your request is considered to be repetitive, wholly
unfounded and/or excessive, we are entitled to charge a reasonable administration fee.

In exercising your individual rights, you should understand that in some situations SFS may be unable
to fully meet your request, for example if you make a request for us to delete all your personal data,
we may be required to retain some data for taxation, prevention of crime and for regulatory and
other statutory purposes.

The flow of data within SFS can be complex and we ask you to keep this in mind when exercising your
‘right of access’ to your information. The full collection of any data we hold on you may take some
time to gather, depending on how much of your data we have on our systems; additionally, SFS may
be reliant on other organisations to help satisfy your request and this may impact on timescales.

Children
SFS will not deal with anyone under the age of 16 years and will not collect or maintain the data of
anyone under that age.

Data Protection Officer
To comply with our legal obligations and to ensure data privacy and protection has appropriate focus
within our organisation, we have nominated a Data Protection Officer who reports to our senior
management team.

How to contact us
If you have any questions regarding this statement, the use of your data, require further information
on your individual rights, or you wish to exercise these rights, please contact our Data Protection
Officer on the details below:

Peter Creegan
3 Margaret Square,
Newry,
BT34 1JA
Tel: 028 3025 7000
Email: info@shelbournefinancial.com

Complaints
If you are dissatisfied with any aspect of the way in which we process your personal data, please
contact our Data Protection Officer on the details above.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), our
regulatory authority regarding data security, please find their details below.

Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
SK9 5AF
Tel: 030 3123 1113
Shelbourne Financial Solutions Ltd Privacy Statement v1.7 7
Email: registration@ico.org.uk
Website: https://ico.org.uk/concerns/

Regulatory Authorities
SFS is regulated by the following statutory authorities:
• HM Revenue & Customs Registration No. XEML00000178708
• FCA Authorisation No. 757069
• Information Commissioner’s Office Registration No. ZA194304