Privacy Policy

Privacy Policy

Last updated: 10-09-2025

1) About this notice

This Privacy Policy explains how Bluebridge Asset Management Ltd ("Bluebridge", "we", "us", "our") collects, uses, shares and protects your personal data, and describes your rights under the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018 ("DPA 2018"). It applies to website visitors, prospective investors/clients, counterparties, service providers and other business contacts.

Controller: Bluebridge Asset Management Ltd (Company No. 16388222; ICO registration ZB969972).

Privacy contact: contact@bluebridgeam.com

We may update this notice from time to time; the latest version will always be posted on our website. We’ll indicate the effective date above.

2) How we collect personal data

We collect information directly from you (e.g., contact forms, onboarding/KYC, meetings, calls, emails), automatically when you use our website (e.g., IP address, device, pages viewed and cookies), and from third parties (e.g., due‑diligence/AML providers, introducers, placement agents, public sources, and service providers engaged by Bluebridge). See also our Cookie Policy for more on cookies and similar technologies.

3) The personal data we process

Depending on your relationship with us, we may process:

  • Identity & contact data: name, title, employer, role, email, phone, address, date of birth, nationality.
  • Regulatory/KYC data: identification documents (e.g., passport/driver's licence), proof of address, tax/NI number, source‑of‑funds/wealth details, PEP/sanctions screening results, criminal‑convictions data where necessary and permitted for AML/KYC.
  • Business & financial data: investor status, investment objectives, trading/transaction history, custodian/bank details, portfolio information, fee/payment details.
  • Technical & usage data: IP address, device/browser, pages visited, time/date, and cookie preferences (see Cookie Policy).
  • Communications data: records of emails, messages and telephone calls where required by regulation or for relationship management.

4) Purposes and lawful bases

We only use your data where permitted by law. The main purposes and bases are:

  • Provide and manage our services (including onboarding, account administration, relationship management, support): Contract and Legitimate interests.
  • Regulatory compliance (e.g., AML/KYC/CTF checks, sanctions screening, record‑keeping, reporting to competent authorities): Legal obligation and, for criminal‑convictions data, Substantial public interest under the DPA 2018.
  • Security & fraud prevention (protect our website, systems and business; investigate misuse): Legitimate interests and Legal obligation.
  • Analytics & site performance: Non‑essential analytics cookies only with Consent (see Cookie Policy).
  • Marketing & events: With your Consent, or under the UK "soft opt‑in" for similar products/services where lawful; you can opt out at any time.

We do not carry out solely automated decision‑making that produces legal or similarly significant effects about you. If that ever changes, we’ll update this notice and explain your rights.

5) Cookies and similar technologies

We use essential cookies to make our site work and optional cookies (e.g., analytics) with your consent. You can change your choices at any time via the "Cookie settings" link on our site. Details of cookie types, purposes and durations are set out in our Cookie Policy (including Google Analytics cookie durations and the consent banner text).

6) Sharing your personal data

We may share data with:

  • Service providers/Processors (e.g., IT hosting, security, analytics, communications, CRM, KYC/AML vendors) under contract;
  • Professional advisers (e.g., auditors, legal and compliance advisers);
  • Financial institutions, custodians, brokers in connection with our services;
  • Regulators and authorities (e.g., FCA, HMRC, law enforcement) where required;
  • Corporate transactions (merger, restructuring, acquisition) where relevant; and
  • Where necessary to protect rights, security or comply with law.

We do not sell your personal data. Disclosures for AML/fraud prevention may include sharing with other regulated firms and relevant agencies, strictly as permitted by law.

7) International transfers

Where we transfer personal data outside the UK, we use appropriate safeguards, such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, and—where applicable—the UK‑US Data Bridge, or we rely on another valid derogation under UK GDPR. You can contact us for details of the safeguards in place.

8) Data security

We apply administrative, technical and physical controls designed to protect personal data, including role‑based access, least‑privilege permissions, encryption in transit, network protections and monitoring, secure credential policies, audit logs for unauthorised access attempts, staff training and confidentiality commitments, and secure storage for any paper records. We regularly review security measures and vendor practices.

9) Retention

We keep personal data only as long as necessary for the purposes above and to meet legal, accounting and reporting requirements. Typical periods include:

  • AML/KYC records: usually 5 years from the end of the business relationship (extendable to 7 years if requested by the FCA or required by law).
  • Regulatory communications/records: generally 5 years (up to 7 years if required).
  • Marketing data: until you opt out or we determine it is no longer needed.
  • Analytics data: typically up to 26 months.

We will securely delete or anonymise data when no longer needed.

10) Your rights

Under UK GDPR you have rights to:

  • Be informed about our processing;
  • Access your personal data;
  • Rectification of inaccurate data;
  • Erasure (in certain circumstances);
  • Restrict processing;
  • Object to processing (including direct marketing);
  • Data portability (where applicable); and
  • Withdraw consent at any time (for processing based on consent).

To exercise these rights, contact privacy@bluebridgeam.com. We will respond within one month (extendable in complex cases). You also have the right to complain to the ICO (https://ico.org.uk/) if you are unhappy with our handling of your data.

11) Children

Our services are not intended for individuals under 18. We do not knowingly collect data relating to children.

12) Contact us

Questions, requests or complaints about this notice or our data practices can be sent to: contact@bluebridgeam.com.

Our company details and the latest Privacy Policy and Cookie Policy are available on our website.