Data Protection Policy Information for Clients

Similar documents
Data Transfer Policy London Borough of Barnet

Employee eligibility to work in the UK

Summary of Data Protection Requirements When transferring Data Outside the UK End Users

Personal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person.

The Guardianship Service

CIVIL SERVICE NATIONALITY RULES GUIDANCE ON CHECKING ELIGIBILITY

Credit transfer to Customer account with AS "Meridian Trade Bank" EUR, USD free of charge * Other countries currency information in the Bank

In May and July 2014 UK Visas and Immigration (UKVI) introduced changes to the right to work checks employers are required to carry out.

International Hints and Tips

The European Union Savings Tax Directive. An historic guide

Application Form: Receptionist / PA to the Senior Leadership Team

GfK PURCHASING POWER INTERNATIONAL

International Call Services

This factsheet contains help and information for financial advisers who wish to advise their clients who live in Europe.

Little Marlow Parish Council Registration Number for ICO Z

Report on Government Information Requests

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

APPLICATION FORM FOR POST OF SENIOR CLINICAL BIOCHEMIST. NB: 5 Curriculum Vitae (unbound) must accompany this Application Form

Report on Government Information Requests

Adobe Public Relations (PR) Guidelines

NEW PASSENGER CAR REGISTRATIONS BY ALTERNATIVE FUEL TYPE IN THE EUROPEAN UNION 1 Quarter

About us. As our customer you will be able to take advantage of the following benefits: One Provider. Flexible Billing. Our Portal.

PLAN PRICE GUIDE Allowance 50GB Data, unlimited minutes, unlimited texts, inclusive Roaming in selected countries 1,2,

ERASMUS+ MASTER LOANS

Family benefits Information about health insurance country. Udbetaling Danmark Kongens Vænge Hillerød. A. Personal data

Analysis of statistics 2015

Compliance guide: Data protection. A practical guide to meeting your regulatory and best practice obligations

VISA AND RESIDENCE PERMIT FOR GERMANY FOR INTERNATIONAL STUDENTS AND Ph.D. STUDENTS

41 T Korea, Rep T Netherlands T Japan E Bulgaria T Argentina T Czech Republic T Greece 50.

DATA PROTECTION POLICY

Labour Force Survey 2014 Almost 10 million part-time workers in the EU would have preferred to work more Two-thirds were women

in Scotland for holidaymakers from overseas

Size and Development of the Shadow Economy of 31 European and 5 other OECD Countries from 2003 to 2015: Different Developments

Social Security. A Guide to Child Benefit. The Treasury Yn Tashtey

TOMTOM BONUS INTERNATIONAL MAP INDONESIA PROMOTION HOW TO CLAIM

CABINET OFFICE THE CIVIL SERVICE NATIONALITY RULES

Exercise 39. The Euro. At the end of this exercise you will:

Planned Healthcare in Europe for Lothian residents

ERASMUS+ MASTER LOANS

1. Perception of the Bancruptcy System Perception of In-court Reorganisation... 4

Students: undergraduate and graduate students who are currently enrolled in universities

Human Resources Policy documents. Data Protection Policy

International Wire Transfers Help Guide Transfer Funds to Overseas Banks

Crystal Clear Contract Services Limited Application Form CIS/Sole Trader

Global AML Resource Map Over 2000 AML professionals

COMMUNICATION FROM THE COMMISSION

Direct Life Insurance Carrier Lines Europe Report

Health care in Scotland for UK passport holders living abroad

Data Protection Policy

Visa Information 2012

Data Protection in Ireland

GUIDE TO STUDENTSHIP ELIGIBILITY

IN AN EMERGENCY / 2016

DATA PROTECTION ACT 1998 COUNCIL POLICY

PAYMILL General Terms and Conditions

EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES

Report on Government Information Requests

Attendance Allowance. Benefit and support you may get if you are ill or disabled and aged 65 or over

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Report on Government Information Requests

Glyncoed Primary School. Data Protection Policy

Health care in Sweden for foreign students [Sjukvård i Sverige för utländska studenter]

TRANSFERS FROM AN OVERSEAS PENSION SCHEME

Child Benefit if you are coming from abroad or going abroad

This form has two parts: PART 1: WORK IN ONE COUNTRY and PART II: WORK IN TWO OR MORE COUNTRIES.

Want to work in Denmark?

Guidance on Sponsorship

Carer s Allowance and Carer s Credit

relating to household s disposable income. A Gini Coefficient of zero indicates

Energy prices in the EU Household electricity prices in the EU rose by 2.9% in 2014 Gas prices up by 2.0% in the EU

Alcohol Consumption in Ireland A Report for the Health Service Executive

Customers who don t want to get tied down by a contract can choose the O 2 go Prepaid option, which gives them a daily Internet flat rate of up to 1 G

Genuine BMW Accessories. The Ultimate Driving Machine. BMW Trackstar. tracked. recovered. BMW TRACKSTAR.

Residential Mental, Health & Substance Abuse Facility Lines Europe Report

BOX MOTOR LEGAL PROTECT Legal Expenses Insurance Policy Summary

2. Is registration with PARAFES free? Yes.

(Only available if you have applied for a Decreasing Mortgage Cover Plan or a Level Protection Plan).

European Research Council

EMBO Short Term Fellowships Information for applicants

EBA REPORT ON THE BENCHMARKING OF DIVERSITY PRACTICES. EBA-Op July 2016

ERASMUS+ MASTER LOANS

An overview of UK data protection law

Can I take my Benefits abroad?

Statewatch Briefing ID Cards in the EU: Current state of play

Technical & Trade School Lines Europe Report

technical factsheet 176

ENTERING THE EU BORDERS & VISAS THE SCHENGEN AREA OF FREE MOVEMENT. EU Schengen States. Non-Schengen EU States. Non-EU Schengen States.

THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK

24 Hour Secure Operating Centre * Customer Services * (Monday-Friday 8.30am-5.30pm)

NO PURCHASE NECESSARY TO ENTER OR WIN. A PURCHASE DOES NOT IMPROVE YOUR CHANCES OF WINNING. VOID WHERE PROHIBITED BY LAW.

Applying for Pension from Abroad. Did you know that you can apply for a pension even for work you did abroad in the 1960s?

Stolen Vehicle Tracking and Monitoring Services

Waste. Copenhagen, 3 rd September Almut Reichel Project Manager Sustainable consumption and production & waste, European Environment Agency

Transcription:

Data Protection Policy Information for Clients Foreword This document outlines Numis Securities Limited s ( the Firm or Numis ) legal obligations and policy on data protection. Further information can be obtained by reference to the Data Protection Act 1998 ( DP ACT ) and also to the Information Commissioner s website. Background Legal Position In the UK, every individual has a legal right to privacy in respect of their own personal information. The DP Act aims to promote high standards in the handling of personal information and so protect an individual s right to privacy. The DP Act sets out the basis on which parties can collect and store personal data (including sensitive personal data ) and also gives individuals the legal right to see what information is held about them and to have it corrected if it is wrong. Numis places primary importance on complying with all laws and regulations. To help us discharge our legal and regulatory responsibilities, the Firm has implemented a policy to help ensure that all staff (Incl. temporary staff, interns, secondees and contractors) treat personal data lawfully and correctly. What are data, personal data and sensitive personal data? Data covers information recorded in hard copy and electronic formats (such as e- mails, word/excel documents, CCTV and telephone recordings) and in a structured way (such as in staff or client files) so that an individual can readily be identified. Personal data is information relating to a living individual that enables that person to be identified, e.g. their home address, personal phone number, date of birth, passport number, personal e-mail address or national insurance number. Personal data may also include a documented comment or opinion about an individual (e.g. interview or review notes). 1

Some personal data is classed as sensitive personal data and covers information about an individual s lifestyle, political opinions, race, physical or mental health. Sensitive personal data is subject to tighter restrictions than personal data. Throughout this policy, references to personal data relate to all types of personal data, including sensitive personal data, unless otherwise highlighted. Processing Data Numis collects, stores, displays, organises, updates and transfers personal data (both electronically and manually) in order to operate its business. Since Numis is deemed to be processing that data, it is covered by the DP Act s requirements. Numis processes personal and/or sensitive personal data on: directors of prospective, current and former corporate clients; prospective, current and former dealing clients who are individuals (rather than legal entities) or suppliers who are individuals (rather than legal entities). Registration Since Numis processes personal and/or sensitive personal data, it is required to be registered with the Information Commissioners Office ( ICO ) as a Data Controller. The ICO s register of Data Controllers is accessible to the public. Numis is currently registered (Registration Number Z7352263) to process personal data for the following purposes: Advertising, marketing and public relations Accounts and records For further information on these purposes please refer to Appendix 1 of this document. Data Protection Officer Numis has appointed a Data Protection Officer ( DPO ). Numis Data Protection Officer is Dilar Tavares. In her absence please refer to her Deputy Sid Mirashi. 2

Data Protection in Numis Handling Personal Data As a Data Controller, Numis must comply with the DP Act s Eight Principles for good handling of information and hence requires staff to ensure that personal data: 1 is processed fairly and lawfully and, in particular, is not be processed unless it meets certain conditions, including: the intended use of the data has been disclosed; the data subject has given their consent; this is necessary to perform a contract to which the data subject is a party; it relates to a legal obligation or is in the public interest; and/or it is used to protect the vital interests (e.g. life or death scenarios) of the data subject. 2 is obtained for specified and lawful purposes and not used in other ways which may be incompatible with the purpose for which it was obtained; 3 is adequate, relevant and not excessive i.e. the amount of information requested is appropriate for the Firm s needs; 4 is accurate and, where necessary, kept up-to-date; 5 is not kept for longer than necessary and is destroyed once the purpose for which the information was gathered is complete and in line with the firm s record keeping requirements; 6 is processed in accordance with the rights of the data subjects, for example: they are provided with their personal data records if they so request; Numis must rectify data inaccuracies highlighted by the data subject; and/or personal data should not be used for purposes against the data subject s instruction e.g. for direct marketing; 7 is covered by appropriate systems and controls to provide for its protection and security and is not accessed unlawfully or inappropriately; 8 is not transferred outside the European Economic Area ( EEA, see Appendix 3

2) unless that country has an adequate level of protection for personal data or equivalent safeguards in place to protect data rights and access to information as under the DP Act (see Appendix 3 for the list of adequate data protection jurisdictions). Responsibility for Data Protection Numis staff must ensure that any personal data that comes into their possession, or for which they have responsibility, is managed in accordance with this policy and the DP Act s Eight Principles. Numis is responsible for implementing and monitoring controls to provide for compliance with these requirements. Collecting Data and Consent Before personal data is collected or an individual is requested to provide personal data, Numis must be clear as to the purpose for which they are collecting or storing such data. The Firm may, for example, require personal data: to set up dealing and Corporate Broking & Advisory accounts to meet regulatory requirements such as for: o director s questionnaires for AIM companies where Numis act as the Nominated Advisor; o identification of potential conflicts of interest; o individual registrations and regulatory approvals; or o voice recording of transactions; to settle an account transaction. Individuals need to be advised when their personal data is to be stored and the purpose for which it is to be collected. Numis will principally provide this information through dealing and Corporate Broking & Advisory agreements, which contain clauses covering consent to process personal data; and employment contracts, which cover collection and storage of data relating to staff. Data Storage It is likely that Numis will receive personal data that is then stored in a variety of locations, e.g. an individual provides their address over the telephone (which is 4

voice-recorded) and then follow this up with an e-mail (which is forwarded on to another department), with hard copies sent in the post. The client s data is then recorded in a client and/or back-office record system. The following procedures are in place and where relevant must be adhered to when storing data:- Electronic storage personal data must be stored in a segregated part of a PC drive and must not be accessible to any member of staff who does not have a legitimate on-going need to access such data. Hard copy - personal data must be stored in a locked filing cabinet, access to which should be restricted to staff who legitimately need access on an ongoing basis. All relevant telephone calls via Numis landlines are recorded and retained for a period of six months in line with FCA requirements for regulated business. Accuracy of data All personal data which is stored by Numis should be accurate. The Firm is required to take reasonable steps to ensure the accuracy of the data provided and to regularly review the data for accuracy. Information Disclosure Numis seeks to prevent inappropriate disclosure of information and issues arising as a consequence of poor security. Personal data must not be disclosed (whether orally, or in electronic or hard copy) unless that information is being provided for the purposes for which it was originally intended or if there is a legal or regulatory requirement to do so. Internally Numis will typically need to share certain amounts of personal data internally to conduct its business, for example, using an individual s e-mail address or personal phone numbers to arrange conferences or to discuss business opportunities. Access to personal and/or sensitive personal data is restricted to staff who have a legitimate need to access such information on a day-to-day basis. Certain data, in particular, sensitive personal data, will require more restricted access and greater 5

data security. The DPO can advise business areas according to the type of personal data held and will carry out periodic reviews of the systems and controls in place. The Firm would generally expect only members of the Numis Securities Limited Board of Directors, HR and managers in the course of managing their team to have access to sensitive personal data. Externally Personal data must not be disclosed, either orally, in writing or otherwise to any unauthorised third party. In exceptional instances when this is required, personal data should be password protected and/or encrypted. Similar care should be taken when sending hard copy documents containing personal data (e.g. copy passports).consideration should be given to measures for additional security of mail deliveries using third party carriers. Numis client agreements include provision for transferring information (including personal data) outside of the EEA, where necessary. Prior to sending any information outside of the EEA, staff must contact the DPO to determine if there is adequate protection and/or safeguards in place. Destruction Numis staff is responsible for ensuring that personal data is not kept for longer than is necessary (and it is held in accordance with internal, legal and regulatory requirements). The requirements for record keeping are detailed and specific to each aspect of Numis business. Personal and sensitive personal data is destroyed either by being immediately shredded or disposed of in bins marked confidential which are regularly removed and shredded offsite. Information stored in databases or on hard drives/servers is deleted. Data stored in this way is subject to the same record retention periods as paper records. Requests for Data Access External Requests Individuals have a legal right to access personal data that Numis may holds in relation to them. 6

Under the DP Act Numis is obliged to respond to any formal written request for data access and can charge a maximum administration fee of 10. Once the request has been verified, responses will be dealt with promptly and in any event must be dealt with within 40 calendar days of receipt of the request. Requests to access personal data held by Numis must be referred to the DPO, so that the data can be collated and the response and response time monitored. Incident Reporting A data security breach can occur for a number of reasons including (though not limited to): 1. Loss or theft of data or equipment on which data is stored; 2. Inappropriate access controls allowing unauthorised use; 3. Equipment failure; 4. Human error; 5. Unforeseen circumstances such as a fire or flood; 6. System Hacking; or 7. Blagging offences where information is obtained by deceiving the organisation who holds it. Employees must notify the DPO (and in his absence the Numis compliance department) of any breaches of Numis data protection policy. Numis will consider the need to notify data subjects if there has been a data security breach so that they can take action to reduce any risk to themselves. Consideration will also be given as to whether the breach is sufficiently serious to be reported to the Information Commissioner. 7

Appendix 1 - Purposes Purpose Data subjects Data classes 1. Advertising, marketing & Customers and clients. Personal details public relations Complainants, Family, lifestyle and social Advertising or marketing the correspondents and circumstances business of the data enquirers Goods or services controller, activity, goods or Advisers, consultants provided services and promoting and other professional public relations in experts. connection with the business or activity, or those goods or services 2. Accounts & records Keeping accounts related to any business or other activity carried on by the data controller, or deciding whether to accept any person as a customer or supplier, or keeping records of purchases, sales or other transactions for the purpose of ensuring that the requisite payments and deliveries are made or services provided by him or to him in respect of those transactions, or for the purpose of making financial or management forecasts to assist him in the conduct of any such business or activity. Customers and clients Suppliers. Complainants, correspondents and enquirers. Personal details Financial details Goods or services provided 8

Appendix 2 - EEA countries Austria Belgium Bulgaria Cyprus Croatia Czech Republic Denmark Estonia Finland France Germany Greece Hungary Iceland Republic of Ireland Italy Latvia Liechtenstein Lithuania Luxembourg Malta The Netherlands Norway Poland Portugal Romania Slovakia Slovenia Spain Sweden UK 9

Appendix 3 - Adequate Data Protection jurisdictions The following jurisdictions are currently regarded by the European Commission as having an adequate level of protection for personal information: Andorra Argentina Canada Faroe Islands Guernsey Isle of Man State of Israel Jersey New Zealand Switzerland Eastern Republic of Uruguay 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information