Privacy Policy
Last updated: April 9, 2026
1. Introduction
AGS Capital Global Holdings Ltd ("AGS Capital", "we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR 2016/679), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (PECR), and applicable financial services regulations .
2. Data Controller
AGS Capital Global Holdings Ltd is the data controller responsible for your personal data. If you have questions about how we handle your data, contact us at:
Email: privacy@agscapital.co.uk
Address: Berkeley Square House, Berkeley Square, London, W1J 6BD
Registered office: One, St Peter's Square, Manchester, M2 3DE
Company number: 16896228
3. Information We Collect
3.1 Information You Provide
- Contact information: Name, email address, phone number, company name
- Professional information: Job title, organization, industry sector
- Communication data: Messages, enquiries, and correspondence you send us
- Research participant data: Anonymized behavioral assessment responses, interview transcripts (where consent is provided), and psychological profiling data
- Financial information: Where required for regulated financial services
3.2 Information We Collect Automatically
- Technical data: IP address, browser type and version, operating system, device information
- Usage data: Pages visited, time spent on pages, navigation patterns, referring URLs
- Cookie data: See our Cookie Policy for full details
3.3 Special Category Data
In the course of our behavioral research with professional athletes, we may process special category data including psychological and health-related information. This data is only processed with explicit consent under Article 9(2)(a) of UK GDPR, is anonymized at the point of collection, and is subject to enhanced security measures and ethical oversight.
4. Lawful Basis for Processing
We process your personal data on the following legal bases under Article 6 of UK GDPR:
| Purpose | Lawful Basis |
|---|---|
| Responding to enquiries | Legitimate interest (Art. 6(1)(f)) |
| Providing our services | Contractual necessity (Art. 6(1)(b)) |
| Legal and regulatory compliance | Legal obligation (Art. 6(1)(c)) |
| Behavioral research | Explicit consent (Art. 6(1)(a)) |
| Website analytics | Legitimate interest (Art. 6(1)(f)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
5. How We Use Your Data
- To provide and improve our services, including athlete intelligence and advisory platforms
- To conduct and publish anonymized behavioral research
- To comply with applicable legal requirements
- To communicate with you about our services, events, and research
- To maintain the security and performance of our platform
- To detect and prevent fraud
6. Data Sharing and Transfers
6.1 Third Parties
We may share your data with:
- Regulatory bodies: The ICO, HMRC, or law enforcement where required by law
- Professional advisors: Lawyers, auditors, and compliance consultants bound by confidentiality
- Technology providers: Hosting, analytics, and communication platforms (under Data Processing Agreements)
- Research partners: Academic institutions, using anonymized and aggregated data only
6.2 International Transfers
Where we transfer data outside the UK or EEA, we ensure adequate protection through:
- UK adequacy decisions or EU adequacy decisions
- Standard Contractual Clauses (SCCs) approved by the ICO or European Commission
- The UK International Data Transfer Agreement (IDTA)
- Binding Corporate Rules where applicable
7. Data Retention
We retain personal data only for as long as necessary:
| Data Type | Retention Period |
|---|---|
| Contact enquiries | 2 years from last contact |
| Client records | 5 years after relationship ends |
| Research data (anonymized) | Indefinite (fully anonymized, no longer personal data) |
| Website analytics | 26 months |
| Marketing consent records | Until consent is withdrawn |
8. Your Rights
Under UK GDPR and EU GDPR, you have the following rights:
- Right of access (Art. 15): Request a copy of your personal data (Subject Access Request)
- Right to rectification (Art. 16): Correct inaccurate or incomplete data
- Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten"), subject to regulatory retention requirements
- Right to restrict processing (Art. 18): Limit how we use your data
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
- Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent: Where processing is based on consent, withdraw at any time without affecting prior processing
- Rights related to automated decision-making (Art. 22): Not be subject to solely automated decisions with legal or significant effects
To exercise any of these rights, contact privacy@agscapital.co.uk. We will respond within one calendar month as required by law. In complex cases, we may extend this by two additional months with notice.
9. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Role-based access controls with multi-factor authentication
- Regular penetration testing and security audits
- Data anonymization and pseudonymization where appropriate
- Incident response and breach notification procedures (within 72 hours to the ICO as required by Art. 33)
- Staff training on data protection and information security
10. Children's Data
Our services are not directed at individuals under 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.
11. Complaints
If you are dissatisfied with how we handle your data, you have the right to lodge a complaint with:
- UK: Information Commissioner's Office (ICO) — ico.org.uk
- EU: Your local Data Protection Authority under Article 77 of EU GDPR
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via our website. The "Last updated" date at the top reflects the most recent revision.