Introduction
The General Data Protection Regulation harmonises data privacy laws across Europe to protect and empower all EU citizens and introduces the most stringent data protection regulation in the world covering Personal Data. The regulations mean:
- Individuals have greater control over their personal data
- Individuals can control who is permitted to contact them, how and what for
- Individuals can change their mind at any time
- Potentially large financial penalties for breaches of data security
- Personal Data is any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. Identifiers include a wide range of information, reference numbers, and online information and includes electronic and hard copy information and automated and manual systems.
Hawksmoor Investment Management Ltd (“Hawksmoor”) is committed to protecting private data and we will keep personal data confidential unless we are required to disclose it by law or regulation. Hawksmoor acts as Data Controller and Data Processor for this information.
This privacy statement explains what information we collect from individuals, how we use any information, who we may share it with and why, the rights about the information disclosed to us and the way we protect your privacy.
We will review and update our policy within the regulations in force, from time to time, continued access to our service indicates an individual’s agreement to any changes.
Use of Personal Data
The law permits the use of personal data for restricted legal purposes as follows
a) Contractual – to fulfil contracts – it is necessary to provide the product or service agreed
b) Legal Duty – to meet our legal or regulatory obligations e.g. under the Financial Services and Markets Act and the rules of the Financial Conduct Authority
c) Legitimate Interests – when Hawksmoor has a business or commercial reason to use the personal data which does not unfairly use this information against the best interests of the data subject
d) Consent – clear unambiguous and informed consent to holding the personal data
e) Vital Interest – to protect life
f) Public task
Hawksmoor uses Personal Data as permitted under the legal bases a – c above to provide services and comply with regulatory requirements and to ensure clients and contacts are fully informed of Hawksmoor services and service developments. If Hawksmoor wants to hold Personal Data for other purposes it will seek affirmative consent in advance and give an explanation of why it wants to hold the information and for what specific purpose.
If data subjects do not wish us to collect and use their personal information in this way, and inform us of their wishes, we will not use the personal data but it may mean that we will be unable to provide our products and services.
Types of Personal Data collected by Hawksmoor
We collect information about individuals when they enquire about or sign up to one of our products or services:
- Name, address, date of birth and contact details
- Other people e.g. joint applicants or beneficiaries
- Bank details
- Financial Position, status and history
- Personal information on education, work, retirement plans, life ambitions
- Financial responsibilities and dependents
- National Identifiers e.g. HMRC reference, National Insurance number
- Tax status
- Documents in different formats or copies of them e.g. passport, bank statements
- Special Types of data of a sensitive nature if relevant to Hawksmoor services e.g. health matters where relevant to your planning and investment horizon and expectations
- Contact details re meetings, phones calls, emails and letters
- Via cookies when you visit our website
- Transaction data
Children, e.g. where a child is named as a beneficiary on the account taken out by a parent or guardian on their behalf. In these cases, we will collect only the information required to identify the child (name, age and gender).
Sources of Personal Data
We collect information directly from you and a variety of sources, including:
- Hawksmoor forms e.g. application forms, Personal Investment Risk Questionnaires for a product or service
- Phone conversations
- Correspondence
- Meetings with a member of our team or your financial advisers
- Attending one of our events or webinars
- Our online services such as websites, social media and mobile device application (Apps)
- Job applicants and our current and former employees
- In customer surveys
- Social media username, if there is interaction with us through those channels, to help us respond to comments, questions or feedback
If appropriate financial advisers will have provided us with a lot of personal information on your behalf.
Disclosure of Personal Data
We may share personal data with companies within Hawksmoor Group Ltd and with a limited number of other organisations where necessary to provide Hawksmoor’s products and services and where required by regulation or law:
- Agents and advisers who we use to help run client accounts and services, e.g. BNY Pershing Securities for portfolio management clients
- HM Revenue & Customs
- Our regulators e.g. Financial Conduct Authority (FCA), and the Information Commissioner’s Office for the UK (ICO)
- UK Financial Compensation Scheme
- Law enforcement agencies, credit and identity check agencies for the prevention and detection of crime
- Independent Financial Advisers
- Other organisations the data subject asks us to share the personal data with
We never sell personal data to other organisations or individuals. We will process personal data lawfully and keep your information safe and secure.
We may also share the information if the corporate structure of Hawksmoor changes in the future, for example:
- We may choose to sell, transfer or merge parts of our business, or our assets.
- We may seek to acquire other businesses or merge with them
- During such process, we may share your data with other parties. We will only do this if they agree to keep your data safe and protected and are subject to UK Privacy regulation or overseas equivalent
- If the changes to HIM happen, then other parties may use your data in the same way as set out in this statement.
Processing Personal Data
All personal data is processed within the UK, and the European Economic Area (EEA).
We will only send your data outside the EEA to:
- Follow data subject instructions
- Comply with legal requirements
- Work with our agents and advisers used to provide our services to you
If the data is transferred outside the UK and the EEA it will only be to countries that provide equivalent data privacy laws or are part of international privacy standards organisations to enforce equivalent privacy standards e.g. the Privacy Shield framework between the EEA and USA.
Protection of Personal Data
Hawksmoor Investment Management Ltd complies with our obligations in taking information and system security seriously at all times.
We have stringent controls in place to help protect Personal Data and to minimise loss or damage through accident, negligence of deliberate actions. Our employees receive annual training to help protect sensitive or confidential information.
Our security controls are in line with industry standards, alongside our own internal policies and procedures to manage risks to the confidentiality, integrity and availability of your information.
Personal Data Retention
We will keep your personal information for as long as you are a client of Hawksmoor. After our relationship with you has ceased, we may keep your data for up to 7 years to meet our legal or regulatory obligations or if we have a technical issue.
Individual Rights
Under GDPR, Data Subjects (i.e. you) have the following rights in relation to how Hawksmoor uses your information. They are:
- Right of access
A right of access to your personal data, if a data subject would like to receive a copy of the personal information we hold, by making a data subject access to our Privacy Officer. - Right to rectification
The right to have personal data rectified if it is inaccurate or incomplete and the ability to request information to be deleted or removed if there is not a compelling reason for Hawksmoor to continue to have it - Right to restrict processing
The right to request to block or suppress the processing of personal information for certain reasons. If the request meets the necessary conditions for restriction it means that we are still permitted to keep the personal data – but only to ensure that we don’t use it in the future for those reasons you have restricted - Right to data portability
The right to ask for a copy of personal data to use across different services. In certain circumstances, data subjects may request to move, copy to transfer the personal information we hold to another company in a safe and secure way. E.g. if moving your account to a different investment manager - Right to object
The right to object to Hawksmoor processing personal data if it is held on legitimate interest of the performance of a task in the public interest/exercise of official authority (including profiling), if we did direct marketing and if we were using scientific/historical research and statistics - Rights related to automatic decision making including profiling
Hawksmoor does not currently use any automatic decision making or profiling processes
Cookies
Cookies are small text files that are placed on your computer by websites. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
When someone visits www.hawksmoorim.co.uk we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We collect this information in a way, which does not identify anyone. We do not attempt to find out the identities of those visiting our website (www.hawksmoorim.co.uk). We will not associate any data gathered from this site with any personally identifying information from any source. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Website
This privacy statement applies to the personal data held by Hawksmoor and the Hawksmoor website (www.hawksmoorim.co.uk).
It does not cover links to other sites. Once you have accessed another website via one of our links you will be subject to the security and privacy policy of that site.
Telephone Calls
All telephone calls to and from Hawksmoor may be recorded, in accordance with regulatory requirements and the call records are subject to the requirements of this Privacy policy.
Changes to our Privacy Policy
We regularly review our Privacy Policy. The last review was in April 2018
If our Privacy Policy changes in any way, we will place an updated version on this page of our website.
Complaints
Protecting and keeping safe personal data in line with data protection laws is important to us. If data subjects believe that we have not handled personal data as set out in our Privacy statement, please visit our how to make a complaint page on our web site. We will do our best in making things right.
If you are still unhappy, you can complain to the ICO. Their contact details can be found on their website www.ico.org.uk
Privacy Officer
The Hawksmoor Privacy Officer is Jess De Alwis.
Privacy Officer Address
Hawksmoor Investment Management
17 Dix’s Field
Exeter EX1 1QA
United Kingdom
Tel: 01392 410180
Email: [email protected]
By accessing this site, certain information about the user, such as Internet protocol (IP) addresses, navigation through the site, the software used and the time spent, along with other similar information, will be stored. These will not specifically identify the user.
The information will be used internally only for web site traffic analysis. If the User provides unique identifying information, such as name, email and other information on forms stored on this Site, such information will be used only for statistical purposes and for communicating back with the user and will not be published for general access. We, however, assume no responsibility for the security of this information.