Privacy policy.

1. Introduction

Jones Croft Capital Management Ltd (“Jones Croft”, “the firm”, “we”, “us”) protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information collected

2.1 Identity and contact

• Full name and contact details (email, phone, postal address).
• Date of birth and nationality.
• Tax identification numbers and tax-residency status.
• Employment status and source of wealth information.
• Identity verification documents (passport, driving licence, utility bills).

2.2 Financial

• Mandate and fee-tier selection.
• Subscription amount and transaction history.
• Account balance and performance.
• Bank details used for capital transfers and redemptions.

2.3 Technical

• IP address, device information and browser type.
• Dashboard sign-in activity and access logs.
• Audit-trail records of any action taken in the client dashboard.

3. How the firm uses your data

3.1 Service provision

• Processing subscriptions, redemptions and transfers.
• Managing the client account and providing dashboard access.
• Issuing monthly statements and performance reports.
• Responding to client questions and requests.

3.2 Legal obligations

• Anti-money-laundering (AML) checks.
• Know-your-customer (KYC) verification.
• Tax reporting required by HMRC.
• Responding to lawful requests from regulatory or law-enforcement bodies.

3.3 Legal basis for processing

• Contractual necessity. To perform the subscription agreement.
• Legal obligation. To meet AML, KYC and tax requirements.
• Legitimate interests. To communicate about the firm and improve its services.
• Consent. For any marketing communications, which you may withdraw at any time.

4. Data sharing

4.1 Service providers

• Independent brokers and custodians (for trade execution and custody of client capital).
• Accountants and auditors.
• Technology providers (dashboard hosting, email delivery, identity verification).
• Legal advisors.

All service providers are bound by written contracts requiring them to process personal data only as instructed and in compliance with applicable data-protection law.

4.2 Regulatory and legal disclosures

The firm may be required to disclose personal data to HMRC or to other public bodies where a lawful obligation exists.

5. Data security

• Encryption in transit (TLS 1.3) and at rest (AES-256).
• Multi-factor authentication for all dashboard sign-ins from new devices.
• Role-based access controls with principle of least privilege.
• Comprehensive logging of system access and data changes.
• Incident response procedures with prompt client notification if a breach occurs.

No system is entirely secure. The firm cannot guarantee absolute security, but commits to reasonable and proportionate controls.

6. Data retention

Personal data is retained for as long as necessary to:

• Maintain the client account while the client remains active.
• Meet regulatory retention requirements (typically six years after account closure).
• Resolve disputes and enforce the firm’s agreements.
• Meet tax and audit obligations.

After those periods have elapsed, personal data is securely destroyed.

7. Your rights

Under UK GDPR you have the right to:

• Access. Request a copy of your personal data.
• Rectification. Correct inaccurate or incomplete data.
• Erasure. Request deletion, subject to legal obligations that may require retention.
• Restriction. Limit how the firm uses your data.
• Portability. Receive your data in a structured, machine-readable format.
• Objection. Object to processing based on legitimate interests.
• Withdraw consent. Where processing is based on consent.

To exercise any of these rights, email dpo@jonescroft.com. The firm will respond within one calendar month.

8. Cookies

The website uses essential cookies required for functionality and analytics cookies to measure usage. Cookie preferences can be managed through your browser. The client dashboard requires functional cookies to operate and cannot be used without them.

9. International transfers

Personal data is stored and processed within the United Kingdom and European Economic Area. Where a transfer outside these jurisdictions is necessary, the firm relies on UK Information Commissioner’s Office-approved transfer mechanisms.

10. Changes to this policy

The firm may update this policy from time to time. Material changes will be communicated to active clients by email. The “Last updated” date at the top of this page indicates when changes were last made.

11. Complaints

If you have concerns about how the firm handles your personal data, please contact dpo@jonescroft.comfirst. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.

12. Contact