How we collect, use, store and protect your personal data
ABL Risk Management Limited ("we", "us", "our" or "ABL Risk") is committed to protecting your privacy and handling your personal data responsibly. This policy explains what personal data we collect, why we collect it, how we use it, and your rights under UK data protection law.
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are registered with the Information Commissioner's Office (ICO).
Quick Summary: We only collect data necessary to provide our services. We never sell your data. We keep it secure and delete it when no longer needed. You have rights over your data - see Section 10 for details.
ABL Risk Management Limited is a specialist due diligence and risk management consultancy. We provide services to banks, independent lenders, debt advisory firms, and investors throughout the United Kingdom.
For the purposes of data protection law, we are the Data Controller for personal data we collect directly from you or about you in connection with our services.
When we process personal data on behalf of our clients during due diligence engagements, we act as a Data Processor and process that data only in accordance with our client's instructions.
Contact Details:
ABL Risk Management Limited
Suite 15, Station House, Central Way, Warrington WA2 7FW
Email: privacy@ablrisk.co.uk
Phone: 07554 584451
We collect different types of personal data depending on your relationship with us:
During due diligence engagements, we may process data about employees, directors, or customers of companies being reviewed. This typically includes:
This data is processed on behalf of our client (the lender or investor) who remains the Data Controller.
We collect personal data through:
We do not purchase personal data from data brokers or third-party list providers.
We only process personal data where we have a lawful basis to do so. The table below sets out our purposes and the corresponding legal basis:
| Purpose | Legal Basis |
|---|---|
| Providing due diligence, risk management and advisory services | Contract performance |
| Responding to enquiries and providing quotes | Legitimate interests (business development) |
| Sending service updates and relevant industry information | Legitimate interests (client relationships) |
| Marketing communications | Consent (you can withdraw at any time) |
| Processing payments and managing accounts | Contract performance |
| Complying with legal and regulatory obligations | Legal obligation |
| Maintaining records for professional indemnity purposes | Legitimate interests (legal protection) |
| Improving our website and services | Legitimate interests (service improvement) |
| Preventing fraud and maintaining security | Legitimate interests (security) |
Where we rely on legitimate interests, we have conducted balancing tests to ensure our interests do not override your rights and freedoms. You can request details of these assessments by contacting us.
We may share your personal data with the following categories of recipients:
Where we conduct due diligence on their behalf, we share findings in our reports. This may include personal data about individuals at the company being reviewed.
All service providers are bound by data processing agreements and may only use data for the specific services they provide to us.
We never sell your personal data to third parties.
We primarily store and process data within the United Kingdom. Where we transfer personal data outside the UK (for example, when using cloud services with servers in other jurisdictions), we ensure appropriate safeguards are in place:
You can request information about the specific safeguards applied to international transfers by contacting us.
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.
| Data Type | Retention Period | Reason |
|---|---|---|
| Client project files & reports | 7 years from completion | Professional indemnity, regulatory requirements |
| Financial records & invoices | 7 years | HMRC requirements |
| Contracts & engagement letters | 7 years from expiry | Limitation periods for claims |
| General correspondence | 3 years | Business records |
| Marketing consent records | Until consent withdrawn | Compliance evidence |
| Website analytics | 26 months | Standard analytics retention |
| Job applications (unsuccessful) | 12 months | Recruitment records |
When data is no longer required, it is securely deleted or anonymised.
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:
In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the ICO in accordance with our legal obligations.
Our website uses cookies and similar technologies to improve your experience and help us understand how visitors use our site.
Required for the website to function properly. These cannot be disabled.
We use Google Analytics to understand website usage. This collects anonymised data about pages visited, time on site, and similar metrics. You can opt out using the Google Analytics Opt-out Browser Add-on.
You can control cookies through your browser settings. Most browsers allow you to:
Note that blocking certain cookies may affect website functionality.
Under UK data protection law, you have the following rights regarding your personal data:
Request a copy of your personal data and information about how we process it (Subject Access Request).
Request correction of inaccurate or incomplete personal data we hold about you.
Request deletion of your data in certain circumstances (the "right to be forgotten").
Request that we limit how we use your data while concerns are investigated.
Receive your data in a structured, machine-readable format to transfer elsewhere.
Object to processing based on legitimate interests, including direct marketing.
Where we rely on consent, withdraw it at any time without affecting prior processing.
Not be subject to decisions based solely on automated processing that significantly affect you.
To exercise any of these rights, please contact us at privacy@ablrisk.co.uk or write to us at the address above. We will respond within one month. There is no fee for most requests, though we may charge a reasonable fee for manifestly unfounded or excessive requests.
We may need to verify your identity before processing your request.
Our services are aimed at businesses, and we do not knowingly collect personal data from children under 18. If you believe we have inadvertently collected data about a child, please contact us immediately and we will delete it.
We do not use automated decision-making or profiling in ways that produce legal or similarly significant effects on individuals. All material decisions involving personal data are made by our team with appropriate human oversight.
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will:
We encourage you to review this policy periodically.
If you have any questions about this privacy policy or our data protection practices, please contact:
Paul Murphy, Managing Director
ABL Risk Management Limited
Suite 15, Station House, Central Way, Warrington WA2 7FW
Email: privacy@ablrisk.co.uk
Phone: 07554 584451
We take data protection seriously and will endeavour to resolve any concerns you raise. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113
We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.