Data Protection

Learn about how I control and process data


The controller of this site is Ross Naylor.  If you are a data subject whose data is controlled and/or processed by me, you can contact me at ul. Prosta 20, 00-850 Warsaw, Poland, or by email to

The purpose of the controlling and processing in relation to clients is to enable me to perform and improve my business of advising on financial services for clients; this includes being able to carry out due diligence on clients for anti-money laundering, anti-terrorist financing and anti-fraud purposes; to audit and assess risk in our services; to comply with various statutory and regulatory obligations; to market my services to those who may wish to receive them (and in relation to potential clients to consider whether to take them on).

I may also use data for direct marketing purposes.  If I market to you and you are not already a client my further legitimate interest is to provide you with information as a potential client for a reasonable period.  I regard one year as a reasonable period after your last interaction with me as a data subject who is not a client, and after this period I shall delete your data unless I have other legitimate interests to maintain in keeping it (such as your becoming a client). See below on your option to opt out of direct marketing.

I do not intentionally process special categories of personal data (for example genetic data) unless such information is necessary towards the provision of my services and I do not use systems to make automated decisions based on client data subjects.  Provision of personal data by a client is unavoidable for the purposes of my contracting my services to a client, and if such data is not provided, I will typically not be able to provide my services.

Sharing personal data with others

I may share clients’ personal data with auditors and professional advisers, and those who provide professional services to me for client purposes, such as those providing a client money-handling service, those providing storage services for email records and the like and those providing cloud storage and processing systems; I will also share client data with regulators where required by relevant regulations and law, and/or administrative requirements.

Transfers of data out of the EU

None of the data that I control is transferred outside the EU.

Consent etc.

Where I have obtained a data subject’s consent to processing, and other reasons for processing do not apply, the data subject may withdraw consent at any time, but such withdrawal shall not be retroactive in effect.

Direct Marketing – option to opt out

All those in receipt of direct marketing material from me may opt out of it at any time by contacting me as above; if this occurs, I will cease processing the client’s data for direct marketing purposes.

Other websites

My website may contain links to other websites. By clicking links from other entities, you will start using the websites of these entities. I suggest that, after switching to another website, you please read the privacy policy published by the owner of the website. I am not responsible for personal data that you can leave in other websites.


You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

This notice may be updated from time to time.