Privacy Policy

Purple Quill (“we”, “us”, “our”) is committed to protecting your privacy and handling your data in line with the UK GDPR and Data Protection Act 2018. This Policy describes how we collect, use, disclose, and protect personal data when you:

​

• Visit our website (e.g. purplequill.co.uk);

• Engage with our advisory and consultancy services.

This Policy covers overseas investors, UK companies, advisors, and site visitors.

​

We keep our privacy policy under regular review. This version was last updated on 14 June 2025.

​

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Website Users

​

• Technical Data: IP address, browser type, device details, browsing patterns (via cookies and analytics).

• Usage Data: pages visited, interactions, referrals.

• Form Data: name, email, phone if submitted via our contact forms.

​

Individuals

• Personal Information: Your name, date of birth, nationality, passport or ID details, address, email, and phone number.

• Professional Background: Your CV, company affiliations, and investment mandate.

• Financial Data: Proof and source of funds.

• Information relating to the matter in which you are seeking our advice or representation

​

Corporates

​

• Company & Representative Information: Names, addresses, roles, emails, and phone numbers of company representatives.

• Corporate Data: Company formation documents, MOA & AOA, share structure, business plan, cap tables, and pitch decks.

• Company Financial Information: Accounts and forecasts.

• Due Diligence Documents: Any additional documents pertinent to due diligence processes.

We collect most of this information directly from you. However, we may also collect information:

​

• directly from third parties, such as Companies House, AML/KYC vendors.

• from a third party with your consent, e.g: your bank or building society, another financial institution or advisor; consultant and other professionals we may engage in relation to your matter.

• automatically from site usage (cookies, server logs).

• through automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems.

​

​

​

​

​

​

​

​

​

We routinely share personal data with:

​​

• professional advisers who we instruct on your behalf or refer you to: e.g. accountants, tax advisors or other experts;

• other third parties where necessary to carry out your instruction;

• our bank;

• external service suppliers, representatives and agents that we use to make our business more efficient, e.g. typing services, marketing agencies, documents collation or analysis suppliers.

​

We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers relating to ensure they can only use your personal data to provide services to us and to you.

​

We may also need:

​

• share personal data with external auditors, e.g. in relation the audit of our accounts;

• disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations;

• share some personal data with other parties, such as potential buyers of some or all of our business or during a restructuring—usually, information will be anonymised but this may not always be possible, however, the recipient of the information will be bound by confidentiality obligations.​

To deliver services to you, it is sometimes necessary for us to share your personal data outside the UK/EEA, e.g.:

​

• with your and our service providers located outside the UK/EEA;

• if you are based outside the UK/EEA;

• where there is a European and/or international dimension to the services we are providing to you.

​

Under data protection law, we can only transfer your personal data to a country or international organisation outside the UK/EEA where:

​

• the UK government or, where the EU GDPR applies, the European Commission has decided the particular country or international organisation ensures an adequate level of protection of personal data (known as an ‘adequacy decision’);

• there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects; or

• a specific exception applies under data protection law.

​

Where there is no adequacy decision, we may transfer your personal data to another country if we are satisfied the transfer complies with data protection law, appropriate safeguards are in place, and enforceable rights and effective legal remedies are available for data subjects.
 

The safeguards will usually include using legally-approved standard data protection contract clauses.

​

In the absence of an adequacy decision or appropriate safeguards, we may transfer personal data to a third country or international organisation where an exception applies under data protection law, e.g.:

• you have explicitly consented to the proposed transfer after having been informed of the possible risks;

• the transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request;

• the transfer is necessary for a contract in your interests, between us and another person; or

• the transfer is necessary to establish, exercise or defend legal claims.​

​

We may also transfer information for the purpose of our compelling legitimate interests, so long as those interests are not overridden by your interests, rights and freedoms. Specific conditions apply to such transfers and we will provide relevant information if and when we seek to transfer your personal data on this ground.

We will keep your personal data while we are providing services to you. Thereafter, we will keep your personal data for as long as is necessary:

​

• to respond to any questions, complaints or claims made by you or on your behalf;

• to show that we treated you fairly;

• to keep records required by law

​

We will not keep your date for longer than necessary. Different retention periods apply for different types of data. Further details on this are available on request at j.huang@purplequill.co.uk.

You have rights under UK GDPR, including:

​

• Access, correction, erasure, objecting or restricting processing;

• Data portability;

• Withdrawing consent;

• Complaint to the ICO.

We use cookies (session, analytics) to enhance site performance. You may block or delete cookies via browser settings (note: this may affect site functionality). For details, see our Cookie Policy.

We have implemented appropriate and reasonable administrative, physical and technological security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

​

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We may update this Policy. Significant changes will be communicated here or via email. Effective date is shown at the top.

Purple Quill Limited, 35 Pond Street, London, NW3 2PN

j.huang@purplequill.co.uk