Kinetix Corporate Finance


    Privacy Policy

    Kinetix Critchleys Corporate Finance LLP (“Kinetix”) respects the privacy of personal data and complies with the General Data Protection Regulation 2016/679. This Privacy Policy describes the processing of personal data collected by Kinetix (‘we’, “us”, “our”) including how it is collected, protected, how long it is retained, with whom it is shared and the privacy options available concerning that personal data.

    Personal Data Collected

    We collect and process only the personal data necessary to carry out agreed services for our corporate clients. In the majority of our work, we act as joint controllers with our clients. The personal data we may collect when providing these services includes without limitation:

  • Direct personal identifiers such as name, date of birth, home address, business address, email address, telephone number
  • Information necessary to provide a product or service such as bank account details, income, taxation and other financial details
  • Information about clients’ contacts with us such as emails, meetings, phone calls and letters
  • Information about business activities
  • Images of individuals who visit our offices
  • How Personal Data is Collected

    Personal data is collected:

  • When a an engagement is entered into with client
  • During a telephone conversation with an individual
  • When emails or letters are received
  • During meetings with clients or prospective clients
  • When individuals register to receive information about events we hold
  • When individuals use our online platforms such as our website. Please note personal data is not collected through our website unless provided voluntarily by the visitor. If emailed through the website, the messages we receive will contain the visitor’s email address plus any information included in the message
  • Individuals visit our offices and their image is captured on CCTV
  • Use of Personal Data

    Providing Products and Services – personal data is collected and processed to allow the provision of products and services as requested by clients. For example, providing a valuation report, a valuation model or advisory services.

    Managing and Administering our Business and Services – personal data is collected and processed to manage our relationship with clients, ensure the accuracy of our IT systems and develop our business and services (such as determining client needs)

    Security and Data Risk Management Activities – we have a suite of security measures to protect our clients, our staff and our business information. Personal data may be processed during our security monitoring activities for example when automated scans are employed to detect scam emails.

    Compliance with Regulatory Obligations – Much of our work is directed by professional, regulatory and legal requirements. Personal data will be processed if necessary to comply with these obligations. During our client engagement process, we carry out searches using endorsement lists and the internet to identify issues that may prevent us working with a particular individual or firm (such as conduct or reputational concerns).

    Providing Clients with Information about our Services - with client consent, or otherwise in accordance with the law, we use client contact data to provide information we think may be of interest such as industry updates, reviews and invitations to events.

    When and How Personal Data is Shared

    Personal data is only shared between colleagues who legitimately require the information to carry out their duties.

    Personal data is only shared with third party organisations when legally required or under contractual arrangements that specify the level of protection necessary to meet our data protection obligations.

    Third party organisations with whom we may share personal data include:

  • Government and Regulatory Bodies to meet our legal, regulatory and professional obligations

  • Auditors and professional advisers to confirm our practices comply with industry regulations
  • Third party organisations that assist in the maintenance of our IT systems
  • The Lawful Basis for Processing Personal Data

    The lawful basis for processing personal data will depend on the nature of the service or the business function that our team member or a third-party supplier is undertaking. In the majority of cases, the lawful basis for processing personal data will be one of the following:

  • Contract – When entering into a contract with Kinetix, the personal data provided will be used for the purposes of fulfilling the obligations of that contract

  • Legal Obligation – Personal data will be processed if necessary to enable Kinetix to comply with a professional, legal or regulatory obligation such as the retention of personal data to comply with HMRC regulations
  • Legitimate Interests – Kinetix may process personal data lawfully where it is in our legitimate interest to do so and where it would not override the rights of individual data subjects
  • Consent – individuals may occasionally be asked for permission to process their personal data for specific purposes. Such purposes are described in detail and individual subjects are provided with information about how to withdraw their consent
  • Where Personal Data is Processed

    The majority of the personal data we collect is processed in the UK and European Economic Area and is, therefore, protected by the UK an EEA data privacy laws. However, some data may be processed by third parties we work with outside of the EEA such as the United States. Where this information is processed outside of the EEA, we put agreements in place with our third party suppliers to ensure it is protected to at an equivalent standard as would be provided in the UK and EEA.

    Security and the Protection of Personal Data

    The security of our information and systems is extremely important. All personal data collected, whether electronically, on paper, or by other means, is protected appropriately in line with data protection obligations.

    Controls and measures are in place to minimise loss or damage of personal data through accident, negligence or deliberate actions. The Kinetix team also protect sensitive and confidential data when storing or transmitting data electronically.

    Our security controls are under frequent evaluation to manage risks to the confidentiality, integrity and availability of your personal information.

    Data Retention

    In the absence of overriding legal or statutory obligations, personal data is kept only as long as is necessary for the purpose for which it was collected.

    The length of time personal data is kept to comply with legal or statutory obligations depends on the precise obligations we are required to meet.


    In some cases technical information of a visitor connected to our site may be collected through the use of cookies. This information does not contain any data through which the visitor can be identified, but it does include IP addresses. Examples of the type of information collected include the category of internet browser used, the type of operating system used and the domain name of the website which linked through to our site.

    A cookie is a small file of letters and numbers which distinguish each user of our website. The cookies used are 'analytical' cookies which enable the recognition of visitors to our site and so allow analysis of the numbers of visitors and their pattern of use. The values obtained allow the website to be improved.

    Most browsers allow cookie settings to be changed. These settings will typically be found in the “options” or “preferences” menu of a browser. The links below may be useful. Alternatively, visitors to our website may find the “Help” option in their browser useful.

  • Cookie settings in Microsoft Edge
  • Cookie settings in Firefox
  • Cookie settings in Chrome
  • Cookie settings in Safari web and iOS
  • If cookies are blocked, certain functionalities on our website may be altered.

    Data Controller and Data Protection Officer

    The Data Controller is:

    Kinetix, Beaver House, 23-38 Hythe Bridge Street, Oxford OX1 2EP

    If you have any queries or comments about this privacy notice or how and why personal data is processed please contact us at:

    Data Protection Officer (DPO)

    Beaver House

    23 – 38 Hythe Bridge Street


    OX1 2EP


    Telephone: 01865 261100

    Individual Rights and How to Exercise Them

    Individuals have specific rights over their personal data gathered and processed by Kinetix as described below:

    Right of Access – Individuals have a right to access to their personal data held by Kinetix as a data controller – ( Subject Access Request). Please write to the Data Protection Officer at the above address to make such a request. Individuals may be asked to provide for documentation to verify identity and may be charged in accordance with the law governing data protection. Kinetix will respond to Subject Access Requests within one calendar month.

    Right to request that your personal information is amended – to update your personal information, please write to the Data Protection Officer at the above address. Personal details will be updated as soon as practicable possible following receipt of a request ,/p>

    Right to be ‘forgotten’ or to request erasure – an individual may ask that their personal data is removed or deleted if there is not a compelling reason for Kinetix to retain it. Please contact the Data Protection Officer at the above address if you wish to request that your data is removed

    Right to withdraw consent – Where personal data is processed under the lawful basis of consent, an individual has the right to withdraw consent to that processing at any time. To withdraw consent, please email us at or, if you wish to withdraw consent to marketing emails, please click on the unsubscribe link in the relevant email.

    Right to data portability – an individual may request a copy of their personal information in a format that would allow it to be transferred to another company in a safe and secure way. For further information, please contact the Data Protection officer at the above address

    Right to restrict data processing – an individual may request that the processing of their personal information is restricted. Kinetix may retain the personal information in such circumstances, but will ensure it is not used for the purposes that have been restricted.

    Right to object – an individual may object to the processing of their personal information for direct marketing (including profiling) and where it is being processed for our legitimate interests. For more information, please contact the Data Protection Officer at the above address.

    Changing Privacy Laws

    Kinetix recognises that the transparency of data processing is extremely important. This privacy statement will be kept under regular review to ensure it complies with current data protection laws.

    This Privacy Statement was last updated on 8th May 2018


    We take great care to comply with the laws governing the protection of personal data. If, however, you do want to complain about our use of personal data, please send an email with the details of your complaint to the Data Protection Officer at and we will look into your concerns.

    You have the right to bring your concerns to the attention of the Information Commissioner’s Office. For more information about how to complain to the ICO, please refer to the ICO website

Kinetix Critchleys Corporate Finance LLP (Company Number OC357140) is registered in England & Wales.
Its registered office address is Beaver House, 23-38 Hythe Bridge Street, Oxford, OX1 2EP.
FCA Register number: 552265