top of page

Privacy Policy

Welcome to the Bright Privacy Policy.


We respect your privacy and we are committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and use our Services and tell you about your privacy rights and how the law protects you.

1.    About this policy


This privacy policy (the “Privacy Policy”) provides information about how Bright (the trading name of Moxon & Co Services Limited), and certain of its group companies (including but not limited to Moxon & Co Investments Limited) (together the “Group”) gather and use personal information. When we use “we”, “us” or “our” in this Privacy Policy, we are referring to the relevant company in the Group responsible for processing your data in connection with the Group’s activities. We are committed to respecting the confidentiality of the personal information you supply to us and all such information will be processed in accordance with applicable data privacy laws.


You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights in respect of such use. That is why we are providing you with the information in this Privacy Policy.


If you do not agree with our use of your personal data as set out in this Privacy Policy, you should not submit your personal information to us. However, if you do not wish to submit your personal information to us, or if you wish to exercise your rights to prevent us using your data, you should be aware that we may not be able to do business with you or provider our services to you. For more information on this, please see sections 4.1 and 7.


It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.


This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

2.    About us


Bright, is the trading name of Moxon & Co Services Limited, a private company limited by shares, registered with company number 12291299 whose registered office is 6 Commer House, Leeds, LS24 9JF.

For the purposes of data privacy legislation, Moxon & Co Services Limited is a ‘controller’. Moxon & Co Services Limited is also responsible for this website.


3.    Contacting us

Should you have any questions or concerns about this Privacy Policy or the processing of personal data we hold about you, please contact us:


By post:      6 Commer House, Leeds, LS24 9JF

By phone:  01937 222 087

By email:


Our data privacy manager is James Duffy.


4.    Your rights


You have certain rights in relation to your personal data.

4.1  Your rights in connection with personal information


Under certain circumstances, by law you have the right to:

  • Object to processing of your personal information where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.


  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are processing it lawfully.


  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.


  • Request erasure of your personal information and that we cease to process such information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see above).


  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.


  • Request the transfer of your personal information to another party in a machine-readable, commonly used and structured format.


  • Withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.


If you want to exercise any of these rights then please contact us using the details at section 3. The various rights are not absolute and each is subject to certain exceptions or qualifications. For example, if you wish to withdraw your consent or object to processing, we may need to discuss with you whether our use of your data needs to continue for other lawful purposes, such as fulfilment of a legal or contractual requirement.

We will respond to your request within one month of receipt of your request. In some cases we may not be able to fulfil your request to exercise the right before this date, and may need to request more time. Where we cannot provide a full response to you for any reason, we will let you know about this in our initial reply to your request.


4.2  Your duty to inform us of changes


It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.


4.3  Fees


You will not have to pay a fee to access your personal information (or to exercise any of the other rights set out in section 4.1 above). In some cases, we may charge a reasonable fee if your request for access is clearly unfounded or excessive, or if you request multiple copies of the information. Alternatively, we may refuse to comply with the request in such circumstances.


4.4  What we may need from you


We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.


4.5  Right to complain


If you wish to request further information about any of the above rights, or if you are unhappy with how we have handled your information, please contact us on the contact details contained in section 3.


If you are not satisfied with our response to your complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office: or 01937 222 087.

5.    Information we collect


We collect your personal information from a variety of sources, as set out in this Privacy Policy. Where necessary we collect information directly from you or indirectly from third parties, and through your use of our website.


5.1  Information you provide to us


This section details the information we collect about you in the course of your use of our website and otherwise in your interaction and correspondence with us and our representatives. We will collect:

  • in respect of your use of our website, we will collect Website Only Data;


  • if you are the recipient of a mailshot, we will collect Mailshot Data;


  • if you are an actual or potential counter party in respect of which we provide our services or conduct customer due diligence in accordance with our anti-money laundering policy, the following information that you provide to us or that we obtain:


  • basic personal details including your name and address (and proof of name and address), email address, telephone number, any other contact details you supply, social security number and other tax details, nationality, citizenship, tax residency, date of birth and family connections;

  • details of your company’s directors, shareholders, secretaries, authorised signatories and identification documents;

  • bank account details;

  • utilities service providers and related billing information;

  • copies of passports, driving licences, national ID cards and other photographic forms of identification that you provide to us;

  • information on your assets and/or income and/or financial dealings;

  • details of business advisers you employ including wealth managers and independent financial advisers;

  • records of all communications including written file notes of phone calls and electronic communications with our staff and meeting notes (see below for more details); and

  • employment and education history (where you send us this information as part of a job application process); and

  • if you are not a potential counterparty, you do not use our website and you have simply consented to us sending to you marketing material, your name, email address and the name of your employer.


For the purposes of this Privacy Policy:


“Mailshot Data” means the name, company name and email address of a recipient of a mailshot; and


“Website Only Data” means pages viewed on our website, number of pages viewed on our website, clicks per article on our website; geo-location and details of whether our website was accessed via desktop or mobile device.


We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.


We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). We do not collect any information about your criminal convictions and offences.


If you give us information on behalf of somebody else as an alternate contact, referee or next of kin, you confirm that the other person has agreed that you can:


  • give consent on his/her behalf to the processing of his/her personal data; and

  • receiving on his/her behalf any data protection notices.


We do not knowingly collect personal data relating to children under the age of 16. If you are a parent or guardian of a child under the age of 16 and think that we may have information relating to that child, please contact us. We will ask you to prove your relationship to the child but if you do so you may (subject to applicable law) request access to and deletion of that child’s personal data.

5.2  Information we collect from other sources


We may receive information about you from third parties such as third party customer due diligence service providers, your advisers (including your financial and legal advisers), our vendors and publically available sources such as company registrars, LinkedIn (or other professional networking databases) or company websites. We may collect the following information from third parties:

  • basic personal details including your name, address, email address, telephone number and other contact details;

  • data received from background checks. This may include credit checks, criminal record checks and credit history or bankruptcy checks as required for regulatory purposes;

  • data received from due diligence activities (such as anti-money laundering, politically exposed persons and sanctions checks);

  • fraud enquiries (for example, information from police reports); and

  • employment and education history.


5.3  Information from your use of our website


We, Google Analytics, and any our third party data processor (and their sub-processors) we appoint from time to time collect information about your use of our website and the devices you use.


We also use cookies to log your behavioural information. For more information on our use of cookies, please refer to our cookie policy which is available on this website.

6.    How we use the information we collect


6.1  General uses of information


The information which we collect and what we use it for will depend on the nature of our business relationship with you. We use your information:

  • to provide you with our advisory services;

  • provide you updates in relation to investment opportunities, which you have requested;

  • to provide you with updates in relation to our business and our investments;

  • to fulfil our contractual obligations towards you;

  • to carry out functions that we have contractually agreed with you;

  • to carry out functions that we have are obliged to carry out (e.g. tax reporting);

  • to fulfil our contractual obligations to third parties to whom you have provided your information;

  • for due diligence, internal business administration and record keeping purposes;

  • to respond to your email enquiries;

  • to invite you to events;

  • for legal and regulatory compliance purposes, including as necessary to respond to governmental, regulatory or law enforcement agency requests; and

  • where required or considered appropriate, carrying out ‘know-your-customer’/anti-money laundering checks and other procedures that we undertake prior to entering into a business arrangement or relationship with you and in the course of our ongoing business relationship.


6.2  Information for marketing purposes

We use your information to identify products, services, opportunities and events that we think may be of interest to you.

We will only send you marketing messages where you have consented to such contact, or in the case of products and services, where these are similar to those that we have already provided to you.


You have the right to ask us not to not send you marketing messages by post, telephone or e-mail or any combination of these at any time. You can also let us know at any time that you wish to change your mind and to start receiving such messages.


You can do this:

  • by replying directly to the marketing message;

  • in case you wish to withdraw from all marketing communications, you can also unsubscribe from all marketing by clicking the appropriate link in any email you receive; or

  • at any time by contacting us (see section 3).


Periodically, we will remind you (possibly along with other communications) that you may unsubscribe if you no longer wish to receive communications from us. If you choose to unsubscribe, we will cease to send you such communications as mentioned above.


7.    Our bases for collecting and using the information


We are entitled to use your personal data in the ways set out in this Privacy Policy on the following bases:

  • the use of personal data in this way is necessary for the performance of a contract with you for provision of our products and/or services or to take steps at your request prior to entering into such a contract;

  • we have legal or obligations that we have to discharge;

  • the use of your personal data is necessary for our legitimate interests in:

  • ensuring the quality of the products and services we provide to you;

  • collecting information for marketing purposes;

  • communicating with you; or

  • statistical analysis;

  • you have consented to such use; and/or

  • to establish, exercise or defend our legal rights for the purposes of legal proceedings.

We may process your sensitive and special categories of information where we have asked for your explicit consent or otherwise where this is necessary for the establishment, exercise or defence of legal claims. We will erase such information and cease processing it following the expiry of a five year period commencing on the date on which our business relationship comes to an end.


In the case that you have obviously made information public (e.g. on social media) we will process sensitive/special categories of information for the purposes of carrying out our legal obligations.

If provision of your personal information is a legal or contractual requirement or a requirement necessary to enter into a contract with us, and you choose not to provide it, we may not be able to perform some of the tasks we need to in order to provide certain products or services to you.

If you do choose to provide your consent you can withdraw it at any time by contacting us (see section 3).

8.    Sharing your information

We may share your personal data with the parties set out below for the purposes set out in the table Purposes for which we will use your personal data above.

  • Internal Third Parties as defined in the glossary below;

  • External Third Parties as defined in the glossary below.

  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.


We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

9.    International transfers


We do not physically transfer your personal data outside the European Economic Area (“EEA”), but in some circumstances we may use secure remote connections to access this data from outside the EEA where this is required to carry out our services in the way we set out in this policy.

10.  Keeping your information

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.


To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.


Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.


By law we have to keep basic information about our customers (including Contact, Safety, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes and to deal with potential legal claims. In some circumstances you can ask us to delete your data: see your legal rights below for further information.


In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

11.  Security


We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.


We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

12.  Changes to our Privacy Policy


We reserve the right, at our discretion, to change, modify, add to, or remove portions from, our Privacy Policy.

We keep our privacy policy under regular review. This version was last updated on 9 January 2020. Historic versions can be obtained by contacting us. We may change this policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

13.  Glossary

“Legitimate Interest” means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most safe and secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

“Performance of Contract” means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.


“Comply with a legal obligation” means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.

“Internal Third Parties” other companies (including subsidiaries, companies under common ownership, and/or parent companies) in the Moxon & Co Services Limited group acting as joint controllers or processors and who are based the EEA and who manage the running of Group companies provide IT and system administration services and undertake leadership reporting.


“External third Parties” include:

  • Service providers acting as processors based in the United Kingdom who provide IT and system administration services (including those providing debt collection services or payroll services).

  • Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in in the United Kingdom who provide consultancy, banking, legal, insurance and accounting services.

  • HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.

  • Service providers or regulatory bodies providing fraud prevention services or credit/background checks (such as the police, government bodies and commercial enterprises such as Experian or similar).

  • Any person or agency if we need to share that information to comply with the law or to enforce any agreement we may have with you or to protect the health and safety of any person.

  • Any person who is your agent or representative, such as the holder of a power of attorney, a legal guardian or person administering a will.

  • Credit referencing agents or providers.

  • Our insurers and insurance brokers if you take out insurance cover through us. If we pass data on to insurers, they may enter your data onto a register of claims which is shared with other insurers to prevent fraudulent claims.

  • Trade associations of which we are a member.

  • Any person who we are negotiating with as a potential buyer of our business or property or if we are proposing to merge our business with another business.

  • Any person to whom you have consented that we may share your data with.


© Copyright Moxon & Co Services Limited 2020


January 2020.

bottom of page