Private client privacy notice

Thesis Asset Management Limited (‘Company’) is a ‘data controller’ and gathers and uses certain information about you. If applicable, your independent financial adviser or introducer (‘Referrer’) may collect this information and pass it to us for the purposes of entering into and performing our client agreement.

We collect some or all of the following information depending on whether you are applying to become a client or are an existing client:

• your full name
• your address
• proof of name and address, which may include copies of your passport, driving licence and utility bills
• date of birth
• place of birth
• signature
• photo identification
• personal and work contact details (email address and phone numbers)
• job title and employer name
• gender
• marriage status
• nationality/dual nationality
• citizenship
• tax residence
• passport details
• national insurance number and other tax details
• full name, gender, date and place of birth and address of any child for whom you are investing in a Thesis Junior ISA
• referrer details
• investment details and background
• banking details
• business card
• family connections
• state of health
• source of funds
• value of assets and liabilities (including mortgage and other regular expenses)
  data received from due diligence investigations (such as anti-money laundering, politically exposed persons and sanctions checks)
• fraud enquiries
• images captured by CCTV cameras on our premises
• recordings of telephone conversations and electronic communications with our staff.

We also collect information about your attitude to risk, investment objective (including restrictions and ethical preferences), suitability and capital gains tax information and bank details, including sort code, account name and bank account number.

During the course of our engagement, we will collect information about the amount invested in your portfolio, withdrawals made, investments held, fees paid, client communications, date of death, Client Portal username, password and security questions and answers.

Where we receive information about your state of health, we require your explicit consent, or that of your attorney, if applicable, to be able to process such information, as it is sensitive personal data. For those applying to be a client, you will be asked to give your explicit consent for Thesis to process this information for the specific purpose of advising on suitability of investments when you complete the Thesis client agreement. If you were a client before 25 May 2018 and we hold sensitive personal data about you, you, or your attorney, if applicable, will be asked for explicit consent the next time you provide us with sensitive personal data.

We may collect this information from you directly or from third parties, including:

• Your application form
• Your use of our website: information received may include your website usage collected using cookies.
• Your financial adviser, professional adviser, nominated person or attorney: information received may include your name, address, gender, date of birth, bank details.
• Our suppliers: information from suppliers such as GB Group PLC includes the results of “Know Your Client”, anti-money laundering, politically exposed persons and sanctions checks.

We will typically collect and use this information for the following purposes:

• In relation to potential clients, we may process personal data in order to carry out anti-money laundering checks and related actions which the Company considers appropriate to meet any legal obligations imposed on it relating to, or the processing in the public interest or to pursue the Company’s legitimate interests in relation to, the prevention of fraud, money laundering, terrorist financing, bribery, corruption, tax evasion and to prevent the provision of financial and other services to persons who may be subject to economic or trade sanctions, on an on-going basis, for appropriateness assessments and “Know Your Client” checks and for any other applicable legal or regulatory purposes and to take steps to enter into a client agreement. If relevant information is not collected, it will mean that we will not be able to take you on as a client.
• In relation to existing clients, we may process information collected for the purpose of performing our services under the client agreement with you, including account administration and other general business purposes (for example, carrying out your instructions, sending client communications including valuation reports and market commentary and handling complaints and enquiries) and, to comply with our regulatory obligations, we may collect and disclose information about clients and certain related persons and their investments to HM Revenue & Customs and/or other relevant tax authorities overseas in order to comply with our legal obligations.
• In relation to legal and regulatory requirements that apply to our business, we may process personal data to report to relevant regulators.
• For monitoring. We may process personal data to check the performance of IT systems, monitor usage to improve products, services and usability of our website. We may record telephone calls and electronic communications with our staff to keep a record of communications for (i) quality, business analysis, training and compliance monitoring and related purposes in order to pursue the legitimate interests of the Company to improve its service delivery, (ii) processing and verification of instructions, (iii) investigation and fraud prevention purposes, (iv) for crime detection, prevention, investigation and prosecution, (v) to enforce or defend the Company and its affiliates’, itself or through third parties to whom it delegates such responsibilities or rights in order to comply with any legal obligation imposed on it, (vi) to pursue the Company’s legitimate interests in relation to such matters or (vii) where the processing is in the public interest and (viii) to comply with our legal or regulatory obligations.
• To disclose information to third parties such as service providers appointed by the Company, auditors, regulatory authorities and technology providers in order to comply with any legal obligation imposed on the Company or in order to pursue the legitimate interests of the Company.
• To update and maintain records and fee calculation.
• To retain anti-money laundering and other records of individuals to assist with the subsequent screening of them.
• In relation to a legal claim or legal proceedings.
• Where you have provided your consent to us processing your personal data for the purposes of informing you (for example, by telephone, mail, email or via the Client Portal) about other products and services available from the Company and of marketing campaigns and event invitations.

We would like to send you information about our products and services, which may be of interest to you. Please go to www.thesisam.com to register your preferences. If you have consented to receive marketing literature from us, you may opt out later. You have the right to stop us from contacting you for marketing purposes at any time. If you no longer wish to be contacted for marketing purposes, please contact marketing@thesisam.com.

We will not share your information for marketing purposes with other organisations.

We may also need to share some of the above categories of personal information with other parties, such as external contractors, for example for customer relationship management services, our professional advisers, including lawyers and insurers, and with potential purchasers of some or all of our business or on a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations. We may also be required to share some personal information with our regulator or as required to comply with applicable law.

Recipients with whom we share your personal data as a client, and why we may need to share it, are set out in this list. This will be updated and available from our website at www.thesisam.com. A hard copy can be obtained from the Head of Compliance – please see “How to Contact Us” below for contact details.

We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.

Information may be held at our offices and those of our group companies, and third party agencies, service providers, representatives and agents as described above. Information may be transferred internationally to other countries around the world, including countries that do not have data protection laws equivalent to those in the UK, for the reasons described above. Such international transfers may be necessary either for our pre-contractual checks, which we will carry out at your request as a potential client, or for the on-going performance of our client agreement. We have security measures in place to seek to ensure that there is appropriate security for information we hold.

Type of data

Personal data we collect for legal and regulatory obligations

Period

Period can vary depending on the nature of the regulatory requirement. In some cases this will be three years, five years or seven years. In some cases this may be required for longer. Please contact our Head of Compliance (details above) if you would like further information.

Type of data

Personal data we require in relation to legal claim or legal proceedings

Period

Until the claim is either finally settled or finally determined by a court, meaning no right of appeal is given

Type of data

Personal data we collect for our legitimate interests

Period

Until our legitimate interests cease or your rights and freedoms override them

In each case we will require a reasonable number of working days to complete the deletion of your personal data from our systems and those of the recipients with whom we share your data.

You, and any child on whose behalf you apply to open a Thesis Junior ISA, have the following rights in relation to your personal information:

• right to access your personal information
• right to rectify your personal information
• right to restrict the use of your personal information (in certain specific circumstances)
• right to request that your personal information is erased (in certain specific circumstances)
• right to object to processing of your personal information (in certain specific circumstances)
• right to data portability (in certain specific circumstances).

Please contact our Head of Compliance at compliance@thesisam.com, if (in accordance with applicable law) you would like to correct or request access to information that we hold relating to you or if you have any questions about this notice. We may only charge a reasonable fee for responding to access requests if the request is manifestly unfounded or excessive, especially if it is repetitive, or the request is for further copies of the same information.

You also have the right to ask our Head of Compliance at compliance@thesisam.com for some but not all of the information we hold and process to be erased (the ‘right to be forgotten’) in certain circumstances. Our Head of Compliance will provide you with further information about the right to be forgotten, if you ask for it. You can also write to us at Thesis Asset Management Limited, Exchange Building, St John’s Street, Chichester, West Sussex, PO19 1UP. Note that deletion may not be immediate.

In addition, you have the right to have certain data which you have provided to us to be transferred to another processor (the ‘right to data portability’). If you want more information about this, or wish to take advantage of it, please contact our Head of Compliance as set out above.

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. This also extends to our subcontractors.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Please contact us at compliance@thesisam.com to correct or remove any information you think is inaccurate.

For users of our website, web browser cookies, which are small text files, are placed on your computer to store information such as your IP address or other identifier, your browser type, and information about the content you view and interact with on our website. This information is used to remember your preferences and settings, remember information you may enter online, to keep you logged on to portals that we may offer, to generate statistics about how visitors use our website and to improve our website. Cookies do not give us access to your computer or any information about you, other than the data you choose to share with us.

For more information on the cookies we use and why, please go to www.thesisam.com and refer to the Cookie Policy.

You can choose to accept or decline cookies via your browser settings. To find out how to manage and delete cookies, visit www.aboutcookies.org or www.allaboutcookies.org. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

Opting not to use cookies may prevent you from taking full advantage of the website.

Our website may contain links to other websites which are outside our control and are not covered by this Privacy Notice. If you access other websites using the links provided, you should read the privacy notices on those websites.

We will keep this Privacy Notice under regular review. Any changes we make to our Privacy Notice will be posted on our website at www.thesisam.com or can be requested by email from the Head of Compliance at compliance@thesisam.com or by writing to the Head of Compliance, Thesis Asset Management Limited, Exchange Building, St John’s Street, Chichester West Sussex PO19 1UP. This Privacy Notice was created to be effective from 25 May 2018.

If you would like this notice in another format (including audio, large print and braille), please contact us.

We hope that the Head of Compliance can resolve any query or concern you raise about our use of your information. If not, contact the Information Commissioner at www.ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.

If you have any questions about our use of your personal information, please contact us by email at compliance@thesisam.com, or by writing to The Head of Compliance, Thesis Asset Management Limited, Exchange Building, St John’s Street, Chichester, West Sussex PO19 1UP or by calling 01243 531234.