Privacy Policy


Welcome to Whynow’s Privacy Notice. Whynow is the trading name of Whynow Limited (“we”, “us”, “our”), a company registered in England and Wales under Company Registration Number 11771567 with its registered office at Acre House, 11/15 William Road, London, United Kingdom, NW1 3ER. We are registered as a Data Controller with the Information Commissioners Office under number ZA934376.

This Privacy Notice (“Notice”) explains how we use (“Process”) your personal information (including personal information that you provide to us about other persons) (together, “Personal Information”). It also explains your privacy rights and how you can exercise them.

We respect your privacy and we are committed to protecting your personal data. We are responsible for the Personal Information we collect about you (including through the website The type of Personal Information we collect and how we Process it will vary depending on the relationship we have with you. Please note in particular that:

  • We may use cookies on our website and in any marketing emails to help us manage and improve our websites, your browsing experience, and the material/information that we send; and
  • As a collaborative business, we may share certain Personal Information with our related entities or other persons engaged to provide the agreed services to you and also select third parties, subject to appropriate safeguards.

We will publish updates to this Privacy Notice on this website, with relevant changes highlighted as appropriate. Where we hold or Process your Personal Data, we will also take appropriate measures to inform you of any amendments which have a material impact on you and your ability to exercise your privacy rights.

If you have any questions regarding our processing of your Personal Information or would like to exercise your privacy rights, please email:

How We Collect Your Personal Information

We collect Personal Information to provide our services, for legal and regulatory purposes and to manage our business and relationships. For further details, please see the ‘Use of your Personal Information’ section of this Notice below.

How we collect information

Public information

Personal Information about you or your business which is publicly available, for example on your employers’ website, public professional social networking sites, the press; and relevant electronic data sources.

Information from third parties

Personal Information provided to us by third parties (for example by our clients; joint agents; sub-agents; suppliers; advisers; consultants, lawyers and other professional experts; counterparties; previous, current and future employers; correspondents and enquirers; regulators and public authorities; relatives; and other persons) where such Information is provided to us in connection with the relevant purposes set out in this Notice.

Information collected through our websites

We may use cookies on our website and certain marketing emails which collect your IP address and certain other information from you when you visit our website. For further details please see the ‘Marketing and Cookies’ section.

You will voluntarily provide most of your Personal Information directly to us. We will also obtain Personal Information from other sources or persons. Sometimes the provision of your Personal Information to us by third parties will be unsolicited and/or provided in confidence (for example, reports made to us by regulators and other persons) and we will be unable to notify you of this. In all cases we shall take such necessary steps to ensure that Personal Information is obtained and used in a fair and lawful way.

The Types of Personal Information That We Collect

The categories of Personal Information we collect will vary, depending on our specific relationship with you and the context. We will not be able to further our relationship with you without certain Personal Information.

Type of Data

Personal contact details


Your home address, mobile number and personal email address.


We will usually ask for this if you do not currently have office/work contact details, for customer due diligence purposes, and to process your Personal Information for one of the Permitted Purposes.

Use of Your Personal Information

Our Processing of your Personal Information will include obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, copying, analysing, amending, retrieving, using, systemising, storing, disclosing, transferring, retaining, archiving, anonymising, erasing or destroying it by automated or non-automated means.

The UK GDPR as tailored by the Data Protection Act 2018 require us to communicate to you the purposes for which we Process your Personal Information (the “Permitted Purposes”), together with the corresponding ‘Legal Basis’. These are summarised in the tables below.

Further details on: (a) security and business continuity arrangements; (b) client due diligence, supplier vetting; and (c) equal opportunities monitoring and reporting, can be found in ‘The types of Personal Information that we collect’ section above.

General Permitted Purposes

We Process Your Personal Information for one or more of the following general Permitted Purposes.

Legal Basis

Permitted Purpose

Where it is necessary to perform our contract with you or to take steps at your request to enter into the contract

For example: (a) to perform our services if you are a client (including related client files management; order/matter acceptance, modification and processing) (b) to enter into or perform our agreement with you if you are a supplier or external adviser or partner (including supplier account management; purchase order processing; and for payment of invoices); (c) to enter into or perform any other contract/agreement we may have with you, including for the sale and fulfilment of products to you; or (d) when we run prize draws, competitions, and other promotions.

Where it is necessary for compliance with a legal obligation

For example: (a) to carry out internal and related entity conflicts and other regulatory checks on new client matters and to undertake appropriate client due diligence in accordance with anti-money laundering law; (b) to undertake appropriate vetting of suppliers and external advisers (for example, to comply with our obligations under applicable privacy, tax payment and tax evasion, modern slavery, anti-bribery and corruption and confidentiality rules); (c) for equal opportunities monitoring and reporting purposes; (d) to co-operate with our regulators and other public authorities (including by responding to their requests for information; undertaking internal investigations; and complying with our reporting and other professional obligations); and (e) to comply with any other obligation to which we are subject under applicable rules and law.

Where it is necessary for the purposes of our or another party’s legitimate interests, except where these are overridden by your interests, rights or freedoms

For example: (a) to ensure compliance with our internal policies; (b) for general security and business continuity purposes; (c) for business management and financial planning (including management of suppliers; business process improvement and quality purposes; management reporting and reviewing records; accounting and auditing; and corporate due diligence); (d) for managing insurances, complaints, potential and actual claims; (e) to ensure the effective provision of our services to clients and enhance our business; (f) for the improvement of our business policies and processes; (g) for training and continuing professional development purposes; (h) to manage our network; (i) to organise corporate events and to carry out market research campaigns; (j) to protect, manage and improve our websites, and other services (including:(i) to make sure our websites function as they should; (ii) to recognise you when you return to the websites; and (iii) to analyse how our websites and online services are performing); (k) for social media remarketing  and insights and for linking to social media sites; (l) for analysing your purchasing behaviours; (m) for any other legitimate purpose communicated to you at the time of collection of your Personal Information; and (n) to undertake marketing activities to you.

We consider that our legitimate interests and these uses are proportionate, and compatible with your interests, legal rights or freedoms.

Where it is necessary to protect your vital interests or that of another person

For example, the disclosure of your Personal Information to medical staff in the event of medical emergencies.

Marketing and Cookies

We generally rely on our legitimate interests to Process your Personal Information for marketing purposes. We will inform you in advance of sending you marketing or if a related entity will send you marketing material (unless this is reasonably obvious in the circumstances – for example, when you provide us with your business card during a formal meeting). You will be able to opt-out of any marketing email sent by us, by clicking the opt-out link that we include in each email.