Bentley Reid & Co (UK) Limited – EU Data Privacy Notice
7th May 2018
Bentley Reid & Co (UK) Limited (‘BRUK’) is committed to protecting your personal data. This notice contains important information about what personal details we collect, what we do with the information, and your rights when it comes to personal information you have given us.
We may need to make changes to this Data Privacy Notice, so please check our website at www.bentleyreid.com for updates from time to time. If there are important changes regarding how we use your data, we will contact you to let you know.
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (‘GDPR’).
Who are we?
BRUK is the data controller. This means it decides how your personal data is processed and for what purposes. We can be contacted at the following address;
The Compliance Officer
29 Queen Anne’s Gate
Where we collect your personal information
BRUK collects your personal data directly from you, from a variety of sources including;
- Application forms
- Emails and letters
- Phone conversations
- Meetings with one of our Advisors
How we protect personal information
BRUK takes information security seriously and strives to comply with our obligations at all times. Any personal information collected will have appropriate safeguards applied in line with data protection obligations. 2
Your information is protected by controls designed to minimise loss or damage through accident, negligence or deliberate actions. This includes protecting sensitive information when storing or transmitting electronically.
How do we process your personal data?
BRUK complies with its obligations under the GDPR to process data in a lawful manner by;
- Keeping personal information up to date
- Storing and destroying it securely
- Not collecting or retaining excessive amounts of data
- Protecting personal data from loss, misuse, unauthorised access and disclosure
- Ensuring that appropriate technical measures are in place to protect personal data
- What we do with your personal data?
The personal data we require is used to manage the Advisory or Investment Management relationship we have with you, along with meeting regulatory requirements in respect of ‘Know You Customer’ and international tax obligations. Examples of how your data may be used are;
- Verifying your identity
- Providing adequate detail to advise on your financial affairs
- Reporting on your financial status
- Assisting on opening accounts where you have given us permission to do so
- Managing your investment portfolio
- Regulatory reporting and disclosures
What is the legal basis for processing your personal data?
Where BRUK have engaged with you under an agreed Terms of Business, the processing of data will be performed under the basis of the contractual necessity to fulfil obligations under the agreement, and the legal & regulatory obligations of the relationship.
If personal data is obtained from a professional business to business relationship with BRUK, the processing of data will be performed under the basis of legitimate interests of both parties.
Where there is no lawful basis to process your data, we will look to obtain your consent to ensure your rights are protected under the GDPR. This will only be required once, and will enable us to maintain a relationship where we can update you on our latest service and product offerings.
Sharing your personal data
Your personal data will be treated as strictly confidential, and will be shared only with professional bodies related to managing your financial affairs as agreed under the Terms of Business.
These third parties may include;
- BRUK regulators and supervisory authorities (e.g. FCA and ICO)
- Tax authorities as required under international tax laws (e.g. FATCA, CRS)
- Companies we have chosen to support us in the delivery of services we offer you (e.g. consultancy or technology companies)
- Credit and identity check agencies to verify identities under AML regulation
- Law enforcement for the prevention and detection of crime
We will never sell your details to someone else. Whenever we share your information, we do so in line with our obligations to keep your information safe and secure.
How long do we keep your personal data?
We will only keep your information for as long as it is required to be retained. The retention period is either dictated by legal or regulatory obligations, or by our discretion with a minimum of 6 years. Once your information is no longer needed it will be securely and confidentially destroyed.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data;
- The right to request a copy of your personal data which BRUK holds about you
- The right to request that BRUK corrects any personal data if it is found to be inaccurate or out of date
- The right to request your personal data is erased where it is no longer necessary for BRUK to retain such data
- The right to withdraw your consent to the processing at any time
- The right to request that BRUK provide the data subject with their personal data and where possible, to transmit that data directly to another data controller
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing
- The right to object to the processing of personal data
- The right to lodge a complaint with the Information Commissioners Office
Transfer of data outside of the EU
Where personal data is intended to be transferred outside of the EU, the GDPR imposes restrictions to ensure the protection of individuals is not undermined. BRUK will ensure that any transfers within the Bentley Reid Group provide for adequate safeguards as enforced by the Information Commissioners Office.
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing. 4
How to make a complaint
BRUK will always strive to collect, use and safeguard your personal information in line with data protection laws. If you do not believe we have handled your information as set out in this Data Privacy Notice, please contact us immediately to put things right.
If you believe the matter is still unresolved you can make a complaint to the Information Commissioners Office.