How we collect, process, and safeguard your personal information.
Last updated: April 2026
Northcraft Shield Ltd. ("Northcraft Shield", "we", "us", or "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website, use our services, or communicate with us. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable data protection legislation.
Northcraft Shield Ltd. is the data controller responsible for your personal data. If you have questions about this policy or our data practices, please contact our Data Protection Officer at [email protected] or write to us at 22 Bishopsgate, London, EC2N 4BQ, United Kingdom.
We may collect the following categories of personal data: Identity Data (name, title, date of birth); Contact Data (email address, telephone number, postal address); Financial Data (investment objectives, risk tolerance, portfolio information); Technical Data (IP address, browser type, device information, pages visited); Communication Data (records of correspondence, contact form submissions, meeting notes). We collect this information directly from you, through our website, or from third-party sources such as regulatory databases and credit reference agencies where lawfully permitted.
We process your personal data for the following purposes: to provide investment management and advisory services; to respond to enquiries submitted through our contact form; to comply with legal and regulatory obligations, including anti-money laundering (AML) and know-your-customer (KYC) requirements; to communicate with you about our services, market updates, and relevant opportunities; to maintain the security and performance of our website; and to fulfil our legitimate business interests where these do not override your fundamental rights.
We process your personal data on the following legal bases: Contractual Necessity — to perform or enter into a contract for our services; Legal Obligation — to comply with applicable financial regulations, AML directives, and tax reporting requirements; Legitimate Interests — to manage our business, improve our services, and maintain client relationships; Consent — where you have given explicit consent, such as subscribing to communications. You may withdraw consent at any time by contacting us.
We do not sell your personal data. We may share your information with: custodian banks that hold your assets; relevant regulatory authorities and equivalent bodies; professional advisors such as auditors, legal counsel, and tax specialists; technology providers who support our IT infrastructure under strict data processing agreements. All third parties are contractually required to protect your data and process it only on our instructions.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements. Client records are typically retained for a minimum of seven years following the end of the business relationship, in accordance with applicable regulatory record-keeping obligations. Contact form submissions are retained for twelve months unless a client relationship is established.
Under data protection law, you have the right to: access a copy of the personal data we hold about you; rectify any inaccurate or incomplete data; erase your personal data in certain circumstances; restrict or object to our processing of your data; data portability — receive your data in a structured, machine-readable format; withdraw consent where processing is based on consent; lodge a complaint with the Information Commissioner's Office (ICO) if you believe your rights have been infringed. To exercise any of these rights, please contact us at [email protected].
We implement robust technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted data transmission (TLS/SSL), access controls, regular security audits, and staff training on data protection. While no system is entirely immune to risk, we are committed to maintaining the highest standards of data security commensurate with the sensitivity of the information we handle.
Our website uses essential cookies to ensure proper functionality, including session management and language preferences. We do not use advertising or tracking cookies. Session cookies are automatically deleted when you close your browser. The language preference cookie is retained for 30 days to remember your selected language across visits. No personally identifiable information is stored in cookies.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. Any material changes will be communicated through our website. We encourage you to review this page periodically. The date of the most recent revision is indicated at the top of this policy.