Your personal information

Privacy Policy

Privacy Policy

As Partners within the St. James’s Place Wealth Management Partnership, we provide personal, face to face wealth management advisory services to St. James’s Place clients. St. James’s Place acts as principal to the Partnership, and ensures that any wealth management services that we provide to you are delivered in accordance with the applicable regulatory requirements. St. James Place is also responsible for managing any complaints made by you in respect of the services we provide.

This Privacy Policy explains when and why we collect your personal information as part of our provision of wealth management services, and also explains how we use your information. If requested, we will provide you with a copy of this Privacy Policy for your records.

“We”, “Us” “Our” refers to the Partner named on this website.

Where St. James’s Place uses your personal data, for example by conducting audits of Partners and dealing with any complaints that you may have, this will be governed by St James’s Place Privacy Policy. The St. James’s Place Privacy Policy can be found https://www.sjp.co.uk/site-services/privacy

  1. About us ►
1

In order for us to deliver such financial services and deal with any correspondence that may arise, we need to collect and process personal information.  This makes us a “data controller”.

Smith Eliot Financial Management on this website will be acting as data controller of your personal information, jointly with St. James’s Place Wealth Management.

 

  1. Our processing of your personal information ►
1

Depending on our relationship with you (whether you are a prospective or existing client or a business partner), we will collect and use different personal information about you for different reasons.

Sometimes we will request or receive “special categories of personal information” (which is information relating to your health, genetic or biometric data, criminal convictions, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, and trade union membership). For example in order to better understand your current and potential future circumstances and recommend appropriate financial investments, we may need access to information about your health. Details about your health might also be needed for us to make reasonable adjustments when providing our services to you.

We also use details of any unspent criminal convictions for fraud prevention purposes.

Where you provide personal information to us about other individuals (for example, members of your family or other dependents) we will also be data controller of their personal information and responsible for protecting their personal information and using it appropriately. This notice will therefore apply to those individuals and you should refer them to this notice.

In order to make this notice as user friendly as possible, we have split it into different sections. Please click on the section below that best describes your relationship with us.

1Prospective clients►
2

This section will apply if you are a prospective client and we will need certain information about you to carry out pre-client identification and compliance checks and to set you up as a client on the St. James’s Place client relationship management system.

What personal information may we collect?

3

·         General information such as your name, address, phone numbers and email addresses, date of birth and gender.

·         Identification information including passport, driving licence, national identity card (for non-UK nationals), government issued ID verification and address verification documents such as council tax letters, bank statements and evidence of benefit entitlement.

·         Employment information such as job title, employment history and professional accreditations.

·         Financial information:

o    Bank details

o    Financial reviews (fact finds)

o    Information relating to your personal finances such as your financial liabilities and assets, income and outgoings

o    Information obtained from carrying out identification checks and checking sanction lists and politically exposed persons (PEP) screening, including bankruptcy orders.

·         Information relevant to the services we provide such as:

o    previous and current investments

o    information about your lifestyle

o    attitude to investment risk

o    existing plan details

o    objectives

o    copies of your will

o    information about any trusts you have

·         Information about your family including information about your dependants.

·         Information such as IP address and browsing history obtained through our use of cookies. You can find more information about this in our cookies policy in section 7 below.

·         Information obtained during telephone recordings.

·         Information we may have gather from publicly available sources such as the electoral roll, internet search engines and social media sites such as LinkedIn where you have been flagged as a PEP and we need to carry out enhanced due diligence.

2What special categories of personal information may we collect?
3

·         Details about any criminal convictions and any related information which have been obtained from our sanctions checks and PEP screening. This will include information relating to any offences or alleged offences you have committed or any court sentences which you are subject to.

·         We may collect details about your health which are relevant to your application (e.g. as part of a pension or income protection need we may ask you about any medical conditions that affect you to establish whether you are deemed to be a vulnerable client) or where you have disclosed such information to us because it explains your risk appetite for investments.

·         In limited circumstances, we may also collect other special categories of data as detailed on a separate consent form.

2How will we collect your personal information? ►
3

We will collect information directly from you when:

·         you enquire about or apply to receive our wealth management services; and

·         you contact us by email, telephone and through other written and verbal communications.

We will also collect your personal information from:

·         Publically available sources such as the electoral roll, court judgments, insolvency registers, internet search engines and social media sites.

·         St. James’s Place group companies who will process your personal data in accordance with their Privacy Policy which can be found at www.sjp.co.uk/site-services/privacy

2

What will we use your personal information for? ►

 

There are a number of reasons we use your personal information and for each use we need to have a “lawful basis” to do so.

We will rely on the following “Lawful Basis” when we process your “personal information”:

·         We need to use your personal information to enter into the client agreement, for example, we need to use your personal information to assess whether we can provide services to you and to set you up as a client on the St. James’s Place client relationship management system.

·         We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you and we are required to report to St. James’s Place on our relationship with you.

·         We have a valid business reason to use your personal information and which is necessary for our everyday business operations and activities, for example to keep records of investments and the reasoning behind such investments, to maintain business records, to carry out due diligence, to review our business models and undertake strategic and operational business analysis.

In each case we assess our need to use this personal information for these purposes against your rights to privacy to ensure we are protecting your rights.

When we use your “special categories of personal information”, we must have an additional “lawful basis” and we will rely on the following lawful basis in these circumstances:

·         You have given your explicit consent to our use of your special categories of personal information.  In some cases we are not able to offer you certain advice or financial products unless we have your health information.

·         There is a substantial public interest such as prevention and detection of fraud.

·         We need to use such special categories of personal information to establish, exercise or defend legal rights, such as when we are facing legal proceedings or want to bring legal proceedings ourselves.

·         It is in the substantial public interest to comply with regulatory requirements relating to unlawful acts and dishonesty – such as carrying out fraud, credit and anti-money laundering checks

3Purpose for processing ►Lawful Basis for using your personal information ►

Lawful Basis for using your  special categories of personal information

 

To verify your information.

·         It is necessary to enter into or perform your client agreement.

·         We have a valid business reason (to verify your identity).

·         You have given us your explicit consent.

·         It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).

·         We need to establish, exercise or defend legal rights.

To comply with our legal or regulatory obligations.·         We need to use your information in order to comply with our legal obligations.

·         We need to use your information in order to establish, exercise or defend legal rights.

·         It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).

To set you up as a client on client relationship management systems and to communicate with you in respect of your application and service preferences.

·         It is necessary to enter into or perform your client agreement.

·         We have a valid business reason (to establish you as a client).

·         You have given us your explicit consent.

·         It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).

For business purposes and activities including maintaining business records, file keeping and strategic business planning.·         We have a valid business reason (to run our business efficiently and effectively).

·         You have given us your explicit consent.

·         We need to use your information in order to establish, exercise or defend legal rights.

 To provide marketing information where you have provided your consent.·         You have given us your explicit consent.·         Not applicable
 To provide marketing information by post, by telephone and in other circumstances where we don’t require your consent.·         We have a valid business reason (to send you selected communications about other products and services we offer)·         Not applicable
 To provide improved quality, training and security (for example, through recorded or monitored phone calls to our contact numbers, or carrying out customer satisfaction surveys).·         We have a valid business reason (to develop and improve the products and services we offer).·         You have given us your explicit consent.

 

2Who will we share your personal information with? ►
3

We will not sell or transfer your personal information to anyone unless we have a valid purpose as set out above and we will only disclose it to the following parties:

·         Other Partners within the Partnership to provide specialist services where we do not have the authorisation to carry out certain activities such as high risk investments and you shall deal directly with that Partner for that specific advice.

·         St. James’s Place group companies, who will process your personal data in accordance with their Privacy Policy which can be found at www.sjp.co.uk/site-services/privacy.

·         Third parties who provide sanctions checking services including Experian.

·         Compliance consultants including the Consulting Consortium.

·         Financial crime and fraud detection agencies.

·         Our regulators including the Financial Conduct Authority and the Financial Ombudsman Service.

·         Selected third parties in connection with any sale, transfer or disposal of our business.

·         Our insurers.

·         The police, HMRC and other crime prevention and detection agencies.

·         Third parties including self-employed contractors who we have entered into contractual arrangements with to provide services we need to carry out our everyday business activities such as business administration, partner support specialists who assist us with day to day business operations, document management providers, back office system providers, storage warehouses, IT suppliers, actuaries, auditors, lawyers, outsourced business process management providers, our subcontractors and tax advisers.

 

1Existing clients
2

This section will apply if you currently receive wealth management services from us. This section will set out how we use your information.

 

What personal information may we collect?

3

·         General information such as your name, address, phone numbers and email addresses, date of birth and gender.

·         Identification information including passport, driving licence, national identity card (for non-UK nationals), government issued ID verification and address verification documents such as council tax letters or bank statement and evidence of benefit entitlement.

·         Employment information such as job title, employment history and professional accreditations.

·         Financial information:

o    Bank details

o    Financial reviews (fact finds)

o    Information relating to your personal finances such as your financial liabilities and assets, income and outgoings

·         Information obtained from carrying out identification checks and checking sanction lists and politically exposed persons (PEP) screening, including bankruptcy orders or where you have been flagged as a PEP.

·         Information relevant to the services we provide, such as:

o    previous and current investments

o    information about your lifestyle

o    attitude to investment risk

o    existing plan details

o    objectives

o    copies of your will

o    information about any trusts you have

·         Information contained in client review meeting records and file notes

·         Information contained in any records held by previous independent financial advisers (otherwise known as IFAs) with whom you were previously a client and which have been transferred to us when that IFA was acquired by St. James’s Place group companies.

·         Information about your family including information about your dependants.

·         Information obtained during telephone recordings where applicable.

·         Information such as IP address and browsing history obtained through our use of cookies. You can find more information about this in our cookies policy in section 7 below.

·         Your marketing preferences and details of your customer experience with us.

·         Information which we have gathered from publicly available sources such as the electoral roll, internet search engines and social media sites where you have been flagged as a PEP and we need to carry out enhanced due diligence.

2What special categories of information will we collect?
3

·         Details about any criminal convictions and any related information which have been obtained from our sanctions checks and PEP screening. This will include information relating to any offences or alleged offences you have committed or any court sentences which you are subject to.

·         We may collect details about your health which are relevant to your application (e.g. as part of a pension need we may ask you about any medical conditions that affect you to establish whether you are deemed to be a vulnerable client or where we are applying for income protection insurance we will need to ask you about any medical conditions and information about lifestyle choices such as whether you drink alcohol or smoke so that appropriate insurance can be obtained) or where you have disclosed such information to us because it explains your risk appetite for investments.

·         In limited circumstances, we may also collect other special categories of data as detailed on a separate consent form.

2How will we collect your personal information? ►
 

We will collect information directly from you when:

·         you register to receive our services and complete and return to us all applicable application forms; and

·         you contact us by email, telephone and through other written and verbal communications.

We will also collect your personal information from:

·         Publicly available sources such as the electoral roll, court judgments, insolvency registers, internet search engines and social media sites.

·         Any records held by previous independent financial advisers (otherwise known as IFAs) with whom you were previously a client and any advisers of that IFA which have been transferred to us when that IFA was acquired by St. James’s Place group companies.

·         St. James’s Place group companies.

·         Third parties such as Experian who provide anti money laundering and fraud prevention services who we have appointed to carry out electronic ID checks, sanctions and politically exposed persons checking services.

2

What will we use your personal information for? ►

 

There are a number of reasons we use your personal information and for each use we need to have a “lawful basis” to do so.

We will rely on the following “Lawful Basis” when we process your “personal information”:

·         We need to use your personal information to enter into or perform the client agreement that we hold with you. For example, we need to use your personal information to provide our services, to arrange and implement recommendations, review your ongoing suitability of current arrangements and handle claims.

·         We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you.

·         We have a valid business reason to use your personal information which is necessary for our everyday business operations and activities, for example to keep records of investments and the reasoning behind such investments, to maintain business records, to carry out due diligence, to review our business models and undertake strategic and operational business analysis.

In each case we assess our need to use this personal information for these purposes against your rights to privacy to ensure we are protecting your rights.

When we use your “special categories of personal information”, we must have an additional “lawful basis” and we will rely on the following Lawful Basis in these circumstances:

·         You have given your explicit consent to our use of your special categories of personal information.  In some cases we are not able to offer you certain advice or financial products unless we have your relevant health information.

·         There is a substantial public interest such as prevention and detection of fraud.

·         We need to use such special categories of personal information to establish, exercise or defend legal rights, such as when we are facing legal proceedings or want to bring legal proceedings ourselves.

3Purpose for processing ►Lawful Basis for using your personal information ►

Lawful Basis for using your  special categories of personal information

 

To carry out identification checks  and checks against sanction lists and politically exposed persons (PEP) screening

·         It is necessary to enter into your client agreement.

·         We have a valid business reason (to carry out necessary compliance checks).

·         We have a legal and regulatory obligation.

·         It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).

·         We need to establish, exercise or defend legal rights.

·         You have given us your explicit consent.

To verify your information throughout the course of our services.

·         It is necessary to enter into or perform your client agreement.

·         We have a legal and regulatory obligation.

·         We have a valid business reason (to verify your identity and to undertake client due diligence throughout the course of our relationship).

·         You have given us your explicit consent.

·         It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).

·         We need to establish, exercise or defend legal rights.

To set you up as a client on the St. James’s Place client relationship management system and to communicate with you in respect of your service preferences.

·         It is necessary to enter into or perform your client agreement.

·         We have a valid business reason (to establish you as a client).

·         You have given us your explicit consent.

·         It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).

To provide services in accordance with your client agreement.

·         It is necessary to enter into or perform your client agreement.

·         We have a valid business reason (to ensure that we fulfil our contractual obligations to clients).

·         You have given us your explicit consent.

·         We need to use your information in order to establish, exercise or defend legal rights.

To arrange and implement any of our recommendations e.g. investing into certain funds or arranging a product or insurance policy for you.

·         It is necessary to enter into or perform your client agreement.

·         We have a valid business reason (to ensure that we fulfil our contractual obligations to clients).

·         You have given us your explicit consent.

·         We need to use your information in order to establish, exercise or defend legal rights.

To carry out annual reviews and reviews of ongoing suitability of your current arrangements

·         It is necessary to enter into or perform your client agreement.

·         We have a valid business reason (to ensure that we are providing appropriate services according to your circumstances).

·         You have given us your explicit consent.

·         We need to use your information in order to establish, exercise or defend legal rights.

To prevent and investigate fraud.

·         It is necessary to enter into or perform your client agreement.

·         We have a valid business reason (to prevent and detect fraud and other financial crime).

·         We have a substantial public interest to prevent fraud

·         We need to use your information in order to establish, exercise or defend legal rights.

To comply with our legal or regulatory obligations.·         We need to use your information in order to comply with our legal obligations.

·         We need to use your information in order to establish, exercise or defend legal rights.

·         It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).

To communicate with you and resolve any complaints that you might have.

·         It is necessary to enter into or perform your client agreement.

·         We have a valid business reason (to communicate with you, record and investigate complaints and ensure that complaints are handled appropriately).

·         We need to use your information in order to comply with our legal and regulatory obligations.

·         We need to use your information in order to establish, exercise or defend legal rights.
To provide improved quality, training and security (for example, through recorded or monitored phone calls to our contact numbers, or carrying out customer satisfaction surveys).·         We have a valid business reason (to develop and improve the products and services we offer).·         You have given us your explicit consent.
For business purposes and activities including maintaining business records, file keeping and strategic business planning.·         We have a valid business reason (to run our business efficiently and effectively)

·         You have given us your explicit consent.

·         We need to use your information in order to establish, exercise or defend legal rights.

To apply for and claim on our own insurance.·         We have a valid business reason (to maintain appropriate insurance)·         We need to use your information in order to establish, exercise or defend legal rights.
 To provide marketing information where you have provided your consent.·         You have given us your explicit consent.·         Not applicable
 To provide marketing information by post, by telephone and in other circumstances where we don’t require your consent.·         We have a valid business reason (to send you selected communications about other products and services we offer)·         Not applicable

 

1

Clients’ family members, business associates or beneficiaries ►

 

2

This section will apply if your personal information has been provided to us by a client to explain their lifestyle and approach to investments and wealth management (for example if you are a spouse or partner, dependant mentioned in a will or trust document, another beneficiary  a business partner) and will set out how we use your information.

What personal information may we collect?

3

·         General information such as your name, address, phone numbers and email addresses, date of birth and gender.

·         Your relationship to our client.

·         Financial information relating to your financial liabilities, such as a property portfolio which is owned jointly between you and our client.

·         Any information which is relevant to the services we provide for our client.

2What special categories of personal information may we collect?
3

·         We may collect details about your physical and mental health which are relevant to your the services we provide for our client (for example where you are the client’s partner and you have a medical condition which means that you are unable to work and therefore our client has a higher need for investment return and a lower risk appetite).

·         Information contained in any records held by previous independent financial advisers (otherwise known as IFAs) with whom your family member or business associate was previously a client and which have been transferred to us when that IFA was acquired by St. James’s Place group companies.

·         In limited circumstances, we may also collect information concerning your sex life or sexual orientation for example where you are in a civil partnership with our client.

2How will we collect your personal information? ►
3

·         Directly from our client.

·         From documents directly provided to us by our client, such as wills or trust documents where you are listed as a dependant or employment related documents and you are listed as a business partner of our client.

·         From any records held by previous independent financial advisers (otherwise known as IFAs) with whom your family member or business associate was previously a client and from any advisers of that IFA which have been transferred to us when that IFA was acquired by St. James’s Place group companies.

·         St. James’s Place group companies.

2

What will we use your personal information for? ►

 

There are a number of reasons we use your personal information and for each use we need to have a “lawful basis” to do so.

We will rely on the following “Lawful Basis” when we process your “personal information”:

·         We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you.

·         We have a valid business reason to use your personal information which is necessary for our everyday business operations and activities, for example to keep records of investments and the reasoning behind such investments, to maintain business records, to carry out due diligence, to review our business models and undertake strategic and operational business analysis.

In each case we assess our need to use this personal information for these purposes against your rights to privacy to ensure we are protecting your rights.

When we use your “special categories of personal information”, we must have an additional “lawful basis” and we will rely on the following Lawful Basis in these circumstances:

·         You have given your explicit consent to our use of your special categories of personal information which may have been provided to us by your family member, spouse, partner or business associate who is our client.

·         There is a substantial public interest such as prevention and detection of fraud.

·         We need to use such special categories of personal information to establish, exercise or defend legal rights, such as when we are facing legal proceedings or want to bring legal proceedings ourselves.

3Purpose for processing ►Lawful Basis for using your personal information ►Lawful Basis for using your  special categories of personal information
To provide services to our clients·         We have a valid business reason (to fulfil our contractual obligations to our clients and advise on the most appropriate investments for their personal circumstances)·         You have given us your explicit consent and this has been provided to us by our client.
To prevent and investigate fraud.

·         We have a valid business reason (to prevent and detect fraud and other financial crime).

·         We need to use your information in order to comply with our legal obligations.

·         We have a substantial public interest to prevent fraud

·         We need to use your information in order to establish, exercise or defend legal rights.

To comply with our legal or regulatory obligations.·         We need to use your information in order to comply with our legal obligations.

·         We need to use your information in order to establish, exercise or defend legal rights.

·         It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).

For business purposes and activities including maintaining business records, file keeping and strategic business planning.·         We have a valid business reason (to run our business efficiently and effectively)

·         You have given us your explicit consent and this has been provided to us by our client.

·         We need to use your information in order to establish, exercise or defend legal rights.

 To provide marketing information where you have provided your consent.·         You have given us your explicit consent.·         Not applicable
 To provide marketing information by post, by telephone and in other circumstances where we don’t require your consent.·         We have a valid business reason (to send you selected communications about other products and services we offer)·         Not applicable

 

2

Who will we share your personal information with? ►

 

3

We will not sell or transfer your personal information to anyone unless we have a valid purpose as set out above and we will only disclose it to the following parties:

·         Other Partners within the Partnership to provide specialist services where we do not have the authorisation to carry out certain activities such as high risk investments and you shall deal directly with that Partner for that specific advice.

·         Third parties who provide a service in relation to the management of our client’s investments or facilitate the arrangement of products we recommend such as product providers, portfolio and fund managers, insurers where our client is buying income protection products. Where we have shared your personal information with these third parties, they will also be a data controller and responsible for how they use your personal information. Their uses of your personal information will be governed by their own fair processing notices.

·         St. James’s Place group companies, who will process your personal data in accordance with their Privacy Policy which can be found www.sjp.co.uk/site-services/privacy

·         Compliance consultants including the Consulting Consortium

·         Financial crime and fraud detection agencies.

·         Our regulators including the Financial Conduct Authority and the Financial Ombudsman Service.

·         Selected third parties in connection with any sale, transfer or disposal of our business.

·         Our insurers.

·         The police, HMRC and other crime prevention and detection agencies. Third parties and self-employed contractors who we have entered into contractual arrangements with to provide services we need to carry out our everyday business activities such as business administration, partner support specialists who assist us with day to day business operations, document management providers, back office system providers, secure login and email providers, storage warehouses, IT suppliers, actuaries, auditors, lawyers, outsourced business process management providers, our subcontractors and tax adviser

 

1Other business partners ►
2

If you are a business partner such as a products provider, portfolio or fund manager or contractor who carries out business functions on our behalf, this section will be relevant to you and sets out our uses of your personal information.

What personal information may we collect?

3

·         General information such as your name, address, business phone numbers and email addresses.

·         Employment information such as job title, business cards and professional accreditations.

·         Information about your clients, your employees and the services and products you offer.

·         Your bank details and information obtained from checking sanction lists and credit checks.

·         Information which we have gathered from publically available sources such as internet search engines and generally obtained as part of the due diligence process conducted by St. James’s Place group companies.

2How will we collect your information? ►
3

·         Directly from you

·         St. James’s Place group companies.

·         Publically available sources such as internet search engines.

·         From service providers who carry out sanctions checks.

2

What will we use your personal information for? ►

 

There are a number of reasons we use your personal information and for each use we need to have a “lawful basis” to do so.

We will rely on the following “Lawful Basis” when we process your “personal information”:

·         We need to use your personal information to enter into or perform the contract that we hold with you.

·         We have a legal or regulatory obligation to use such personal information. For example, we may be required to carry out certain background checks.

·         We have a valid business reason to use your personal information which is necessary for our everyday business operations and activities, for example to keep records of investments and the reasoning behind such investments, to maintain business records, to carry out due diligence, to review our business models and undertake strategic and operational business analysis including reviewing the performance of our business partners.

In each case we assess our need to use this personal information for these purposes against your rights to privacy to ensure we are protecting your rights.

 

3Purpose for processing ►Lawful Basis for using your personal information ►Lawful Basis for using your  special categories of personal information
To carry out fraud, credit and anti-money laundering checks on you

·         It is necessary to enter into a contract with you.

·         We have a valid business reason (to assess your suitability as a business partner).

·         We need to use your information in order to comply with our legal obligations.

Not applicable
To carry out due diligence on you.·         We have a valid business reason (to ensure that you can provide guarantees in terms of confidentiality and security measures you implement to protect the information we are sharing with you about our clients).Not applicable
To comply with our legal or regulatory obligations.·         We need to use your information in order to comply with our legal obligations, for example to pay your invoices for the services you have provided.Not applicable
For business purposes and activities including maintaining business records, file keeping and strategic business planning.·         We have a valid business reason (to run our business efficiently and effectively)Not applicable
 For compliance and monitoring purposes.

·         It is necessary to enter into a contract with you.

·         We have a valid business reason (to ensure we are compliant and carrying out appropriate monitoring activities).

Not applicable

  

2

Who will we share your personal information with? ►

 

3

We will not sell or transfer your personal information to anyone unless we have a valid reason as set out above and we will only disclose it to the following parties:

·         St. James’s Place group companies, who will process your personal data in accordance with their Privacy Policy which can be found https://www.sjp.co.uk/site-services/privacy.

·         Your agents or employees as appropriate.

·         Third parties who provide sanctions checking services including Experian.

·         Our regulators including the Financial Conduct Authority and the Financial Ombudsman Service.

·         Selected third parties in connection with any sale, transfer or disposal of our business.

·         Our insurers.

·         Third parties including self-employed contractors who we have entered into contractual arrangements with to provide services we need to carry out our everyday business activities such as document management providers, back office system providers, storage warehouses, IT suppliers, actuaries, auditors, lawyers, outsourced business process management providers, our subcontractors and tax advisers.

 

1Users of our website ►
2

If you use our website, this section will be relevant to you and sets out our uses of your personal information.

What personal information may we collect?

3

·         General information submitted via the website, for example where you provide your details in the contact section such as your name, contact details and company name.

·         Information such as IP address and browsing history obtained through our use of cookies. You can find more information about this in our cookies policy in section 7 below.

2How will we collect your personal information? ►
3We will collect your information directly from our website.
2

What will we use your personal information for? ►

There are a number of reasons we use your personal information and for each use we need to have a “lawful basis” to do so.

We will rely on the following “lawful basis” when we process your “personal information”:

·         We have a valid business reason to use your personal information, necessary for our everyday business operations and activities, for example to maintain business records and to monitor usage of the website.

In each case we assess our need to use this personal information for these purposes against your rights to privacy to ensure we are protecting your rights.

3Purpose for processing ►Lawful Basis for using your personal information►Lawful Basis for using your  special categories of personal information ►
To respond to any enquiries you have submitted.·         We have a business reason (to respond to your enquiries).Not applicable

 

2

Who will we share your personal information with? ►

 

3

We will not sell or transfer your personal information to anyone unless we have a valid purpose as set out above and we will only disclose it to:

·         St. James’s Place group companies, who will process your personal data in accordance with their Privacy Policy which can be found www.sjp.co.uk/site-services/privacy

·         Third parties who we have entered into contractual arrangements with to provide services we need to carry out our everyday business activities such as IT suppliers and website providers.

 

  1. What marketing activities do we carry out? ►
1

We carry out the following marketing activities depending on the relationship that we have with you:

1.     Where you are a prospective client

We will obtain your personal information from LinkedIn searches and use this information to send you letters providing information about our wealth management services that we offer which you might be interested in.

In these letters, we inform you that we will contact you via telephone to discuss our service offerings unless you notify us that you do not wish to receive such a call.

As part of our follow-up telephone call we will discuss the wealth management services we offer which you might be interested in and we will answer any questions that you may have.

Where we have obtained your personal information from a marketing list from a third party, we will have undertaken rigorous checks to verify that those third parties have obtained appropriate consent for us to market to you.

We will use also your personal information to provide you with information about our wealth management services and any newsletters and event invites where you have provided your consent for us to do so.

We will also provide you with information of St. James’s Place wealth management products and other third party products which we think may interest you where you have indicated that you would like to receive this.

2.     Where you are an existing client

We will use your personal information to provide you with information about our wealth management services and any newsletters and event invites where it is part of the ongoing wealth management services we offer or where you have provided your consent for us to do so.

We will also provide you with information of St. James’s Place wealth management products and other third party products which we think may interest you where you have consented to receive this.

General marketing practices

If you wish to opt out of marketing, you may do so by clicking on any “unsubscribe” link or responding to any marketing email communication confirming you would like to opt out or telling us when we call you. Otherwise you can always contact us using the details set out in section 12 to update your contact preferences.

Please note that, even if you opt out of receiving marketing messages, we may still send you communications in connection with the services we offer you.

 

  1. How long do we keep personal information for? ►
1

We will only keep your personal information for as long as reasonably necessary to fulfil the purposes set out in section 3 above, to comply with our legal and regulatory obligations or for as long as necessary to respond to concerns you raise with the advice you received. As a financial service firm, we are regulated by the Financial Conduct Authority (the FCA) who imposes certain record-keeping rules which we must adhere to.

 

If you would like further information regarding the periods for which your personal information will be stored, please contact us using the details set out in section 11.

 

  1. What is our approach to sending your personal information overseas ►
1

There are a small number of instances where your personal information is transferred to countries outside of the European Economic Area (“EEA“) such as when we transfer information to our other companies in the SJP group or to third party suppliers who are based outside the EEA or when third parties who act on our behalf transfer your personal information to countries outside the EEA. Where such a transfer takes place, we will take the appropriate safeguarding measures to ensure that your personal information is adequately protected. We will do so in a number of ways including:

·         entering into data transfer contracts and using specific contractual provisions that have been approved by European data protection authorities otherwise known as the “standard contractual clauses”. You can find out more about standard contractual clauses at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en;

·         we will only transfer personal information to companies in non-EEA countries who have been deemed by European data protection authorities to have adequate levels of data protection for the protection of personal information. You can find out more about this https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en

We are also entitled under European data protection laws to transfer your personal information to countries outside the EEA where it is necessary for the performance of the contract we have with you.

Depending on our relationship and your particular circumstances, we might transfer personal information anywhere in the world. An example of our regular data transfers outside the EEA is set out below:

Country of transferReason for the transferMethod we use to protect your information
Hong Kong, Singapore, ShanghaiProvision of data to international offices to support clients living overseas.We have standard contractual clauses in place

 

If you would like further information regarding our data transfers and the steps we take to safeguard your personal information, please contact us using the details set out in section 12.

 

  1. How do we protect your information?
1

At St. James’s Place, we take our responsibility to look after your personal information and privacy seriously. In today’s world, we have all seen a growing trend in cybercrime and security breaches. We have a number of security measures in place to help prevent fraud and cybercrime.

If we become aware that a personal data breach has occurred and is likely to result in a high risk to the rights and freedoms of our clients, Partners or employees, we will inform them without undue delay.

We have a dedicated group, the ‘Information Security Oversight Committee’, that provides oversight and guidance to our information security and privacy programme.

The executive body responsible for privacy and data security is the Information Security Oversight Committee (ISOC) – chaired by the Data Protection Officer. ISOC has a reporting line that enables effective escalation of issues up to the Board where appropriate.

We educate and train our employees, Partners and contractors on their information security, fraud prevention and privacy obligations annually.

Our employees, Partners and contractors take part in an annual Information Security training and awareness program and must agree to adhere to the Data Protection Act and our own Information Security Policy that are designed to keep your information safe. These are refreshed each year to reflect the current trends that are being observed across the information security landscape. Information Security awareness also forms part of our new employee induction program.

We also educate our employees in identifying potential financial crime and internal fraud; any suspicious activity is reported to our Financial Crime Prevention team.

When you login, or send us information on the internet we protect the security of this information while it is being transmitted by encrypting it using Secure Sockets Layer (SSL).

When you use your web browser to login, view or share information with us, all electronic information exchanged is encrypted using 2048bit SSL (Secure Sockets Layer) certificate. You can identify this by looking for the HTTPS:// and the padlock in the address bar at the top of your browser:

We will always interact with you in a safe, secure and consistent manner

To keep your information secure and to protect our clients from fraud, St. James’s Place will only interact with you in the following ways. If in doubt, call your St. James’s Place Partner directly or alternatively email the St. James’s Place Data Protection Office at [email protected].

When interacting with you, we will:

·         Only send funds that you have requested to be withdrawn to a verified bank account in your name.

·         Verify who you are when speaking to you on the phone, by asking you security questions.

We will not:

·         Ask you for your password over the phone.

·         Send you an unsolicited email with a link to our login page asking you to enter your Online Wealth Account credentials.

·         Ask you for payment or credit card details by email or telephone.

·         Call you to notify you of a problem, and then request you call us back immediately to discuss the problem further.

We continually review our physical and logical security controls in place across the business.

Physical controls – As well as protecting your digital information, St. James’s Place also protects their premises and physical locations where personal data may be used and stored. These measures include security guards, security entrances, secure disposal of confidential waste and hardware, CCTV, personal card access and locks on doors and file storage cabinets, with a ‘clear desk’ policy to ensure all information is locked away and protected.

Logical controls – St. James’s Place uses technical security measures to make sure our systems where we store and use personal information are protected from unauthorised access. Tools such as authentication controls, antivirus, firewalls, malware detection and back-up procedures are used across the business.

All employee emails and devices are encrypted to enable secure transfer and storage of personal information.

We conduct security testing of our applications and services in a controlled testing environment before they are made available for our clients to use on an ongoing basis.

We perform security risk assessments for each of our sites to identify and control risks.

External technical assessments are conducted by an independent external 3rd party.

Security audits and vendor due diligence are conducted on a continual basis.

We have a business resiliency plan with disaster recovery and business continuity testing.

The purpose of Business Continuity Management and the St. James’s Place Business Continuity Plan, is to provide an effective, predefined and documented framework to respond to an incident affecting the Group’s activities. The key drivers in developing the business recovery plans are;

·         To mitigate the risks that could lead to the significant disruption of our products and services to our clients.

·         To provide a recovery plan that supports a timely and full restoration of our products and services for our clients.

However, whilst we take appropriate technical and organisational measures to safeguard your Personal Information, please note that we cannot guarantee the security of any data that you transfer over the internet to us.

 

  1. Cookies
1

The St. James’s Place website uses cookies – small text files that are stored on your computer or in your browser – to help us to monitor how visitors use our site and allow us to maintain the optimum experience for website users. The website does not store or capture personal information about you when you visit it, it merely records traffic information. This means information about all of our visitors collectively, for example the number of visits the website receives. In order to respect our visitors’ rights of privacy, this information is anonymous and no individual visitor can be identified from it.

You can disable and delete cookies by changing the appropriate setting within your browser’s ‘Help’, ‘Tools’ or ‘Settings’ menu. Please note that by disabling cookies you may not benefit from some of the features of our site. You can find out more about deleting or controlling cookies by visiting About Cookies.

Facebook advertising

 

We use the “Custom Audience pixel” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our website. This allows us to track what users do after they see or click on our Facebook advertisements. This enables us to monitor the effectiveness of Facebook ads for purposes of statistics and market research. Data collected in this way is anonymous to us, which means we cannot see the personal data of individual users. However, this data is saved and processed by Facebook. Facebook can connect this data with your Facebook account and use it for its own advertising purposes, in accordance with Facebook’s Data Policy which can be found here https://www.facebook.com/about/privacy/. We also utilise Facebook Custom Audiences. Facebook Custom Audience is a remarketing and behavioural targeting service provided by Facebook, Inc. that connects the activity of this Website with the Facebook advertising network. You can allow Facebook and its partners to place ads on and outside of Facebook. A cookie can also be saved on your device for these purposes.

Please click here if you would like to withdraw your consent https://www.facebook.com/settings/?tab=ads#_=_

Facebook adhere to the Self-Regulatory Principles for Online Behavioural Advertising and participate in the opt-out programmes established by the Digital Advertising Alliance, the Digital Advertising Alliance of Canada and the European Interactive Digital Advertising Alliance. You can opt out of all participating companies through these sites.

Google Ads

We use the Google Ads remarketing service to advertise on third party websites (including Google) to previous visitors to our site. It could mean that we advertise to previous visitors who haven’t completed a task on our site, for example using the contact form to make an enquiry. This could be in the form of an advertisement on the Google search results page, or a site in the Google Display Network. Third-party vendors, including Google, use cookies to serve ads based on someone’s past visits to the sjp.co.uk website. Of course, any data collected will be used in accordance with our own privacy policy and Google’s privacy policy. To opt out of Google’s use of cookies or device identifiers visit Google’s Ads Settings. To opt out of third-party vendor’s use of cookies visit the Network Advertising Initiative opt-out page or control the use of device identifiers by using your device’s settings.

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices (in particular device’s IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link.

You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.

Please view our full Cookie policy here.

   

  1. Google Analytics
1

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies (text files placed on your computer) to help the website operators analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.

In addition, we use Google’s remarketing technology to advertise online. In doing so, Google will place or read a unique ad-serving cookie on your computer and will use non-personal information about your browser and your activity on our sites to serve ads on their content network. Please click here for more information about remarketing or to opt-out of the Google remarketing cookie.

We will only collect personal information about you if you send us an e-mail enquiry via the ‘contact us’ facility or you register to receive your Unit Trust Manager’s Reports by email. In order for this to happen, you will need to fill out the online ‘contact us’ form or complete the registration details. The type of information being collected for an enquiry will be apparent from the layout of the ‘contact us’ form, which also tells you how this information will be used. The type of information collected to register to receive the Unit Trust Manager’s Reports by email will be apparent from the details requested when you register. The information collected when you register will only be used to email your Unit Trust Manager’s Reports and for no other reason.

We take all reasonable precautions to protect our visitors’ information, both on and off line. If your personal information changes, please let us know and we will correct, update or remove any information that we hold about you on our active databases. We may however need to retain archive copies of that personal information for legal or audit purposes. If you have any queries regarding the way in which St. James’s Place handles data collected from you on this website, please visit the contact us page.

 

By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out in the above four paragraphs.

 

  1. Monitoring
1Please note that if you communicate with us electronically, including by e-mail, telephone or fax, this communication may be randomly monitored and/or recorded to protect the interests of our business and our customers. This includes for the purposes of maintaining customer/service quality standards, detection of and/or prevention of crime and to ensure that St. James’s Place employees comply with legal obligations and St. James’s Place policies and procedures (including our customer relations practices).

 

  1. Hyperlinks
1We may provide hyperlinks from this web site (‘the Site’) to web sites of other organisations including websites of associated companies. Please note that this Privacy Policy applies only to this Site and that St. James’s Place will not liable for the contents of linked web sites or any transactions carried out with organisations operating those web sites.

 

  1. Your rights ►
1

You have several rights which you can exercise at any time relating to the personal information that we hold about you and use in the ways set out in this notice. Please contact us at any time using the details set out in section 12 if you wish to exercise these rights; we will not usually charge you.

We respect your rights and will always consider and assess them but please be aware that there may be some instances where we cannot comply with a request that you make as the consequence might be that:

·         in doing so we could not comply with our own legal or regulatory requirements for example we are under obligations to hold records of our dealings with you for certain periods of time; or

·         in doing so we could not provide services to you and would have to cancel your client agreement, for example we could not enter into investments on your behalf if we had deleted your personal information.

We will of course inform you if any of the above situations arise and if we are unable to comply with your request.

1·         The right to access your personal information
2

You are entitled to a copy of the personal information we hold about you and certain details of how we use it.

We are happy to provide you with such details but in the interests of confidentiality, we follow strict disclosure procedures which may mean that we will require proof of identify from you prior to disclosing such information.

We will usually provide your personal information to you in writing unless you request otherwise. Where your request has been made electronically (e.g. by email), a copy of your personal information will be provided to you by electronic means where possible.

It would be helpful if could please complete the Data Subject Request Form [insert details of where this can be accessed] to request a copy of the information we hold so that we can ensure we have all the relevant information we need to appropriately respond to your request.

1·         The right to rectification
2Please help us to keep your personal information accurate and up to date so if you believe that there are any inaccuracies, discrepancies or gaps in the information we hold about you, please contact us and ask us to update or amend it.
2·         The right to restriction of processing
1In certain circumstances, you have the right to ask us to stop using your personal information, for example where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to use your personal information.
2·         The right to withdraw your consent
1Where we rely on your consent to process your personal information, you have the right to withdraw such consent to further use of your personal information.
1·         The right to erasure
2You are entitled to request your personal information to be deleted in certain circumstances such as where we no longer need your personal information for the purpose we originally collected it. When you exercise this right, we need to consider other factors such as our own regulatory obligation, to assess whether we can comply with your request.
1·         The right to object to direct marketing
2

You have a choice about whether or not you wish to receive marketing information from us and you have the right to request that we stop sending you marketing messages at any time.  You can do this either by clicking on the “unsubscribe” button in any email that we send to you or by contacting us using the details set out in section 8.

Please note that, even if you opt out of receiving marketing messages, we may still send you communications which are relevant to the nature of services we offer you.

1·         The right to object to processing
2In certain circumstances, where we only process your personal data because we have a legitimate business need to do so, you have the right to object to our processing of your personal data.
1·         The right to data portability
2

In certain circumstances, you can request that we transfer personal information that you have provided to us to a third party.

When you exercise this right, we need to consider other factors such as our own regulatory obligations, to assess whether we can comply with your request

1·         Rights relating to automated decision-making
2We do not carry out any automated decision making to provide products and services to you.
1·         The right to make a complaint with the ICO ►
2

If you believe that we have breached data protection laws when using your personal information, you have a right to complain to the Information Commissioner’s Office (ICO).

You can visit the ICO’s website at https://ico.org.uk/ for more information.  Please note that lodging a complaint will not affect any other legal rights or remedies that you have.

  1. Contacting us ►
1

If you would like any further information about any of the matters in this notice or if you have any other questions about how we collect, store or use your personal information, you may contact our St. James’s Place Data Protection Officer at St. James’s Place plc, St. James’s Place House, 1 Tetbury Road, Cirencester, Gloucestershire, GL7 1FP, United Kingdom, [email protected] and 01285718453.

 

 

  1. Updates to this notice ►
1

From time to time we may need to make changes to this notice, for example, as the result of changes to law, technologies, or other developments. We will provide you with the most up to date notice.

This notice was last updated on (26/01/21)

Privacy Policy

As Partners within the St. James’s Place Wealth Management Partnership, we provide personal, face to face wealth management advisory services to St. James’s Place clients. St. James’s Place acts as principal to the Partnership, and ensures that any wealth management services that we provide to you are delivered in accordance with the applicable regulatory requirements. St. James Place is also responsible for managing any complaints made by you in respect of the services we provide.

This Privacy Policy explains when and why we collect your personal information as part of our provision of wealth management services, and also explains how we use your information. If requested, we will provide you with a copy of this Privacy Policy for your records.

“We”, “Us” “Our” refers to the Partner named on this website.

Where St. James’s Place uses your personal data, for example by conducting audits of Partners and dealing with any complaints that you may have, this will be governed by St James’s Place Privacy Policy. The St. James’s Place Privacy Policy can be found https://www.sjp.co.uk/site-services/privacy

  1. About us ►
1

In order for us to deliver such financial services and deal with any correspondence that may arise, we need to collect and process personal information. This makes us a “data controller”.

Smith Eliot Financial Management on this website will be acting as data controller of your personal information, jointly with St. James’s Place Wealth Management.

  1. Our processing of your personal information ►
1

Depending on our relationship with you (whether you are a prospective or existing client or a business partner), we will collect and use different personal information about you for different reasons.

Sometimes we will request or receive “special categories of personal information” (which is information relating to your health, genetic or biometric data, criminal convictions, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, and trade union membership). For example in order to better understand your current and potential future circumstances and recommend appropriate financial investments, we may need access to information about your health. Details about your health might also be needed for us to make reasonable adjustments when providing our services to you.

We also use details of any unspent criminal convictions for fraud prevention purposes.

Where you provide personal information to us about other individuals (for example, members of your family or other dependents) we will also be data controller of their personal information and responsible for protecting their personal information and using it appropriately. This notice will therefore apply to those individuals and you should refer them to this notice.

In order to make this notice as user friendly as possible, we have split it into different sections. Please click on the section below that best describes your relationship with us.

1Prospective clients►
2

This section will apply if you are a prospective client and we will need certain information about you to carry out pre-client identification and compliance checks and to set you up as a client on the St. James’s Place client relationship management system.

What personal information may we collect?

3

·         General information such as your name, address, phone numbers and email addresses, date of birth and gender.

·         Identification information including passport, driving licence, national identity card (for non-UK nationals), government issued ID verification and address verification documents such as council tax letters, bank statements and evidence of benefit entitlement.

·         Employment information such as job title, employment history and professional accreditations.

·         Financial information:

o    Bank details

o    Financial reviews (fact finds)

o    Information relating to your personal finances such as your financial liabilities and assets, income and outgoings

o    Information obtained from carrying out identification checks and checking sanction lists and politically exposed persons (PEP) screening, including bankruptcy orders.

·         Information relevant to the services we provide such as:

o    previous and current investments

o    information about your lifestyle

o    attitude to investment risk

o    existing plan details

o    objectives

o    copies of your will

o    information about any trusts you have

·         Information about your family including information about your dependants.

·         Information such as IP address and browsing history obtained through our use of cookies. You can find more information about this in our cookies policy in section 7 below.

·         Information obtained during telephone recordings.

·         Information we may have gather from publicly available sources such as the electoral roll, internet search engines and social media sites such as LinkedIn where you have been flagged as a PEP and we need to carry out enhanced due diligence.

2What special categories of personal information may we collect?
3

·         Details about any criminal convictions and any related information which have been obtained from our sanctions checks and PEP screening. This will include information relating to any offences or alleged offences you have committed or any court sentences which you are subject to.

·         We may collect details about your health which are relevant to your application (e.g. as part of a pension or income protection need we may ask you about any medical conditions that affect you to establish whether you are deemed to be a vulnerable client) or where you have disclosed such information to us because it explains your risk appetite for investments.

·         In limited circumstances, we may also collect other special categories of data as detailed on a separate consent form.

2How will we collect your personal information? ►
3

We will collect information directly from you when:

·         you enquire about or apply to receive our wealth management services; and

·         you contact us by email, telephone and through other written and verbal communications.

We will also collect your personal information from:

·         Publically available sources such as the electoral roll, court judgments, insolvency registers, internet search engines and social media sites.

·         St. James’s Place group companies who will process your personal data in accordance with their Privacy Policy which can be found at www.sjp.co.uk/site-services/privacy

2

What will we use your personal information for? ►

 

There are a number of reasons we use your personal information and for each use we need to have a “lawful basis” to do so.

We will rely on the following “Lawful Basis” when we process your “personal information”:

·         We need to use your personal information to enter into the client agreement, for example, we need to use your personal information to assess whether we can provide services to you and to set you up as a client on the St. James’s Place client relationship management system.

·         We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you and we are required to report to St. James’s Place on our relationship with you.

·         We have a valid business reason to use your personal information and which is necessary for our everyday business operations and activities, for example to keep records of investments and the reasoning behind such investments, to maintain business records, to carry out due diligence, to review our business models and undertake strategic and operational business analysis.

In each case we assess our need to use this personal information for these purposes against your rights to privacy to ensure we are protecting your rights.

When we use your “special categories of personal information”, we must have an additional “lawful basis” and we will rely on the following lawful basiss in these circumstances:

·         You have given your explicit consent to our use of your special categories of personal information. In some cases we are not able to offer you certain advice or financial products unless we have your health information.

·         There is a substantial public interest such as prevention and detection of fraud.

·         We need to use such special categories of personal information to establish, exercise or defend legal rights, such as when we are facing legal proceedings or want to bring legal proceedings ourselves.

·         It is in the substantial public interest to comply with regulatory requirements relating to unlawful acts and dishonesty – such as carrying out fraud, credit and anti-money laundering checks

3Purpose for processing ►Lawful Basis for using your personal information ►

Lawful Basis for using your  special categories of personal information

 

To verify your information.

·         It is necessary to enter into or perform your client agreement.

·         We have a valid business reason (to verify your identity).

·         You have given us your explicit consent.

·         It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).

·         We need to establish, exercise or defend legal rights.

To comply with our legal or regulatory obligations.·         We need to use your information in order to comply with our legal obligations.

·         We need to use your information in order to establish, exercise or defend legal rights.

·         It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).

To set you up as a client on client relationship management systems and to communicate with you in respect of your application and service preferences.

·         It is necessary to enter into or perform your client agreement.

·         We have a valid business reason (to establish you as a client).

·         You have given us your explicit consent.

·         It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).

For business purposes and activities including maintaining business records, file keeping and strategic business planning.·         We have a valid business reason (to run our business efficiently and effectively).

·         You have given us your explicit consent.

·         We need to use your information in order to establish, exercise or defend legal rights.

 To provide marketing information where you have provided your consent.·         You have given us your explicit consent.·         Not applicable
 To provide marketing information by post, by telephone and in other circumstances where we don’t require your consent.·         We have a valid business reason (to send you selected communications about other products and services we offer)·         Not applicable
 To provide improved quality, training and security (for example, through recorded or monitored phone calls to our contact numbers, or carrying out customer satisfaction surveys).·         We have a valid business reason (to develop and improve the products and services we offer).·         You have given us your explicit consent.
2Who will we share your personal information with? ►
3

We will not sell or transfer your personal information to anyone unless we have a valid purpose as set out above and we will only disclose it to the following parties:

·         Other Partners within the Partnership to provide specialist services where we do not have the authorisation to carry out certain activities such as high risk investments and you shall deal directly with that Partner for that specific advice.

·         St. James’s Place group companies, who will process your personal data in accordance with their Privacy Policy which can be found at www.sjp.co.uk/site-services/privacy.

·         Third parties who provide sanctions checking services including Experian.

·         Compliance consultants including the Consulting Consortium.

·         Financial crime and fraud detection agencies.

·         Our regulators including the Financial Conduct Authority and the Financial Ombudsman Service.

·         Selected third parties in connection with any sale, transfer or disposal of our business.

·         Our insurers.

·         The police, HMRC and other crime prevention and detection agencies. Third parties including self-employed contractors who we have entered into contractual arrangements with to provide services we need to carry out our everyday business activities such as business administration, partner support specialists who assist us with day to day business operations, document management providers, back office system providers, storage warehouses, IT suppliers, actuaries, auditors, lawyers, outsourced business process management providers, our subcontractors and tax advisers.

1Existing clients
2

This section will apply if you currently receive wealth management services from us. This section will set out how we use your information.

 

What personal information may we collect?

3

·         General information such as your name, address, phone numbers and email addresses, date of birth and gender.

·         Identification information including passport, driving licence, national identity card (for non-UK nationals), government issued ID verification and address verification documents such as council tax letters or bank statement and evidence of benefit entitlement.

·         Employment information such as job title, employment history and professional accreditations.

·         Financial information:

o    Bank details

o    Financial reviews (fact finds)

o    Information relating to your personal finances such as your financial liabilities and assets, income and outgoings

·         Information obtained from carrying out identification checks and checking sanction lists and politically exposed persons (PEP) screening, including bankruptcy orders or where you have been flagged as a PEP.

·         Information relevant to the services we provide, such as:

o    previous and current investments

o    information about your lifestyle

o    attitude to investment risk

o    existing plan details

o    objectives

o    copies of your will

o    information about any trusts you have

·         Information contained in client review meeting records and file notes

·         Information contained in any records held by previous independent financial advisers (otherwise known as IFAs) with whom you were previously a client and which have been transferred to us when that IFA was acquired by St. James’s Place group companies.

·         Information about your family including information about your dependants.

·         Information obtained during telephone recordings where applicable.

·         Information such as IP address and browsing history obtained through our use of cookies. You can find more information about this in our cookies policy in section 7 below.

·         Your marketing preferences and details of your customer experience with us.

·         Information which we have gathered from publicly available sources such as the electoral roll, internet search engines and social media sites where you have been flagged as a PEP and we need to carry out enhanced due diligence.

2What special categories of information will we collect?
3

·         Details about any criminal convictions and any related information which have been obtained from our sanctions checks and PEP screening. This will include information relating to any offences or alleged offences you have committed or any court sentences which you are subject to.

·         We may collect details about your health which are relevant to your application (e.g. as part of a pension need we may ask you about any medical conditions that affect you to establish whether you are deemed to be a vulnerable client or where we are applying for income protection insurance we will need to ask you about any medical conditions and information about lifestyle choices such as whether you drink alcohol or smoke so that appropriate insurance can be obtained) or where you have disclosed such information to us because it explains your risk appetite for investments.

·         In limited circumstances, we may also collect other special categories of data as detailed on a separate consent form.

2How will we collect your personal information? ►
 

We will collect information directly from you when:

·         you register to receive our services and complete and return to us all applicable application forms; and

·         you contact us by email, telephone and through other written and verbal communications.

We will also collect your personal information from:

·         Publicly available sources such as the electoral roll, court judgments, insolvency registers, internet search engines and social media sites.

·         Any records held by previous independent financial advisers (otherwise known as IFAs) with whom you were previously a client and any advisers of that IFA which have been transferred to us when that IFA was acquired by St. James’s Place group companies.

·         St. James’s Place group companies.

·         Third parties such as Experian who provide anti money laundering and fraud prevention services who we have appointed to carry out electronic ID checks, sanctions and politically exposed persons checking services.

2

What will we use your personal information for? ►

 

There are a number of reasons we use your personal information and for each use we need to have a “lawful basis” to do so.

We will rely on the following “Lawful Basis” when we process your “personal information”:

·         We need to use your personal information to enter into or perform the client agreement that we hold with you. For example, we need to use your personal information to provide our services, to arrange and implement recommendations, review your ongoing suitability of current arrangements and handle claims.

·         We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you.

·         We have a valid business reason to use your personal information which is necessary for our everyday business operations and activities, for example to keep records of investments and the reasoning behind such investments, to maintain business records, to carry out due diligence, to review our business models and undertake strategic and operational business analysis.

In each case we assess our need to use this personal information for these purposes against your rights to privacy to ensure we are protecting your rights.

When we use your “special categories of personal information”, we must have an additional “lawful basis” and we will rely on the following Lawful Basis in these circumstances:

·         You have given your explicit consent to our use of your special categories of personal information.  In some cases we are not able to offer you certain advice or financial products unless we have your relevant health information.

·         There is a substantial public interest such as prevention and detection of fraud.

·         We need to use such special categories of personal information to establish, exercise or defend legal rights, such as when we are facing legal proceedings or want to bring legal proceedings ourselves.

3Purpose for processing ►Lawful Basis for using your personal information ►

Lawful Basis for using your  special categories of personal information

 

To carry out identification checks  and checks against sanction lists and politically exposed persons (PEP) screening

·         It is necessary to enter into your client agreement.

·         We have a valid business reason (to carry out necessary compliance checks).

·         We have a legal and regulatory obligation.

·         It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).

·         We need to establish, exercise or defend legal rights.

·         You have given us your explicit consent.

To verify your information throughout the course of our services.

·         It is necessary to enter into or perform your client agreement.

·         We have a legal and regulatory obligation.

·         We have a valid business reason (to verify your identity and to undertake client due diligence throughout the course of our relationship).

·         You have given us your explicit consent.

·         It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).

·         We need to establish, exercise or defend legal rights.

To set you up as a client on the St. James’s Place client relationship management system and to communicate with you in respect of your service preferences.

·         It is necessary to enter into or perform your client agreement.

·         We have a valid business reason (to establish you as a client).

·         You have given us your explicit consent.

·         It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).

To provide services in accordance with your client agreement.

·         It is necessary to enter into or perform your client agreement.

·         We have a valid business reason (to ensure that we fulfil our contractual obligations to clients).

·         You have given us your explicit consent.

·         We need to use your information in order to establish, exercise or defend legal rights.

To arrange and implement any of our recommendations e.g. investing into certain funds or arranging a product or insurance policy for you.

·         It is necessary to enter into or perform your client agreement.

·         We have a valid business reason (to ensure that we fulfil our contractual obligations to clients).

·         You have given us your explicit consent.

·         We need to use your information in order to establish, exercise or defend legal rights.

To carry out annual reviews and reviews of ongoing suitability of your current arrangements

·         It is necessary to enter into or perform your client agreement.

·         We have a valid business reason (to ensure that we are providing appropriate services according to your circumstances).

·         You have given us your explicit consent.

·         We need to use your information in order to establish, exercise or defend legal rights.

To prevent and investigate fraud.

·         It is necessary to enter into or perform your client agreement.

·         We have a valid business reason (to prevent and detect fraud and other financial crime).

·         We have a substantial public interest to prevent fraud

·         We need to use your information in order to establish, exercise or defend legal rights.

To comply with our legal or regulatory obligations.·         We need to use your information in order to comply with our legal obligations.

·         We need to use your information in order to establish, exercise or defend legal rights.

·         It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).

To communicate with you and resolve any complaints that you might have.

·         It is necessary to enter into or perform your client agreement.

·         We have a valid business reason (to communicate with you, record and investigate complaints and ensure that complaints are handled appropriately).

·         We need to use your information in order to comply with our legal and regulatory obligations.

·         We need to use your information in order to establish, exercise or defend legal rights.
To provide improved quality, training and security (for example, through recorded or monitored phone calls to our contact numbers, or carrying out customer satisfaction surveys).·         We have a valid business reason (to develop and improve the products and services we offer).·         You have given us your explicit consent.
For business purposes and activities including maintaining business records, file keeping and strategic business planning.·         We have a valid business reason (to run our business efficiently and effectively)

·         You have given us your explicit consent.

·         We need to use your information in order to establish, exercise or defend legal rights.

To apply for and claim on our own insurance.·         We have a valid business reason (to maintain appropriate insurance)·         We need to use your information in order to establish, exercise or defend legal rights.
 To provide marketing information where you have provided your consent.·         You have given us your explicit consent.·         Not applicable
 To provide marketing information by post, by telephone and in other circumstances where we don’t require your consent.·         We have a valid business reason (to send you selected communications about other products and services we offer)·         Not applicable
1

Clients’ family members, business associates or beneficiaries ►

 

2

This section will apply if your personal information has been provided to us by a client to explain their lifestyle and approach to investments and wealth management (for example if you are a spouse or partner, dependant mentioned in a will or trust document, another beneficiary  a business partner) and will set out how we use your information.

What personal information may we collect?

3

·         General information such as your name, address, phone numbers and email addresses, date of birth and gender.

·         Your relationship to our client.

·         Financial information relating to your financial liabilities, such as a property portfolio which is owned jointly between you and our client.

·         Any information which is relevant to the services we provide for our client.

2What special categories of personal information may we collect?
3

·         We may collect details about your physical and mental health which are relevant to your the services we provide for our client (for example where you are the client’s partner and you have a medical condition which means that you are unable to work and therefore our client has a higher need for investment return and a lower risk appetite).

·         Information contained in any records held by previous independent financial advisers (otherwise known as IFAs) with whom your family member or business associate was previously a client and which have been transferred to us when that IFA was acquired by St. James’s Place group companies.

·         In limited circumstances, we may also collect information concerning your sex life or sexual orientation for example where you are in a civil partnership with our client.

2How will we collect your personal information? ►
3

·         Directly from our client.

·         From documents directly provided to us by our client, such as wills or trust documents where you are listed as a dependant or employment related documents and you are listed as a business partner of our client.

·         From any records held by previous independent financial advisers (otherwise known as IFAs) with whom your family member or business associate was previously a client and from any advisers of that IFA which have been transferred to us when that IFA was acquired by St. James’s Place group companies.

·         St. James’s Place group companies.

2

What will we use your personal information for? ►

 

There are a number of reasons we use your personal information and for each use we need to have a “lawful basis” to do so.

We will rely on the following “Lawful Basis” when we process your “personal information”:

·         We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you.

·         We have a valid business reason to use your personal information which is necessary for our everyday business operations and activities, for example to keep records of investments and the reasoning behind such investments, to maintain business records, to carry out due diligence, to review our business models and undertake strategic and operational business analysis.

In each case we assess our need to use this personal information for these purposes against your rights to privacy to ensure we are protecting your rights.

When we use your “special categories of personal information”, we must have an additional “lawful basis” and we will rely on the following Lawful Basis in these circumstances:

·         You have given your explicit consent to our use of your special categories of personal information which may have been provided to us by your family member, spouse, partner or business associate who is our client.

·         There is a substantial public interest such as prevention and detection of fraud.

·         We need to use such special categories of personal information to establish, exercise or defend legal rights, such as when we are facing legal proceedings or want to bring legal proceedings ourselves.

3Purpose for processing ►Lawful Basis for using your personal information ►Lawful Basis for using your  special categories of personal information
To provide services to our clients·         We have a valid business reason (to fulfil our contractual obligations to our clients and advise on the most appropriate investments for their personal circumstances)·         You have given us your explicit consent and this has been provided to us by our client.
To prevent and investigate fraud.

·         We have a valid business reason (to prevent and detect fraud and other financial crime).

·         We need to use your information in order to comply with our legal obligations.

·         We have a substantial public interest to prevent fraud

·         We need to use your information in order to establish, exercise or defend legal rights.

To comply with our legal or regulatory obligations.·         We need to use your information in order to comply with our legal obligations.

·         We need to use your information in order to establish, exercise or defend legal rights.

·         It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).

For business purposes and activities including maintaining business records, file keeping and strategic business planning.·         We have a valid business reason (to run our business efficiently and effectively)

·         You have given us your explicit consent and this has been provided to us by our client.

·         We need to use your information in order to establish, exercise or defend legal rights.

 To provide marketing information where you have provided your consent.·         You have given us your explicit consent.·         Not applicable
 To provide marketing information by post, by telephone and in other circumstances where we don’t require your consent.·         We have a valid business reason (to send you selected communications about other products and services we offer)·         Not applicable
2

Who will we share your personal information with? ►

 

3

We will not sell or transfer your personal information to anyone unless we have a valid purpose as set out above and we will only disclose it to the following parties:

·         Other Partners within the Partnership to provide specialist services where we do not have the authorisation to carry out certain activities such as high risk investments and you shall deal directly with that Partner for that specific advice.

·         Third parties who provide a service in relation to the management of our client’s investments or facilitate the arrangement of products we recommend such as product providers, portfolio and fund managers, insurers where our client is buying income protection products. Where we have shared your personal information with these third parties, they will also be a data controller and responsible for how they use your personal information. Their uses of your personal information will be governed by their own fair processing notices.

·         St. James’s Place group companies, who will process your personal data in accordance with their Privacy Policy which can be found www.sjp.co.uk/site-services/privacy

·         Compliance consultants including the Consulting Consortium

·         Financial crime and fraud detection agencies.

·         Our regulators including the Financial Conduct Authority and the Financial Ombudsman Service.

·         Selected third parties in connection with any sale, transfer or disposal of our business.

·         Our insurers.

·         The police, HMRC and other crime prevention and detection agencies. Third parties and self-employed contractors who we have entered into contractual arrangements with to provide services we need to carry out our everyday business activities such as business administration, partner support specialists who assist us with day to day business operations, document management providers, back office system providers, secure login and email providers, storage warehouses, IT suppliers, actuaries, auditors, lawyers, outsourced business process management providers, our subcontractors and tax adviser

1Other business partners ►
2

If you are a business partner such as a products provider, portfolio or fund manager or contractor who carries out business functions on our behalf, this section will be relevant to you and sets out our uses of your personal information.

What personal information may we collect?

3

·         General information such as your name, address, business phone numbers and email addresses.

·         Employment information such as job title, business cards and professional accreditations.

·         Information about your clients, your employees and the services and products you offer.

·         Your bank details and information obtained from checking sanction lists and credit checks.

·         Information which we have gathered from publically available sources such as internet search engines and generally obtained as part of the due diligence process conducted by St. James’s Place group companies.

2How will we collect your information? ►
3

·         Directly from you

·         St. James’s Place group companies.

·         Publically available sources such as internet search engines.

·         From service providers who carry out sanctions checks.

2

What will we use your personal information for? ►

 

There are a number of reasons we use your personal information and for each use we need to have a “lawful basis” to do so.

We will rely on the following “Lawful Basis” when we process your “personal information”:

·         We need to use your personal information to enter into or perform the contract that we hold with you.

·         We have a legal or regulatory obligation to use such personal information. For example, we may be required to carry out certain background checks.

·         We have a valid business reason to use your personal information which is necessary for our everyday business operations and activities, for example to keep records of investments and the reasoning behind such investments, to maintain business records, to carry out due diligence, to review our business models and undertake strategic and operational business analysis including reviewing the performance of our business partners.

In each case we assess our need to use this personal information for these purposes against your rights to privacy to ensure we are protecting your rights.

 

3Purpose for processing ►Lawful Basis for using your personal information ►Lawful Basis for using your  special categories of personal information
To carry out fraud, credit and anti-money laundering checks on you

·         It is necessary to enter into a contract with you.

·         We have a valid business reason (to assess your suitability as a business partner).

·         We need to use your information in order to comply with our legal obligations.

Not applicable
To carry out due diligence on you.·         We have a valid business reason (to ensure that you can provide guarantees in terms of confidentiality and security measures you implement to protect the information we are sharing with you about our clients).Not applicable
To comply with our legal or regulatory obligations.·         We need to use your information in order to comply with our legal obligations, for example to pay your invoices for the services you have provided.Not applicable
For business purposes and activities including maintaining business records, file keeping and strategic business planning.·         We have a valid business reason (to run our business efficiently and effectively)Not applicable
 For compliance and monitoring purposes.

·         It is necessary to enter into a contract with you.

·         We have a valid business reason (to ensure we are compliant and carrying out appropriate monitoring activities).

Not applicable

  

2

Who will we share your personal information with? ►

 

3

We will not sell or transfer your personal information to anyone unless we have a valid reason as set out above and we will only disclose it to the following parties:

·         St. James’s Place group companies, who will process your personal data in accordance with their Privacy Policy which can be found https://www.sjp.co.uk/site-services/privacy.

·         Your agents or employees as appropriate.

·         Third parties who provide sanctions checking services including Experian.

·         Our regulators including the Financial Conduct Authority and the Financial Ombudsman Service.

·         Selected third parties in connection with any sale, transfer or disposal of our business.

·         Our insurers.

·         Third parties including self-employed contractors who we have entered into contractual arrangements with to provide services we need to carry out our everyday business activities such as document management providers, back office system providers, storage warehouses, IT suppliers, actuaries, auditors, lawyers, outsourced business process management providers, our subcontractors and tax advisers.

1Users of our website ►
2

If you use our website, this section will be relevant to you and sets out our uses of your personal information.

What personal information may we collect?

3

·         General information submitted via the website, for example where you provide your details in the contact section such as your name, contact details and company name.

·         Information such as IP address and browsing history obtained through our use of cookies. You can find more information about this in our cookies policy in section 7 below.

2How will we collect your personal information? ►
3We will collect your information directly from our website.
2

What will we use your personal information for? ►

There are a number of reasons we use your personal information and for each use we need to have a “lawful basis” to do so.

We will rely on the following “lawful basis” when we process your “personal information”:

·         We have a valid business reason to use your personal information, necessary for our everyday business operations and activities, for example to maintain business records and to monitor usage of the website.

In each case we assess our need to use this personal information for these purposes against your rights to privacy to ensure we are protecting your rights.

3Purpose for processing ►Lawful Basis for using your personal information►Lawful Basis for using your  special categories of personal information ►
To respond to any enquiries you have submitted.·         We have a business reason (to respond to your enquiries).Not applicable
2

Who will we share your personal information with? ►

 

3

We will not sell or transfer your personal information to anyone unless we have a valid purpose as set out above and we will only disclose it to:

·         St. James’s Place group companies, who will process your personal data in accordance with their Privacy Policy which can be found www.sjp.co.uk/site-services/privacy

·         Third parties who we have entered into contractual arrangements with to provide services we need to carry out our everyday business activities such as IT suppliers and website providers.

 

  1. What marketing activities do we carry out? ►
1

We carry out the following marketing activities depending on the relationship that we have with you:

1.     Where you are a prospective client

Where we have obtained your personal information from LinkedIn searches, we will connect with you as per the terms and conditions of the LinkedIn social network. Approaching you through LinkedIn, we will provide information about our wealth management services that we offer which you might be interested in.

We may inform you that we wish to contact you via telephone to discuss our service offerings further, at which point you will be able to notify us that you do not wish to receive such a call.

Where we have obtained your personal information from a marketing list from a third party, we will have undertaken rigorous checks to verify that those third parties have obtained appropriate consent for us to market to you.

We will use also your personal information to provide you with information about our wealth management services and any newsletters and event invites where you have provided your consent for us to do so. We will also provide you with information of St. James’s Place wealth management products and other third party products which we think may interest you where you have indicated that you would like to receive this.

2.     Where you are an existing client

We will use your personal information to provide you with information about our wealth management services and any newsletters and event invites where it is part of the ongoing wealth management services we offer or where you have provided your consent for us to do so.

We will also provide you with information of St. James’s Place wealth management products and other third party products which we think may interest you where you have consented to receive this.

General marketing practices

If you wish to opt out of marketing, you may do so by clicking on any “unsubscribe” link or responding to any marketing email communication confirming you would like to opt out or telling us when we call you. Otherwise you can always contact us using the details set out in section 12 to update your contact preferences.

Please note that, even if you opt out of receiving marketing messages, we may still send you communications in connection with the services we offer you.

 

  1. How long do we keep personal information for? ►
1

We will only keep your personal information for as long as reasonably necessary to fulfil the purposes set out in section 3 above, to comply with our legal and regulatory obligations or for as long as necessary to respond to concerns you raise with the advice you received. As a financial service firm, we are regulated by the Financial Conduct Authority (the FCA) who imposes certain record-keeping rules which we must adhere to.

 

If you would like further information regarding the periods for which your personal information will be stored, please contact us using the details set out in section 11.

 

  1. What is our approach to sending your personal information overseas ►
1

There are a small number of instances where your personal information is transferred to countries outside of the European Economic Area (“EEA“) such as when we transfer information to our other companies in the SJP group or to third party suppliers who are based outside the EEA or when third parties who act on our behalf transfer your personal information to countries outside the EEA. Where such a transfer takes place, we will take the appropriate safeguarding measures to ensure that your personal information is adequately protected. We will do so in a number of ways including:

·         entering into data transfer contracts and using specific contractual provisions that have been approved by European data protection authorities otherwise known as the “standard contractual clauses”. You can find out more about standard contractual clauses at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en;

·         we will only transfer personal information to companies in non-EEA countries who have been deemed by European data protection authorities to have adequate levels of data protection for the protection of personal information. You can find out more about this https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en

We are also entitled under European data protection laws to transfer your personal information to countries outside the EEA where it is necessary for the performance of the contract we have with you.

Depending on our relationship and your particular circumstances, we might transfer personal information anywhere in the world. An example of our regular data transfers outside the EEA is set out below:

Country of transferReason for the transferMethod we use to protect your information
Hong Kong, Singapore, ShanghaiProvision of data to international offices to support clients living overseas.We have standard contractual clauses in place

 

If you would like further information regarding our data transfers and the steps we take to safeguard your personal information, please contact us using the details set out in section 12.

 

  1. How do we protect your information?
1

At St. James’s Place, we take our responsibility to look after your personal information and privacy seriously. In today’s world, we have all seen a growing trend in cybercrime and security breaches. We have a number of security measures in place to help prevent fraud and cybercrime.

If we become aware that a personal data breach has occurred and is likely to result in a high risk to the rights and freedoms of our clients, Partners or employees, we will inform them without undue delay.

We have a dedicated group, the ‘Information Security Oversight Committee’, that provides oversight and guidance to our information security and privacy programme.

The executive body responsible for privacy and data security is the Information Security Oversight Committee (ISOC) – chaired by the Data Protection Officer. ISOC has a reporting line that enables effective escalation of issues up to the Board where appropriate.

We educate and train our employees, Partners and contractors on their information security, fraud prevention and privacy obligations annually.

Our employees, Partners and contractors take part in an annual Information Security training and awareness program and must agree to adhere to the Data Protection Act and our own Information Security Policy that are designed to keep your information safe. These are refreshed each year to reflect the current trends that are being observed across the information security landscape. Information Security awareness also forms part of our new employee induction program.

We also educate our employees in identifying potential financial crime and internal fraud; any suspicious activity is reported to our Financial Crime Prevention team.

When you login, or send us information on the internet we protect the security of this information while it is being transmitted by encrypting it using Secure Sockets Layer (SSL).

When you use your web browser to login, view or share information with us, all electronic information exchanged is encrypted using 2048bit SSL (Secure Sockets Layer) certificate. You can identify this by looking for the HTTPS:// and the padlock in the address bar at the top of your browser:

We will always interact with you in a safe, secure and consistent manner

To keep your information secure and to protect our clients from fraud, St. James’s Place will only interact with you in the following ways. If in doubt, call your St. James’s Place Partner directly or alternatively email the St. James’s Place Data Protection Office at [email protected].

When interacting with you, we will:

·         Only send funds that you have requested to be withdrawn to a verified bank account in your name.

·         Verify who you are when speaking to you on the phone, by asking you security questions.

We will not:

·         Ask you for your password over the phone.

·         Send you an unsolicited email with a link to our login page asking you to enter your Online Wealth Account credentials.

·         Ask you for payment or credit card details by email or telephone.

·         Call you to notify you of a problem, and then request you call us back immediately to discuss the problem further.

We continually review our physical and logical security controls in place across the business.

Physical controls – As well as protecting your digital information, St. James’s Place also protects their premises and physical locations where personal data may be used and stored. These measures include security guards, security entrances, secure disposal of confidential waste and hardware, CCTV, personal card access and locks on doors and file storage cabinets, with a ‘clear desk’ policy to ensure all information is locked away and protected.

Logical controls – St. James’s Place uses technical security measures to make sure our systems where we store and use personal information are protected from unauthorised access. Tools such as authentication controls, antivirus, firewalls, malware detection and back-up procedures are used across the business.

All employee emails and devices are encrypted to enable secure transfer and storage of personal information.

We conduct security testing of our applications and services in a controlled testing environment before they are made available for our clients to use on an ongoing basis.

We perform security risk assessments for each of our sites to identify and control risks.

External technical assessments are conducted by an independent external 3rd party.

Security audits and vendor due diligence are conducted on a continual basis.

We have a business resiliency plan with disaster recovery and business continuity testing.

The purpose of Business Continuity Management and the St. James’s Place Business Continuity Plan, is to provide an effective, predefined and documented framework to respond to an incident affecting the Group’s activities. The key drivers in developing the business recovery plans are;

·         To mitigate the risks that could lead to the significant disruption of our products and services to our clients.

·         To provide a recovery plan that supports a timely and full restoration of our products and services for our clients.

However, whilst we take appropriate technical and organisational measures to safeguard your Personal Information, please note that we cannot guarantee the security of any data that you transfer over the internet to us.

 

  1. Cookies
1

The St. James’s Place website uses cookies – small text files that are stored on your computer or in your browser – to help us to monitor how visitors use our site and allow us to maintain the optimum experience for website users. The website does not store or capture personal information about you when you visit it, it merely records traffic information. This means information about all of our visitors collectively, for example the number of visits the website receives. In order to respect our visitors’ rights of privacy, this information is anonymous and no individual visitor can be identified from it.

You can disable and delete cookies by changing the appropriate setting within your browser’s ‘Help’, ‘Tools’ or ‘Settings’ menu. Please note that by disabling cookies you may not benefit from some of the features of our site. You can find out more about deleting or controlling cookies by visiting About Cookies.

Facebook advertising

 

We use the “Custom Audience pixel” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our website. This allows us to track what users do after they see or click on our Facebook advertisements. This enables us to monitor the effectiveness of Facebook ads for purposes of statistics and market research. Data collected in this way is anonymous to us, which means we cannot see the personal data of individual users. However, this data is saved and processed by Facebook. Facebook can connect this data with your Facebook account and use it for its own advertising purposes, in accordance with Facebook’s Data Policy which can be found here https://www.facebook.com/about/privacy/. We also utilise Facebook Custom Audiences. Facebook Custom Audience is a remarketing and behavioural targeting service provided by Facebook, Inc. that connects the activity of this Website with the Facebook advertising network. You can allow Facebook and its partners to place ads on and outside of Facebook. A cookie can also be saved on your device for these purposes.

Please click here if you would like to withdraw your consent https://www.facebook.com/settings/?tab=ads#_=_

Facebook adhere to the Self-Regulatory Principles for Online Behavioural Advertising and participate in the opt-out programmes established by the Digital Advertising Alliance, the Digital Advertising Alliance of Canada and the European Interactive Digital Advertising Alliance. You can opt out of all participating companies through these sites.

Google Ads

We use the Google Ads remarketing service to advertise on third party websites (including Google) to previous visitors to our site. It could mean that we advertise to previous visitors who haven’t completed a task on our site, for example using the contact form to make an enquiry. This could be in the form of an advertisement on the Google search results page, or a site in the Google Display Network. Third-party vendors, including Google, use cookies to serve ads based on someone’s past visits to the sjp.co.uk website. Of course, any data collected will be used in accordance with our own privacy policy and Google’s privacy policy. To opt out of Google’s use of cookies or device identifiers visit Google’s Ads Settings. To opt out of third-party vendor’s use of cookies visit the Network Advertising Initiative opt-out page or control the use of device identifiers by using your device’s settings.

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices (in particular device’s IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link.

You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.

Please view our full Cookie policy here.

   

  1. Google Analytics
1

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies (text files placed on your computer) to help the website operators analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.

In addition, we use Google’s remarketing technology to advertise online. In doing so, Google will place or read a unique ad-serving cookie on your computer and will use non-personal information about your browser and your activity on our sites to serve ads on their content network. Please click here for more information about remarketing or to opt-out of the Google remarketing cookie.

We will only collect personal information about you if you send us an e-mail enquiry via the ‘contact us’ facility or you register to receive your Unit Trust Manager’s Reports by email. In order for this to happen, you will need to fill out the online ‘contact us’ form or complete the registration details. The type of information being collected for an enquiry will be apparent from the layout of the ‘contact us’ form, which also tells you how this information will be used. The type of information collected to register to receive the Unit Trust Manager’s Reports by email will be apparent from the details requested when you register. The information collected when you register will only be used to email your Unit Trust Manager’s Reports and for no other reason.

We take all reasonable precautions to protect our visitors’ information, both on and off line. If your personal information changes, please let us know and we will correct, update or remove any information that we hold about you on our active databases. We may however need to retain archive copies of that personal information for legal or audit purposes. If you have any queries regarding the way in which St. James’s Place handles data collected from you on this website, please visit the contact us page.

 

By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out in the above four paragraphs.

 

  1. Monitoring
1Please note that if you communicate with us electronically, including by e-mail, telephone or fax, this communication may be randomly monitored and/or recorded to protect the interests of our business and our customers. This includes for the purposes of maintaining customer/service quality standards, detection of and/or prevention of crime and to ensure that St. James’s Place employees comply with legal obligations and St. James’s Place policies and procedures (including our customer relations practices).

 

  1. Hyperlinks
1We may provide hyperlinks from this web site (‘the Site’) to web sites of other organisations including websites of associated companies. Please note that this Privacy Policy applies only to this Site and that St. James’s Place will not liable for the contents of linked web sites or any transactions carried out with organisations operating those web sites.

 

  1. Your rights ►
1

You have several rights which you can exercise at any time relating to the personal information that we hold about you and use in the ways set out in this notice. Please contact us at any time using the details set out in section 12 if you wish to exercise these rights; we will not usually charge you.

We respect your rights and will always consider and assess them but please be aware that there may be some instances where we cannot comply with a request that you make as the consequence might be that:

·         in doing so we could not comply with our own legal or regulatory requirements for example we are under obligations to hold records of our dealings with you for certain periods of time; or

·         in doing so we could not provide services to you and would have to cancel your client agreement, for example we could not enter into investments on your behalf if we had deleted your personal information.

We will of course inform you if any of the above situations arise and if we are unable to comply with your request.

1·         The right to access your personal information
2

You are entitled to a copy of the personal information we hold about you and certain details of how we use it.

We are happy to provide you with such details but in the interests of confidentiality, we follow strict disclosure procedures which may mean that we will require proof of identify from you prior to disclosing such information.

We will usually provide your personal information to you in writing unless you request otherwise. Where your request has been made electronically (e.g. by email), a copy of your personal information will be provided to you by electronic means where possible.

It would be helpful if could please complete the Data Subject Request Form to request a copy of the information we hold so that we can ensure we have all the relevant information
we need to appropriately respond to your request.

1·         The right to rectification
2Please help us to keep your personal information accurate and up to date so if you believe that there are any inaccuracies, discrepancies or gaps in the information we hold about you, please contact us and ask us to update or amend it
2·         The right to restriction of processing
1In certain circumstances, you have the right to ask us to stop using your personal information, for example where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to use your personal information.
2·         The right to withdraw your consent
1Where we rely on your consent to process your personal information, you have the right to withdraw such consent to further use of your personal information.
1·         The right to erasure
2You are entitled to request your personal information to be deleted in certain circumstances such as where we no longer need your personal information for the purpose we originally collected it. When you exercise this right, we need to consider other factors such as our own regulatory obligation, to assess whether we can comply with your request.
1·         The right to object to direct marketing
2

You have a choice about whether or not you wish to receive marketing information from us and you have the right to request that we stop sending you marketing messages at any time. You can do this either by clicking on the “unsubscribe” button in any email that we send to you or by contacting us using the details set out in section 8.

Please note that, even if you opt out of receiving marketing messages, we may still send you communications which are relevant to the nature of services we offer you.

1·         The right to object to processing
2In certain circumstances, where we only process your personal data because we have a legitimate business need to do so, you have the right to object to our processing of your personal data.
1·         The right to data portability
2

In certain circumstances, you can request that we transfer personal information that you have provided to us to a third party.

When you exercise this right, we need to consider other factors such as our own regulatory obligations, to assess whether we can comply with your request

1·         Rights relating to automated decision-making
2We do not carry out any automated decision making to provide products and services to you.
1·         The right to make a complaint with the ICO ►
2

If you believe that we have breached data protection laws when using your personal information, you have a right to complain to the Information Commissioner’s Office (ICO).

You can visit the ICO’s website at https://ico.org.uk/ for more information.  Please note that lodging a complaint will not affect any other legal rights or remedies that you have.

  1. Contacting us ►
1

If you would like any further information about any of the matters in this notice or if you have any other questions about how we collect, store or use your personal information, you may contact our St. James’s Place Data Protection Officer at St. James’s Place plc, St. James’s Place House, 1 Tetbury Road, Cirencester, Gloucestershire, GL7 1FP, United Kingdom, [email protected] and 01285718453.

 

 

  1. Updates to this notice ►
1

If you would like any further information about any of the matters in this notice or if you have any other questions about how we collect, store or use your personal information, you may contact our St. James’s Place Data Protection Officer at St. James’s Place plc, St. James’s Place House, 1 Tetbury Road, Cirencester, Gloucestershire, GL7 1FP, United Kingdom, [email protected] and 01285718453

This notice was last updated on (13/02/23)