Privacy Policy

Last updated: December 2024

1. Introduction

Black Diamond Investment Bank Limited, Black Diamond Brokers Limited, BDIB Global LLP, and associated entities (collectively "Black Diamond Group", "we", "us", or "our") are committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are

Black Diamond Investment Bank Limited is the data controller responsible for your personal data. Our registered office is in the United Kingdom. For data protection enquiries, please contact:

  • Email: legal@bdibglobal.com
  • Post: Data Protection Officer, Black Diamond Investment Bank Limited, United Kingdom

3. What Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Identity and Contact Information

  • Full name, date of birth, nationality
  • Contact details (email, phone, address)
  • Job title, employer, business details
  • Identification documents (passport, driving license, national ID)

3.2 Financial and Transaction Information

  • Bank account details, payment information
  • Financial statements, credit reports, proof of funds
  • Transaction history, invoices, contracts
  • Credit and risk assessment data

3.3 Corporate and Beneficial Ownership Information

  • Company incorporation documents, shareholders registers
  • Beneficial ownership information (persons with 25%+ ownership or control)
  • Director and officer details
  • Corporate structure charts and group relationships

3.4 Due Diligence and Compliance Information

  • Source of funds and source of wealth information
  • Sanctions screening results
  • Politically Exposed Person (PEP) status
  • Adverse media checks and financial crime risk assessments

3.5 Technical and Usage Data

  • IP address, browser type, device information
  • Website usage data, cookies, and analytics
  • Email open and click-through rates (for business communications)

4. How We Collect Personal Data

We collect personal data through:

  • Direct interactions: When you contact us, submit enquiry forms, request services, or enter into contracts
  • Client onboarding: KYC and AML documentation submitted as part of client due diligence
  • Third-party sources: Credit reference agencies, sanctions databases, corporate registries, banking partners
  • Public sources: Companies House, business registers, news media, LinkedIn and professional networks
  • Automated technologies: Website cookies, server logs, email tracking

5. How We Use Personal Data

We process personal data for the following purposes:

5.1 Contractual Performance

  • To provide financial services, execute transactions, and perform contracts
  • To issue financial instruments, arrange credit facilities, and coordinate settlements
  • To communicate with you about services, transactions, and account management

5.2 Legal and Regulatory Compliance

  • To comply with anti-money laundering (AML) and counter-terrorism financing (CTF) obligations
  • To conduct Know Your Customer (KYC) checks and customer due diligence
  • To screen against sanctions lists (OFAC, EU, UN, UK HM Treasury)
  • To fulfill reporting obligations to regulators and law enforcement
  • To respond to court orders, subpoenas, and legal requests

5.3 Legitimate Business Interests

  • To assess creditworthiness and manage credit risk
  • To prevent fraud, financial crime, and unauthorized transactions
  • To improve our services, website, and customer experience
  • To conduct business analytics and market research
  • To manage our business operations, IT systems, and security

5.4 Consent (where applicable)

  • To send marketing communications about our services (you may withdraw consent at any time)
  • To use non-essential cookies for analytics and marketing purposes

6. Who We Share Personal Data With

We may share personal data with the following categories of recipients:

  • Banking partners: Issuing banks, correspondent banks, custodian banks for transaction execution
  • Insurance companies: Credit insurers, surety providers, underwriters
  • External advisors: Legal counsel, auditors, tax advisors, compliance consultants
  • Credit reference agencies: For credit checks and risk assessment
  • Sanctions screening providers: For compliance with AML/CTF regulations
  • Regulatory authorities: FCA, HMRC, National Crime Agency, OFAC (as legally required)
  • Professional service providers: IT service providers, cloud hosting, data processors

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

7. International Transfers

Some of our external service providers and banking partners are based outside the UK and European Economic Area (EEA). Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO)
  • Transfers to countries deemed to have adequate data protection laws
  • Binding Corporate Rules or other approved transfer mechanisms

8. Data Security

We have implemented appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption of data in transit and at rest
  • Secure access controls and authentication mechanisms
  • Regular security audits and penetration testing
  • Employee training on data protection and information security
  • Incident response and data breach notification procedures

9. Data Retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, including:

  • Client data: 7 years from end of relationship (to comply with AML/CTF record-keeping requirements)
  • Transaction records: 7 years from completion of transaction
  • Marketing data: Until consent is withdrawn or data becomes out-of-date
  • Website analytics: 26 months (or as configured in analytics platform)

After the retention period, personal data is securely deleted or anonymized.

10. Your Rights

Under UK GDPR, you have the following rights:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your data (subject to legal retention requirements)
  • Right to restrict processing: Limit how we use your data in certain circumstances
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests or for marketing purposes
  • Right to withdraw consent: Where processing is based on consent, you may withdraw at any time

To exercise your rights, please contact us at legal@bdibglobal.com. We will respond within one month.

11. Cookies and Tracking

Our website uses cookies to improve functionality and analyze usage. You can control cookie preferences through your browser settings. For more information, see our Cookie Policy (available on request).

12. Complaints

If you have concerns about how we handle your personal data, please contact us at legal@bdibglobal.com. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

13. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website with the "Last updated" date. Significant changes will be communicated to clients directly.

14. Contact Us

For questions about this Privacy Policy or our data protection practices, please contact:

  • Email: legal@bdibglobal.com
  • Phone: +44 (0)20 7175 2025
  • Post: Data Protection Officer, Black Diamond Investment Bank Limited, United Kingdom
← Back to Home