Privacy Policy

When we say ‘we’ or ‘us’ in this policy, we’re referring to CasaCosta, c/o MainCourseAssociates, 17 Hanover Square, London, W1S 1BN. This website is created and managed by CasaCosta.WHAT SORT OF PERSONAL INFORMATION DO WE HOLD?
Registration and contact details: your full name, address, email address and phone number and your contact history;
Payments: a record of past transactions and any amounts outstanding;
Communications: details and where relevant copies of communications between us, including your communication preferences; Meetings: a record of any meetings, your attendance and matters discussed regarding your account;
Your account login details: this is your username and chosen password;
Contact preferences: how and whether you want us to contact you;
Other: any special instructions or restrictions relating to your account.

The current legislation applicable to our privacy policy is The Data Protection Act 2018, the UK’s implementation of the General Data Protection Regulation (GDPR).

There are a number of ways in which we use your personal information, depending on how you interact with us.

We may use your information in the following ways:

Maintain our Client Register: for example to update the details we hold about you or the size of your company, and to detect and prevent fraud;
Promotions: to ensure that you receive any additional discounts or promotions that are due to you;
Meeting management: to ensure that we work to meet your needs according to any contract or agreement that may be in force between us.
Corporate actions: to manage any corporate actions that we may undertake, such as changes to company policies, schemes or arrangements;
Analytics and profiling: we may use your information to help us understand future products that may be of use to you, to categorise your company according to our client register requirements, to fulfil our distribution and sales obligations; and
Contacting you: we use your personal information to contact you in relation to our distribution and sales obligations, to respond to any questions you have raised with us, to improve the operation of our business, and to consult with you on, or to keep you informed about, any matter of interest to you.

Whenever we process your personal information, we have to have something called a ‘legal basis’ for what we do. The different legal bases we rely on are:

Legal obligation: We are required to process your personal information by law;
Performance of a contract: We must process your personal information to comply with the Contract or Agreement;
Consent: You have told us you are happy for us to process your personal information for a specific purpose;
Legitimate interests: The processing is necessary for us to conduct our business, but not where our interests are overridden by your interests or rights;
Public information: Where we process personal information which you have already made public; and
Legal claims: The processing of your personal information is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.

Our service providers – some third parties process your personal information on our behalf but only if they meet our standards of security before doing so. We only share information that allows them to provide their services to us or to facilitate them providing their services to you.

These third parties include:
Where relevant, our professional advisors, such as lawyers and consultants;
Third party vendors who help us to manage and maintain the CasaCosta IT infrastructure;
Companies that deploy our emails and mailings for us because they need to know your details to carry out these services.


For Example:

If we are reorganised or sold to another organisation, we may transfer information we hold about you to them so they can continue to provide the Services to you.
If we are required to by law, under any rule or code of practice by which we are bound or where we are asked to do so by a public or regulatory authority;
If we need to do so in order to exercise or protect our legal rights; orIn response to requests from individuals (or their representatives) seeking to protect their rights or the rights of others

You have a number of rights under data protection legislation which, in certain circumstances, you may be able to exercise in relation to the personal information we process about you.

These include:
the right to access a copy of the personal information we hold about you;
the right to correction of inaccurate personal information we hold about you;
the right to restrict our use of your personal information; the right to be forgotten;
the right of data portability;
the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects for you or affects you in any other significant way; and
the right to object to our use of your personal information.Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time.

If you are seeking to exercise any of these rights, please contact us using the details in the “Contact Us” section below.

We will keep your personal information for the purposes set out in this privacy policy and in accordance with the law and relevant regulations. We will never retain your personal information for longer than is necessary.

We take protecting your personal information seriously and are continuously developing our security systems and processes. Some of the controls we have in place are:

We limit physical access to our buildings and user access to our systems to only those that we believe are entitled to be there;
We use technology controls for our information systems, such as firewalls, user verification, strong data encryption, and separation of roles, systems & data;
Systems are proactively monitored through a “detect and respond” information security function;
We utilise industry “good practice” standards to support the maintenance of a robust information security management system; and
We enforce a “need to know” policy, for access to any data or systems.

Cookies are small text files that websites can send to your computer. A cookie can be thought of as your online ID card, which tells our site info about your order and user details. Cookies are not computer programs and can’t read other information saved on your hard drive. They cannot be used to spread viruses, or get a user’s e-mail address etc. They only contain and transfer to the website as much information as the users themselves have disclosed to that website.

If you would like to exercise one of your rights as set out in the “Your rights” section above, or you have a question or a complaint about this policy, or the way your personal information is processed, please contact us by post:

Data Processor, CasaCosta Ltd, c/o MainCourseAssociates, 17 Hanover Square, London, W1S 1BN.

You also have the right to lodge a complaint with the UK regulator, the Information Commissioner. Go to to find out more.

This privacy policy was most recently updated in June 2020. If we make changes to it, then we will take appropriate steps to bring those changes to your attention.