PRIVACY POLICY - PROTECTING YOUR DATA

1. Who are Throgmorton UK Limited?
Throgmorton UK Limited (“Throgmorton”) is part of Apex Group (“Apex”) please refer to the “Legal and Regulatory Status” page on the Apex website https://theapexgroup.com/regulatory-status/  for more details on the trading companies in Apex division.  All of the companies are wholly owned subsidiaries of Apex Group Limited (“Apex”). For more information on Apex Group, please visit https://theapexgroup.com. For more information on Throgmorton please visit www.throgmorton.co.uk.

2. What is this Privacy Policy?
At Throgmorton we collect personal information about you and are committed to protecting this information and your privacy. Set out below is an explanation of how we use, collect and safeguard your personal information. This Privacy Notice applies where Throgmorton receives personal data through its website, or in connection with any services that we are engaged to provide to you (“Services”).
 
3. What personal information do we collect?
The principles of data protection are that only sufficient personal data should be collected and processed as is necessary for the purpose.  Throgmorton will collect and use only as much personal data from you as is necessary to be able to provide you with the products and services you have requested from us.

You may provide us with your personal information where you enter your personal information via our website, engage with us in respect of our Services, or correspond with us by phone, email or otherwise. It is provided entirely voluntarily.

Depending on the Services or information you request from us, we may ask you to provide the following personal information:
• name, date of birth, address, email address, telephone number and other contact details;
• bank account details or other payment or financial information;
• information about your personal circumstances including employment, business interests, property or other assets, or other information about you which we require to provide you with particular aspects of our Services.

We may keep a record of any correspondence you have with us, including certain telephone calls which we may be legally required to record (but we will inform you at the beginning of the telephone conversation if recording will be necessary).

With regard to each of your visits to our website we may automatically collect technical information, including anonymous data collected by the hosting server for statistical purposes, the Internet protocol (IP) address used to connect your computer or device to the internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.

We may receive information about you from a third party source in connection with our Services. For example, we may receive information about you from your employer or company in order to provide you with personal tax advice or provide you directly with any other aspects of our Services. We might also collect information about you from other people and organisations, such as the Financial Conduct Authority or by checking databases like the electoral register. Please see below for a list of some of the ways we collect your personal information.

We may, from time to time, receive information about you from other companies in the Apex Group or our network, or from publicly available sources. We may use this information in connection with our marketing activities (subject to section 11 below).

If you are interested in attending our events, we may collect personal information such as your name, contact details and any dietary preferences as well as your consent to send you information about our products and services.

Depending on our relationship with you, in certain limited circumstances we may request or receive sensitive personal information about you, such as details about your health if for example you require correspondence in braille, or your health or religion if you attend our events and have certain dietary preferences.

Where Throgmorton is the data controller of your personal information we may collect the following personal information about you:
• Contact details such as name, email address, postal address and telephone number;
• Details of any other persons included in the investment;
• Identification information such as your date of birth, national insurance number, passport, tax identification number and driving license or other personal identifiers recognised in the country where you reside;
• Financial information such as bank details;
• Information relevant to your investment;
• Information obtained through our use of cookies. You can find out more about this in our cookies notice below; and
• Your marketing preferences

4. Why do we collect your information?
This is dependent upon the nature of the relationship we have with you:

• If you are a client, we use your personal information to administer your investment product or provide a service to you in our capacity as a data controller.;
• If you are a financial advisor or an employee of a financial advisory firm, we use your personal information to provide you with information about our products, services and events;
• If you are an employee of a firm that we have a business relationship with, we use your personal information as part of our normal course of business in our capacity as a data processor acting under contract to the firm that employs you;
• If you are a candidate for a job, we use your personal information as part of our recruitment process in our capacity as a data controller, more information is provided on our recruitment site;
• If you are viewing our website, we use your personal information contained in cookies.

We collect this information in order for you to use our website and to provide any services to you. Our use of your information is based on a legitimate business interest we have in being able to provide the services (Subject to section 11 below).

In addition, we are required by law to obtain “know your client” information as detailed in our terms of engagement for our Services, and this includes certain personal information including information contained in a formal identification document or social security or other unique reference relating to you.

5. What is the legal basis with the main purpose?
We may process your personal information for a number of different purposes. We also need a lawful reason to use and process your personal information which is called ‘lawfulness of processing’.

• Where we are onboarding you as a new client setting you up as a new client, administering and managing the specific services as agreed and set out in the terms of engagement, providing all related services, handling any changes to your data, making payments to you and communicating with you, then the processing is necessary for the performance of a contract to which you are party,.
• Where we are providing you with information about our products or events that we hold, the processing is necessary for our legitimate interest.
• Where we maintain a business relationship with you or your firm, the processing is necessary for our legitimate interest.

If you do not provide information, in the circumstances detailed above, we will be unable to offer you any of our services, process your payment requests or interact with you for normal business purposes.

• Where a regulator such as the Financial Conduct Authority requires us to maintain certain records of any dealings with you, the processing is necessary for us to meet our legal and regulatory obligations.
• Where we need to use your personal information to establish, exercise or defend our legal rights. For example, when we need to consult a solicitor or manage any legal claims, or where we want to pursue any legal claims ourselves, the processing is necessary for us to meet our legal obligations.
• Where we need to use your personal information to carry out anti-money laundering checks, the processing is necessary for us to meet our legal obligations, and
• investigate fraud, the processing is necessary for reasons of public interest.

We will usually only ask for your consent in relation to processing your Special Category information (such as health data), or when providing marketing information to you (including information about other products and services) where we do not yet have a relationship with you. This will be made clear when you provide your personal information. If we ask for your consent we will explain why it is necessary.

In addition, we are required by law to obtain “know your client” information as detailed in our service contract, or other relevant information sources and this includes certain personal information.

6. How we use your personal information?

i. Why we need your personal information:
To administer, and provide services to you, dependant on your service provision.

Personal information we may process shall include, but shall not be limited, to the types of information set out below:
Your name, contact details, date of birth, NI number, address, contact details.

Similar information for other individual employees included as part of the service provision. For payroll services and HR your bank account details.

Lawful processing condition –to:
• provide you and with your contracted services.
• meet obligations imposed on us by tax authorities and regulator (legal obligation)
• to receive payments from you and to make payments to you or your employees (our legitimate interest)

ii. Why we need your personal information:
To regularly communicate with you.

Personal information we may process shall include, but shall not be limited, to the types of information set out below:
Your name, contact details and any information relevant to the services we provide to you.

Similar information for other individuals included in your business who will liaise with us from time to time in relation to our service provision.

Health information if you request communications in Braille or other easier to read formats.

Lawful processing condition –to:
• provide you with your contracted services.
• meet obligations imposed on us by tax authorities and regulator (legal obligation)
• receive payments from you and to make payments to you (our legitimate interest)
• any Special Category data relating to health will only be processed to provide you with relevant material (your consent)

iii. Why we need your personal information:
To resolve any complaints you may have.

Personal information we may process shall include, but shall not be limited, to the types of information set out below:

Your name, contact details and any information relevant to your complaint.
Similar information for other individuals included in the investment, such as beneficiaries.

Lawful processing condition –to:
• resolve any complaints (legal obligation and our legitimate interest)

iv. Why we need your personal information:
To prevent financial crime such as money laundering, sanctions breaches, tax evasion and fraud.

Personal information we may process shall include, but shall not be limited, to the types of information set out below:
Your name, contact details, date of birth, NI number, or other official personal identifiers and address for tax purposes.

Similar information for other individuals included in the business, such as beneficiaries.
Your bank account details.

Lawful processing condition –to:
• provide you with your services (contract)
• meet obligations imposed on us by tax authorities and regulator (legal obligation)
• any special category data or data relating to criminal convictions will only be processed to prevent financial crime (substantial public interest)

v. Why we need your personal information:
For our own internal and external management information purposes, maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice.

Personal information we may process shall include, but shall not be limited, to the types of information set out below:
Your name, contact details, date of birth, NI number, address for tax purposes.
Similar information for other individuals included in the business, such as beneficiaries.
 
Lawful processing condition –to:
• maintain appropriate records to monitor performance and evaluate business performance (our legitimate interest)
• meet obligations imposed on us by tax authorities and regulator (legal obligation)

vi. Why we need your personal information:
For analytical purposes and to improve our products and services.

Personal information we may process shall include, but shall not be limited, to the types of information set out below:
Your name, contact details, date of birth, or other official personal identifiers, address for tax purposes.
Similar information for other individuals included in the business, such as beneficiaries.
Investment performance information.
 
Lawful processing condition –to:
• internal analysis and service improvement (our legitimate interest)

vii. Why we need your personal information:
To comply with our legal or regulatory obligations.

Personal information we may process shall include, but shall not be limited, to the types of information set out below:
Your name, contact details and any information relevant to the services we provide.

Similar information for other individuals included in the business, such as beneficiaries may be shared where there is a legal or regulatory imperative.
 
Lawful processing condition –to:
• meet obligations imposed on us by tax authorities and regulator (legal obligation)

7. Who we share personal information with?
We will only disclose your personal information in accordance with applicable laws and regulations applicable to the countries in which our businesses operate. We will disclose your information to the following third parties:
• any person with legal or regulatory power over us (such as the Financial Conduct Authority, the police or the Serious Fraud Office that may require disclosure on legal grounds, or other relevant Government departments where reasonably necessary for financial crime and sanction prevention purposes);
• your employer (to the extent your employer is engaged by us as a Client for our services);
• service providers engaged by us to help us run our business and perform the Services/our contract with you. Such service providers will include, for example, cloud storage providers (engaged by us to provide electronic storage facilities for our business data and your information). Other services providers such as IT system suppliers, auditors, lawyers, marketing agencies, document management providers and tax advisers;
• your relatives, powers of attorney, guardians acting on your behalf or other people or organisations associated with you such as your financial advisor or your lawyer whenever you have given us permission to share your personal information with them;
• our third party service administrators;
• Identity and Verification agencies;
• other parties in commercial relationships with Apex, including financial organisations and advisors where necessary to enable us to fulfil our service to you, and
• any member of the Apex which means; our subsidiaries, our ultimate holding company and its subsidiaries (from time to time) as necessary to perform our Services.

Some of these third parties (including certain Apex Group subsidiaries and service providers) may be outside of the European Economic Area (EEA), the Channel Islands or other territories determined by the EU to have adequate protection for the protection of personal data. If we transfer your information in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Privacy Statement. Such steps include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Transfers within the Apex Group will be covered by an agreement entered into by members of the Apex Group (an intra-group agreement) which contractually obliges each member to ensure that your Personal Data receives an adequate and consistent level of protection wherever it is transferred within the Group.

8. How long will we store your information for?
We store the information you provide about yourself in a secure database and take appropriate security measures to protect such information from unauthorised access.  For example, we have adopted internal data protection procedures and trained our staff on them with a view to preventing breaches of security.  Where we make available to you any online portal or web-hosted platform to provide any Services to you, all exchanges of information between you and any such portal or platform go through encrypted channels in order to prevent interception of your information. Public access to your information via and any portal or platform is protected by a login using your user ID and password. You should ensure that these are kept secret and not divulged to other people.

We implement Internal and external audits and regular, independent assurance exercises across our business to ascertain the effectiveness of our security control environment and our security strategy.
Your information is protected by controls designed to minimise loss or damage through accident, negligence or deliberate actions. Our employees also protect your personal and confidential information whenever they are processing it and must undertake annual training on this.

Our security controls are aligned to industry standards and good practice; providing a control environment that effectively manages risks to the confidentiality, integrity and availability of your information.
You recognise that that your use of our website is entirely at your own risk. As the Throgmorton website is grouped to the internet, which is inherently insecure, Throgmorton cannot guarantee the information you supply will not be intercepted while being transmitted over the internet.  Accordingly, Throgmorton has no responsibility or liability for the security of personal information transmitted via our website. 

9. How long will we store your information for?
We generally hold your personal data on our systems for as long is necessary to provide the Services. Service-specific privacy notices are available on the right of this notice. Our website uses Google Analytics where a record of some of your personal data (e.g. IP address) will be retained for 38 months.

This is ordinarily 7 years from the date you cease to use the Services or the termination of our Agreement in order to allow us to refer to your information in correspondence with you, or in connection with legal or regulatory proceedings.

The time period we retain your personal information for will differ depending on the nature of the personal information and what we do with it. How long we keep personal information is primarily determined by our regulatory obligations.

We typically keep personal data used for providing services to you product for 7 years from the end of our relationship with you. In some cases where there may be a dispute or a legal action we may be required to keep personal information for longer.

If we anonymise your personal information so that it can no longer be associated with you, it will no longer be considered personal information, and we can use it without further notice to you.
10.  Your rights
You have the following rights in relation to how we use your information. If you’d like to exercise these rights please contact us using the contact details listed at section 16 “Who can you speak to at Throgmorton about this Privacy Notice?”

Right to lodge a complaint
 – You have a right to complain to the ICO at any time if you object to the way in which we use your personal information. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/

Right of access – you have the right to know if we are using your information and, if so, the right to access it and information about how we are using it. There will not usually be a charge for dealing with these requests. Your personal information will usually be provided to you in writing, unless otherwise requested. Where you have made the request by electronic means the information will be provided to you by electronic means where possible.

Right of rectification – We take reasonable steps to ensure that the personal information we hold about you is accurate and complete. However, if you do not believe this is the case you have the right to require us to rectify any errors in the information we hold about you.

Right to erasure – you have the right to require us to delete your information if our continued use is not justified. However, this will need to be balanced against other factors, depending upon the type of personal information we hold about you and why we have collected it, there may be some legal and regulatory obligations which mean we cannot comply with your request.

Right to restrict processing – in some circumstances, although you may not be entitled to require us to erase your information but may be entitled to limit the purposes for which we can use your information.

Right of data portability – you have the right to require us to provide you with a copy of your information in a commonly used machine-readable format or to transfer your information directly to another controller (e.g. a third party offering services competing with ours). Once transferred, the other party will be responsible for looking after your personal information.

Right not to be subject to automated-decision making – Apex do not make decisions about you using automated decision making or profiling of your personal data.

Right to withdraw consent – For certain limited uses of your personal information, we may ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information.  If you withdraw your consent, we may not be able to provide certain products and services to you. If this is the case, we’ll tell you at the time you ask to withdraw your consent.

Where we rely on your consent as the legal basis for processing your personal information, as set out under section 5, you may withdraw your consent at any time.  If you withdraw your consent, our use of your personal information before you withdraw is still lawful.

Right to object to direct marketing – You can ask us to stop sending you marketing messages at any time. You are in control of how we use your information for marketing and we will only contact you if you have purchased one of our products or expressed an interest in attending one of our events. In these circumstances, we may share information within the Apex group to inform you of other similar products and services that may be of interest to you, unless you tell us that you do not wish to receive this information.

If you wish to unsubscribe from any emails sent by us, you may do so at any time by following the unsubscribe instructions that appear in the email. Otherwise you can always contact us using the details set out in this Privacy Notice to update your contact preferences. In such circumstances, we will continue to send you service related (non-marketing) communications where necessary.

11. How does the Throgmorton website use my Internet Protocol (IP) address and collect cookies?
Like many other websites, we use Cookies to help us gather and store information about visitors to our website. Each time you use our websites, we will automatically collect certain technical information, including the type of browser you use, the Internet Protocol (IP) address used to connect your computer to the internet, and information about your visit, including the full Uniform Resource Locations (URL), clickstream to, through and from our sites, traffic data and other communication data, the resources that you access, and the information derived from the cookies we place on your mobile device and/or computer.

We may collect information about your computer, including your IP address, operating system and browser type, for system administration and our own internal purposes.  This is statistical data about our website users’ browsing actions and patterns, and does not identify you as an individual. 

A Cookie is a small text file that is downloaded on to your computer’s hard disk when you access certain websites. Cookies allow the website to recognise your computer. A Cookie can identify the pages that are being viewed and this can assist us to select the pages that the visitor sees. 

We comply with the EU cookie regulations as introduced in the UK on 25 May 2011 through the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011. There are two types of cookies that can be stored on your device:
• “Session” Cookies only exist whilst visitors are online on a particular occasion. These are temporary Cookies that aid your journey around the Site and remember the preferences you have selected during your session. 
• "Persistent" Cookies, which are not session-based, remain on a visitor’s computer, so that you can be recognised as a previous visitor when you next visit our Site. This allows us to collect information about your browsing habits whilst on our website, and this can be useful in assisting us to monitor and improve our services. 

We do not store sensitive information such as account numbers or passwords in persistent Cookies and Cookies in themselves do not contain enough information to identify you. You will only become personally identifiable in relation to your browsing habits after you have formally provided us with your personal data for the purposes outlined in section 3 “What personal information do we collect? above.

In addition to using Cookies, we might also use GIFs and other web tools, such as Google Analytics, to collect information about your browsing activities whilst on our website. In this respect the information that is provided is similar to the information supplied by Cookies, and we use it for the same purposes.

Any information that we acquire about you using Cookies, GIFs, or other web tools is subject to the same restrictions and conditions as any other information we collect about you, as outlined in this Notice.

The Cookies used on our Site
Cookies set by our Site:
• _e-privacy
This Cookie is set in order to work out whether you have seen and/ or clicked the “dismiss” button in the box that draws your attention to this Notice. This will appear the first time you enter our website. This Cookie is strictly necessary in order to enable you to provide your consent for us to set Cookies on your browser.

• _dm_lt_s_c
This is a functional session Cookie used to manage the pages and recognise visitors who return to the website.

Cookies set by Google:

• _utma, _utmb, _utmc, _utmz, or others within the range _utma to _utmz.
Google Analytics is a web analytics service provided by Google, Inc. By default, Google Analytics sets four performance Cookies in order to evaluate your use of the website, including number of visits, duration of browsing and referring sites, and compiles reports for us on activity on the website. All information these Cookies collect is aggregated and therefore anonymous.

• PREF, NID
Google Maps uses these Cookies in order to embed the Map in the Contact Us part of our Site. These Cookies help us manage the performance and design of the Site and provides the visitor with interactive maps within our Site.

Google stores the information collected by the Cookie on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google state that they will not associate your IP address with any other data held by Google.

For more information about the way in which Google Analytics uses these Cookies please visit the following Apex https://developers.google.com/analytics/resources/concepts/gaConceptsCookies

Cookies Set by Dotmailer:

Our website uses a functional session Cookie to provide us with data to track and identify visitors to our website from external sources. This measures our website performance in order to improve usability and user experience. This information is not shared with third parties.

By continuing to use this website, you are consenting to us placing session cookies on your device for the purposes detailed above.  Most users will be able to adjust their internet settings to accept all cookies, to notify them when a cookie is issued, or not to receive cookies at any time. The last of these, of course, means that certain personalised services cannot then be provided to that user. Please note that the websites to which this site may be linked may also make use of their own cookies. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

12. Marketing
We respect your privacy and ensure we carry out our direct marketing activities in accordance with applicable laws and guidance.

We may contact you with marketing information by post or by telephone or with targeted advertising delivered online through social media and platforms operated by other companies, unless and until you object.

If you are a corporate entity and have engaged us for Services, we may also contact you with marketing information by email or other electronic means unless and until you object. If you are an individual or a member of an unincorporated entity (and except where the following paragraph applies) we will only contact you by email or electronic means with marketing information where you have given us your consent.

Where we have obtained your email address in connection with our contract with you for any Services, or where you have made a positive enquiry about any of our services, we may also contact you with marketing information about similar services by email or other electronic means unless and until you object.

From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you consent to continue receiving marketing information from us.

You have the right to opt-out of our use of your personal information to provide marketing to you by informing us (if we call you by telephone), or by clicking the “unsubscribe link” on any marketing email that we send to you, or by contacting us as set out in section 14 below.

13. Following links from our websites
Our website may contain links to other sites. Such other sites may also make use of their own cookies and will have their own privacy policies. You should carefully review the privacy policies and practices of other sites, as we cannot control or be responsible for their privacy practices. We do not accept any liability for the privacy practices of such third party websites and your use of such websites is at your own risk.

14. Changes to this Privacy Notice
Please note that this notice will be reviewed and may be changed from time to time so please check the page on our website at www.throgmorton.co.uk occasionally to ensure that you’re happy with any changes. This notice was last updated on 10th April 2019.

15. Who can you speak to at Throgmorton about this Privacy Policy?
Questions, comments and the exercise of your rights regarding this Privacy Notice and your information are welcomed and should be addressed to the Data Privacy Manager by email at DPM@throgmorton.co.uk or by post at FAO Data Privacy Manager Throgmorton, 4th Floor, Reading Bridge House, George Street, Reading, RG1 8LS.

If you wish to make a complaint on how we have handled your personal information, you can contact our Data Protection Officer. If you are not satisfied with our response or believe we are processing your personal information not in accordance with the law you can complain to the supervisory authority in the UK responsible for the implementation and enforcement data protection law: the Information Commissioner’s Office (the “ICO”).  You have the right to complain to the ICO about our collection and use of your information.  You can contact the ICO via their website – https://ico.org.uk/concerns/ - or by calling their helpline – 0303 123 1113.