This Privacy Policy explains how we collect, use, share, and protect personal data when you use floricancapital.com and when you interact with us. We operate from the United Kingdom. The site is accessible globally, however our services are offered to selected companies.

Who we are and scope

We are the controller for personal data processed through this website and during our business development and onboarding workflows.

• Controller: Florican Capital Ltd
• Email for privacy matters: contact@floricancapital.com
• Not intended for children: This site and our services are for business users. We do not knowingly collect personal data from children.

How we collect data

• You provide it: when you submit the contact form, sign up to the newsletter, download materials, apply for a role, or complete client onboarding questionnaires.
• We collect it automatically: through essential security and session technologies, and, if you consent, through analytics.
• We receive it during onboarding: if you become a client, we may request information needed to set up the engagement, including know your customer checks where applicable.

What we collect

The personal data we typically collect includes:

• Names, work emails, phone numbers, job titles, company, and the content of your enquiry
• Device and usage information such as IP address, user agent, timestamps, page views, referrers
• For job applicants, CV and application details
• For onboarding, information you provide in questionnaires and any documents required to meet legal obligations

We do not intentionally collect special category data via the website.

Purposes and lawful bases

We use your data for the purposes and on the legal bases set out below.

Purpose	Examples	Lawful basis
Responding to enquiries	Contact forms and emails	Contract where you ask us to take steps at your request, or legitimate interests in running our business and responding to messages
Operating the website and security	Session management, spam and abuse prevention, availability and fraud prevention	Legitimate interests in operating a secure site, and compliance with legal obligations where relevant
Analytics and performance	Understanding visits and improving content	Consent via our cookie banner
Newsletter and updates	Optional email newsletter to business contacts	Consent via explicit opt in, unsubscribe any time
Recruitment	Processing job applications	Steps prior to entering a contract, and legitimate interests in hiring
Client onboarding and compliance	KYC and related checks, if you become a client	Legal obligation, contract, and legitimate interests in risk management

Cookies and similar technologies

We use essential cookies for core functions. With your consent, we use analytics cookies. You can change your choices at any time using the Cookie settings panel labelled "Florican Cookie Preferences" in the footer.

• See our Cookie Policy for the full list of cookies, purposes, and durations.
• We do not use advertising or social media pixels.

Processing map

Activity	Data categories	Source	Recipients	Retention	International transfers
Website contact and enquiries	Name, work email, phone, company, enquiry text, metadata	You	Internal teams	12 months from last meaningful contact	Not routinely transferred outside UK for this activity
Newsletter	Name, email, subscription preferences, delivery metadata	You	Internal email tooling	Until you unsubscribe, then kept only on a suppression list to honour your opt out	Not applicable unless a provider outside the UK is selected
Analytics (if consented)	Online identifiers, device and usage data	Your device	Google Analytics 4, see Processors	Event data retained 14 months by default	May involve transfers outside the UK, see section 9
Site security and session	Session identifiers, IP address, user agent, request metadata	Your device	Hosting and security stack	30 days for logs, session cookie is session-only	Not routinely transferred outside the UK for this activity
Recruitment	CV, contact details, application data	You	Internal HR hiring panel	12 months after process ends	Not applicable
Client onboarding and compliance	Organisation details, contact details, KYC documents if required	You or your organisation	Internal teams, professional advisers if needed	Customer due diligence records kept for 5 years after the relationship ends, or longer if required by law or to establish or defend legal claims	May involve transfers outside the UK where advisers or tools are located, see section 9

Do we sell or share personal data for unrelated purposes

No, we do not sell personal data. We only disclose data to service providers and professional advisers as needed to operate the site, deliver communications you have asked for, or comply with law.

Service providers (processors)

We use carefully chosen providers under contract. Key services linked to the website include:

• Google Analytics 4 and Google Tag Manager, provided by Google Ireland Limited, for consent-based analytics and tag orchestration.
• Google reCAPTCHA, provided by Google LLC, to help prevent spam and abuse on forms.

These providers process limited personal data to deliver their services. They act on our instructions under data processing terms.

International transfers

Some providers may process personal data outside the UK. When this occurs, we put in place appropriate safeguards for restricted transfers, for example the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses, plus transfer risk assessments where appropriate.

Retention

We keep personal data only as long as needed for the stated purposes, then delete or anonymise it.

• Enquiry records, 12 months from last meaningful contact
• Newsletter subscribers, until you unsubscribe, then on a suppression list to prevent future sends
• Website server logs, 30 days
• Analytics event data, 14 months by default
• Recruitment records, 12 months after the process ends
• Client onboarding and customer due diligence records, 5 years after the business relationship ends, or longer if required by law or to establish or defend legal claims

Your rights

Subject to legal limits, you have the right to request access, rectification, erasure, restriction, objection, and data portability. Where we rely on consent, you can withdraw it at any time. We will respond within one calendar month of receiving your request. To exercise your rights, email contact@floricancapital.com.

Direct marketing

Our newsletter is opt in. You can withdraw consent at any time by using the unsubscribe link in any email or by contacting us.

Security

We use administrative, technical, and organisational measures to protect personal data. These include TLS in transit, access controls, and logging. No method of transmission or storage is guaranteed to be 100 percent secure.

Automated decision making

We do not use personal data with automated decision making that has legal or similarly significant effects.

Third-party sites

Our website may link to other sites. Their privacy practices are their own. You should read their privacy notices.

How to contact us or raise a concern

• Email us: contact@floricancapital.com
• Write to us: Florican Capital Ltd, 128 City Road, London, EC1V 2NX, United Kingdom

If you remain unhappy, you have the right to complain to the UK Information Commissioner's Office. Visit ico.org.uk, call 0303 123 1113, or write to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK.

Changes to this notice

We may update this notice from time to time. The effective date at the top tells you when it last changed. We maintain a separate change log document, as requested.

Appendix A, details for website technologies

A1. Analytics

We use Google Analytics 4 only with your consent. GA4 uses online identifiers and device information to measure engagement. We configure data retention to 14 months by default. You can withdraw consent at any time in Florican Cookie Preferences.

A2. Tag management

We use Google Tag Manager to control when tags fire. GTM should not receive data that directly identifies you. We configure GTM so that analytics tags fire only after you have consented.

A3. Bot and abuse protection

We use Google reCAPTCHA to protect our forms. This checks interactions to distinguish real users from bots, and may process device and application data for security purposes. reCAPTCHA is used only to provide, maintain, and improve the security service. Where Google requires, we will display the notice "This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply".

Appendix B, how to reach us about your data

• Privacy contact email: contact@floricancapital.com
• Rights requests target response: within one calendar month
• Preferred route: email with a brief description of your request and the email address you used with us