S&T Asset Management LLP is a ‘data controller’ and is registered with the Information Commissioner’s Office under reference Z2035631 (“we”, “our”, us”). This Privacy Notice is intended for our clients, whose personal data we process in the course of providing our services (“you”, “your”). We are required to inform all persons for whom we hold personal data of how we collect and use their personal data. We also need to provide you with other privacy information, including details of your rights under the EU General Data Protection Regulation (GDPR). This Privacy Notice will have effect from 25 May 2018 when the GDPR takes effect.
How we collect your personal data
We collect your personal data in various ways, principally from:
- You, when you:
- complete our client agreement (including the client agreement questionnaire)
- send us a letter or email
- speak to us over the telephone or by a face to face meeting. If we receive personal data from you verbally, we may make a written or electronic record of
- Third parties, where you have given signed written authority for them to provide personal data about you to us. An example of such a third party may be your IFA, your accountant, or a
- Other sources, such as from public records, for example where we verify your address or your connection with a corporate entity using postcode checker websites or the Companies House
The categories of personal data we collect
Most of the categories of personal data we collect about you are listed in our client agreement questionnaire, which we ask you to complete and return to us. These categories of data include:
- Biographical and contact information, such as your name, date of birth, address, email address and telephone number;
- Financial and wealth related information, such as your plans, financial objectives, your attitude to financial risk and your knowledge and experience in the investments we may recommend; and
- Health information, such as any major health concerns that may affect your financial
The legal grounds and purposes for processing your personal data
We may process your personal data because it is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract. In this respect, we may use your personal data:
- to interact with you before you become our client, for example when you express your interest in our services (for example, to send you marketing material or answer enquiries about our services);
- once you have engaged us and become our client, to understand your financial position and to provide you with the services as set out in our Terms of Business or any other contractual document;
- for the purposes of processing subscriptions, dividend payments, transfers and redemptions and distributing financial statements, notices and performance reports;
- corresponding and interacting with you (or others acting on your behalf) about your services and including to deal with any concerns or feedback you may have; and
- maintaining records of your
We may also process your personal data for our compliance with our legal obligations. In this respect, we may use your personal data:
- to confirm your identity and carry out due diligence checks, including to confirm your source of wealth for anti-money laundering and ‘know your client’ purposes;
- to fulfil our tax reporting obligations, principally to HM Revenue and Customs (HMRC) but including under any reporting agreement entered into with a tax authority or revenue service from time to time;
- to meet our other compliance and regulatory obligations, including in order to comply with any requirement of any applicable statute, regulation or regulatory rule (for example, Financial Conduct Authority (FCA) rules) to which we are subject.
We may also process your personal data because it is necessary for our or a third party’s legitimate interests. Our “legitimate interests” include our commercial interests in operating our business in a client focused manner, in accordance with all applicable legal and regulatory requirements. In this respect, we may use your personal data:
- outsourcing selected ‘back office’ functions to third parties (for example, Pershing Securities Limited (see below) and other suppliers of hosted software solutions or cloud storage providers) for the purposes of efficient, fast and secure access to data;
- to monitor and evaluate the performance and effectiveness of our services; and
- for our marketing purposes, including in order to keep you informed (typically by letter, telephone or email) of our services which may be of interest to you.
We may also process your personal data where:
- it is necessary for reasons of substantial public interest (for example, where the due diligence checks we carry out involve our processing data relating to criminal convictions and offences and we do not ask your consent because to do so might lead to a ‘tipping off’ offence under anti-money laundering legislation);
- it is necessary for the establishment, exercise or defence of legal claims (for example, to protect and defend our rights or property, and/or the rights or property of our clients, or of third parties); and
- we have your specific or, where necessary, explicit consent to do so (for example, where we process sensitive personal data concerning your health or medical conditions for the purpose of making adjustments when we meet with you or to provide you with a more responsive, tailored service).
The personal data we hold about you will be held by us for as long as you continue to use our investment management services. Should you cease to use our investment management services we will continue to hold your data for a period of not less than seven years. Under certain circumstances financial information is required to be held by financial institutions for longer than seven years. If that were to be the case, we would inform you of this at the relevant time, i.e. seven years from the date our client / firm relationship ended.
We will endeavour to ensure the personal data we hold about you is current and accurate by reviewing this data with you or a person you have designated to act on your behalf. This review will be carried out periodically and will be updated as you or your representative informs us of any changes. When we are informed that data we hold about you is inaccurate or has changed, we will make the changes to the data we hold about you and where required delete inaccurate data.
Data sharing with third parties
Some of the information we hold about you is shared with Pershing Securities Limited (PSL). They are required to know certain data about you to provide to us a back office clearing system and information portal. PSL is a data controller and is registered with the Information Commissioner Office under reference Z5888984. We will supply a copy of their privacy notice to you upon request.
Your personal data will never be passed to third parties without your consent, except where S&T use computer software or the services of third party IT support providers to manage client’s personal data (which is necessary for S&T’s legitimate interests, as described above).
The financial regulation authorities in the UK such as the Financial Conduct Authority (FCA) and HM Revenue and Customs (HMRC) require us to share with them certain information regarding financial transactions carried out in the UK. S&T must fully comply with these reporting requirements meaning certain personal data of our clients is shared securely with those regulatory authorities.
Where relevant for your services, your personal data may be transferred to and processed outside of the European Economic Area (“EEA“) in countries or territories that do not provide the same level of protection for personal data as the EEA does. Where this happens, we will put appropriate measures in place to ensure the adequate protection of your personal data when it is transferred outside of the EEA, as required by the GDPR.
In these circumstances, your personal data will only be transferred on one of the following grounds:
- the country or territory to which the transfer is made ensures an adequate level of protection for personal data;
- S&T and the recipient of the personal data outside the EEA have signed a form of model data protection clauses (standard contractual clauses) approved by the European Commission; or
- there exists another situation where the transfer is permitted under applicable law (for example, where we have your explicit consent to make the transfer).
You can obtain more details of the protection given to your personal data when it is transferred outside the EEA (including a copy of the standard contractual clauses which S&T has entered into with recipients of your personal data) by contacting us using the details set out below.
Your rights in relation to your personal data
The GDPR gives individuals the following rights in relation to personal data held about them. Please note that the below rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
- The right to rectification of incorrect or incomplete data
Having accurate information about you is required to enable us to provide suitable investment management services; we will correct, rectify and complete your personal data held with us immediately upon request.
- The right to require us to erase your personal data or to object to our data processing activities on grounds relating to your specific situation and to request that we restrict or cease processing your personal data in certain circumstances, for example, where that information is no longer needed
While we will endeavour to comply with all such requests, please note that we will be unable to continue to provide investment management services to you without holding certain of your personal data and without processing your personal data in certain ways. For example, we must retain certain financial records and personal data in order to comply with our legal and regulatory obligations, as described above.
- The right to data portability
Upon written request we will provide to you or to an organisation of your choice some or all the personal data you have provided to us, in a format which will allow another organisation to reuse your personal data.
- The right of access to, and copies of, the personal data we hold about you, by making a ‘data subject access request (DSAR)’
You have the right to submit to us a DSAR (in writing) regarding the personal data we hold about you. We will not charge you to make this information available to you and will provide it within one month of your request. You have the right to request this information from us in either hard copy or electronically. The information we will provide will comply fully with the requirements (and applying any exceptions and exclusions) as set out in Article 15 of the GDPR.
- Where our data processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its
If you are not satisfied with how we are processing your personal data, you can make a complaint to the Information Commissioner. You can find out more about your rights under the GDPR (and other data protection legislation) from the Information Commissioner’s Office website available at: www.ico.org.uk.
If you have any queries about this Privacy Notice or how we process your personal data, or if you wish to exercise any of your rights under GDPR, please contact us at either: