This policy sets out, amongst other things -
- how we collect, use or share any personal data about you;
- what personal data we may collect, use or share;
- why your personal data will be collected and used;
- how long it will be retained for; and
- your rights in relation to personal data.
All references to ‘personal data’ mean any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
Please read the following carefully to understand our practices regarding your personal data and how we will treat it. By continuing your interaction, via any of our websites, Sarasin Mobile app or through use of any of our servicesyou are acknowledging that you have been made aware of the practices described in this policy and our use of your personal data.
For the purpose of Data Protection Regulation (which includes UK Data Protection Act 2018, the UK General Data Protection Regulation and the General Data Protection Regulation (Regulation (EU) 2016/679) as amended from time to time), the Data Controller (as defined in the Data Protection Regulation) is Sarasin & Partners LLP (a company incorporated in England & Wales with company number OC329859) whose registered address is at Juxon House, 100 St. Paul’s Churchyard, London EC4M 8BU.
2. How do we collect your data?
We may collect personal data from you in a number of ways, including:
- you providing personal data to us by filling in our online forms, registering for an event or completing a survey;
- through our account opening process and any ongoing relationship with you where this may be provided by you face-to-face, by phone, video, email, direct messaging (including but not limited to the two-way communication function on our Portal) or otherwise;
- by recording telephone conversations between you and us;
- from third parties, such as credit reference agencies or your approved advisors, which we would receive during routine client on-boarding processes or when entering into or administering any agreement with us;
- by CCTV and building access records where you visit our offices; or
- from other members of our group or our other websites, for example we may collect data gathered on a group website to enable us to provide you with additional services you have requested. In such case we will have informed you when we collected that data that it may be shared internally and combined with data collected elsewhere.
3. Why do we collect this data?
We may collect the following types of personal data about you:
- your name, and contact information such as address, email address and telephone number,
- your date of birth, government identification numbers (e.g. national insurance, driving licence, passport) and due diligence information;
- financial information (including bank account details, payroll information, tax status information, salary and benefit information and records including pensions information), employment history, nationality and marital/civil partnership status and dependants;
- technical data including internet protocol (IP) address, your login data, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about any visit to our websites, including the full uniform resource locators (“URL”) clickstream to, through and from our site (including date and time); information you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information, and methods used to browse away from the page;
- physical interaction and image data including photographs, location data (through building entry/exit records), IT records (including information about your use of our information and communication systems), telephone records and CCTV footage;
- if disclosed, sensitive personal data including race or ethnic origin, health-related records and data, sexual orientation; and
- your marketing preferences
4. Why do we collect this data?
We collect and use your personal data for a variety of reasons to provide our services and to ensure we meet our regulatory requirements, which are listed below. If we wish to make any changes to these purposes, or if we wish to use your personal data for any purpose that is not listed in this section, we will notify you using the contact details we hold for you.
- We will use your data to communicate with you in relation to, or to facilitate the provision of, our services and to supply the services in accordance with our contract with you. Our legal basis for processing is our performance of our contract with you;
- To process certain identification details in order to confirm your identity as part of our legal obligations, including sending to industry standard third-party compliance services, in order to ensure that we comply with our anti-money laundering and terrorism obligations and to avoid fraud itself. Our legal basis for processing is to comply with our legal obligations and the law;
- To process and implement our contract with you and open your account and related trading arrangements. Our legal basis for processing is our performance of our contract with you;
- To undertake credit and reference checks and/or to recover a debt or for the purposes of legal proceedings. Our legal basis for processing is to comply with our legal obligations and the law;
- To meet our other legal, compliance and regulatory duties. Our legal basis for processing is to comply with our legal obligations and the law;
- To communicate with you to provide you with information about relevant products, services, events, promotions or other insights unless you have indicated to us that you do not wish to receive such information. Our legal basis for processing is legitimate interests;
- For client service, analysis and our own marketing and market research purposes (including but not limited to contacting you after you request information to see if we can provide further assistance and information about events, economic commentary and keep you informed of other services which might be of interest to you). Our legal basis for processing is legitimate interests; and/or
- For general account administration purposes. Our legal basis for processing is legitimate interests.
5. What is the basis for processing the data?
We may process your personal data for the reasons set out above, and also because:
- it is necessary for the performance of our contract with you;
- of regulatory and legal requirements that we are subject to;
- of the need to establish, exercise or defend our legal rights or for the purpose of legal proceedings;
- it is necessary for the purpose of our legitimate business interests such as:
- monitoring and efficiently managing the performance and operation of our business;
- outsourcing of parts of our back-office functions to third parties;
- contacting you after you request information to see if we can provide further assistance and information about events, economic commentary and keep you informed of other services which might be of interest to you; or
- we have obtained your consent to do so. You are able to remove your consent at any time by contacting your relationship manager or emailing us at [email protected]
6. How long do we keep the data?
Your personal data will be retained for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention of your personal data will be subject to periodic review.
For tax purposes the law requires us to keep basic information about our customers and suppliers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers and/or suppliers.
To find out more about our data retention policy please contact [email protected]
7. Who do we share the data with?
We may share your personal data with any member of our group, which includes our subsidiaries, our ultimate holding company and its subsidiaries, and our affiliates
We may share your information with selected third parties including:
- business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
- marketing and service providers and printers in providing you with the targeted marketing materials where we have a legitimate interest in sending these; and
- analytics and search engine providers that assist us in the improvement and optimisation of our site.
We may also share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal data with a regulator or to otherwise comply with the law.
The third parties we may work with are subject to change from time to time. A full and current list of the third parties we share your information with is available upon request at [email protected]
We may disclose your personal data to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our agreements.
8. International Transfers
Countries outside of the United Kingdom or the EEA do not always offer the same levels of protection to your personal data, so UK and European law has prohibited transfers of personal data outside of the UK and EEA (respectively) unless the transfer meets certain criteria.
Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is in place:
- We will only transfer your personal data to countries that the European Commission or Information Commissioner’s Office have approved as providing an adequate level of protection for personal data by; or
- Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission or Information Commissioner’s Office which give personal data the same protection it has in Europe; or
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
Where it is in our legitimate interests, we may send you information about our products and services and those of other companies in our group which may reasonably be considered to be of interest to you.
We will inform you if we wish to use your data for such purposes or to disclose your information to any third party for such purposes. We will never sell or transfer your data to a third party to use for direct marketing without your knowledge and consent.
You have the right to ask us not to send you marketing messages at any time. You can do this: by contacting your relationship manager or our data protection officer at [email protected] In case you wish to withdraw from all marketing communications, you can also unsubscribe from all marketing by clicking the appropriate link in any email you receive.
Whatever your preference, you will still receive statements and other services notifications that we may need to send you containing important information in relation to your accounts or service we provide to you.
10. Automated Decision Making
We may use automated decision making in order to comply with our regulatory requirements in relation to KYC/AML checks or to evidence we are providing a suitable and appropriate service to you.
11. Your rights in relation to the data
You have certain rights in respect of the data we hold relating to you. These include the right to:
- Be informed about the personal data we collect and use – you are entitled to information including our purposes for processing your personal data, our retention periods for that personal data, and who it will be shared with;
- Access your personal data - you are entitled to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
- Request correction - you can request we rectify any information we hold about you that you believe is inaccurate or incomplete;
- Request erasure – you can ask us to delete your data under certain circumstances where we have no valid reason for continuing to hold it;
- Restrict or object to processing – you can object or request we suspend the processing of the information we hold about you, for example if you want us to establish its accuracy or the reason for processing it.;
- Data portability – you can request we transfer the data we have collected on you to another organisation or directly to you; and
- Question automated decision making – you can request human intervention or challenge a decision taken by automated decision making.
In certain circumstances, where we are legally entitled or obliged to do so, we may not be able to grant certain requests in relation to your data.
To find out more or request access to this information please contact [email protected]
12. Other websites
Our Sites may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
13. Changes to the Policy
We keep our privacy notice under regular review. We reserve the right to update this privacy notice at any time and any changes will be posted on our website at https://sarasinandpartners.com/privacy-policy/. Please check back regularly to see any updates or changes.
If you have a complaint about our handling of your personal data please contact us at [email protected].
You have a right to lodge a complaint in relation to our processing of your personal data with a supervisory authority. For individuals living or working in the UK, or where the alleged infringement has occurred in the UK, the relevant supervisory authority will be the Information Commissioner’s Office. Please visit https://www.ico.org.uk for further instructions and information.
15. Contact Us