General Data Protection Regulations (GDPR) came into effect on the 25th of May 2018 and has replaced the Data Protection Act currently operated by the ICO.
Personal data is data from which a person can be identified, being an individual’s name with any other piece of information.
How does the GDPR effect you?
In essence, this means we must draw up new policies and procedures to ensure we meet the new legislation which specifically relates to personal individual information. We must be able to demonstrate how and where we hold this and how we use it.
We take privacy seriously and will only process personal data as set out below.
Personal data that you supply to us will only be processed under the following conditions:
- Processing where you have provided consent – for example where you have specifically opted in to receiving marketing information from us;
- Processing that is necessary for the fulfilment of a contract to which you, as the data subject, is party – for example upon the receipt of the contract to provide the services that you have requested from us;
- Processing that is necessary for compliance with a legal obligation – for example anti-money laundering regulations;
- In certain circumstances, processing is based on the legitimate interests of us as the data controller. Under GDPR a legitimate interest could be assumed where the data subject is a client of the data controller – for example we will process your personal data for the administration of your account.
Apart from where set out below, we will not disclose any personal data to any third party without your permission, unless this is required by law.
Any personal data that we hold about individuals will be kept safe, secure and confidential. However, we may share personal data within EG Capital Advisors Group of companies.
We may disclose personal data to third parties:
- If we are under a duty to disclose or share personal data in order to comply with any legal obligation, or in order to enforce or apply our standard terms of business and other agreements; or to protect the rights, property, or safety ofEG Capital Advisors UK Limited, our clients, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We shall use appropriate technical and organisational measures to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. We shall not sub-contract any processing of personal data unless that personal data continues to be subject to an appropriate level of protection. To the extent that we act as data processor for you, we shall only process personal data in accordance with your instructions.
We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately, whilst we are working with you and past this point. This includes using information to enable us to comply with our customer contract, to comply with any legal requirements, pursue the legitimate interests of the Company and protect our legal position in the event of legal proceedings. If you do not provide this data, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision.
The criteria used to determine the period of retention of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, in line with our internal Data Retention Policy, as long as it is no longer necessary for the fulfilment of or initiation of the services being provided or is no longer necessary for the specific purpose for which it was obtained.
Under the GDPR data subjects have a number of rights:
- The right to be informed about whether their personal data is being processed by us;
- The right of access to the personal data that we store about them;
- The right to rectification of their personal data should it prove to be inaccurate;
- The right to erasure of their personal data under specified circumstances;
- The right to restrict the processing or their personal data under specified circumstances;
- The right to data portability – the ability to have their personal data transferred to another data controller;
- The right to object to having their personal data processed by us (under specified circumstances); and
- The right not to be subject to automated decision-making, including profiling. ([entity name] does not use automated decision-making or profiling).
More detailed information on data subjects’ rights can be obtained by contacting the Data Protection Team using the contact details included in this privacy notice.
As a data subject, if you are not satisfied with the action we have taken in relation to exercising your rights as set out above, or if you believe that your data has been misused or that we have not kept it secure, you may complain to the Information Commissioners Office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate). https://ico.org.uk/concerns/
The data controller is EG Capital Advisors UK Limited, a Private Limited Company with registered number 10572802. The registered office is 28 Savile Row, London, UK.
The data protection team can be contacted at firstname.lastname@example.org.