Privacy policy

Cresco Capital Limited Privacy Policy

References in this privacy policy to “we”, “us” and “our” mean Cresco Capital Limited, a company registered in England and Wales under company number 6935007 and registered office at 100 Westleigh Avenue, London SW15 6UZ

We respect your privacy and are committed to protecting your personal data in accordance with the applicable data protection laws, including the General Data Protection Regulation and the Data Protection Act 2018. This privacy policy explains how and why we collect personal data about you and how we use it.

This privacy policy applies to the visitors to our website (“Website”). References to “you” and “your” mean references to you including any of your authorised representatives and any visitors to our Website, any other recipient of our services or our business contacts.

  1. Our role

Our website is primarily visited by investors, independent financial advisers and investment product providers. Our role is not limited to simply passing on information from one user to the other.

  1. Personal Information we collect
    • If you are an investor, we may collect information about you which will include the following:
      • Profile data: This will include information you provide to us when completing a registration process or any other forms on the Website from time to time. This could include (but is not limited to) your name, date of birth, postal address, phone number, email address and certain tax and regulatory information. We only request and collect profile data that is necessary for us to process in order to operate and facilitate any investment applications you choose to make.
      • Financial data: We will collect from you financial information such as bank account details, credit history and reports. We only request and collect financial data that is necessary for us to process in order to facilitate investment applications investors choose to make.
      • Transaction data: Details about payments to and from you in relation to your investment activity.
      • Personal information provided by third parties: Occasionally we may receive information about you from other sources (such as credit reference agencies), which we will add to the information we already hold about you in order to help us comply with our regulatory obligations. In certain circumstances we may be required to carry out enhanced due diligence checks to comply with our obligations under the Money Laundering Regulations 2017. These enhanced checks may reveal information about criminal convictions or information about an individual’s political opinions and associations and/or other sensitive personal data. We will only collect and process such information to the extent necessary to comply with our regulatory obligations and in accordance with the applicable data protection laws.
    • Contact data: if you contact us via our Website, by telephone or by email, we will collect information necessary to identify you and respond to your query.
    • We may also collect technical data about our users, which includes your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Website. We collect this personal data by using cookies and other similar technologies.
    • Usage data collected by us includes information about how you use the Website and related services.
    • Marketing and Communications data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
    • We also collect, use and share aggregated data such as statistical or demographic data (“Aggregated Data”). Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity, and it cannot be used by us to identify you in any way. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific Website feature.
    • Business contact data: If you are not a user of our Website but we are in contact with you in relation to our offering or we have come into contact with you in the course of our business, we may collect your personal data, such as information printed on your business card or other information you give us, in order to stay in touch with you.
    • Other than information that we may receive as a result of enhanced due diligence checks (see paragraph 2.1(d) above), we do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health or genetic or biometric data), or data relating to criminal convictions and offences.
  2. How we use your personal information
    • We may collect, store and use your personal information for the following purposes:
      • to verify your identity in order to prevent and detect crime and money laundering;
      • to create and manage your account and update the records we hold about you from time to time;
      • to pass onto and liaise with the relevant managers, custodians, investee companies and/or third party identification checking services in connection with your decision to participate in an investment opportunity;
      • to manage investment application process, including payments, fees and charges;
      • to provide and administer our Website and related services;
      • to contact you in relation to the use of our Website, including to provide you reminders on important usage issues, and/or asking you to leave a review or take a survey;
      • to respond to your queries;
      • to detect and prevent fraud;
      • to conduct “know your customer” checks;
      • to carry out anonymised statistical analysis and market research;
      • to fulfil our regulatory duties, including our reporting obligations;
      • to administer our contract with you;
      • to develop and improve our services and products;
      • to notify you about changes to our service, our terms and conditions and this privacy policy;
      • to manage our business, including for accounting and auditing purposes;
      • to maintain our IT systems and manage hosting of our data;
      • to collect and recover money owed to us;
      • to deal with legal disputes involving you, any relevant manager, financial adviser or our suppliers; and
      • to provide you with information, services that you request from us or which we feel may interest you, when you have consented to be contacted for such purposes.
    • We do not sell your data. From time to time, we may send emails containing information about new features and other news about Cresco Capital, such as suggestions and recommendations about similar services we offer, which we think may be of interest to you. This is considered direct marketing. You have the right to stop us from contacting you for these purposes. We will always inform you if we intend to use your personal data for such purposes, or if we intend to disclose your information to any third party for such purposes. You can usually exercise your right to prevent such marketing by checking certain boxes on the forms we use to collect your data. You can also object to our processing of your personal data for such purposes at any time by contacting us at
    • Some of the above purposes for processing will overlap and there may be several grounds which justify our use of your personal information.
    • We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
    • Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
  3. Lawful processing
    • We are required to rely on one or more lawful grounds to collect and use the personal information that we have outlined above. We consider the grounds listed below to be relevant:
      • Legitimate interest: Where applicable law allows us to collect and use personal information for our legitimate interests, and the use of your personal information is fair, balanced and does not unduly impact your rights. We may rely on this ground to process your personal information when we believe that it is more practical or appropriate than asking for your consent. For instance, we rely on the legitimate interest ground to process your personal information in order to protect the security of our networks e.g. when we receive external emails we will scan such emails for any threats. We will also rely on the legitimate interest ground to communicate with you in most instances and if we need to process your personal data to conduct our business in an efficient, compliant and profitable manner. It may also be necessary to process your personal data for legitimate interest of a third party, such as your fund manager or financial adviser.
      • Contractual relationship: Where it is necessary for us to process your personal information in order to perform a contract to which you are a party (or to take steps at your request prior to entering a contract). For instance we will process your personal data in order to enable you to use our Websitel.
      • Legal obligation: Where the processing of your personal information is necessary for us to comply with a legal obligation to which we are subject. This may be the case for example when we process personal data collected by us in order to comply with our obligations under the Money Laundering Regulations 2017.
      • Consent: Where we ask for your consent for our use of your personal information for a specific purpose. You always have the right to withdraw your consent.
    • Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your personal information. Please contact us if you need details about the specific legal ground we are relying on to process your personal information where more than one ground has been set out in the table below.
  4. Will we disclose your personal data to anyone?
    • We may need to share your personal information with third parties such as:
  • our agents and service providers;
  • credit reference agents;
  • any relevant investment manager or financial adviser;
  • our regulators, including the Financial Conduct Authority;
  • law enforcement agencies in connection with any investigation to help prevent unlawful activity; and
  • in the context of the possible sale or restructuring of our business.
    • We require third parties to respect the security of your data and to treat it in accordance with the law. All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information.
    • We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
  1. Keeping your personal data secure
    • We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
    • While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred via the internet. If you have any particular concerns about your information, please contact us.
    • We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
  2. Transfers of your information out of the EEA
    • We may need to transfer your personal data outside the European Economic Area (EEA), for example if one of our suppliers or group companies is located outside the EEA. We will ensure that any transfer of your data will be subject to appropriate safeguards, such as for example a European Commission approved contract (if appropriate) that will ensure you have appropriate remedies in the unlikely event of a security breach.
  3. Data retention
    • We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In accordance with applicable legal and regulatory requirements, we will retain the records relevant to your Cresco Capital account and any activity you have conducted on the Website for a minimum period of six years following the termination of your access to the Website. This period may be extended if required by law, regulatory requirement or by mutual consent between you and us.
    • In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer our customer, we will retain and securely destroy your personal information in accordance with applicable laws and regulations.
  4. Your Rights

Under data protection legislation you have a number of rights in respect of information held about you. These rights are as follows, and can be exercised in accordance with the applicable legislation:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a confirmation from us as to whether we process any of your personal information or not, and if this is the case, to receive a copy of such personal information and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information (often referred to as “the right to be forgotten”). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You can also object to the processing of your personal data when we use it for direct marketing or statistical purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it, or if we no longer need your data for our legitimate interests but we need to hold some of it for the purpose of legal proceedings.
  • Request the transfer of your personal information in a machine-readable format (the data portability right) to either yourself or a third party, provided that the personal information in question has been provided to us by you, and is being processed by us: (i) in reliance on your consent; or (ii) because it is necessary for the performance of a contract to which you are party; and in either instance, we are processing it using automated means.

If you would like to exercise any of the above rights, please:

  • email, call or write to us;
  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill). This is to allow us to verify your identity and prevent disclosure to unauthorised third parties; and
  • let us know the details of your request, for example by specifying the personal data you want to access, the information that is incorrect and the information with which it should be replaced.

Please note that if you request erasure, object to our processing of your personal data or request the restriction of our processing of your personal data we may not be able to provide our services in relation to your account and/or investments. 

Please note that you also have the right to lodge a complaint with the Information Commissioner’s Office at

  1. Third party websites


Our Website may contain links to other websites operated by third parties. If you follow a link to any of these websites, please be aware that this privacy policy will not apply and that we accept no responsibility or liability for the content or operation of third party websites. You should read the privacy policy of each website you visit before you submit any personal data to these websites.

  1. Contact us

Please contact us if you have any questions about this privacy policy or the information we hold about you.

If you wish to contact us, please send an email to with the words “Data Protection” in the subject line.

  1.  Changes to the privacy policy

We may change this privacy policy from time to time. If we update this privacy notice in a way that significantly changes how we use your personal information, we will bring these changes to your attention. Otherwise, we recommend that you periodically review this privacy policy to be aware of any other revisions.