Private client privacy notice

Thesis Asset Management Limited (‘Company’) is a ‘data controller’ and gathers and uses certain information about you. This information is also used by our group company, Thesis Services Limited. If applicable, your adviser or representative may collect this information and pass it to us for the purposes of entering into and performing our Client Agreement.

We collect some or all of the following information depending on whether you are applying to become a client or are an existing client:

• your full name
• your address
• proof of name and address, which may include copies of your passport, driving licence and utility bills
• date of birth
• place of birth
• signature
• photo identification
• personal and work contact details (email address and phone numbers)
• job title and employer name
• gender
• marriage status
• nationality/dual nationality
• citizenship
• tax residence
• passport details
• national insurance number and other tax details
• full name, gender, date and place of birth and address of any child for whom you are investing in a Thesis Junior ISA
• referrer details
• investment details and background
• banking details
• business card
• family connections
• state of health
• source of funds and source of wealth
• value of assets and liabilities (including mortgage and other regular expenses)
  data received from due diligence investigations (such as anti-money laundering, politically exposed persons and sanctions checks)
• fraud enquiries
• images captured by CCTV cameras on our premises
• recordings of telephone conversations and video conferences and electronic communications with our staff.

We also collect information about your attitude to risk, investment objective (including restrictions and ethical preferences), suitability and capital gains tax information and bank details, including sort code, account name and bank account number.

During the course of our engagement, we will collect information about the amount invested in your portfolio, withdrawals made, investments held, fees paid, client communications, date of death, Client Portal username, password and security questions and answers.

Where we receive information about your state of health, we require your explicit consent, or that of your attorney, if applicable, to be able to process such information, as it is special category personal data, which is more sensitive than other types of personal data. For those applying to be a client, you will be asked to give your explicit consent for Thesis to process this information for the specific purpose of advising on suitability of investments when you complete the Thesis client agreement. If you were a client before 25 May 2018 and we hold special category personal data about you, you, or your attorney, if applicable, will be asked for explicit consent the next time you provide us with special category personal data.

We may collect this information from you directly or from third parties, including:

• Your application form
• Your use of our website: information received may include your website usage collected using cookies.
• Your financial adviser, professional adviser, nominated person or attorney: information received may include your name, address, gender, date of birth, bank details.
• Our suppliers: information from suppliers such as GB Group PLC includes the results of “Know Your Client”, anti-money laundering, politically exposed persons and sanctions checks.
• Phone conversations and video conferences with us, emails, letters or responses to client surveys sent to us
• During meetings

We will typically collect and use this information for the following purposes:

• In relation to potential clients, we may process personal data in order to carry out anti-money laundering checks and related actions which the Company considers appropriate to meet any legal obligations imposed on it relating to, or the processing in the public interest or to pursue the Company’s legitimate interests in relation to, the prevention of fraud, money laundering, terrorist financing, bribery, corruption, tax evasion and to prevent the provision of financial and other services to persons who may be subject to economic or trade sanctions, on an on-going basis, for appropriateness assessments and “Know Your Client” checks and for any other applicable legal or regulatory purposes and to take steps to enter into a client agreement. If relevant information is not collected, it will mean that we will not be able to take you on as a client.
• In relation to existing clients, we may process personal data collected for the purpose of performing our services under the client agreement with you, including account administration and other general business purposes (for example, carrying out your instructions, sending client communications including valuation reports and market commentary, updating our client agreement and handling complaints and enquiries) and, to comply with our regulatory obligations, we may collect and disclose information about clients and certain related persons and their investments to HM Revenue & Customs and/or other relevant tax authorities overseas in order to comply with our legal obligations.
• In relation to legal and regulatory requirements that apply to our business, we may process personal data to report to relevant regulators.
• For monitoring. We may process personal data to check the performance of IT systems, monitor usage to improve products, services, consumer outcomes and usability of our website. We may record telephone calls and electronic communications with our staff to keep a record of communications (i) for quality, business analysis, training and compliance monitoring and related purposes in order to pursue the legitimate interests of the Company to improve its service delivery, (ii) for processing and verification of instructions, (iii) for investigation and fraud prevention purposes, (iv) for crime detection, prevention, investigation and prosecution, (v) to enforce or defend the Company and its affiliates’, itself or through third parties to whom it delegates such responsibilities or rights in order to comply with any legal obligation imposed on it, (vi) to pursue the Company’s legitimate interests in relation to such matters, (vii) where the processing is in the public interest, and/or (viii) to comply with our legal or regulatory obligations.
• To disclose information to third parties such as service providers appointed by the Company, auditors, regulatory authorities and technology providers in order to comply with any legal obligation imposed on the Company or in order to pursue the legitimate interests of the Company.
• To update and maintain records and fee calculation.
• To retain anti-money laundering and other records of individuals to assist with the subsequent screening of them.
• In relation to a legal claim or legal proceedings.
• Where you have provided your consent to us processing your personal data for the purposes of informing you (for example, by telephone, mail, email or via the Client Portal) about other products and services available from the Company and of marketing campaigns and event invitations.
• To monitor and assess the outcomes retail customers receive by requesting customer feedback including by using surveys.

We do not carry out direct marketing and we will not share your information for marketing purposes with other organisations.

We share information with:

• our associated company, Thesis Services Limited;
• external contractors, for example for anti-money laundering checks;
• our professional advisers, including lawyers and insurers; and
• potential purchasers of some or all of our business or on a re-structuring.

Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations. We may also be required to share some personal information with our regulator or as required to comply with applicable law.

If you authorise us to do so in the Nominated Person Form, we may share personal information with your Nominated Person.

In any case where we share your personal information with a third party processor, the use by that third party of your personal information will be subject to the third party’s own privacy policy, a copy of which can be obtained from the Head of Compliance – please see “How to Contact Us” below for contact details.

A list of recipients with whom we share your personal data as a client, and why we may need to share it, can be obtained from our Head of Compliance – please see “How to Contact Us” below for contact details.

We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.

Information may be held at our offices and those of our group companies, and third party agencies, service providers, representatives and agents as described above. The disclosure of personal information to the third parties set out above may involve the transfer of data to the USA and other jurisdictions outside the UK. Such countries may not have the same data protection laws as the UK. We will, however, put in place appropriate security procedures in order to protect your personal information. Where your information is transferred to any country outside the UK, we ensure that this is done using specific legally approved safeguards.  You can request further details and a copy of these safeguards by contacting us (see “How to contact us” below).

We will keep your information for the following periods:

Type of data

Personal data we collect for legal and regulatory obligations

Period

Period can vary depending on the nature of the regulatory requirement. In some cases this will be three years, five years or seven years. In some cases this may be required for longer. Please contact our Head of Compliance (details above) if you would like further information.

Type of data

Personal data we require in relation to legal claim or legal proceedings

Period

Until the claim is either finally settled or finally determined by a court, meaning no right of appeal is given

Type of data

Personal data we collect for our legitimate interests

Period

Until our legitimate interests cease or your rights and freedoms override them

In each case we will require a reasonable number of working days to complete the deletion of your personal data from our systems and those of the recipients with whom we share your data.

You, and any child on whose behalf you apply to open a Thesis Junior ISA, have the following rights in relation to your personal information:

• right to access your personal information
• right to ask where and how your personal information is being stored
• right to rectify your personal information
• right to restrict the use of your personal information (in certain specific circumstances)
• right to request that your personal information is erased where there is no good reason for us to continue to process it
• right to object to processing of your personal information where we are relying on a legitimate interest (or that of a third party) or where we are processing your personal data for direct marketing purposes
• right to data portability.

Please contact our Head of Compliance at compliance@thesisam.com, if (in accordance with applicable law) you would like to correct or request access to information that we hold relating to you or if you have any questions about this notice. We will respond to your request within one month of receipt of your request. In some cases we may not be able to fulfil your request to exercise the right before this date, and may need to request more time. Where we cannot provide a full response to you for any reason, we will let you know about this in our initial reply to your request. We may only charge a reasonable fee for responding to access requests if the request is manifestly unfounded or excessive, especially if it is repetitive, or the request is for further copies of the same information.

You also have the right to ask our Head of Compliance at compliance@thesisam.com for some but not all of the information we hold and process to be erased (the ‘right to be forgotten’) in certain circumstances. Our Head of Compliance will provide you with further information about the right to be forgotten, if you ask for it. You can also write to us at Thesis Asset Management Limited, Exchange Building, St John’s Street, Chichester, West Sussex, PO19 1UP. Please note that deletion may not be immediate.

In addition, you have the right to have certain data which you have provided to us to be transferred to another processor (the ‘right to data portability’). If you want more information about this, or wish to take advantage of it, please contact our Head of Compliance as set out above.

We acknowledge that the information you provide may be confidential and will maintain the confidentiality of and protect your information in accordance with our normal procedures and all applicable laws. We have appropriate technical and organisational measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. This also extends to our subcontractors.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data. Any transmission is at your own risk. Once we have received your information, we will use procedures and security features to try to prevent unauthorised access.

Please contact us at compliance@thesisam.com to correct or remove any information you think is inaccurate or contact The Private Office Team if your details have changed by calling 01243 531234 or emailing privateoffice@thesisam.com.

For users of our website, web browser cookies, which are small text files, are placed on your computer to store information such as your IP address or other identifier, your browser type, and information about the content you view and interact with on our website. This information is used to remember your preferences and settings, remember information you may enter online, to keep you logged on to portals that we may offer, to generate statistics about how visitors use our website and to improve our website. Cookies do not give us access to your computer or any information about you, other than the data you choose to share with us.

For more information on the cookies we use and why, please go to www.thesisam.com and refer to the Cookie Policy.

You can choose to accept or decline cookies via your browser settings.  To find out how to manage and delete cookies, visit Managing Cookies | About Cookies. To opt out of being tracked by Google Analytics across all websites visit Privacy controls in Google Analytics – Analytics Help.

Opting not to use cookies may prevent you from taking full advantage of the website.

Our website may contain links to other websites which are outside our control and are not covered by this Privacy Notice.  If you access other websites using the links provided, you should read the privacy notices on those websites.

We will keep this Privacy Notice under regular review.  Any changes we make to our Privacy Notice will be posted on our website at www.thesisam.com can be requested by email from the Head of Compliance at compliance@thesisam.com or by writing to the Head of Compliance, Thesis Asset Management Limited, Exchange Building, St John’s Street, Chichester, West Sussex PO19 1UP. This Privacy Notice was last updated on 28 July 2023.

If you require any additional support (for example, you require this document in large print, braille or audio), please get in touch with  The Private Office Team by calling 01243 531234 or emailing privateoffice@thesisam.com.

If you are deaf, have hearing loss or are speech impaired, you can contact us by using the Relay UK service. You can do this either by using the app, or by dialling 18001 before our number using your textphone.  The Relay UK service is free, you will only pay your normal charges for the call.

If you consider that the processing of personal data relating to you carried out by us or our service providers infringes data protection law, you have the right to lodge a complaint with the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (or at the relevant regional office for Scotland, Wales or Northern Ireland, details of which are available at About the ICO | ICO), via the Live Chat link at Make a complaint | ICO or by telephone on 0303 123 1113.

If you have any questions about our use of your personal information, please contact us by email at compliance@thesisam.com, or by writing to The Head of Compliance, Thesis Asset Management Limited, Exchange Building, St John’s Street, Chichester, West Sussex PO19 1UP or by calling 01243 531234, Monday to Friday between 9am and 5pm.