SUMMARY: This document represents the Hottinger Group’s Privacy Statement
OWNER: Hottinger Group’s Board of Directors and Compliance Officer (CO)
EFFECTIVE DATE: April 2018
APPROVED BY: The CO of the Hottinger Group on 26 April 2018.The Board of Directors of the Hottinger Group on 26 April 2018
Reviewed By: Compliance
Changes: New Policy, which replaces version dated August 2011
Reviewed By: Compliance
Changes: NewPolicy, which replaces version dated September 2016
Reviewed By: Compliance
Changes: New Policy, which replaces version dated January 2018
WHO ARE WE?
Archco Limited and all its subsidiary companies, (together referred to as the Hottinger Group (“the Group”) (“we” or “us”) are committed to maintaining, protecting and respecting your privacy. You can visit our website without telling us who you are or revealing any information about yourself. However, if you do give us any personal information about yourself or others, we promise to treat it securely, fairly and lawfully.
THE DATA CONTROLLER:
Further information can be obtained by contacting us. (See the “How to Contact Us” section below.) Details of other companies that are part of the Group can be obtained by contacting us. (See the “Contact” section.)
WHAT THIS POLICY COVERS:
1. INFORMATION WE MAY COLLECT FROM YOU
Information you give us.
You may give us information about you by filling in forms on our site or forms that we have given to you to fill in (which may be part of your agreement with us) by corresponding with us via phone, email, facsimile or otherwise. This includes information you provide when you register to use our site, log in to a service, subscribe to a service by us and when you report an issue with our site. The information you give us may include:
- your name
- email address
- phone number
- date of birth
- plan number
- financial information
- information about your investment strategies and objectives
- credit card information
- medical information; and
- any further personal information required as part of a product or service application or which you share through the website.
Information we collect about you.
Each time you visit our site we may automatically collect the following information:
- technical information including the internet protocol (IP) address used to connect your computer to the internet, your log-in information, browser type and version, browser plug-in types and versions, time zone setting, operating system and platform; and
- information about your visit, including the Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); items you searched for; page response times; download errors, length of time spent on pages, page interaction information (such as scrolling, clicks and mouse-overs) and methods used to browse away from the page and any phone number used to call us.
Information we receive from other sources.
We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies, criminal records check agencies). We receive personal data from these third parties from time to time. We may combine this information with information you give to us and information we collect about you. We may use this information and combined information for the purposes set out above (depending on the types of information we receive).
Monitoring and recording communications.
We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance, training, fraud prevention and compliance with our obligations under applicable legislation.
Personal information about other individuals
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
- give consent on his/her behalf to the processing of his/her personal data;
- receive on his/her behalf any data protection notices; and
- give consent to the processing of his/her personal data which may include all of the information listed above.
3. HOW WE USE YOUR INFORMATION
We use information which you have given to us and we have collected and hold about you in the following ways:
- to carry out our obligations arising from any contracts entered into between you and the Group and to provide you with the information, products and services that you request from us;
- to comply with our legal obligations to carry out identity and anti-money laundering checks;
- to provide you with information about other products and services that we offer that are similar to those that you have already purchased or enquired about;
- to provide you, or permit selected third parties to provide you with information about products or services we feel may interest you;
- to notify you about changes to our service; and
- to ensure that content from our site is presented in the most effective manner for you and for your computer.
- to administer our site and for internal operations including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our site to ensure that content is presented in the most effective manner for you and your computer;
- to allow you to participate in interactive features of our service, when you choose to do so;
- as part of our efforts to keep our site safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
We would like to send you information by post, email, telephone, text message (SMS) or automated call about our products and services which may be of interest to you.
Other businesses within our Group may also send you similar marketing messages, depending on what you agree with us. We will only ask whether you would like us to send you marketing messages when you tick the relevant boxes when you signed up for a product or a service with us or filled out aform on our website.
If you have consented to such receive marketing and/or other electronic or telephone communications from us, or other companies in our Group, you can opt out at any time. See the “Your Rights” section below for further information.
5. IDENTITY AND ANTI-MONEY LAUNDERING CHECKING
We may do an identity and/or credit check on you:
- so that we and other companies in our Group can verify your identity,
- make credit decisions about you and members of your household, and
- to prevent and detect fraud and money laundering
Our search will be recorded on the files of the credit reference agency.
We may also disclose information about how you conduct your account to credit reference agencies and your information may be linked to records relating to other people living at the same address with whom you are financially linked.
Other credit businesses may use your information to:
- make credit decisions about you and the people with whom you are financially associated
- trace debtors, and
- prevent and detect fraud and money laundering.
If you provide false or inaccurate information to us and we suspect fraud, we will record this.
If you want to see your identity check and/or credit file, please contact us using the contact Information in Section 12 below and we will provide you with the details of the agencies which we use so that you can contact them directly to obtain the relevant information.
6. DISCLOSURE OF YOUR INFORMATION
We may share your personal information with:
- other companies within our Group;
- our agents and service providers (including custodians);
- credit reference agents—see “Credit Checking” section above;
- our business partners in accordance with the “Marketing and opting out” section above; and
- suppliers and sub-contractors for the performance of any contract we enter into with them or you;
- analytics and search engine providers that assist us in the improvement and optimisation of our site;
- in the event that we buy or sell any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- law enforcement agencies in connection with any investigation to help prevent unlawful activity;
- financial institutions and other similar organisations that we deal with in the course of the services we offer; and
- auditors or contractors or other advisers auditing, assisting with or advising on any of our business purposes, in any jurisdiction where we operate.
When we share your information with third parties they will process your information either as a data controller or as our data processor and this will depend on the purpose of our sharing the personal data. We will only share your personal data in compliance with the applicable data protection legislation.
A list of our selected third parties with whom we may share your information is available by you the data subject contacting us in writing to the Data Protection Officer, The Hottinger Group, 4 Carlton Gardens, St. James’s, London SW1Y 5AA, United Kingdom.
7. WHERE WE STORE YOUR PERSONAL DATA
All information you provide to us is stored on our secure servers located in the United Kingdom and the Republic of Ireland. Where you have a password, which enables you to access certain parts of our site, you are responsible for keeping this password confidential
8. TRANSFERS OF YOUR INFORMATION OUT OF THE EEA
When you signed up for our Services and entered into the agreement with us in respect of those Services you agreed that we may transfer your personal data to countries located outside the European Economic Area, for the purposes as set out in your agreement with us. Rest assured that we will always ensure any transfer is subject to appropriate security measures to safeguard your personal data including entering into European Commission approved contracts that that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach.
Details of any third parties located outside of the EEA to which your personal data is transferred will be communicated to you in accordance with the terms of the agreement with you. We do not transfer your information outside of the EEA other than in accordance with an agreement you have with us.
What we do.
We will use technical and organisational measures to safeguard your personal data, for example:
- access to your account is controlled by a password and user name that are unique to you;
- we store your personal data on secure servers; and
- payment details are encrypted using SSL technology (typically you will see a lock icon or green address bar (or both) in your browser when we use this technology).
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see “How to Contact US” section below).
What you can do.
You are responsible for keeping your password, user name and other log-in identity details secure and confidential. If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
10. YOUR RIGHTS
Right to ask us to stop contacting you with direct marketing.
Even if you have accepted the processing of your personal data for marketing purposes (by ticking the relevant box), you have the right to ask us to stop processing your personal data for such purposes. Let us know what method of contact you are not happy with if you are unhappy with certain ways of contacting you only (for example, you may be happy for us to contact you by email but not by telephone). You can exercise this right at any time by contacting the Data Protection Officer at email@example.com or in writing to the Data Protection Officer, The Hottinger Group, 4 Carlton Gardens, St. James’s, London SW1Y 5AA, United Kingdom.
Right to request a copy of your information.
You can request a copy of your information which we hold (this is known as a subject access request). If you would like a copy of some or it, please contact the Data Protection Officer at firstname.lastname@example.org or in writing to the Data Protection Officer, The Hottinger Group, 4 Carlton Gardens, St. James’s, London SW1Y 5AA, United Kingdom and let us know the information you want a copy of, including any account or reference numbers, if you have them. Any subject access request may be subject to a reasonable fee to cover the cost of providing you with details of the information we hold about you.
Right to correct any mistakes in your information.
You can require us to correct any mistakes in your information which we hold free of charge. If you would like to do this, please contact the Data Protection Officer at email@example.com or in writing to the Data Protection Officer, The Hottinger Group, 4 Carlton Gardens, St. James’s, London SW1Y 5AA, United Kingdom and let us know the information that is incorrect and the information you want it replaced with.
Right to request we cease processing your information.
You may request that we cease processing your personal data. If you make such a request, we shall retain only the amount of personal data pertaining you that is necessary to ensure that no further processing of your personal data takes place.
Right to request deletion of your information.
You can ask us to erase all your personal data (also known as the “right to be forgotten”) in the following circumstances:
- it is no longer necessary for us to hold that Personal Data with respect to the purpose for which it was originally collected or processed;
- you wish to withdraw your consent to us holding and processing your personal data;
- you object to us holding and processing your personal data (and there is no overriding legitimate interest to allow us to continue doing so);
- the personal data has been processed unlawfully; or
- the personal data needs to be erased in order for us to comply with a particular legal obligation.
Unless we have reasonable grounds to refuse to erase your personal data, all requests for erasure shall be complied with.
11. FOR HOW LONG DO WE KEEP YOUR DATA
We only keep your information for so long as it is necessary to fulfil the purpose for which it was collected which in most circumstances would be for so long as you have a valid account with us. There are regulatory and legislative requirements which oblige us to keep certain data for longer, and in order to comply with those regulatory requirements we keep that data for seven years. In very limited circumstances, we may be required to keep some specific information for longer, for example, pension transfer information, but we regularly review our retention obligations to ensure we don’t keep personal information longer that we’re legally obliged to.
Once we have completed the service requested and contracted by you, you or we have closed your account, and where applicable the regulatory or legislative retention period has expired, we will delete the information.
13. HOW TO CONTACT US
14. OTHER WEBSITES
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability forthese policies. Please check these policies before you submit any personal data to these websites.
If you have any complaints about the way in which we collect, store and use your information, and these have not been addressed by contacting us first, you can contact the supervisory authority in the United Kingdom, the Information Commissioner’s Office: https://ico.org.uk/concerns.